@War Book Review: “The Internet Has Become a Battlefield”

The current consensus in the cybersecurity realm is that the government and private industry need to improve cooperation and information sharing.  Shane Harris examines the pros and cons of this approach in his book @War: The Rise of the Military-Internet Complex.  The book takes the reader on a historical journey behind America’s cybersecurity policies and through this journey points out the unintentional consequences of the government’s defensive and offensive cyber tactics.  Shane Harris relied on his work over the years as a Washington journalist and think tank covering national security and cybersecurity to write his book, and his sources include unclassified material, interviews with those with access to classified material, as well as classified material revealed by Edward Snowden.  The book covers a number of important topics on cybersecurity, namely, the developing relationship between the government and the private industry, the damaging effects on national security caused by NSA’s attempts to protect our nation, and the potential for non-conventional cyber warfare.

Relationship between Private Industry and Government

According to Harris, the US government views protecting whole industries as the best way to protect cyberspace.  In order to serve this mission, the government first determines which industries are the most at risk, then contacts companies in those industries to share information about hackers targeting them.  The goal is for companies to incorporate this information into their own defensive strategies.  Many times the government issues temporary security clearances to CEOs of companies to initiate these conversations.

However, according to Shane Harris, US corporations do not necessarily welcome government cooperation in the realm of cybersecurity.  Many companies have their own cybersecurity divisions or hire consultants that specialize in cybersecurity.  Moreover, there is a constant revolving door between intelligence agencies and corporations.  Take the example of Keith Alexander, the former director of the NSA who has started his own cybersecurity consulting business.

Cooperation is further frustrated by the disparate interests of each entity: the company wants to protect the company while the government wants to gather information to prevent future attacks (and use for their own offensive needs).  To make matters worse, NSA’s tactics often backfire and weaken security interests.

NSA Tactics Backfire and Weaken Security

Harris avoids taking a side when it comes to the NSA privacy debate, but he does examine the effects of NSA cyber policies on national security.  According to Harris, the NSA has developed certain cyber strategies that undermine the very security of the technology they seek to protect.  For instance, the NSA has paid companies not to fix some vulnerabilities so that they can gather information about the hackers exploiting those vulnerabilities.  While this might be helpful for the intelligence community in the long-run, this strategy has led to the destruction of company resources in the short-term.

Another NSA tactic that has back-fired involves malware that the NSA has installed on foreign computers.  According to Harris, the NSA has implemented spying devices in at least 85,000 computer systems in 89 countries.  The issue is that the malware is installed in commercial technology used across the globe, including within the United States.  The idea is to manipulate vulnerabilities that can only be exploited by the NSA, but this idea backfires when the countries targeted discover the vulnerability and exploit the vulnerability to attack or spy on us.

Potential for Non-Conventional Cyber War

In the final chapter of @War: The Rise of the Military-Internet Complex, Harris summarizes the present state of cyber affairs and speculates on how the future may unfold.  Harris comments on how countries that are unable to compete with the United States by way of conventional warfare may find equal footing through cyber warfare.  Throughout his book, Harris focuses on the example of China, a country whose cyber force is five times larger than the United States.  In addition to describing how cyber tactics can be used in a non-conventional war, Harris describes the non-conventional damages that result from a cyber war.  China has used cyber attacks on American corporations to steal their commercial data and proprietary trade secrets to give Chinese corporations an edge in the global marketplace.

In addition to the above topics, Harris discusses the use of cyber tactics to turn the tables in the Iraq war, the roadblocks preventing companies from “hacking back” when hacked, as well as various examples of times when the US government has used offensive cyber measures.

Can we compare America’s current cybersecurity policies to Eisenhower’s Military-Industrial Complex? Harris thinks we can. For a historical analysis of the developments leading up to America’s current cybersecurity policies, as well as an in-depth look at some of the unintentional consequences of our past and current cyber policies, @War: The Rise of the Military-Internet Complex by Shane Harris is an excellent read. Click here to access the book on Amazon.

