-
Chertoff calls for cyber-deterrence doctrine
More than 100 countries now have cyber-espionage and cyber-attack capabilities; both kinds of attack used the same tools and might be used to mount anything from a garden variety cyber-espionage attack resulting in the corruption of financial data to something that might result in loss of life, such as a possible attack against air-traffic control systems; governments should formulate a doctrine to stave off cyberattacks similar to the cold war-era principle of nuclear deterrence, according to former DHS secretary Michael Chertoff.; “Everyone needs to understand to rules of the game”
-
-
DHS, Pentagon enhance cybersecurity cooperation
The Pentagon and DHS unveiled an agreement on Wednesday designed to boost cooperation in defending military and private computer networks from growing cyber threats; cybersecurity was the scene of fierce turf battles under the previous administration between DHS and the Pentagon’s super-secret electronic surveillance National Security Agency (NSA)
-
-
Sector Report for Thursday, 14 October 2010: Cybersecurity
This report contains the following stories.
Plus 1 additional story.
-
-
Microsoft releases barrage of fixes at Stuxnet and more
Microsoft on Tuesday released a record high number of software patches aimed at countering computer threats including a Stuxnet “worm” attacking industrial networks; the 49 fixes released by Microsoft were ranked in importance from “critical” to “moderate” and addressed vulnerabilities in an array of Microsoft programs used in personal computers
-
-
Microsoft cleaned 6.5 million zombie PCs during April-June 2010
Microsoft cleaned in excess of 6.5 million zombie computers between April and June 2010, but the company’s efforts alone are not enough to put a stop to the increasing threat that botnets represent to users, businesses and critical infrastructure
-
-
Britain faces "real and credible" cyber threat: intelligence chief
In a rare public speech, Iain Lobban, director of the Government Communications Headquarters (GCHQ), said that there is a “real and credible” cyber threat to U.K. infrastructure, and that Britain’s economy could be at risk if effective protection against cyber attacks was not developed
-
-
Briton gets 4-months jail for refusing to disclose password
A 19-year old Briton used a 50-charcter password to protect child pornography files he kept in his computers; the court ordered him to reveal the password, but he refused and was sentenced to sixteen weeks imprisonment
-
-
Experts: Stuxnet "a game changer"
EU cybersecurity agency warns that the Stuxnet malware is a game changer for critical information infrastructure protection; PLC controllers of SCADA systems infected with the worm might be programmed to establish destructive over/under pressure conditions by running pumps at different frequencies; Dr. Udo Helmbrecht, chief of EU’s cybersecurity agency: “Stuxnet is a new class and dimension of malware—- The fact that perpetrators activated such an attack tool, can be considered as the ‘first strike’ against major industrial resources. This has tremendous effect on how to protect national [cyber and critical infrastructure] in the future’
-
-
Skullduggery on a massive scale
Stuxnet, the malware which attacked more than 30,000 computers used in industrial control systems in Iran, including that country’s nuclear weapons facilities, represents a new class and dimension of malware; it can reach into the physical world, allowing attackers to run motors so fast they burn out, to turn off alarms and safety cut-offs, open effluent valves and activate pumps — in the words of Paul Marks, it allows attackers to “carry out industrial sabotage and skullduggery on a massive scale”
-
-
Malware will soon steal behavioral patterns
Examples of malware which steals personal information are all around us, sometimes for the purpose of making it public and at other times for profit; computer scientists predict that a new generation of malware will mine social networks for people’s private patterns of behavior
-
-
U.S. implements president's cybersecurity recommendations
GAO reports that of the 24 recommendations included in the president’s May 2009 cyber policy review report, 2 have been fully implemented and 22 have been partially implemented; the two fully implemented recommendations involve appointing within the National Security Council (NSC) a cybersecurity policy official (Special Assistant to the President and Cybersecurity Coordinator) responsible for coordinating the U.S. cybersecurity policies and activities, and a privacy and civil liberties official. Examples of partially implemented recommendations include
-
-
Iran: Stuxnet infected industrial computers cleaned
Iran claims that Stuxnet, the sophisticated virus which has infected more than 30,000 computers used in industrial control systems in Iran, has been removed; Iranian officials also denied that the Bushehr nuclear reactor was among the addresses penetrated by the worm
-
-
Impact of cyberattack on U.S. could be "an order of magnitude surpassing" 9/11
Former director of national intelligence and director of the National Security Agency Mike McConnell and Bush administration Homeland Security Adviser Fran Townsend say the United States is unprepared for a cyberattack and must overhaul its defenses; they said a large-scale cyberattack against the United States could impact the global economy “an order of magnitude surpassing” the attacks of 9/11; McConnell: “The warnings are over; it could happen tomorrow”
-
-
U.S. Cyber Command will not go operational today as planned
The U.S. Cyber Command was to become operational today — but difficulties in recruiting qualified uniformed staff and lack of clarity about the Command’s mission have led the Command leaders to say that rather than fully operational, the Command, for the time being, will remain only at “initial operational capability”
-
-
Sector Report for Thursday, 30 September 2010: Cybersecurity
This report contains the following stories.
Plus 2 additional stories
-
The long view
Researchers Calculate Cyberattack Risk for All 50 States
Local governments are common victims of cyberattack, with economic damage often extending to the state and federal levels. Scholars aggregate threats to thousands of county governments to draw conclusions.