The Pew Research Center recently conducted an online survey on cyber security. The majority of participants were unable to answer even half of the questions correctly. The article reporting the results contains a link to the 13 question quiz so you can see how you compare to the average American.
According to the article, the quiz results show that despite the increasing importance of good cyber hygiene, most people still don’t understand important cyber security issues and terms. The results seemed to indicate that most people understand the basics, like password strength and public Wi-Fi networks. More technical issues, the article explains in depth, is where people run into problems.
The article contains many useful graphics depicting the results. The quiz results and analysis can be found here.
Syracuse University came out on top in new rankings for the best college cyber security programs. Military Times produced the rankings, which had University of Nebraska-Omaha, Drexel University, Bellevue University, and University of Maryland finishing two through five, respectively.
An article discussing the results and methodology explained that several factors were taken into consideration. One factor that was given considerable weight was recognition from the National Security Agency as a Center of Academic Excellence. Syracuse received this designation in multiple programs.
Other factors included the presence and number of ABET-accredited computer science programs at a school, the proportion of degrees awarded at a school that fall under computer science generally, and the proportion of degrees awarded at a school that fall under computer security specifically.
The article also noted Syracuse University’s partnership with the Air Force Research Laboratory, which allows students to participate in a Cyber Engineering Semester where they receive cyber security training.
The Military Times article, which includes quotes from Syracuse University Professor Shiu-Kai Chin, can be read here.
Cyber Round Up: Gorsuch on Cyber Part Two; Obama issued late Operational Directives on Cyber; AI and Cyber: Changing the Locks
- Gorsuch on Cyber-Related Issues: Part Two (Lawfare): Two weeks ago, we recapped the first in a series of posts covering Supreme Court Justice nominee Neil Gorsuch and his depth of knowledge in cyber. The second part was posted last week and covered computer searches, specifically in the context of timeliness and particularity. The post discusses Gorsuch’s decision in U.S. v. Christie, where he analyzes two separate lines of cases that are relevant to the issue. The blog also noted that Gorsuch makes a “bold” argument that not just the “what” of the search matters, but also the “how.” The full blog post, including some analysis of other Gorsuch decisions, can be read here.
DHS issued two more Binding Operational Directives on cyber in final months of Obama term (Federal News Radio): DHS is benefiting from expanded authority given to it by Congress in 2014. That authority, an article explains, gives DHS the ability to force other agencies to improve their cyber security measures. The article explained that while two directives were already made public, former DHS Secretary Jeh Johnson issued two more late in the Obama administration’s tenure. The first ordered agencies to remedy vulnerabilities in Cisco products. The second mandated compliance with the 2014 Federal Information Security Modernization Act. The full report can be read here.
How AI can ‘change the locks’ in cybersecurity (Venture Beat): Artificial Intelligence continues to gain traction as potential solution to cyber security challenges. A recent article explains how AI systems can help compensate the inevitable flaws that come from human error and security. The report uses the analogy of moving into a neighborhood where everyone has the same locks, and says this is the way security software works. AI offers a solution to this program, which the article describes as a “moving defense.” The full article can be found here.
Cyber Round Up: Brenner and MIT’s Report; Germany emerging as cyber leader; FCC has flaw in communications infrastructure
- Former NSA Inspector General Releases Cybersecurity Recommendations For Trump (WBUR Boston): A recent article summarized an MIT report that recommended eight ways for President Trump to secure critical infrastructure. The article said that the report featured guest writing from former NSA IG Joel Brenner, and advocated for including the private sector. The article contains some quotes from Brenner where he explains the key components of the report. The full report is included in this post, and the article can be read here.
Germany steps up leadership in cybersecurity (Microsoft Secure): Recent commentary on a Microsoft blog highlighted how Germany has emerged as leader in the cyber world. The article notes that this is significant not just because Germany is a top five world economy, but that it has major influence in the EU. The article discusses numerous metrics and different reports produced by Microsoft, but emphasized Germany’s ability to develop fruitful public-private partnerships. The post explains how Germany’s recent cyber strategy builds on a couple year old cyber law. The in depth post can be found here.
