GCIS INTELLIGENCE BRIEFING: Cyber attackers have the edge, experts admit

 

ISSUED BY: GCIS Communications Command Center

SOURCE: NextGov

02April2011 1:24pmEST

GCIS INTELLIGENCE UPDATE: Top American cybersecurity officials said on Thursday they need to work closer with private industry and other governments to fight the changing threat from ever-craftier cyber attackers, who have a new array of targets from power grids to bank accounts made vulnerable by the Internet.

Such cyber attackers have an edge right now, experts told the Air Force Association's Cyberfutures Conference.

Gone are the days of high-profile viruses with catchy names. Now cybercriminals use less destructive, but more targeted attacks to steal money, information, or intellectual property, said Greg Schaffer, who leads cybersecurity and communications efforts for the Department of Homeland Security. (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS INTELLIGENCE BRIEFING: Report: Despite Earlier Warning, Nasa Still Vulnerable To Cyber Attack

ISSUED BY: GCIS Communications Command Center

SOURCE: Crunch Gear

29March2011 8:50pmEST

GCIS INTELLIGENCE UPDATE: One day after McAfee warned about the dangers of corporations becoming vulnerable to hackers, we now learn that Nasa has similar concerns. Its inspector general, Paul Martin, has written a report [PDF] entitled “Security Practices Expose Key Nasa Network To Cyber Attack,” and you can guess what that means. Actually, don’t bother guessing. The report warns that six of Nasa’s servers that just so happen to contain critical data are vulnerable to remote attack. And if a hacker were so inclined, he could exploit those vulnerabilities to get further inside Nasa, wreaking all sorts of havoc (say, “cripple Nasa’s operations”) in the process. Again, panic.

The report criticizes Nasa for both not recognizing or doing much of anything to address these problems. Head in the sand, la-la-la nothing’s happening, nothing’s happening, that kind of thing.
(read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS INTELLIGENCE BRIEFING: DHS launches 3-tier cyber strategy

ISSUED BY: GCIS Communications Command Center

SOURCE: Federal News Radio

29March2011 4:09amEST

GCIS INTELLIGENCE UPDATE: The Homeland Security Department is working on a new 3-tier approach to combat cyber attacks.
The idea is based on automation, interoperability and authentication. DHS hopes this 3-tier approach could make networks more secure. (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS INTELLIGENCE BRIEFING: RSA security breach compromised federal network ID tool

ISSUED BY: GCIS Communications Command Center

SOURCE: NextGov

24March2011 7:00amEST

GCIS INTELLIGENCE UPDATE:  A product many federal employees use to log on to computers and networks should be regarded as compromised, due to the infiltration of key information about the application during a cyberattack against manufacturer RSA, some security experts said.

The Homeland Security Department — the civilian agency that oversees commercial and government cybersecurity — has relayed mitigation procedures to federal agencies that have installed RSA's SecurID tools, the department announced on Friday. A DHS official on Monday said the government is not recommending that agencies replace their SecurID products. The department is helping RSA and clients who control critical infrastructure deal with the threat to the devices, which are a single point of failure in the computer security ecosystem, according to some industry observers.

Agencies "should consider [the ID tools] breached," said Tom Kellermann, a former World Bank computer specialist and now an executive at Core Security Technologies, a firm that lawfully penetrates its clients' systems to identify network weaknesses.

SecurID, which verifies the identities of authorized users, consists of a token — a portable physical object such as a smart card or USB drive that controls access to a system. The device displays a continuously changing code that the user enters, in conjunction with a personal identification number, or PIN, to log into a network through a process known as two-factor authentication. (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBERSECURITY BRIEFING: RSA SecurID Theft Spawns Speculation on Potential Attack Scenarios

ISSUED BY: GCIS Communications Command Center

SOURCE: EWeek

22March2011 4:30amEST

GCIS CYBERSECURITY UPDATE:  The network of one the world’s largest and trusted security firms has been breached, and an unknown amount of information about its popular multifactor authentication technology has been stolen. Customers are worried about what form potential attacks could take.