 

Share:

Tags: , , , , , ,

The Administration’s Proposed Statutory Change Explained

In an effort to apprise the public of the government’s ongoing effort to combat cyber crime, the DOJ began a series on its blog explaining some of the legislative proposals made by President Obama in January.  Each blog post will focus on a specific aspect of the proposal, and will outline the reasons behind the proposed changes.

The first post highlighted what we should all know: Individuals, organized criminal networks, and nation states that engage in cyber crime pose a serious threat to American citizens, businesses, as well as the nation’s economy.  The post also revealed the difficulties of protecting Americans because legislation still has not adapted to new technologies as the adversaries have.  The proposed changes include adding more types of illegal activities to existing laws, mainly 18 U.S.C. § 1345 (“section 1345″), to broaden their scope.

The second blog post focuses on section 1345 which authorizes federal courts to issue injunctions to stop the commission of certain fraud crimes and illegal wiretapping.  Once the court issues the injunction, law enforcement can launch an operation to shut down the networks that the attacks are originating from.  But crimes included in section 1345 are limited, and those that are included do not encompass many of the illegal activities that can be carried out using botnets today, according to the second blog post.  In 2014, the GameOver Zeus botnet was taken down under authority given by section 1345.  Although many computers worldwide were being targeted and made victims, the criminals behind the attack also targeted banks and bank customers which is what triggered section 1345, according to the post.

According to the post, the Administration’s proposed statutory changes would add the operation of a botnet to the list of offenses that would be eligible for injunctive relief.  The Administration’s proposal would allow the DOJ to seek injunctive relief to shut down botnets that victimize 100 or more computers.  The post explains that the numerical threshold allows the DOJ to focus on “enjoining the creation, maintenance, operation, or use of a botnet.”

The Administration is focusing on the ability of law enforcement to shut down botnets once it has already victimized computers, but wouldn’t it be more effective to focus on preventing the creation of botnets in the firs place?  I propose that in addition to statutory changes, the Administration begin programs designed to educate the general public on cyber-hygiene.  Personal computers can easily become a part of a botnet.  According to the FBI, a user can simply click a link in an unsolicited email to become infected with malware.

The following is a list of the FBI’s tips on protecting your computer:

  • Keep antivirus software on your computer and smartphone updated.
  • Use strong passwords, and avoid using the same one for everything.
  • Only download software from trusted sites.
  • Do not open attachments in unsolicited emails.
  • Patches for you operating system should be automatically downloaded.

Together, the efforts of the government, private sector and an educated public will likely improve our nation’s cyber security.

Share:

Tags: , ,

Bookmark These Cybersecurity Sites Today

For those working in cybersecurity or just interested in staying up to date in cybersecurity news, there are a plethora of sites today that you can turn to for your cybersecurity scoop.  However, when it comes to following cybersecurity news, the information found in standard journal articles and reports is often “way behind the times.” While this blog is of course the first place you should check in, Thomas E. Ricks, writing for FP Magazine, created a list of the best and worst sources to follow for cybersecurity news.

For the full list click here.  To get you started, I pasted the links for 15 sources from the “tech media” section of the full list which I have in my bookmarked collection of cybersecurity sources.

(1) Ars Technica>> Risk Assessment

(2) WIRED >> Threat Level

(3) Slashdot

(4) Hacker News

(5) Mashable

(6)  Dark Reading

(7) TechCrunch

(8) techdirt

(9) recode

(10) Politico morning tech

(11) The Register – Security

(12) Krebs on Security

(13) Light Blue Touchpaper

(14) Threatpost

(15) SANS Internet Storm Center

Click here for the full list which includes listservs, top cybersecurity government sites, as well as other unique avenues for cybersecurity news.

Share:

Tags: , ,

What’s wrong with the NSA monitoring Internet traffic?

Mar 11th, 2015 NSA, privacy

No comments

Questions for today: What is the difference between the NSA monitoring Internet traffic and the state police monitoring traffic along an interstate highway?  Especially when the NSA looks only at meta-data, how is that not like monitoring traffic as it goes by to look for speeders, unsafe drivers, wanted criminals, stolen vehicles, expired safety inspections, traffic patterns, etc.?  Discuss.

