The Evolving Domain of Cyber Warfare: An Update

Everyone,

Please see my article that will be published in the Summer volume of IAnewsletter, which is a leading DoD Journal on Information Security and Assurance. The article discusses the latest U.S. government initiatives to overhaul Cyber security. It also gives President Obama kudos for making Cyber Security and Warfare a major priority- even during these hard financial times.

The full article is available at: http://tinyurl.com/cge6l2

Read more »

Cyber Civil Rights

by Professor Danielle Citron, University of Maryland School of Law

Abstract

Social networking sites and blogs have increasingly become breeding grounds for anonymous online groups that attack women, people of color, and members of other traditionally disadvantaged groups. These destructive groups target individuals with defamation, threats of violence, and technology-based attacks that silence victims and concomitantly destroy their privacy. Victims go offline or assume pseudonyms to prevent future attacks, impoverishing online dialogue and depriving victims of the social and economic opportunities associated with a vibrant online presence. Attackers manipulate search engines to reproduce their lies and threats for employers and clients to see, creating digital “scarlet letters” that ruin reputations.

Today’s cyber attack groups update a history of anonymous mobs coming together to victimize and subjugate vulnerable people. The social science literature identifies conditions that magnify dangerous group behavior and those that tend to defuse it. Unfortunately, Web 2.0 technologies accelerate mob behavior. With little reason to expect self-correction of this intimidation of vulnerable individuals, the law must respond.

General criminal statutes and tort law proscribe much of the mobs’ destructive behavior, but the harm they inflict also ought to be understood and addressed as civil rights violations. Civil rights suits reach the societal harm that would otherwise go unaddressed and would play a crucial expressive role. Acting against these attacks does not offend First Amendment principles when they consist of defamation, true threats, intentional infliction of emotional distress, technological sabotage, and bias-motivated abuse aimed to interfere with a victim’s employment opportunities. To the contrary, it helps preserve vibrant online dialogue and promote a culture of political, social, and economic equality.

Download the entire article HERE.

Read more »

New Military Command to Focus on Cybersecurity

WASHINGTON -- The Obama administration plans to create a new military command to coordinate the defense of Pentagon computer networks and improve U.S. offensive capabilities in cyberwarfare, according to current and former officials familiar with the plans.

See full article HERE.

Read more »

Computer Spies Breach Fighter-Jet Project

WASHINGTON -- Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks.

See full article HERE.

Read more »

Cyber Security

Cyber Security

Read more »

Electricity Grid in U.S. Penetrated By Spies

Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

Read the Full Article HERE.

Read more »

S. 773 - Draft of Cybersecurity Act of 2009

Below is a link to a newly introduced bill in the 111th Congress. I'm sure we'll be hearing more about this as well as the results of recent 60-day review of U.S. cybersecurity conducted by the National Security and Homeland Security Councils.

To view the draft CLICK HERE.

Read more »

IATAC IA DIGEST

Headlines

Cyber-crime

Hacker Charged With Siphoning Money From Brokerage Accounts (SCMagazine, 04/01/2009)

Cyber-security

New Bill Would Increase U.S. Cybersecurity (Digital Trends, 04/02/2009)

Cyber-warfare

Cyber Espionage From State Governments? Don't Be Surprised (Network World, 04/01/2009)

Did the Chinese government, for strategic purposes, infiltrate more than 1,200 computers in 103 countries to spy on nations' embassies and government agencies, in addition to the NATO military alliance and even the Deloitte & Touche consultancy?

Data Security

US Airways Flight 1549 Passenger Grateful for Life - And Data (Computerworld, 03/31/2009)

PCI Security Standard Gets Ripped At House Hearing (Computerworld, 04/01/2009)

Hacking

Large-Scale Hacking Expected At Grand National (ComputerWeekly, 04/02/2009)

Web 2.0 Expo: Top Ten Web Hacking Techniques (ZDNet, 04/01/2009)

A large portion of the Web 2.0 Expo attendees are focused on content. They want to create better, more engaging content for social media programs and Web engagement with their customers. But...

IPv6

NIST Seeks Comments On IPV6 Testing Guidelines (Government Computer News, 03/31/2009)

The National Institute of Standards and Technology has issued a request for comments on Special Publication 500-273, "IPv6 Test Methods: General Description and Validation,” which was recently released to the public.

Malware

Conficker.C Appears On Schedule, But Only As A Whisper (ars technia, 04/01/2009)

Conficker's Makers Lose Big, Expert Says (Computerworld, 04/01/2009)

Radware Protects Against Conficker (darkREADING, 04/01/2009)

DefensePro protects customers against spread of worm with zero-minute malware spread prevention technology.

Conficker-C: A Technical Analysis (Sophos, 04/01/2009)

Niall Fitzgibbon and Mike Wood in SophosLabs have written a detailed technical paper analysing the latest version of the Conficker worm.

Operating Systems

Texas To Windows Vista: Keep Walkin'? (PC World, 04/01/2009)

"I have read a lot about the problems they have with this particular software."

Operational Threats

Current Scanning Activity as Reported By US-CERT (US-CERT, 04/02/2009)

Current Scanning Activity as Reported By the Internet Storm (Internet Storm Center, 04/02/2009)

Operational Vulnerabilities

How To Exploit The SIP Digest Leak Vulnerability (HelpNetSecurity, 04/01/2009)

Servers

How To Build Your Own Windows Home Server Rig (Computerworld, 04/02/2009)

Services

Twitter's Recruiting Efforts Hint At Its Plans (IDG News Service, 04/01/2009)

Banks Use Twitter For Customer Services (ComputerWeekly, 04/02/2009)

Twitter Added To Federal Emergency Response Network (InfoWorld, 04/01/2009)

Cloud Computing Group To Tackle Security Concerns (Search Security, 04/01/2009)

Software Security

Report: Government Should Adopt Industry Best Practices In Securing Softwre (Government Computer News, 03/31/2009)

The tools, technology and techniques now exist to ensure that software is developed securely, but intruders still are compromising government information technology systems through known flaws because there is no comprehensive program to address these vulnerabilities, according to two security professionals.

Spam

Spam Back Up To Pre-McColo Levels (SecurityFocus, 03/31/2009)

Technology

Where Are They Now? 25 Computer Products That Refuse to Die (PCWorld, 04/01/2009)

Virtualization

Public Utility Finds the Power of Virtual Backups (eWeek, 04/01/2009)

A Washington state public utility turns to STORserver to back up virtual machines. Snohomish PUD No. 1 uses HP ProLiant blade servers and VMware ESX Server virtualization software to conserve power and reduce data center growth, while STORserver Agent for VCB solves VM backup problems.

Virtualization's The Cure For Pacific Hospital (InformationWeek, 04/02/2009)

Policy Web Sites

Committee on National Security Systems (CNSS)

Networks & Information Integration (NII)

Information Assurance Support Environment (IASE)

DoD IA Portal (Defense Knowledge Online)

Read more »