Articles Posted in Cybersecurity

Our nation can be threatened not only by physical attacks on terra firma, but also in Cyberspace. Indeed, Cyber attacks could threaten all sorts of mission critical systems.

For this reason, aides to Senator Jay Rockefeller reportedly have been working recently on a revised draft Senate bill that would give the President broad powers in the event of a Cybersecurity emergency, and that apparently would go so far as allowing the President to temporarily seize control over computer networks in the private sector.

This power is akin to the power President Bush exerted when he grounded commercial aircraft in the wake of the September 11, 2001 World Trade Center and Pentagon attacks, according to a reported Senate source.

Associated Press: India may ask Google and Skype for greater access to encrypted information once it resolves security concerns with BlackBerrys, which are now under threat of a ban, according to a government document and two people familiar with the discussions.

The 2008 terror attacks in Mumbai, which were coordinated with satellite and cell phones, helped prompt a sweeping security review of telecommunications ahead of the Commonwealth Games, to be held in New Delhi in October.

On July 12, officials from India’s Department of Telecommunications met with representatives of three telecom service provider groups to discuss interception and monitoring of encrypted communications by security agencies.

WASHINGTON ,— Invasion of privacy in the Internet age. Expanding the reach of law enforcement to snoop on e-mail traffic or on Web surfing. Those are among the criticisms being aimed at the FBI as it tries to update a key surveillance law.

With its proposed amendment, is the Obama administration merely clarifying a statute or expanding it? Only time and a suddenly on guard Congress will tell.

Federal law requires communications providers to produce records in counterintelligence investigations to the FBI, which doesn’t need a judge’s approval and court order to get them.

WikiLeaks’ chief claims his organization doesn’t know who sent it some 91,000 secret U.S. military documents, telling journalists that the website is set up to hide the source of its data from those who receive it.

Editor-in-chief Julian Assange says the added layer of secrecy helps protect the site’s sources from spy agencies and hostile corporations. He acknowledged that the site’s anonymous submissions raised concerns about the authenticity of the material, but said the site has not yet been fooled by a bogus document.

Assange made the claim in a lengthy hour talk before London’s Frontline Club late Tuesday, in which he outlined the workings of WikiLeaks and defended its mission.

In response to a report in the Wall Street Journal, the National Security Agency revealed some information about its plans for “Perfect Citizen,” which it described as a research and engineering effort around vulnerability assessment and capabilities development. The National Security Agency revealed some information about the nature of its “Perfect Citizen” cyber-security program after a report about the agency’s plans surfaced in the media. While the agency is unwilling to confirm or deny some details of the Wall Street Journal article, the agency described Perfect Citizen as a “vulnerabilities-assessment and capabilities-development” effort, and stressed that there is no monitoring activity involved. “Specifically, it does not involve the monitoring of communications or the placement of sensors on utility company systems,” NSA spokesperson Judith Emmel said in a statement. “This contract provides a set of technical solutions that help the National Security Agency better understand the threats to national security networks, which is a critical part of NSA’s mission of defending the nation.” Defense contractor Raytheon was reported by the Journal to have received the contract for the project. According to the Journal, Perfect Citizen would involve placing sensors across a variety of computer networks belonging to government agencies and private sector companies involved in critical infrastructure in order to protect against cyber-attacks. The focus would be large, typically older systems designed without Internet connectivity or security in mind, the Journal reported.

See www.eweek.com/c/a/Security/NSA-Cyber-Security-Program-Details-Revealed-275248

Many Companies Continue to Ignore the Issue (Pittsburgh Post-Gazette, 22 June 2010) – After a year of high-tech breaches at some of the nation’s biggest companies, a provision in a Senate bill calls on the White House to encourage a market for cybersecurity insurance to protect businesses from debilitating costs brought on by hacking and compromised information. The bill, introduced by Sens. Jay Rockefeller, D-W.V., and Olympia Snowe, R-Maine, says the president or his appointee must report to Congress on “the feasibility of creating a market for cybersecurity risk management” one year after the bill’s passing. But a crashed server policy is not as easy to write as a crashed car policy. Many businesses are deterred by an application process described as appropriately exhaustive but forever imprecise. The process is complicated by the tricky nature of monetizing data. Web experts always have held that “information wants to be free.” But how much is it worth when it’s stolen? Companies lost an average of $234,000 per breach in 2009, a recent report by the Computer Security Institute in New York found. But a report released last Tuesday by the Carnegie Mellon CyLab found that 65 percent of its Fortune 1,000 respondents were not reviewing their companies’ cybersecurity policies. Jody Westby, a researcher who worked on the CyLab report that indicated board negligence, said the insurance provision in the cybersecurity bill was a mandate by an ill-informed Congress. “This is interventionist, regulatory, heavy-handed action by Congress,” said Ms. Westby from an technology best practices conference in Burkina Faso, West Africa. “This isn’t anything that Congress is going to fix,” she said. “It’s something boards in America need to fix.”

For more information please visit: http://www.post-gazette.com/pg/10173/1067262-96.stm AND/OR http://www.knowconnect.com/mirln/current/

WASHINGTON – Internet search firm Google Inc. is finalizing a deal that would let the U.S. National Security Agency help it investigate a corporate espionage attack that may have originated in China, the Washington Post reported yesterday.

The aim of the investigation is to better defend Google, the world’s largest Internet search company, and its users from future attacks, the Post said, citing anonymous sources with knowledge of the arrangement.

The sources said Google’s alliance with the NSA — the intelligence agency is the world’s most powerful electronic surveillance organization — would be aimed at letting them share critical information without violating Google’s policies or laws that protect the privacy of online communications.

The ongoing conflict between Google and China escalated earlier this month as Google announced it had discovered that the hacking of its servers had originated from the Chinese government.

The hacking code used was traced to China’s territory, but not to the Chinese government, which, not surprisingly, denies any connection to the attack. How Google came to the conclusion that the hack had come from the Chinese government has yet to be disclosed.

China currently has the most Internet users of any country in the world. JP Morgan and Chase estimates that Google will make roughly six hundred million dollars in the Chinese market in 2010. Withdrawing from China would clearly be a poor business decision.