Cyber Round Up: Who is China Really Hacking?; Pentagon Cyber Team Takes Major Operational Step; What a real cyber war would look like
- Cyber warfare: Who is China hacking? (CNN): An article from CNN analyzed the shifts in Chinese cyber warfare strategy. As mentioned in the recent Presidential debate, China is always on the radar as a potential cyber adversary, the article notes. The article quotes an official from FireEye as describing China’s cyber capacities as essentially another branch of the military. Following a meeting with President Obama last year, Kristie Lu Stout says, China has chosen to adhere to a more rules-based policy with the West and focused its attacks on countries closer to home. The full text of the article can be found here.
- Pentagon’s 5,000-Strong Cyber Force Passes Key Operational Step (Bloomberg): The Pentagon’s cybersecurity team has taken a big step in the right direction, Bloomberg Technology has said. The article outlines the timeline and procedure for the development of the cyber team, noting that it will be “initially operational” by the end of this week. While the squad will not be fully functional until 2018, Nafeesa Syeed writes, the centralized system will allow for a more streamlined and more effective strategy in attacking cyber adversaries. The focus for now, according to the article, is on “the alligators closest to the boat.” The full article can be found here.
- What a real cyber war would look like (USA Today): In a similar trend to the articles above with cybersecurity fresh on the media’s minds after the debate on Monday, a USA Today article discusses what cyber war may actually look like. Elizabeth Weise says that people should not except a sci-fi Armageddon à la Star Trek. One potential benefit of cyberwar is that it is more human and less expensive than armed attack, the article suggests, as the effects are reversible. Attacks on critical infrastructure are a legitimate threat, but the article poses the idea that the U.S. is in a superior position to handle attacks of that nature. The full text of the article can be found here.
National Insitute of Standards and Technology releases a video on the Cybersecurity Framework –> The Cybersecurity Framework
This is something we originally posted about back in 2013.
Regrettably, the four minutes and thirty-four seconds that I spent watching this video is time that should have been used otherwise. I suppose if you knew that NIST had a cybersecurity framework and you wanted to watch a snippet that mentioned this fact then this clip would be spot on, if you are looking for a “how do I use this,” or “what do I do” guide then please do not click on the above link. Instead, if you have any interest in understanding or potentially implementing the NIST cybersecurity framework, I recommend that you start with “Understanding and Implementing the NIST Cybersecurity Framework” article released via the Harvard Law School Forum on Corporate Governance and Financial Regulation.
It is vital to understand the problem from a high level and then to assess whether or not something such as the cybersecurity framework can be a tool that you can leverage in order to begin to qualify and quantify your cybersecurity status. Following a thorough analysis you can subsequently apply a rigorous framework to address the accompanying threats.
Having completed the reading above, head back to NIST to their Cybersecurity Framework page, from which you can access a wide varieity of case studies, guidance, and educational resources which will help you develop a more thorough understanding not only of what the framework is but also how it can be used effectively and efficiently.
Finally, if you find you have four and a half minutes and nothing to do, check out the video, it is potentially more effective than counting sheep (your mileage may vary — YMMV).
Cyber Round Up: Government Lawyers Need More Tech Training; Senators Demand Answers from Yahoo; HHS another agency lacking in security
- Government lawyers don’t understand the internet. That’s a problem (Washington Post): A recent article by the Washington Post discussed challenges government lawyers face when it comes to technical issues. The article discusses numerous cases in which the Department of Justice simply got it wrong when it came to understanding technical issues in different cases. The article reports that this is either a result of intentional exploitation of judges’ lack of knowledge, or the lawyers’ themselves not having the necessary background. Technology moves faster than the law, and we’re seeing the consequences now, according to the article by Garrett Graff. While the government has taken measures to improve this, much of the burden will fall on law schools to bridge the gap between the law and tech fields. The full article can be found here.
- Yahoo Breach: Senators Demand Answers (Wall Street Journal): This blog recently addressed the Yahoo breach before the full report came out. Further details have emerged showing that more than 500 million users information was compromised. The company initially denied knowing about the hacks but apparently reported the first breaches to the FBI. Six senators wrote to Yahoo CEO Marissa Mayer demanding more details on how the hacks were handled. The full letter can be seen at the right. The WSJ article can be found here.
- GAO slams HHS in health IT cybersecurity report (Modern Healthcare): A recent article by Modern Healthcare discussed what is being called a “scathing” report by the GAO. Health and Human Services is the latest government agency to come under the microscope and fall short of expectations in cybersecurity. Since 2009, according to the article, there have been over 1,600 breaches that compromised the health records of 500 individuals or more. The article says that two senators, Lamar Alexander of Tennessee and Patty Murray from Washington requested the report, which can be found below. The full text of the article can be found here.