Share:

Tags: , ,

Pros and Cons of Hacking Back

Imagine: You are the CEO of a multi-million dollar company. Aware of the current cyber climate, you budgeted out a large chunk of your company’s money for cybersecurity. This morning you received a phone call from the head of security alerting you to a cyber breach. The good news is that your security team was able to discover the breach before a lot of damage could be done, and they were able to determine the source. The head of security just told you that he has the ability to perform a counter-attack against the cybercriminals that will shut down their equipment, preventing further damager to your network.  What do you do?

Well, your primary legal option is to call law enforcement and let them take over.  Unfortunately, law enforcement does not have jurisdiction where a lot of these cybercriminals operate and local police are often uncooperative.  Law enforcement is also constrained by the law: they can investigate but they do not have the authorization to impose punishment on their own.

This dilemma has led many to lobby for permission to “hackback” against cybercriminals on their own.  The Guardian reported on the demand for this alternative as well as legal obstacles and ramifications.  According to the report, senior banking officials, frustrated by sustained hacking campaigns from attackers in other countries, lobbied at February’s Davos forum for permission to track down hackers’ computers and disable them.  The former director of national intelligence on the Obama administration, Dennis Blair, considered explicitly authorizing cyber strikeback operations in a 2013 report he co-authored from the US Commission on the Theft of American Intellectual Property.

So what is standing in the way of companies taking matters into their own hands?

The Law

The law forbids hacking, even in self-defense.  The report mentioned the Computer Misuse Act in the UK and the Computer Fraud and Abuse Act in the US as examples of legal roadblocks preventing private hackback operations.

The current protocol is to contact law enforcement when you have been hacked.  However, as highlighted above, there are problems with this protocol: law enforcement seldom have jurisdiction, local police are often uncooperative, and even when law enforcement has jurisdiction, their role is investigatory. Continue reading

Share:

Tags: , , , ,

Pointing Fingers: Why the US has Fallen Behind on Financial Retail Security

In the United States, the standard payment system is based on payment cards with magnetic stripes that are not encrypted and can easily be read.  It is reportedly easy to forge magnetic stripe cards and the signature on the back of the cards provide criminals with an example of the cardholder’s authentic signature.  In the United States, cybercriminals breached the data security of Target, Home Depot, JP Morgan Chase, Sony, and Adobe, stealing the personal and financial information of millions of customers. In most of the rest of the world, a payment system thought to be more secure, the Chip and PIN system, has been adopted.  Not only does this system rely on encryption at the initial transmission, but the system also changes the encryption every time it is used, making it nearly impossible for a criminal to capture and use cardholder information as it is transmitted and processed through the system.  Yet, in the United States, this technology has not been adopted as the standard. Why has the United States fallen behind on this security matter during a period of time overwhelmed by financial data breaches? According to a recent Congressional Research Service report, The Target and Other Financial Data Breaches: Frequently Asked Questions,

Image Target Financial Breaches

the basic answer is . . . money.  According to the report, the cost of producing a magnetic stripe card (the US standard) is about $0.50 compared with $2.20 to produce a chip card. There are costs to those that adopt the heightened security, but no equivalent benefits.  According to the report, the issue does not fall into the hands of a single player, because in the payment card industry, the players include the businesses accepting payment cards, issuing banks, acquiring banks, the payment card companies, and the merchants.  As a result, a gridlock has occurred from each player pointing their fingers at another player to take responsibility and cover the costs. The report explained the situation in the following way:

To use a simple analogy, in a house shared by several roommates, each wants to see the house kept clean, but no one wants to clean the living room. . . . This creates a similar problem of participants trying to shift the costs of cyber protection to the other participants.

