CSIA 459

When you access this web resource you can select to download the full PDF file or you can click to read online.

Read and explore this NIST website. Do you see any products that are you are familar with? Can you determine how this program enhances the security of these products?

After looking through the website, I found the Vendor list for 140-2, which provides what I would think is the complete product list of Vendors and products which meet the standard. A couple items which meet the standard are Microsoft Windows 7 Bitlocker Drive Encryption, and Research In Motions Blackberry Cryptographic Kernel. It is important that the CMV Program is in place within the U.S. If we are going to rely on encryption to keep our secrets safe, then the products we use to encrypt our data, need to be checked to ensure they are secure.

Researcher uncovers hundreds of different custom malware families used by cyberspies -- and discovers an Asian security company conducting cyberespionage

This article raises some serious questions in my opinion. As we move more into an environment where cyber warfare is to be used against different countries, where are the lines drawn between declaring war. As this article discusses, it is not as easy to see who actually was behind the attack, and an attack coming from Chinese, or some other countries IP space, is not neccessarily a state sponsored attack, nor is it neccessarily coming from someone inside the country. In a hack back scenario, it could be determined after the fact that whatever country was thought to initiate the first move, was actually a victim of a "zombie/bot" type of controlled attack that was actually initiated in another country. Can you say, Wargames? Edited 3222013: as I spoke yesterday, today guess what? http://news.yahoo.com/skorea-misidentifies-china-cyberattack-origin-071350510.html

Does this article from 1998 still hold true today?

I believe this article is still very relevant. After reading Bruce Schneier's article, one of the things I took away was his comment regarding the inherent lack of security created by implementers of tamper resistant methodologies, such as smart cards, and biometric technologies. If these systems fail, we want to make sure that we can still access the resource which is being protected, so we tend to build insecure systems in place to bypass the tamper resistant security. In the end, things like biometrics and smart cards seem to be built more for convenience, instead of security. A similar affect is pointed out in the article when users give their access tokens to others so they can do their work. As long as the human element has control in the implementation of security, the risk of failure will always be there, no matter how great the security method is.

This is a cool and insightful article regarding emerging cyber security technologies. 

I think the part about centralizing a "single federal enterprise network" is a great idea. The federal government has started doing this with things such as the FDCC (Federal Desktop Core Configuration), as well as SCAP (Security Content Automation Protocol), but I think there still needs to be much more. Allowing each federal agency to have their own cyber security within the U.S. seems a little crazy. I think setting one agency to protect the national infastructure, ie the borders of the U.S., down to each agencies front door needs to be standard. Agencies like DOD who have their own Cyber operations centers need to be properly trained and educated if they are going to defend infrastructure. Formalized training needs to be done at the federal level as well as the Civilian level. If you are going to be a security practioner, you must have the credentials, and I am not talking just a Sec+. I think it is time we up the standards on who we call a CyberSecurity professional.

Interesting article and objective given. Connecting government cyber operations centers, I think that this will be a hugh, and important step toward achieving a higher level of security. Good read!

This video is 90 minutes long. However, if you open the link, the video is separated by nine chapters. You can put your cursor on the bottom of the video and see each of the chapters and the topic. Find at least one chapter of interest to you and watch it. Each chapter tells you how long it is after you start it.

What I found most interesting in this video was the research being conducted regarding students who multitask, and their perceived ability of doing it well. In fact, as the experiments and testing show, the researchers are proving just the opposite. The younger generation that believe they are multitasking well are only able to work in small chunks, and their work tends to show this. Students are unable to carry out long tasks, they get bored, and they put together papers in sections which directly correlates to their on and off study habits. I also found myself relating to the discussion of needing to satisfy a thought at the moment it pops, and change from doing one thing say, watching the video, into another, listening to the video, and looking at the photographs I took today. In either case, not accomplishing either with the same effectiveness that I would have had I completed them one at a time. The internet, and multiple monitors, helps feed this addiction.

Optional web resource for week 2.

This document is part of your Week 2 DQ. It is 289 pages so I do not expect you to read the entire document. However, open the Voicethread to see the key areas for the DQ and you can search the document for those key words.

For your Week 6 discussion.

For Week 6.

This ranking of cloud start ups could be helpful to you for your research project.

Very interesting report. People voted, not technicians, nor security agencies, just people who use the system. It seems a lot like how the personal computer came and the internet was created. Just get it up and running and security will come later. How can that be? A countries banking system just got compromised. No inspection standard to say this cloud solution is safe, just a group of people who say they can access that information when they want and the company saying it is perfectly safe. Little do they know it could also be accessed by others just as quickly - just my opinion, not quite facts yet.

This website gives information about Cyber Threats to Mobile Phones. The US-CERT provides valuable information on this site concerning recent threats.

How can you tell who is servicing your systems if they are in the clouds? Should the ATM network be placed in the clouds? Something to ponder about

Evaluating technologies

You might have heard about the "kill list." You've certainly heard about drones. But the details of the U.S. campaign against militants in Pakistan, Yemen, and Somalia -- a centerpiece of the Obama administration's national security approach - remain shrouded in secrecy. Here's our guide to what we know-and what we don't know.

(TomDispatch) Here's the essence of it: you can trust America's creme de la creme, the most elevated, responsible people, no matter what weapons, what powers, you put in their hands. No need to constantly look over their shoulders.

Great article Samuel, I had wondered about this topic for a while but did not have the chance to actual research the in's and out's. This article has definitely informed me of the issue. Great find!

Sam, Great article. Sometimes people don't always think about the negative side of things. I know about unmanned drones I had not. Thank you for informing us of this.

Recently uncovered government documents reveal that the U.S. Department of Homeland Security's (DHS) unmanned Predator B drone fleet has been custom designed to identify civilians carrying guns and track cell phone signals. "I am very concerned that this technology will be used against law-abiding American firearms owners," said founder and executive vice president of the Second Amendment Foundation, Alan Gottlieb.

The power these drones represent is incredible. I can easily see how the can (and will be) abused. As Jammes pointed out, the Primary purpose of DHS is securing our nations borders, yet I have read of DHS rading peoples homes because of an "improperly" imported car! Not to sound like I am about to put a tinfoil hat on, but I do see the distinct possibility of the banning of firearms in this country as happened in England in 1997. These tools will be in place well before that day.

The use of Drones in the field as a tool to fight the fight on the borders is one thing, using them as a tool to fight terrorism is still another, but using them as tool to spy on the people of the United States is another. I think this is one that the United States Supreme Court will be deciding soon.

I wonder if they had cake... DoD/DISA's email system signed-up its 1 millionth user last week. Now that's a lot of Exchange mailboxes. This article has it listed as a cloud service... is it? It's true that DISA doesn't keep it's cloud presence a secret, a quick google search will tell you the URL is https://web.disa.mil - but since you can't get very far without a CAC.. is this truly cloud? What is the definition of cloud?