The SecurID information that was stolen would not allow attackers to launch a successful direct attack on existing SecureID customers, Art Coviello, executive chairman of RSA Security, wrote in an open letter to customers posted on the company’s Website March 17. However, the company acknowledged the information could be potentially used to “reduce the effectiveness” of an existing SecurID deployment as part of a broader attack.

With RSA keeping mum about what exactly was stolen, when the data breach occurred, how attackers got into the network and how long the breach lasted, security experts can more or less give their imaginations free reign to suggest potential attack scenarios.

Adam Vincent, CTO of the Public Sector group at Layer 7 Technologies, wondered about the implications of a broader attack hinted at by Coviello. “Reading between the lines,” RSA made it sound as if the data theft made RSA SecureID ineffective without needing to compromise any specific usernames or passwords, Vincent told eWEEK.

The “well-organized group” of hackers behind this targeted attack would have to complete “many steps” to successfully attack an organization using SecurID tokens for authentication, Nick Percoco, senior vice president of SpiderLabs, told eWEEK. While it was “less likely” there will be a direct head-on attack, it wasn’t impossible, he said. (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBER-SECURITY BRIEFING: Cyberattacks against federal networks were up 40 percent in 2010

 

ISSUED BY: GCIS Communications Command Center

SOURCE: NextGov

21March2011 9:00amEST

GCIS CYBER-SECURITY UPDATE: The number of attacks against federal networks increased nearly 40 percent last year, while the number of incidents targeting U.S. computers overall was down roughly 1 percent for the same period, according to a new White House report to Congress on federal computer security.

"Malicious code through multiple means," such as phishing and viruses, "continues to be the most widely used attack approach," Office of Management and Budget officials wrote. Phishing scams lure victims with fake e-mails apparently from legitimate organizations, such as banks, that instruct them to submit sensitive information, including passwords, on phony websites.

In fiscal 2010, federal agencies reported 41,776 cyber incidents vs. 30,000 attacks in 2009, the year the Conficker worm installed malicious software on millions of home, business and government computers. (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBER-SECURITY BRIEFING: Faceless Enemies Claim Sovereignty on Internet’s Borderless Battlefield

 

ISSUED BY: GCIS Communications Command Center

SOURCE: AFCEA

07March2011 9:00amEST

GCIS CYBER-SECURITY UPDATE: Computer networks are essential to global productivity and collaboration. They also are weapons: More harm is possible from a network attack than from a machine gun, according to experts gathered in London to discuss cyberwar.

Cyberspace is the global nervous system, explained Raul Rikk, who heads the cybersecurity department for Trustcorp Limited, but cyberspace also is a new dimension of warfare. “You have to have a license to own a gun, but not so for computers,” he emphasized. The Internet is an incubator for criminal and terrorist activity, agreed Vice Adm. Harry B. Harris Jr., USN, commander, U.S. 6th Fleet; commander, Striking and Support Forces NATO; Joint Force Maritime component commander, Europe; deputy commander, U.S. Naval Forces Europe; and deputy commander, U.S. Naval Forces Africa, speaking just before the start of the two-day Technet International conference, held October 28-29.

The pace of cyberattacks is increasing, and those with harmful intentions are finding unique ways to infiltrate not only computers connected to the Internet but also computers that never were connected to the online world. Stuxnet, a computer worm that targets critical industrial infrastructure, was an entirely new type of attack. Tony Roadknight, technical architect, Nexor, called the worm a cyber missile, not just cyber mayhem. Part of the attack had to include individuals with infected media who accessed the closed system. The ability of the worm to target only certain systems and then hide the changes has made tracking its source, or even its purpose, difficult. (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS INTELLIGENCE BRIEFING: DHS Seeks Cyber Warrior Interns

ISSUED BY: GCIS Communications Command Center

SOURCE: The New New Internet

05March2011 7:00amEST

GCIS INTELLIGENCE UPDATE: Every summer, high school and college students flock to the nation’s capital to advance their forthcoming careers by interning at nonprofits, federal agencies and news outlets. For aspiring cyber warriors desiring a career in government, the options have been few — until now.