At first, the courts were called to play parent to the disputes between the various parties.  According to the report, the decisions by the courts were made on a case-by-case basis and often litigated under a variety of state laws, and this led to a lack of uniformity in the outcomes. As a result, people are starting to turn to Congress for answers.  The report highlighted the following proposals made during Congressional hearings on the topic:

  • Federal Data Breach Notification Law: Essentially, this law would require companies to notify individuals when their personal identifiable information has been compromised.  There has been some push-back concerning the potential displacement of state laws if Congress enacted this law.
  • Modifying Federal Trade Commission Statutory Power: Currently the FTC does not possess explicit statutory powers to impose monetary penalties or punitive fines on companies for unfair or deceptive trade practices related to a data breach, so some in Congress have called for passage of a law to strengthen the FTC’s statutory authority to penalize businesses that fail to adequately protect consumers’ personally identifiable information.
  • Creating Federal Standards for Data Security, Including for Businesses: Some in Congress are pushing the federal government to create standards for what represents a minimum acceptable level of data security, while others voice concerns that standards would be too rigid for such a rapidly evolving, technology-driven field as data security.  The report describes a number of bills in both the Senate and House that appear to create differing types of federal standards for data security (to read about those bills click here for the full report).  On February 12, 2014, the National Institute of Standards and Technology (NIST) issued its Framework for Improving Critical Infrastructure Cybersecurity, which sets out a voluntary framework.  While the voluntary nature of the framework removed direct means of enforcement, the Congressional Research report points out that the existence of the framework could potentially create a basis for a standard of conduct that could possibly become a benchmark for courts to evaluate liability relating to data security under tort and other law.

While the policy solutions above serve as a baby step in the right direction, they ignore the bigger issue of allocating responsibility to the parties best positioned to protect against cyber breaches. As a result, the finger pointing continues.  For example, according to the report, merchants complain that the excessive market power of payment card companies has forced an undue share of the costs on the merchants, who also bear a high share of penalties and indemnifications for breaches.  Merchants also argue that payment card companies are not spending enough to upgrade security technology.  On the other hand, banks complain that they pay most of the costs to reissue cards and reimburse for fraudulent charges and that often such breaches result from merchants’ security errors. So the players involved do what they can to shift the costs of technological improvements in security.  The payment card industry has announced that effective October 1, 2015, liability for fraudulent transactions (except for ATMS and gas stations) will be assigned to the merchant or issuer that is not Chip and Signature compliant. However, is this the type of problem that should be dealt with by marketplace forces? According to the report, an additional concern voiced by banks and payment card companies was that “if data security were to become a competitive factor, information sharing and cooperating on data security might be more difficult.”  Taking into account the current focus in the cyber landscape on data sharing, this concern could have major implications. Given the above issues, perhaps the only solution is for the government to mandate improvements.  What do you think?  To learn more, read the full report by clicking here.

Share:

Tags: , , , , ,

WANTED: Evgeniy Bogachev, Cyber Criminal

A $3 million dollar reward has been offered in exchange for information that leads to the arrest or conviction of Evgeniy Bogachev, a Russian national, believed to be the leader of the criminal organization responsible for the use of the malware “Gameover Zeus” (“GOZ”) and “Cryptolocker”, reported Reuters. Bogachev was named a defendant in the complaint, along with four other individuals whose real identities were not included, but who are known by “Temp Special”, “Ded”, “Chingiz 911″ aka “Chingiz”, and “Mr. Kykypyky”. The remaining four defendants are also believed to be Russian nationals who assisted Bogachev in the administration of GOZ.

The civil action was filed in the United States District Court for the Western District of Pennsylvania, and brought under 18 U.S.C. §§ 1345 and 2521. The government is seeking to enjoin all defendants from continuing to engage in wire fraud, bank fraud, and unauthorized interception of electronic communications, which are all in violation of 18 U.S.C. §§ 1343, 1344, and 2511. According to the complaint, all defendants are believed to be residing within Russia at this time. The FBI has also issued a “Wanted” poster for Bogachev.

