Group items tagged

The International Dimensions of Securing Cyberspace with Seymour Goodman, Professor of International Affairs and Computing at Georgia Tech.Hudson Institute hosts the fourth installment of its Telecommunications, Information, and Security Policy Seminar series. Drawing on his experience in the international dimension of cyberspace, Goodman leads a discussion on the extent of the internationalization of cyberspace, specific international problems and weaknesses that add to cyberspace insecurity, especially relating to Africa, and also discusses some forms of international cooperation that might help alleviate these problems.

Is the price to safeguard America's information systems and networks on a collision course with efforts to rescue the economy? One would hope not, but the $789 billion stimulus package that contains nearly $10 billions for IT-related projects offered very little for cybersecurity. Still, the president sees protecting government and private-sector information systems as crucial to the economic vitality of the country. So, when Acting Senior Director for Cyberspace Melissa Hathaway hands the President her recommendations on securing the nation's information infrastructure later this month, a sharper picture should emerge on how much money the government will need to spend to do just that. What Price Security? The government isn't a spendthrift in protecting its IT networks; it earmarked $6.8 billion a year on cybersecurity this fiscal year, up from $4.2 billion five years ago, according to the White House Office of Management and Budget. But is that enough? Appropriating money to find new and innovative ways to protect our critical information infrastructure doesn't seem to be a government priority, at least not yet. Of the $147 billion the government planned to spend on all types of research and development this fiscal year, only $300 million or 0.2 percent was slated for cybersecurity, according to the Securing Cyberspace in the 44th Presidency report issued by the Center for Strategic and International Studies. By comparison, the budget contained five times as much money $1.5 billion for nanotechnology R&D.

Obama administration cybersecurity advisor Melissa Hathaway, in her much anticipated speech before the RSA Conference on Wednesday, suggested that the findings of a study she submitted Friday to President Obama calls for cybersecurity policy to be run from the White House. "The White House must lead the way forward with leadership that draws upon the strength, advice and ideas of the entire nation," said Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils. Scant on details, Hathaway in her 2,400-word speech did not explain how federal cybersecurity should be governed, even if it's based in the White House. Two months ago, President Obama charged Hathaway to head up a team to review current cybersecurity policies and processes. "It can be said that the federal government is not organized appropriately to address this growing problem because responsibilities for cyberspace are distributed across a wide array of federal departments and agencies, many with overlapping authorities and none with sufficient decision authority to direct actions that can address the problem completely," Hathaway said. "We need an agreed way forward based on common understanding and acceptance of the problem." Hathaway said the team she assembled addressed all missions and activities associated with the information and communications infrastructure, including the missions of computer network defense, law enforcement investigations, military and intelligence activities and the intersection of information assurance, counter intelligence, counter terrorism, telecommunications policies and general critical infrastructure protection. Task force members held more than 40 meetings with different stakeholder groups during the 60 days and received and read more than 100 papers that provided specific recommendations and goals, she said. "We identified over 250 needs, tasks, and recommendations," Hathaway said. "We also solicited input from gov

It's unclear whether a report being prepared for President Barack Obama on federal information security preparedness will support recent calls for the creation of a new cybersecurity office within the White House, two lawmakers said last week. Instead, the report may recommend a more collaborative and cooperative strategy among federal agencies on the issue of cybersecurity without a single agency or department in charge, they said. Members of the U.S. House Cybersecurity Caucus met with Melissa Hathaway, acting senior director for cyberspace for the National Security Council and Homeland Security Council. Hathaway, who is conducting a 60-day review of federal cybersecurity preparedness on behalf of the president, Thursday presented a status report to members of the caucus. Speaking with reporters after the briefing, Rep. James Langevin (D-R.I.), co-chair of the caucus, and Rep. Yvette Clarke (D-N.Y.), chairwoman of a subcommittee within the Committee on Homeland Security, said it was unclear yet what Hathaway might recommend. Rather than "include another structure" within the White House, there may be a call for an increase in staffing within the White House Office of Management and Budget (OMB) in a bid to improve its current role of overseeing government cyberaffairs, said Langevin. Chances are "there will not be one king," he said. Langevin co-chaired a commission at the Center for Strategic and International Studies, a bipartisan think tank, that has called for the creation of a centralized cybersecurity office in the White House to be named the National Office for Cyberspace. The new office could combine the National Cyber Security Center (NCSC) and the Joint Interagency Cyber Task Force, two existing agencies that are handing cybersecurity today. The U.S. Government Accountability Office (GAO) has also called for a new office dedicated to cybersecurity within the White House. Calls have been prompted by what is perceived as the inability of the U.S. De

