Cyber Round Up: General pleads guilty in Stuxnet probe; Russian hacker arrested abroad; National Guard a unique contributor to cybersecurity
- 4 star general snagged for lying in Stuxnet leak probe (Politico): One of Obama’s closest generals pleaded guilty earlier this week in relation to leaks regarding U.S. cybersecurity efforts abroad, Politico reports. The article says General James Cartwright pleaded guilty to lying to federal investigators about his communication of classified information with a reporter and biographer. While the prosecutors did not explicitly address the program, according to Politico, the investigation is known to be centered around Stuxnet, a classified U.S.-Israeli cyber operation designed to debilitate Iran’s nuclear program. The report stressed that the government was determined for a felony conviction here, which reflects a divergence in its handling of other similar leaks in recent history. The full text of the article can be found here.
- Russian alleged hacker arrested in Prague over cyber-attacks in US (The Guardian): Another chapter unfolded in the cyber saga between Russia and the U.S., as multiple reports say that Czech police arrested a Russian believed to be involved in cyberattacks against the United States. An article from The Guardian says that the arrest happened over two weeks ago and was just made public now. The report stated that nothing indicates that this individual was involved in the recent series of attacks that have heightened tension in U.S.-Russian relations. The article emphasizes the role international law and cooperation plays in enforcing cybersecurity, and adds that the next step is determining whether the Czech government will extradite to the U.S. The full text of the article can be found here.
- National Guard uniquely positioned to contribute in cyber realm (Air Force News): A discussion regarding the role of the National Guard and its unique capabilities was part of the North American International Cyber Summit in Michigan earlier this week. One of many speakers at the event, General Joseph Lengyel acknowledged the benefit of having civilians with cyber experience serving in the guard. The article provides the General’s analysis, which says that as beneficial as military training is in the private sector, cyber experience from major corporations strengthens the Guard’s ability to respond to cyber incidents. The article provided further information detailing the National Guard’s strong cyber presence throughout the country and its long history in the cyber realm dating back to Y2K coding in 1999. The full text of the article can be found here.
US to launch cyberattack against Russia; CIA Director comments on ‘unprecedented’ cyber threats; Weaknesses in Aviation Systems
- Obama administration asks CIA to prepare revenge cyber attack against Russia (Independent): Significant media coverage in recent days has been devoted to the potential U.S. response to Russia’s election hacks, including an article from Independent. President Obama has asked the agency to explore potential options for a response attack, the article says. Vice President Biden, according to the article, said that the attack would come at a time the U.S. felt was best, and was meant to “send a message” to the Kremlin. The article suggests that that the CIA has already begun the operation, and has information that would “embarrass” the Russian government. The full article can be found here.
- CIA director: US faces ‘unprecedented’ cyber threats (Fox Atlanta): The director of the CIA addressed current cyber threats to the U.S. at a cyber summit in Augusta, GA where the U.S. Army Cyber Command is located. A recent article from Fox 5 in Atlanta discussed John Brennan’s comments, which included that the cyber threats to the U.S. are “unprecedented.” According to the article, federal agencies were involved in 640,000 cyber incidents in fiscal year 2014 alone. The article also said that Brennan stressed the importance of public-private relationships. More information on the conference can be found here, and the text of the article can be seen here.
- Aviation Officials Step Up Cybersecurity Checks of Older Messaging System (WSJ): An article by the Wall Street Journal highlights the potential threat of outdated messaging systems in airplanes. While the ACARS system doesn’t pose a threat that could immediately imperil flights, the article says, officials throughout Europe and the United States are looking to eradicate the venerability. The decades old system lacks many of the security features that exist today, and airlines are trying to update them. This system reflects a growing trend in commercial aviation to address the potential cyber threats that exist throughout the industry, the WSJ reported. The full text of the article can be found here.