Handout of Russian national Evengiy Bogachev is shown in this FBI Wanted Poster

Gameover Zeus (“GOZ”)

GOZ is a malware that infiltrates and turns computers into “bots”, which are then controlled by an unauthorized third-party unbeknownst to the owners. The third-party can then intercept, usually through “man-in-the-middle” attacks, sensitive information, such as banking credentials and social security numbers, being transmitted from those compromised computers. This is how GOZ is used to commit fraudulent financial activity. GOZ first emerged in September 2011, and has since been the cause of over $100 million in losses worldwide. In the US, victims include a bank in Florida, a composite materials company in the Western District of Pennsylvania, and an Indian tribe in Washington. Further, GOZ provides a vehicle for Cryptolocker to be installed in computers that have already been infected by GOZ.

Cryptolocker the “ransomware”

Cryptolocker is a malicious program that infects computers, and allows a third-party to encrypt files contained in the hard drives of infected computers. From there, the user of the computer that has been infected is prompted to pay a ransom in exchange for the key that will decrypt the encrypted files. The encryption algorithm is believed to be “effectively unbreakable”, accordingly refusing to pay the ransom could result in the loss of data. Since it emerged in 2013, Cryptolocker has infected over 230,000 computers, with over 120,000 victims residing in the US. Victims in the US include an insurance company in Pittsburg, Pennsylvania, a police department in Massachusetts, and a company in North Carolina.

What happens now that charges have been filed?

Last year the US Department of Justice also filed charges against five Chinese nationals accused of, among others, computer hacking and economic espionage. There are stark differences between these two cases though. First, unlike the Russian government, the Chinese government has not given any indication that it is even considering working with the US to combat cybercrimes, according to Reuters. The head of the FBI’s cyber crime division, Joseph Demarest, said that the FSB, Russia’s internal security agency, recently expressed “tentative interest” in working with the US on investigating cybercrimes, adds the report.  And secondly, the five charged individuals are known to be members of the Chinese military, whereas Bogachev and his associates are not known to be affiliated with the Russian government.

Despite the FSB’s recent statements regarding collaboration on cybercrime investigations, it remains unclear whether it will assist in Bogachev’s case, reports Reuters. Without Russia’s involvement, it will be difficult for the FBI to detain Bogachev as it cannot simply send agents into the country to extract him. Still, filing the charges can serve as more than a merely symbolic gesture. It will likely restrict Bogachev’s movement, considering entry into nations which have extradition treaties with the US could result in his detention and transfer to US custody.

The full complaint can be found here.

Share:

Tags: , , ,

Is the US Indirectly Supporting Cyber Vigilantism? A Look at The Jester…

Called a  “Patriotic Hacker”… “Cyber Vigilante” … “Cyber Patriot” … which only begs the question:

Who Is The Jester?

He has allegedly taken down more than 170 Jihadi websites since 2010.

He has over 66,000 Twitter followers.

He hacked Wikileaks.

He even hacked Anonymous.

Five months ago he agreed to take part in a rare interview with NBC 5 in an encrypted chat room.  The Jester told the NBC 5 investigators that he started hacking after realizing that there was a growing threat from Jihadis online using the internet to recruit, radicalize and even train homegrowners.  He told Homeland Security Today:

[I]nstead of endlessly talking about what we might do, or what we could do, I decided as a private citizen to get up and just do it . . . and, I also like to smite the bad guys. I guess that’s why I continue to do what I do.

What makes him unique, is that unlike hacktivist groups like Anonymous which are worldwide, and group-driven by various ideologies and rules, this lone wolf focuses on US enemies and views his work as patriotic.  According to US Army cyber-operations specialist T. J. O’Connor, the Jester has argued that the omnipotence and growth of the Internet has granted terrorists a safe haven, and stated his intentions to prevent such action.

O’Connor wrote a detailed paper on the Jester back in December 30, 2011.  Titled: “The Jester Dynamic: A Lesson in Asymmetric Unmanaged Cyber Warfare,” he “examine[d] the significant impact [this] lone-wolf patriot hacker has had over the course of the last two years, and what important lessons we can learn from him on how to wage a successful fight in this domain.”  O’Connor wrote that in the Jester’s first two years of hacking, he successfully attacked over 200 targets.  O’Connor also wrote that the Jester’s desire to deny Internet sanctuary to jihadists appears to stem from his military service.