As the National Security Council works on its comprehensive review of federal cybersecurity programs for President Obama, it is going to great lengths to consider privacy and civil liberty issues, some Congress members said Thursday. The House Cybersecurity Caucus on Thursday met with Melissa Hathaway, the acting senior director for cyberspace for the National Security and Homeland Security Councils, who is conducting for the administration a 60-day cybersecurity review. Rep. James Langevin (D-R.I.), co-chair of the House Cybersecurity Caucus, said Hathaway has been meeting with privacy and civil liberties groups to receive their input on how to reform cybersecurity. Those issues are "a forethought rather than an afterthought," he said. "Because these are such powerful tools (to grant federal authorities to regulate cyberspace), we're going to have to have the buy-in of the public and have their support." While the Senate is working on its own plan for White House-run cybersecurity efforts, Langevin said Hathaway's assessment may ultimately suggest a strategy with a stronger emphasis on inter-agency efforts. Langevin said it is still unclear whether Hathaway will recommend that a new office for cybersecurity should be created within the Executive Office of the President--a move some senators are pushing for. Certainly, though, policy will have to come from the White House. "This is going to have to be an ongoing strategy of collaboration and cooperation directed out of the White House," Langevin said. "But there won't be one king, so to speak, at the end of the day. The chief information officers at the departments and agencies are still going to have a role to play."

A South Korean court acquitted a blogger on Monday of spreading false information, in a case that triggered debate about freedom of speech in cyberspace and critics said was only launched because his economic doom postings angered authorities. Defendant Park Dae-sung, who went by the pseudonym "Minerva" after the Greek goddess of wisdom became a household name last year for his predictions of sharp falls in the won and the local stock market and the collapse of U.S. investment bank Lehman Brothers. "He's been found not guilty," a court official said by telephone. The court threw out charges that he purposely harmed market sentiment by posting false information on his blog. Prosecutors said a posting Park made in December led to volatility in the local currency and caused financial authorities to inject billions of dollars to stabilize the Korean won. "Even if there was recognition that it was false information, he cannot be seen as having acted on purpose to harm public interest considering the situation at the time including the special nature of the foreign exchange market," the court said. As the markets tumbled last year, the main financial regulator warned it would crack down on what it considered malicious rumors. Some economic analysts said they had come under pressure from authorities not to voice negative views on the economy.

NEW YORK With increasing amounts of personal information liable to float around in cyberspace, consumers are deciding whether their data is safe in the hands of some public- and private-sector entities. A BBC World News America/Harris Poll finds a mixed verdict, with social-networking sites faring especially badly. In polling conducted last month, adults were asked to say how much trust they have in various sectors "to handle your personally identified information (such as credit-card information, contact information and so forth) in a properly confidential and secure manner." The poll's best scores went to "health providers, such as doctors and hospitals," with 20 percent of respondents expressing "a great deal of trust" and 55 percent "some trust" in these. Nineteen percent voiced "not much trust" and 7 percent "no trust at all" in this sector. At the bottom of the rankings were "social-networking sites (like Facebook or MySpace)," with 5 percent expressing a great deal of trust and 18 percent some trust in these. Thirty-one percent said they had not much trust and 46 percent no trust at all in these sites to safeguard personal information. (Whether people should direct their distrust to themselves for posting such information there in the first place is a question the survey didn't address.) Respondents were also wary of "search and portal sites (like Google or Yahoo!)" when it comes to keeping personal information secure: Ten percent voiced a great deal of trust, 39 percent some, 29 percent not much and 22 percent no trust at all. Even the federal government fared (slightly) better, with 13 percent expressing a great deal of trust, 41 percent some, 28 percent not much and 18 percent none. The scores were more positive for "banks and brokerage companies": 15 percent a great deal of trust, 43 percent some, 28 percent not much and 13 percent none. That was roughly on a par with the ratings for "my e-mail provider": 14 percent a great deal, 48 percent some, 27 p

The Department of Homeland Security's Data Privacy and Integrity Advisory Committee has offered DHS Secretary Janet Napolitano 16 recommendations on how to best address privacy issues currently facing the department. The panel stressed that "the need to update the government's legal authority to protect and defend cyberspace in the U.S. classified intelligence systems raise specific and sometimes significant privacy issues, including the conflict between transparency and redress." The committee has asked that each DHS component - such as the Federal Emergency Management Agency and Office of Intelligence and Analysis - have a designated privacy officer that would report to the head of the section. The committee also "encourages DHS to continue to work toward policy and functional interoperability in the development of new systems and when making major modifications to existing systems," according to a letter from the committee hand delivered to Napolitano. Additionally, the panel said the 1974 Privacy Act has "not kept pace with the evolution of technology and developments in how data is collected, used, shared and stored. To the extent the Secretary is asked to submit recommendations to Congress for making the act more relevant and effective, the committee recommends that the secretary seek guidance from the Privacy Office staff, who are experts in applying the Act's provisions throughout the department." For more on the recommendations, read the committee's letter here.