Nuclear power plant disrupted by cyber attack; US points finger at Russia; Passwords the weak link of cybersecurity
- IAEA Chief: Nuclear powerplant was disrupted by cyber attack (Reuters): A report yesterday chronicled a cyber attack on a nuclear power plant a few years ago. Director General of the IAEA Yukiya Amano spoke of the incident publicly for the first time, describing it as “disruptive” but not destructive. While other attacks of this nature seem to be limited, the article suggests, other vulnerabilities with technology are discussed, and Amano said the cyber threat is “not imaginary.” The agency has made concerted efforts to focus on the issue, the article says. The full text of the article can be found here.
- U.S. ‘confident’ that Russia directed hacking attacks (Financial Times): The saga with the weaknesses in U.S. election systems and hacks of those systems continues, as the U.S. government officially pointed to Russia, according to a Financial Times article. DHS issued a joint statement with the Office of the Director of National Intelligence for Election Security, which can be found on the right. The official accusation represents escalated rhetoric from the Obama administration, the article says. Multiple other sources have discussed what’s next for the U.S. and Russia, including thoughts on Black Friday cyberattacks, as well as non cyber responses. The full text of the article can be found here.
- Passwords are the weakest link in cybersecurity today (CNBC): An article from CNBC highlights what former DHS Secretary Michael Chertoff believes is the biggest weakness in cybersecurity today. The article suggests that the common denominator in every major breach recently has involved weak passwords. A password can be immensely valuable, the report says, because so many people reuse the same password for multiple accounts. Chertoff suggests both using new technology to eradicate this problem, as well as increased government standards. The full text of the article can be found here.
Cyber Round Up: National Cyber Incident Response Plan; CNBC sponsors Cambridge Cybersecurity Summit; Microsoft promotes transparency worldwide
- National cyber incident response plan: We need your input (CSO): The Department of Homeland Security is seeking public comment on a recently released draft copy of the National Cyber Incident Response Plan. A recent CSO article highlights the Obama Administration’s focus on defining federal agencies’ roles in the event of a cyber incident. One major result of this effort is a combined effort from the government, private sector, and industry officials to develop a draft plan detailing a coordinated response, the article says. The full draft of the plan is in this post, and directions for submitting a comment can be found here. The article from CSO can be found here.
- Cybersecurity experts convene at CNBC summit as threat looms (CNBC): Embracing a similar theme as the above post, an article from CNBC highlights the necessary increase cooperation between government and the private sector in tackling cyber challenges. Prominent government officials from the FBI, NSA, and CyberCommand, as well as representatives from SAP, IBM, and Akamai are meeting today in Cambridge in a summit sponsored by CNBC, MIT, and The Aspen Institute. The article says that cyber crime will cost the global economy $445 billion in 2016. Increased cooperation between public and private sectors is crucial to being able to respond quickly and effectively to the growing cyber threats, the article argues. The full text of the article can be found here.
- Here’s Where Microsoft Opened a Cybersecurity and ‘Transparency’ Outpost (Fortune): Microsoft recently announced a plan to open a transparency and cybersecurity center in Singapore, according to a recent Fortune article. The center reflects Microsoft’s embrace of the public-private partnership theme that dominates today’s post, as it joins similar Microsoft facilities in Washington state, Belgium, and Beijing. The main purpose of the centers, the article discusses, is to provide foreign governments with source code and cybersecurity data. Public-private relationships are a major component in cybersecurity, and the way to achieve this is by building transparency and trust, Jonathan Vanian reports. The full text of the article can be found here.
Cyber Round Up: Who is China Really Hacking?; Pentagon Cyber Team Takes Major Operational Step; What a real cyber war would look like
- Cyber warfare: Who is China hacking? (CNN): An article from CNN analyzed the shifts in Chinese cyber warfare strategy. As mentioned in the recent Presidential debate, China is always on the radar as a potential cyber adversary, the article notes. The article quotes an official from FireEye as describing China’s cyber capacities as essentially another branch of the military. Following a meeting with President Obama last year, Kristie Lu Stout says, China has chosen to adhere to a more rules-based policy with the West and focused its attacks on countries closer to home. The full text of the article can be found here.