NIST Special Publication 800-183 “Networks of ‘Things'”: In this publication Jeffrey Voas articulates that the differences between Internet of Things (“IoT”) and Network of Things (“NoT”) is subtle and the two are essentially interchangeable. Voas goes on to say that the IoT can be understood and broken down in terms of functionality, within five main themes, termed primitives:
- sensor: a device that measures various physical properties;
- aggregator: transform raw data into aggregated data using mathematical functions;
- communication channel: a medium through which data is transmitted;
- external utility: software or hardware product or service typically with a higher computational or processing element;
- decision trigger: creates final results needed to satisfy the purpose of the NoT
This NIST publication also postulates that in addition to the five primitives there are six basic elements which are critical to understanding and assessing the trustworthiness of IoT devices. The six primitives included in this publication are as follows:
- environment: this essentially defines the “where” that an IoT operates within, and is included in the IoT design given potential environmental considerations;
- cost: from an overall perspective, how much time and resources are required; critical given the fact that cost is major factor in the design and implementation of IoT devices;
- geographic location: the actual region or area in which an IoT is intended to operate within;
- owner: this also includes the operator and denotes who or whom controls or maintains the IoT device;
- Device_ID: this is a hardware ID associated with the IoT device at time of manufacture, similar to a MAC ID for network components;
- Snapshot: mechanisms to impose time stamping to aid the use of distributed systems for computational and distributed events
The full text of the article can be found here.
Cyber Round Up: Yahoo expected to announce major data breach; Cybersecurity a threat to U.S. Military Supremacy; Attacks on Satellites could be catastrophic (Full Report Included)
- Yahoo is expected to confirm a massive data breach, impacting hundreds of of millions of users (Recode): A report this morning from Recode says that Yahoo has suffered a massive data breach. The article says that while Yahoo reported an investigation of a breach earlier this summer, the actual numbers may be much worse. According to the report, 200 million users’ data was for sale in August. The news comes as Yahoo nears completion of its sale to Verizon. A similar comment in USA Today discusses the potential legal ramifications this hack could have, as regulating who bears the burden of the breach presents complex problems. The full text of the Recode article can be found here.
- Cybersecurity is threatening America’s military supremacy (TechCrunch): In a recent article, Paul Martini pushes back against the idea that cyber is a strength for the United States. The article outlines events in the Spratly Islands in the South China Sea where international tensions are growing. In addition to conventional military buildup, Martini identifies the cyber component as the real threat to the U.S. China, according to Martini, is able to penetrate the U.S. drone program. This conflict is representative of the new type of warfare the world will see, he says. The full text of the article can be found here.
- Cyberattacks on satellites could spark global catastrophe, experts warn (Independent): A recent report from Chatham House addressed satellites in space as another area where cybersecurity threats loom. An article from Independent discussing the report says that a world that relies so heavily on outer space does not invest in protecting that. Further, the article and report say, space is increasingly being controlled by the private sector as opposed to powerful nation-states. The forward thinking space community needs to adapt faster and more flexibly than typical regulation and legislation would, the report argues. The full text of the article can be found here. The full report from Chatham House’s David Livingstone and Patricia Lewis can be found on the right.
Cyber Round Up: Ridge – Cyber Attacks are now worse than Physical Attacks, Cyberwarfare: What are we doing today?, Time to adjust U.S. National Security Strategy
- Tom Ridge: Cyber attacks are now worse than physical attacks (Yahoo! Finance): According to this article by Daniel Roberts, the first secretary of the Department of Homeland Security, Tom Ridge, was quoted as saying the following at the Concordia Summit in NY:
Notwithstanding the pain and horror associated with a physical attack … the potential for physical, human, and psychic impact with a cyber attack, I think, is far more serious
Roberts indicates that Ridge’s comments were echoed to some degree by General Keith Alexander, (the first director of USCYBERCOM), who stated that “Nations are using cyber as an element of national power,” according to the article.
Roberts’ article goes on to say that Ridge stated that we now live in the “digital forvermore” and a cyber attack would represent a significant blow to our psyche. This article also posits that one of the take-aways from this Summit was that Silicon Valley and Washington need to work together to help counter some of the threats we face in the realm of cyber. The full text of the article is here.
- Cyberwarfare: What are we doing today? (U.S.A.F.): According to this Air Force public affairs piece, Lt. Gen. J. Kevin McLaughlin, Deputy Command of USCYBERCOM, indicates that the Air Force has moved from air to space and is now in the realm of cyber. The article indicates that USCYBERCOM has three missions:
- Defend the Defense Department Information networks;
- Support combat commanders. Forces are assigned to combat commands and possess both offensive and defensive cyber capabilities for joint force operations;
- protect US critical infrastructure from attacks, when so directed by the President or the Secretary of Defense
McLaughlin indicates that CYBERCOM is still expanding and is creating a persistent training environment, command and control capabilities, as well as developing tools for cyber situational awareness, according to the article. The full text of the article can be found here.
- Time to adjust U.S. National Security Strategy amid unraveling of the global order, Stanford expert says (Stanford News): This article discusses Amy Zegart’s assertion that the power equation of world order is shifting as China continues to grow economically and will eventually surpass the U.S. there are profound international implications. This changing power dynamic coupled with the ability of technology to enable non-state and even lone actors the ability to wage cyberattacks has some far-reaching implications, according to the article. Zegart further posits that the current U.S. national security paradigm is modeled after the world as it existed in 1947 and thus has had some difficult adapting to modern-day challenges such as cyberthreats. Additionally, a movement away from more traditional military investment in conventional warfare towards the development of greater cyber capabilities is needed to meet the current and evolving threats, according to the article. The full text of the article can be found here, while the Zegart work is here.