- What Is SS7? Legislators Ask FCC To Examine Security Flaw In Communications Infrastructure (International Business Times): An article earlier this week discussed a request from two Democratic Congressmen to the FCC to address a known vulnerability with cell phone security. Signaling System 7 (SS7) is an international communications standard, the article explained. That standard has weaknesses that allow hackers to read texts, listen to calls, and track locations. The vulnerability was discovered in 2014, but the U.S. lawmakers believe that the industry has not done enough to remedy the weakness. One of their solutions, the article says, is encryption. The full article can be read here.
Cyber Round Up: Congress repeals Internet privacy protections; DHS misses cyber policy deadline; Mnuchin expresses cyber concerns
- Congress just killed your Internet privacy protections (CNN): Congress voted along party lines to repeal internet privacy protections yesterday. According to one article, the fate of privacy now rests with President Trump and the White House is on the record as “strongly support[ing]” the repeal. The rules had not yet taken effect, but would have required internet service providers to acquire customers’ consent before using personal data from browsing history, geo-location, etc. The article lays out the main arguments from each side of the aisle, and discusses how most people aren’t aware of how their information is being shared. The full article can be read here.
- DHS misses deadline to submit cyber strategy to Congress (The Hill): DHS failed to meet the deadline to submit its cyber strategy to Congress, and it isn’t going to happen anytime soon, according to one article. The National Defense Authorization Act that was passed in December required a strategy to be produced within 90 days. According to the article, one DHS official stated that the strategy may take months to complete while Trump administration weighed in. The lack of strategy follows the long delay of a cyber Executive Order that President Trump was expected to sign in January. The full report can be read here.
- Treasury Secretary Mnuchin Highlights Concerns Regarding Cybersecurity (National Law Review): A recent report says that concerns about cyber security extend to the Department of Treasury. In a speech last week, Secretary Mnuchin identified the issue as a primary concern, the article said. Mnuchin expressed his desire for all regulatory agencies to incorporate cyber security into their oversight functions. The brief post also mentioned the enhanced cyber risk standards set forth by banking agencies in October. The full summary can be found here.
NATO to Seek Bids for $3.2 Billion in Satellite, Cyber Security (Bloomberg): Pending NATO contracts will focus on satellite communications, air and missile defense systems, software, and cyber security. An article said that the $3.2 billion commitment is representative of the organization’s adjustment to new threats, including those from Russian meddling and increased cyber attacks. Specifically, about 290 million of the 300 billion euros will be devoted to cyber security, the article reported. The contracts will be outlined during April’s conference in Ottawa and bids will be accepted by the end of this year. The full article can be read here.
US cybersecurity policy has ‘a real deterrence failure,’ Endgame CEO Nate Fick says (CNBC): The U.S. isn’t ready to respond to cyber attacks, or at least, that’s what Endgame CEO Nate Fick thinks. In an interview with Jim Cramer, Fick said that the Russia meddled in the elections in the cyber realm because they knew the U.S. wouldn’t respond. If Russia had physically sent agents to the polls, it would be a totally different story. Fick explained that not all parts of U.S. government are behind in cyber, and in fact, some, like the Air Force, are leading the way. Shifting to a discussion of the private sector, where he partially pitched his own software company, Fick said that businesses should take a value based approach to cyber security. The full interview and article can be seen here.
- Apple just made a historic and risky change to all iPhones — and you probably didn’t even notice (Business Insider): Apple’s new software update for devices like iPhones and iPads included its new Apple File System. A report earlier today explained why replacing the antiquated system makes sense, but also noted that it includes an increased level of encryption. An older article covering Apple’s decision to adopt the new system explained that the software allows a user to to choose between “no encryption, single-key encryption, or multi-key encryption with per-file keys for file data, and a separate key for sensitive metadata.” The articles dicussing the new software can be read here and here.
Cyber Round Up: Good news for federal cybersecurity; Swiss pick Watson to confront cybersecurity; De-risking cities: connectivity and cybersecurity
- A rare piece of good news for federal cybersecurity (FCW): There is some sign of progress amidst all the negativity surrounding the government and cyber security. An article late last week discussed DHS’s Credentials and Authentication Management task order. The program focuses on identity and access management, a problem the article suggests is behind every major breach of the U.S. government in the last five years. The article highlights the two strongest factors of CRED, the first of which is that the program is actually giving agencies the capability to create a master record for monitoring access. Second, the grant was crafted with bonuses to incentivize agencies that go beyond the minimal requirements, allowing them to improve efficiency. The full article can be read here.