So who exactly is this Jester? Ashlee Vance, reporting in The New York Times back on Dec. 3, 2010, quoted a Pentagon source as saying The Jester is “a former defense operative with knowledge of Special Forces activities” who “was a onetime military contractor who had worked on projects for Special Operations Command.” According to CNN Money, the Jester claims to currently hold a desk job in the cybersecurity and intelligence field.

How does the government view the work of the Jester? If one views actions more seriously than words, it is important to note that despite the fact that the Jester’s hacking is illegal under US laws, no criminal charges have been pursued against him.  The Jester told Homeland Security Today that he knew people inside the government.  In fact, according to Homeland Security Today, his Twitter followers include shadow operators in the US intelligence and counterterrorism communities.

More than a few told Homeland Security Today on background that The Jester has, at the very least, their tacit approval. From the shadows, he’s quietly applauded.

Is it true? Is the government acting under willful blindness of the illegal acts of this cyber Jester? Should they be? Is this alleged tacit approval a call for other lone wolfs to follow in his footsteps?

 

 

 

 

Share:

Tags: , , ,

NSA or Not, Equation Group is Recognized as the “Most Advanced” Threat Actor in Cyberspace

Another report has been released identifying widespread spyware breaches. This most recent report released by Kaspersky Lab, a cyberthreat firm, named the “Equation Group” the most advanced “threat actor” out of over 60 advanced attackers investigated by the firm over the past several years, reports Defense One. According to the report, the Equation Group has been active for “possibly” 20 years, and is thought to be affiliated with the NSA, although the Kaspersky report did not outright make that claim.

Kaspersky Equation Group Report Cover

Is Equation Group the NSA?

Kaspersky’s report implied that the Equation Group is associated with, or may even be the same group responsible for the Stuxnet virus. According to the report, a computer worm created by the group in 2008, known as Fanny, used two zero-day exploits also used by Stuxnet, and was spread throughout the Middle East and Asia. The report explained that the two exploits were used in Fanny even before the they were used in Stuxnet. Fanny and Stuxnet both used the LNK exploit to spread,  the report continued. Further, both Fanny and Stuxnet utilized a vulnerability in Microsoft’s software which was later patched by the Microsoft bulletin MS09-025, according to the report. Kaspersky asserted that this indicated that the Equation group had access to the exploits before the Stuxnet group did. Additionally, the delivery mechanism believed to be utilized by both Stuxnet and Fanny were USB sticks used to gain access to air-gapped networks, such as the Iranian network infected by Stuxnet. The similarities in the use of these exploits, and within the same timeframe, indicates that the group responsible for Fanny and Stuxnet are either working together or are the same, the report concluded.

Who does Equation Group Target?

Stuxnet is believed to be the product of a joint venture between the NSA and the Israelis, leading to the belief that the Equation Group is actually the NSA or at least closely affiliated with it. Defense One reported that the group’s operations seem to target the “appropriate” people, “enemies foreign.” This indicates that the group operates under predetermined parameters, using usernames and network addresses to pick out specific targets, the article added. Targets resided in about 30 countries including Iran, Russia, Syria, and Afghanistan, according to the article. The article also reported that in addition to thousands of individuals, the group has infected entities within governments, telecommunications, and energy sectors, among others. This method of using existing vulnerabilities is “much less disruptive” than inserting vulnerabilities “that leave everyone insecure,” Bruce Schneier explained on the Lawfare Blog. Just as Stuxnet specifically targeted the Iranian network controlling its nuclear centrifuges, the Equation Group also conducts its activities carefully and precisely, targeting specific actors worldwide.

How does the release of this report affect current operations?