- Pentagon’s 5,000-Strong Cyber Force Passes Key Operational Step (Bloomberg): The Pentagon’s cybersecurity team has taken a big step in the right direction, Bloomberg Technology has said. The article outlines the timeline and procedure for the development of the cyber team, noting that it will be “initially operational” by the end of this week. While the squad will not be fully functional until 2018, Nafeesa Syeed writes, the centralized system will allow for a more streamlined and more effective strategy in attacking cyber adversaries. The focus for now, according to the article, is on “the alligators closest to the boat.” The full article can be found here.
- What a real cyber war would look like (USA Today): In a similar trend to the articles above with cybersecurity fresh on the media’s minds after the debate on Monday, a USA Today article discusses what cyber war may actually look like. Elizabeth Weise says that people should not except a sci-fi Armageddon à la Star Trek. One potential benefit of cyberwar is that it is more human and less expensive than armed attack, the article suggests, as the effects are reversible. Attacks on critical infrastructure are a legitimate threat, but the article poses the idea that the U.S. is in a superior position to handle attacks of that nature. The full text of the article can be found here.
National Insitute of Standards and Technology releases a video on the Cybersecurity Framework –> The Cybersecurity Framework
This is something we originally posted about back in 2013.
Regrettably, the four minutes and thirty-four seconds that I spent watching this video is time that should have been used otherwise. I suppose if you knew that NIST had a cybersecurity framework and you wanted to watch a snippet that mentioned this fact then this clip would be spot on, if you are looking for a “how do I use this,” or “what do I do” guide then please do not click on the above link. Instead, if you have any interest in understanding or potentially implementing the NIST cybersecurity framework, I recommend that you start with “Understanding and Implementing the NIST Cybersecurity Framework” article released via the Harvard Law School Forum on Corporate Governance and Financial Regulation.
It is vital to understand the problem from a high level and then to assess whether or not something such as the cybersecurity framework can be a tool that you can leverage in order to begin to qualify and quantify your cybersecurity status. Following a thorough analysis you can subsequently apply a rigorous framework to address the accompanying threats.
Having completed the reading above, head back to NIST to their Cybersecurity Framework page, from which you can access a wide varieity of case studies, guidance, and educational resources which will help you develop a more thorough understanding not only of what the framework is but also how it can be used effectively and efficiently.
Finally, if you find you have four and a half minutes and nothing to do, check out the video, it is potentially more effective than counting sheep (your mileage may vary — YMMV).
Cyber Round Up: Government Lawyers Need More Tech Training; Senators Demand Answers from Yahoo; HHS another agency lacking in security
- Government lawyers don’t understand the internet. That’s a problem (Washington Post): A recent article by the Washington Post discussed challenges government lawyers face when it comes to technical issues. The article discusses numerous cases in which the Department of Justice simply got it wrong when it came to understanding technical issues in different cases. The article reports that this is either a result of intentional exploitation of judges’ lack of knowledge, or the lawyers’ themselves not having the necessary background. Technology moves faster than the law, and we’re seeing the consequences now, according to the article by Garrett Graff. While the government has taken measures to improve this, much of the burden will fall on law schools to bridge the gap between the law and tech fields. The full article can be found here.
- Yahoo Breach: Senators Demand Answers (Wall Street Journal): This blog recently addressed the Yahoo breach before the full report came out. Further details have emerged showing that more than 500 million users information was compromised. The company initially denied knowing about the hacks but apparently reported the first breaches to the FBI. Six senators wrote to Yahoo CEO Marissa Mayer demanding more details on how the hacks were handled. The full letter can be seen at the right. The WSJ article can be found here.
- GAO slams HHS in health IT cybersecurity report (Modern Healthcare): A recent article by Modern Healthcare discussed what is being called a “scathing” report by the GAO. Health and Human Services is the latest government agency to come under the microscope and fall short of expectations in cybersecurity. Since 2009, according to the article, there have been over 1,600 breaches that compromised the health records of 500 individuals or more. The article says that two senators, Lamar Alexander of Tennessee and Patty Murray from Washington requested the report, which can be found below. The full text of the article can be found here.