- SIX picks IBM Watson for cybercrime fight (Banking Technology): This blog recently recapped a report that IBM’s Watson will be used in the fight against cybercrime. A recent article reported that the Swiss market security infrastructure SIX will use the technology to bolster its cyber operations. The Security Operations Center will use Watson’s ability to tap into over a million documents in order to do a comprehensive threat assessment. SIX officials called the cognitive software a “perfect match.” The full article can be read here.
- De-Risking Cities: Connectivy and Cybersecurity (Planning Report): The VX 2017 Conference was recently held for industry leaders to gather and discuss relevant issues in technology and clean energy. A panel including representatives from the LA Department of Water and Power, Metropolitan Water District of Southern California, and the Information Systems Audit and Control Association addressed how to mitigate risk with critical infrastructure. The article, which can be found here, includes the full transcript of the panel discussion.
Cyber Round Up: North Korea implicated in Federal Reserve cyberheist; Gorsuch Knows His Cyber; Cybersecurity Bill of Rights
- U.S. Preparing Cases Linking North Korea in Theft at N.Y. Fed (WSJ): Federal prosecutors are preparing a case that would charge Chinese middlemen for orchestrating a major bank robbery for North Korea. An article this week from the Wall Street Journal said that the $81 million robbery from the Federal Reserve was conducted entirely online. The cyber thieves used access codes from Bangladesh’s central bank to transfer the money from the Federal Reserve accounts to four different banks in the Philippines. The article also said that these same cyber actors have connections to the 2014 Sony hacks. The article quoted an NSA official who stressed the significance of a nation state robbing banks, if the allegations against North Korea were true. The full article can be read here.
Gorsuch on Cyber-Related Issues: Part One (Lawfare): Supreme Court nominee Neil Gorsuch is well versed in cyber related issues. Commentary earlier this week explained how Gorsuch, when the issues are appropriately before him, is able to understand and engage with the technology at issue. The article stressed that with a Supreme Court that is technologically challenged, Gorsuch could be a useful addition. This post in particular is the first in a series of three examining Gorsuch’s cyber decisions, this one focusing on U.S. v. Ackerman. The full explanation of the decision can be found here.
It’s time for a Cybersecurity Bill of Rights (The Hill): An opinion piece this week stressed the need for a cyber Bill of Rights. The post listed an example of all the devices that record or track our lives, and said our privacy is more in jeopardy than ever before. The U.S. Constitution does not specifically address privacy, and the author believes a series of amendments to define privacy protections in the modern era is necessary. The article explains why privacy is more than just data security, and proposes three rights that should be established. Those rights are the right to privacy, the freedom to code, and the freedom to socially interact on the internet. The full post can be read here.
The United States Court of Appeals for the Third Circuit handed down its decision in United States v. Apple Mac Pro Computer earlier this week. The case involves a former Philadelphia police officer, Francis Rawls, who was being investigated for child pornography. Mr. Rawls refused to decrypt two hard drives that the government claimed contained child pornography. Mr. Rawls argued that decrypting the hard drives was the equivalent to self-incrimination which would be a violation of the Fifth Amendment. When Rawls chose not to comply with the orders, he was held in contempt and was jailed.
The Third Circuit made its decision without addressing the Fifth Amendment question, instead choosing to uphold the forced decryption under the All Writs Act. While not providing subject matter jurisdiction itself, the Act was intended to aid courts in executing their existing jurisdiction. The court stated, “[T]he Magistrate Judge had subject matter jurisdiction under Federal Rule of Criminal Procedure 41 to issue a search warrant, and therefore had jurisdiction to issue an order under the All Writs Act that sought ‘to effectuate and prevent the frustration’ of that warrant.”
In upholding the Decryption Order under the All Writs Act, the Third Circuit sidestepped the Fifth Amendment issue. Eventually, the Supreme Court will have to clarify whether forced decryption can be squared with the Fifth Amendment. As Orin Kerr discussed, the Third Circuit provided some insight as to how the case may have been decided under the Fifth Amendment and the “foregone conclusion” doctrine. In a footnote, the Third Circuit suggests that the “foregone conclusion” analysis should not necessarily focus on whether the government knows the content of the devices. Instead, the Court said, “a very sound argument can be made that the foregone conclusion doctrine properly focuses on whether the Government already knows the testimony that is implicit in the act of production.” Kerr’s post explains that the footnote is dicta, but provides strong support for the government in future cases. He further explained that this decision avoided a split between circuits.
