Articles Posted in Cybersecurity

The threats from cyberspace grow more powerful and pernicious. Companies like Sony Corporation, Google Inc., and Lockheed Martin have admitted startling security lapses. The International Monetary Fund, last month suffered a breach leading to the loss of highly sensitive data. The United States Congress and executive branch agencies face approximately 2 billion attacks in cyberspace per month in 2010.

The Data Security and Breach Notification Act of 2010

To help protect personal information on the Internet and elsewhere, California enacted seminal legislation in 2000, which was significantly strengthened with the passage of SB 1386 in 2002. Since then, other states have enacted similar legislation.

State activity, however, may be preempted by proposed federal legislation. On August 5, 2010, S. 3742, the Data Security and Breach Notification Act of 2010 (the “Act”), the most recent federal effort to preempt state laws on the subject, was introduced by Sen. Mark Pryor (D,AeeArk), chairman of the Subcommittee on Consumer Protection, Product Safety, and Insurance, and co-sponsored by Sen. John D. Rockefeller IV (D,AeeW.Va.), Chairman of the Senate Commerce Committee. Less protective of consumers than California law, among other things, the Act:

Our nation can be threatened not only by physical attacks on terra firma, but also in Cyberspace. Indeed, Cyber attacks could threaten all sorts of mission critical systems.

For this reason, aides to Senator Jay Rockefeller reportedly have been working recently on a revised draft Senate bill that would give the President broad powers in the event of a Cybersecurity emergency, and that apparently would go so far as allowing the President to temporarily seize control over computer networks in the private sector.

This power is akin to the power President Bush exerted when he grounded commercial aircraft in the wake of the September 11, 2001 World Trade Center and Pentagon attacks, according to a reported Senate source.

Associated Press: India may ask Google and Skype for greater access to encrypted information once it resolves security concerns with BlackBerrys, which are now under threat of a ban, according to a government document and two people familiar with the discussions.

The 2008 terror attacks in Mumbai, which were coordinated with satellite and cell phones, helped prompt a sweeping security review of telecommunications ahead of the Commonwealth Games, to be held in New Delhi in October.

On July 12, officials from India’s Department of Telecommunications met with representatives of three telecom service provider groups to discuss interception and monitoring of encrypted communications by security agencies.

WASHINGTON ,— Invasion of privacy in the Internet age. Expanding the reach of law enforcement to snoop on e-mail traffic or on Web surfing. Those are among the criticisms being aimed at the FBI as it tries to update a key surveillance law.

With its proposed amendment, is the Obama administration merely clarifying a statute or expanding it? Only time and a suddenly on guard Congress will tell.

Federal law requires communications providers to produce records in counterintelligence investigations to the FBI, which doesn’t need a judge’s approval and court order to get them.

WikiLeaks’ chief claims his organization doesn’t know who sent it some 91,000 secret U.S. military documents, telling journalists that the website is set up to hide the source of its data from those who receive it.

Editor-in-chief Julian Assange says the added layer of secrecy helps protect the site’s sources from spy agencies and hostile corporations. He acknowledged that the site’s anonymous submissions raised concerns about the authenticity of the material, but said the site has not yet been fooled by a bogus document.

Assange made the claim in a lengthy hour talk before London’s Frontline Club late Tuesday, in which he outlined the workings of WikiLeaks and defended its mission.

In response to a report in the Wall Street Journal, the National Security Agency revealed some information about its plans for “Perfect Citizen,” which it described as a research and engineering effort around vulnerability assessment and capabilities development. The National Security Agency revealed some information about the nature of its “Perfect Citizen” cyber-security program after a report about the agency’s plans surfaced in the media. While the agency is unwilling to confirm or deny some details of the Wall Street Journal article, the agency described Perfect Citizen as a “vulnerabilities-assessment and capabilities-development” effort, and stressed that there is no monitoring activity involved. “Specifically, it does not involve the monitoring of communications or the placement of sensors on utility company systems,” NSA spokesperson Judith Emmel said in a statement. “This contract provides a set of technical solutions that help the National Security Agency better understand the threats to national security networks, which is a critical part of NSA’s mission of defending the nation.” Defense contractor Raytheon was reported by the Journal to have received the contract for the project. According to the Journal, Perfect Citizen would involve placing sensors across a variety of computer networks belonging to government agencies and private sector companies involved in critical infrastructure in order to protect against cyber-attacks. The focus would be large, typically older systems designed without Internet connectivity or security in mind, the Journal reported.

See www.eweek.com/c/a/Security/NSA-Cyber-Security-Program-Details-Revealed-275248

Many Companies Continue to Ignore the Issue (Pittsburgh Post-Gazette, 22 June 2010) – After a year of high-tech breaches at some of the nation’s biggest companies, a provision in a Senate bill calls on the White House to encourage a market for cybersecurity insurance to protect businesses from debilitating costs brought on by hacking and compromised information. The bill, introduced by Sens. Jay Rockefeller, D-W.V., and Olympia Snowe, R-Maine, says the president or his appointee must report to Congress on “the feasibility of creating a market for cybersecurity risk management” one year after the bill’s passing. But a crashed server policy is not as easy to write as a crashed car policy. Many businesses are deterred by an application process described as appropriately exhaustive but forever imprecise. The process is complicated by the tricky nature of monetizing data. Web experts always have held that “information wants to be free.” But how much is it worth when it’s stolen? Companies lost an average of $234,000 per breach in 2009, a recent report by the Computer Security Institute in New York found. But a report released last Tuesday by the Carnegie Mellon CyLab found that 65 percent of its Fortune 1,000 respondents were not reviewing their companies’ cybersecurity policies. Jody Westby, a researcher who worked on the CyLab report that indicated board negligence, said the insurance provision in the cybersecurity bill was a mandate by an ill-informed Congress. “This is interventionist, regulatory, heavy-handed action by Congress,” said Ms. Westby from an technology best practices conference in Burkina Faso, West Africa. “This isn’t anything that Congress is going to fix,” she said. “It’s something boards in America need to fix.”

For more information please visit: http://www.post-gazette.com/pg/10173/1067262-96.stm AND/OR http://www.knowconnect.com/mirln/current/