Opinion: NY’s Proposed Cybersecurity Regulations come up Short
Governor Cuomo released proposed regulations yesterday through the Department of Financial Services (“DFS”) that would require Covered Entities to hire Chief Information Security Officers (“CISO”) and perform a number of other cybersecurity tasks which seems like a good step towards enhanced cybersecurity, but is it really?
Governor Cuomo Announces Proposal of First-in-the-Nation Cybersecurity Regulation to Protect Consumers and Financial Institutions (NY: Department of Financial Services): The Department of Financial Services (“DFS”) issued a press release today indicating that regulations have been proposed that will require multiple entities operating within the insurance and financial services sector to develop and maintain cybersecurity programs. The press release is available here.
The following was sent in response to a Request for Information (RFI) from the National Institute of Standards and Commerce
Input to the Commission on Enhancing National Cybersecurity
National Institute of Standards and Technology
[Docket Number: 160725650-6650-01]
Information on Current and Future States of Cybersecurity in the Digital Economy
Comments Due: September 9, 2016 5:00 PM Eastern Time
Christopher W. Folk is a third year student at Syracuse University College of Law. Christopher is a Research Assistance for Professor William C. Snyder who works within the Institute for National Security and Counterterrorism (INSCT). The views and opinions of this are the author’s alone. All of the opinions expressed herein are solely and wholly those of Christopher and do not reflect the official policy, or position of INSCT, SU College of Law, or Professor Snyder. Assumptions made within this analysis are not reflective of INSCT, Syracuse University College of Law, or Professor Snyder.
Cyber Roundup: White House names first Cybersecurity Chief; Oversight Committee rips OPM; Officials want to split Cyber Command and NSA
- White House names retired Air Force General as first cyber security chief (Reuters): Reuters reports that the White House has named its first Cybersecurity Chief. According to Dustin Volz, retired Air Force General Gregory Touhill will be the first appointee to fill the position. The article discussed the move as part of the Obama administration’s overall greater policy to bolster cybersecurity. The position was created at the same time the President asked for $19 billion for cybersecurity earlier this year. The full text of the article can be found here.
- Oversight Committee rips agency for data breach (The Hill): An article late last week discussed a Congressional Oversight panel’s conclusions after an investigation into hacks last year (full report can be found on the right). The article said that the hacks that led to stolen data on over 20 million people were easily preventable. A required two-factor identification process was not utilized by OPM, the report said. According to the article, failing to use this process not only led to the hacks, but broke the law. The full text of the article can be found here.
- Top Officials Want to Split Cyber Command from NSA (NBC News): A report from NBC says that top officials in the Obama Administration want to separate two major cyber military agencies. The NSA, the spying arm, and Cyber Command, which develops and uses cyber weapons, would function better as separate entities, the article said. A similar proposal came up in the past, but was never implemented. While the two agencies have similar functions, they operate in very different spheres and have different authorities. The full text of the article can be found here.
Professor William Snyder
is a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.
Anna Maria Castillo
is a third year law student at Syracuse College of Law. She is also pursuing a Master of Arts in International Relations at Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She currently serves as an executive editor in the Syracuse Law Review.
Christopher W. Folk
is a second year student at SU College of Law. Christopher is a non-traditional student, returning to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering and in addition to being a full-time student, Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law.
Jennifer A. Camillo
is a third year student at Syracuse College of Law. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She is a member of the Syracuse National Trial Team and was recently awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.
holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She has served as a law clerk in the United States Attorney's Office for the Western District of New York and the Public Defender Service for the District of Columbia and as an extern in the United States District Court for the Western District of Washington.
- Cyber Round Up: Who is China Really Hacking?; Pentagon Cyber Team Takes Major Operational Step; What a real cyber war would look like
- NIST: The Cybersecurity Framework
- Cyber Round Up: Government Lawyers Need More Tech Training; Senators Demand Answers from Yahoo; HHS another agency lacking in security
- NIST Special Publication: Network of “Things”
- Cyber Round Up: Yahoo expected to announce major data breach; Cybersecurity a threat to U.S. Military Supremacy; Attacks on Satellites could be catastrophic (Full Report Included)
- Cyber Round Up: Government Lawyers Need More Tech Training; Senators Demand Answers from Yahoo; HHS another agency lacking in security on
- Cyber Round Up: Yahoo expected to announce major data breach; Cybersecurity a threat to U.S. Military Supremacy; Attacks on Satellites could be catastrophic (Full Report Included) on
- New York: Proposed Regulations for Cybersecurity Come up Short on
- New York: Proposed Regulations for Cybersecurity Come up Short on
- New York: Proposed Regulations for Cybersecurity Come up Short on
- September 2016
- August 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010