Experts claim this exposure may prove problematic for intelligence-gathering operations against Islamic extremists, Defense One added. However, according to the article, experts also admitted that the revelation will not likely end intelligence gathering operations. Further, even though its operations have been publicized, the group may still continue using the same methods because those breached may not have the capability to “detect, remediate, and mitigate” the risk posed by the group, the article reported. Furthermore, it is unknown how long it would take to develop the capability to do just that, adds the article. The NSA released a statement refusing to comment directly on the assertions made in Kaspersky’s report, however, it was admitted that allegations such as this always pose a risk to the nation’s security, reports Defense One.

Kaspersky’s full report can be found here.

Share:

Tags: , ,

Cyber Round Up: Iran Learns from West; Auto-Hacking Risks on the Rise; Facebook’s Cyber Security Network; Traps over Firewalls

  • NSA: Iran Learns from Western Cyberattacks: The Intercept reports that by studying and replicating Western cyber tactics, a NSA document warns that Iran has been able to create increasingly sophisticated cyberattacks.  According to the article, Iran’s destructive cyber attack against Saudi Aramco in August 2012 is questionably similar to a cyberattacks against Iran’s own oil industry in April 2012.  The article notes the findings of a recent NSA document which suggests that Iran has become “a much more formidable cyberforce by learning from the viruses injected into its systems – attacks which have been linked back to the United States and Israel.”  The article makes an interesting point: that offensive cyberattacks on other states do not merely provoke counterattacks – those attacks can teach adversaries how to launch their own.  Read the full article by clicking here.
  • Auto-Hacking Increasing Concern: According to a new congressional report called “Tracking and Hacking,” as vehicles become more connected to the Internet, automakers are failing to take the necessary measures to protect them against cyber-attacks.  Not only can hackers control your steering, brakes, and accelerator, but they can also use the new auto technology to listen into your conversations while on your phone in your car (another reason not to use your cell while driving!). According to the report, the following wireless entry points to the 50 electronic control units that are a part of a car’s network include: tire pressure monitoring systems, Bluetooth, Internet access, keyless entry, remote start, navigation systems, WiFi, anti-theft systems and cellular-telematics.  How to make automakers take on more responsibility to prevent these cyber harms? According to U.S. Senator Edward Markey, the industry should consider adopting a rating system similar to the Insurance Institute for Highway’s Safety’s crash test ratings.  Read full articles on the report: by the Detroit Free Press here, and by 680news.com here.
  • Facebook Launches Cyber Security Network: As the US Government and companies continue to search for new ways to coordinate their defenses against cyberattacks, Facebook teams up with Yahoo and Pinterest to launch a social network for cyber security professionals to share clues about how hackers are behaving in the hope of preventing security breaches. According to Financial Times, Facebook’s new detection system called “ThreatExchange” is different than the others already out there for at least one significant reason: it is FREE. Capitalizing off of a business model which has worked for them in the past, the free social networking model, the new launch hopes to take advantage of the current number of members to direct this threat project.  Read the full report on the launch by Financial Times here.
  • Experts Say Traps More Effective Than Firewalls: The saying goes as follows: insanity is defined as doing the same thing over and over and expecting different results. Many cybersecurity experts are sending a similar message by pushing companies and governments to stop thinking about preventing cyberattacks with firewalls, and start thinking about trapping the enemy once they get inside.  In the past, firewalls have been the routine cybersecurity tactic for prevention, however, according to a report by the Dallas Morning News, cybersecurity experts are calling that method “old and outmoded.”  Instead, according to the article, we need to neutralize attackers once they’re inside networks rather than fixating on trying to keep them out.  Read the full article here.
Share:

Tags: , , , , ,

Next Page »

Authors

Untitled Document
Jennifer A. CamilloJennifer A. Camillo

is a third year student at Syracuse College of Law. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She is a member of the Syracuse National Trial Team and was recently awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She has served as a law clerk in the United States Attorney's Office for the Western District of New York and the Public Defender Service for the District of Columbia and as an extern in the United States District Court for the Western District of Washington. Full biography

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography

Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Categories