The entire Third Circuit decision is included below.
Cyber Round Up: Challenges for Rob Joyce; Proposal gives DHS $1.5 billion for cyber; Congressman wants cyber version of National Guard
- Challenges Ahead For New White House Cybersecurity Advisor (Forbes): Commentary earlier this week addressed some of the many challenges that will be facing recently appointed cyber security adviser Rob Joyce. The article labeled the former NSA hacker as “the poster child for. . . distrust” that is so commonly associated with the NSA in the post-Snowden era. Coupled with President Trump’s apparent disregard for privacy rights, the article suggests that having one of the nation’s lead hackers could pose a very scary situation. The article also quoted those in the field who praised Joyce as a strong pick. The full article can be found here.
- Trump’s budget proposal gives DHS $1.5 billion for cybersecurity (The Hill): The blueprint of President Trump’s budget includes a significant allocation to securing cyber space. An article yesterday explained that $1.5 billion would be given to DHS to secure federal networks. The article quoted the blueprint as stating that, “Through a suite of advanced cyber security tools and more assertive defense of government networks, DHS would share more cybersecurity incident information with other federal agencies and the private sector, leading to faster response to cybersecurity attacks directed at federal networks and critical infrastructure.” The article also said that agencies would be scored on their cyber security practices and would be held accountable. The full article can be read here.
- Congressman proposes creating a National Guard for cybersecurity (Military Times): A young Democrat from Arizona and a former U.S. Marine has suggested a type of cybersecurity reserve similar to the National Guard. The article summarized Congressman Ruben Gallego’s talk at the South by Southwest conference, where he said that the best cyber minds won’t be drawn to the long hours and low salaries of typical government jobs. Nor would they have any interest in physical training or boot camp. Instead, the article says, “cybersecurity warriors” would be on call whenever the nation needed them. The full article and details of Gallego’s talk can be found here.
Professor William Snyder
is a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.
Christopher W. Folk
is a second year student at SU College of Law. Christopher is a non-traditional student, returning to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering and in addition to being a full-time student, Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law.
Ryan D. White
Ryan is currently a second year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic.
Anna Maria Castillo
is a third year law student at Syracuse College of Law. She is also pursuing a Master of Arts in International Relations at Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She currently serves as an executive editor in the Syracuse Law Review.
Jennifer A. Camillo
is a third year student at Syracuse College of Law. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She is a member of the Syracuse National Trial Team and was recently awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.
holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She has served as a law clerk in the United States Attorney's Office for the Western District of New York and the Public Defender Service for the District of Columbia and as an extern in the United States District Court for the Western District of Washington.
- Cyber Round Up: Cyber Extortion Surges — Victims Continue to Pay; Chinese Hackers shift focus to Asia; Russia may be hacking the French Election
- CRS Report Released: Cybersecurity: Critical Infrastructure Authoritative Reports and Resources
- Cyber Round Up: Australia’s Cyber Strategy; Trump’s Strategy is Late; Bose is Spying on Listeners, Lawsuit Says
- Cyber Round Up: Russia’s ‘Electronic Bomb’; FOIA and Government Encryption; Cyber Policy and Geography
- Cyber Round Up: U.S. May Have Thwarted N. Korean Missile Launch; Moving Beyond ‘Patch and Pray’; Army Reserves Focusing on Cyber Skills
- Cyber Round Up: North Korea implicated in Federal Reserve cyberheist; Gorsuch Knows His Cyber; Cybersecurity Bill of Rights on
- Cyber Round Up: IBM turns Watson into cyber weapon; Army introduces cyber fast track; Details on China’s new cyber law on
- 2009 v. 2017 in Cybersecurity: Comparing Recommendations for 44th and 45th Presidencies from The Center for Strategic and International Studies on
- Trump Should Try Blockchain (And “Blockchain for Dummies”) on
- Opinion: Proposed NY Cybersecurity Regulations — Not Great but better than nothing? on
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010