Should responsibility for defending against cyberattacks be moved from the Dept. of Homeland Security to the military? Air Force Gen. Kevin Chilton suggested as much at a Congressional hearing where he warned of U.S. vulnerability to cyberwarfar "across the spectrum." Such attacks "potentially threaten not only our military networks, but also our critical national networks," Chilton told a House Armed Services subcommittee, the Washington Post reported. As head of Strategic Command, the general isn't responsibel for defending civilian networks, just government computers. [Stratcom's responsibility is] "to operate and defend the military networks only and be prepared to attack in cyberspace when directed. I think the broader question is, who should best do this for the other parts of America, where we worry about defending power grids, our financial institutions, our telecommunications, our transportation networks, the networks that support them." Well, that's where the 60-day interagency overview of cybersecurity comes in. At the end of that, Chilton said, responsibility for protecting private sector networks may well fit under Stratcom's duties. So what impact in having the military at the center of cybersecurity? Importantly, it brings offensive ops into the defense game. And where the military is involved, can NSA be far behind? No. Operational control over both [offensive and defensive ops], Chilton said, has been delegated to Lt. Gen. Keith B. Alexander, the head of the National Security Agency. … NSA, according to Chilton, already has a role in information security, and the agency's support "has been instrumental in our efforts to operate and particularly to defend our networks," he said. Combining oversight of cyber defense and offense made sense, Chilton said, "because they're so interconnected. . . . As you consider offensive operations, you want to make sure your defense are up."

The federal GLBA, HIPAA, FACTA and its Red Flags and Disposal Rules, state data Breach Notification Laws and many other federal and state laws and industry regulations like PCI-DSS are intended to protect the privacy and security of consumer's personally identifiable and financial information entrusted to businesses and other organizations. Many suchidentity theft, id theft, government security, government privacy regulations aim to prevent identity theft and privacy violations. While some businesses have been negligent in securing information, other businesses have been victimized by black hat hackers or "crackers" who operate ahead of the cybersecurity technology curve. Cybersecurity is an ongoing challenge for businesses and for government as discussed in the President's Cyberspace Policy Review. In the four-year period ending in 2008, 23% of all data breaches reported were attributed to hackers. For those data breaches involving more than one million profiles, hacking was identified as the cause in 66% of the breaches according to a recent research report on data breach risk factors.

Every time you get online, your privacy comes under attack. Whether it's an overbearing End User License Agreement, contact forms, or just website cookies, there are literally millions of ways that you can let your private information slip away online. One of the best ways to fight invasions of your privacy is to get informed and learn how to prevent it. Read on to find advice, organizations, and other resources that can help you keep your privacy safe online. Guides & Articles These resources have specific advice and information for protecting your online privacy. 1. EFF's Top 12 Ways to Protect Your Online Privacy: Read this guide from the Electronic Frontier Foundation to learn how you can protect private information online. 2. Frequently Asked Questions about Online Privacy: Get answers to questions about online privacy and safety from this resource. 3. Is Your PC Watching You? Find Out!: This article from CNN will help you figure out if your privacy is being violated through your PC. 4. Nameless in Cyberspace: Anonymity on the Internet: Find out why the right to anonymity online is so important to have by reading this article. 5. Consumer Privacy Guide: The Consumer Privacy Guide offers a variety of resources and information for protecting your privacy online. 6. This Email Will Self-Destruct: Learn about email security measures that you can take to protect your privacy. 7. Anti-Spam Resources: Visit this guide to learn how to stop receiving junk email. 8. All About Internet Privacy and Security: Read this guide to learn about security terms and Internet privacy settings. 9. Online Privacy: The Complete Guide to Protect You: WebUpon's guide discusses steps you can take to protect your online privacy. 10. Social Networking and Safety Online: Read this guide to learn how to practice common sense on social networking sites. 11. Internet privacy: Wikipedia's entry on Internet privacy offers a broad view at staying private o