NIST Special Publication 800-183 “Networks of ‘Things'”: In this publication Jeffrey Voas articulates that the differences between Internet of Things (“IoT”) and Network of Things (“NoT”) is subtle and the two are essentially interchangeable. Voas goes on to say that the IoT can be understood and broken down in terms of functionality, within five main themes, termed primitives:
- sensor: a device that measures various physical properties;
- aggregator: transform raw data into aggregated data using mathematical functions;
- communication channel: a medium through which data is transmitted;
- external utility: software or hardware product or service typically with a higher computational or processing element;
- decision trigger: creates final results needed to satisfy the purpose of the NoT
This NIST publication also postulates that in addition to the five primitives there are six basic elements which are critical to understanding and assessing the trustworthiness of IoT devices. The six primitives included in this publication are as follows:
- environment: this essentially defines the “where” that an IoT operates within, and is included in the IoT design given potential environmental considerations;
- cost: from an overall perspective, how much time and resources are required; critical given the fact that cost is major factor in the design and implementation of IoT devices;
- geographic location: the actual region or area in which an IoT is intended to operate within;
- owner: this also includes the operator and denotes who or whom controls or maintains the IoT device;
- Device_ID: this is a hardware ID associated with the IoT device at time of manufacture, similar to a MAC ID for network components;
- Snapshot: mechanisms to impose time stamping to aid the use of distributed systems for computational and distributed events
The full text of the article can be found here.
Cyber Round Up: Yahoo expected to announce major data breach; Cybersecurity a threat to U.S. Military Supremacy; Attacks on Satellites could be catastrophic (Full Report Included)
- Yahoo is expected to confirm a massive data breach, impacting hundreds of of millions of users (Recode): A report this morning from Recode says that Yahoo has suffered a massive data breach. The article says that while Yahoo reported an investigation of a breach earlier this summer, the actual numbers may be much worse. According to the report, 200 million users’ data was for sale in August. The news comes as Yahoo nears completion of its sale to Verizon. A similar comment in USA Today discusses the potential legal ramifications this hack could have, as regulating who bears the burden of the breach presents complex problems. The full text of the Recode article can be found here.
- Cybersecurity is threatening America’s military supremacy (TechCrunch): In a recent article, Paul Martini pushes back against the idea that cyber is a strength for the United States. The article outlines events in the Spratly Islands in the South China Sea where international tensions are growing. In addition to conventional military buildup, Martini identifies the cyber component as the real threat to the U.S. China, according to Martini, is able to penetrate the U.S. drone program. This conflict is representative of the new type of warfare the world will see, he says. The full text of the article can be found here.
- Cyberattacks on satellites could spark global catastrophe, experts warn (Independent): A recent report from Chatham House addressed satellites in space as another area where cybersecurity threats loom. An article from Independent discussing the report says that a world that relies so heavily on outer space does not invest in protecting that. Further, the article and report say, space is increasingly being controlled by the private sector as opposed to powerful nation-states. The forward thinking space community needs to adapt faster and more flexibly than typical regulation and legislation would, the report argues. The full text of the article can be found here. The full report from Chatham House’s David Livingstone and Patricia Lewis can be found on the right.
Cyber Round Up: Ridge – Cyber Attacks are now worse than Physical Attacks, Cyberwarfare: What are we doing today?, Time to adjust U.S. National Security Strategy
- Tom Ridge: Cyber attacks are now worse than physical attacks (Yahoo! Finance): According to this article by Daniel Roberts, the first secretary of the Department of Homeland Security, Tom Ridge, was quoted as saying the following at the Concordia Summit in NY:
Notwithstanding the pain and horror associated with a physical attack … the potential for physical, human, and psychic impact with a cyber attack, I think, is far more serious
Roberts indicates that Ridge’s comments were echoed to some degree by General Keith Alexander, (the first director of USCYBERCOM), who stated that “Nations are using cyber as an element of national power,” according to the article.
Roberts’ article goes on to say that Ridge stated that we now live in the “digital forvermore” and a cyber attack would represent a significant blow to our psyche. This article also posits that one of the take-aways from this Summit was that Silicon Valley and Washington need to work together to help counter some of the threats we face in the realm of cyber. The full text of the article is here.
- Cyberwarfare: What are we doing today? (U.S.A.F.): According to this Air Force public affairs piece, Lt. Gen. J. Kevin McLaughlin, Deputy Command of USCYBERCOM, indicates that the Air Force has moved from air to space and is now in the realm of cyber. The article indicates that USCYBERCOM has three missions:
- Defend the Defense Department Information networks;
- Support combat commanders. Forces are assigned to combat commands and possess both offensive and defensive cyber capabilities for joint force operations;
- protect US critical infrastructure from attacks, when so directed by the President or the Secretary of Defense
McLaughlin indicates that CYBERCOM is still expanding and is creating a persistent training environment, command and control capabilities, as well as developing tools for cyber situational awareness, according to the article. The full text of the article can be found here.
- Time to adjust U.S. National Security Strategy amid unraveling of the global order, Stanford expert says (Stanford News): This article discusses Amy Zegart’s assertion that the power equation of world order is shifting as China continues to grow economically and will eventually surpass the U.S. there are profound international implications. This changing power dynamic coupled with the ability of technology to enable non-state and even lone actors the ability to wage cyberattacks has some far-reaching implications, according to the article. Zegart further posits that the current U.S. national security paradigm is modeled after the world as it existed in 1947 and thus has had some difficult adapting to modern-day challenges such as cyberthreats. Additionally, a movement away from more traditional military investment in conventional warfare towards the development of greater cyber capabilities is needed to meet the current and evolving threats, according to the article. The full text of the article can be found here, while the Zegart work is here.
Professor William Snyder
is a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.
Anna Maria Castillo
is a third year law student at Syracuse College of Law. She is also pursuing a Master of Arts in International Relations at Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She currently serves as an executive editor in the Syracuse Law Review.
Christopher W. Folk
is a second year student at SU College of Law. Christopher is a non-traditional student, returning to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering and in addition to being a full-time student, Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law.
Jennifer A. Camillo
is a third year student at Syracuse College of Law. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She is a member of the Syracuse National Trial Team and was recently awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.
holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She has served as a law clerk in the United States Attorney's Office for the Western District of New York and the Public Defender Service for the District of Columbia and as an extern in the United States District Court for the Western District of Washington.
- Cyber Round Up: General pleads guilty in Stuxnet probe; Russian hacker arrested abroad; National Guard a unique contributor to cybersecurity
- US to launch cyberattack against Russia; CIA Director comments on ‘unprecedented’ cyber threats; Weaknesses in Aviation Systems
- Nuclear power plant disrupted by cyber attack; US points finger at Russia; Passwords the weak link of cybersecurity
- Cyber Round Up: National Cyber Incident Response Plan; CNBC sponsors Cambridge Cybersecurity Summit; Microsoft promotes transparency worldwide
- Cyber Round Up: Who is China Really Hacking?; Pentagon Cyber Team Takes Major Operational Step; What a real cyber war would look like
- Cyber Round Up: Government Lawyers Need More Tech Training; Senators Demand Answers from Yahoo; HHS another agency lacking in security on
- Cyber Round Up: Yahoo expected to announce major data breach; Cybersecurity a threat to U.S. Military Supremacy; Attacks on Satellites could be catastrophic (Full Report Included) on
- New York: Proposed Regulations for Cybersecurity Come up Short on
- New York: Proposed Regulations for Cybersecurity Come up Short on
- New York: Proposed Regulations for Cybersecurity Come up Short on
- October 2016
- September 2016
- August 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010