The National Protection and Programs Directorate, part of the Department of Homeland Security, has launched a program that will help prospective cybersecurity professionals gain experience and provide the opportunity to work with experts on mission areas such as identification and analysis of malicious code, forensics analysis, incident handling, intrusion detection and prevention, and software assurance.

The Cybersecurity Internship Program is designed for current college juniors and seniors. After the 10-week summer internship, students will have the opportunity to qualify for the Secretary’s Honors Program for Cybersecurity Professionals, in which participants can put their academic achievements to use in a hands-on environment while playing an important role in protecting the nation.

The full-time internship pays approximately $5,800. Applicants must be U.S. citizens and enrolled as juniors or rising seniors in an accredited university with a major related to computer or IT, or have 30 semester hours in a combination of mathematics, statistics and computer science. And as with most DHS jobs, applicants must be able to obtain and hold a security clearance. (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBER-SECURITY BRIEFING: Interim spending law contains cut in cybersecurity funds

 

ISSUED BY: GCIS Communications Command Center

SOURCE: NextGov

04March2011 11:21pmEST

GCIS CYBER-SECURITY UPDATE: Congress agreed to eliminate $20 million for network security programs in the major bill to keep the government operating through March 18, as the Republican-controlled House and Democratic-led Senate began negotiations on further cuts for the rest of the fiscal year ending in September.

The short-term continuing resolution signed into law on Wednesday will trim the Homeland Security Department account that safeguards critical networks and facilities far less than the $60 million cut House appropriators had proposed last month. The stopgap bill deleted earmarks — monies requested by individual lawmakers — for the DHS infrastructure protection and information security program. The dropped funding had not been allocated for specific projects yet, House aides said.

"Part of Congress' challenge is that a lot of programs and projects get labeled cybersecurity in order to secure funding," said Rep. Mac Thornberry, R-Texas, who oversees coordination of cyber legislation across House committees, in defending the cuts. "Our job is to sort through what is really necessary and try to see that the money that is spent is spent wisely. More money does not automatically mean more security." (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBER-SECURITY BRIEFING: CIA blames 'technical difficulties' for website crash

 

ISSUED BY: GCIS Communications Command Center

SOURCE: NextGov

04March2011 10:30pmEST

GCIS CYBER-SECURITY UPDATE: The CIA's website, which crashed Thursday afternoon, was revived shortly before 11 a.m. Friday morning. The spy agency declined to discuss what might have caused the blackout, but Office of Management and Budget officials referred all questions to civilian cybersecurity authorities at the Homeland Security Department, which suggests the event was an attack.

A CIA spokeswoman said in an e-mail: "Websites sometimes experience technical difficulties. The agency is making every effort to restore CIA.gov as soon as possible."

Soon after she wrote, the site was back up and offering "the second installment in the lighthearted K-9 Cam series" on how to become a bomb-sniffing CIA dog, and posing this intriguing question: "What country has three megacites with populations of greater than 15 million? (No, it's not China.)" (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBER-SECURITY BRIEFING: SAIC Awarded Cybersecurity Contract by U.S. Space and Naval Warfare Systems Center Pacific

 

ISSUED BY: GCIS Communications Command Center

SOURCE: Global Security

02March2011 9:55amEST

GCIS CYBER-SECURITY UPDATE: MCLEAN, Va., (PRNewswire via COMTEX) — Science Applications International Corporation (SAIC) (NYSE: SAI) announced today it was awarded a prime contract by the U.S. Space and Naval Warfare Systems Center Pacific (SSC Pacific) to provide technical services in support of cyberspace operations. The multiple-award, indefinite-delivery indefinite quantity (IDIQ) contract has a two year base period of performance, three one-year options, and a total contract ceiling value of $219 million for all awardees, if all options are exercised. Work will be performed in San Diego, Calif.

SSC Pacific is the Navy's premier research, development, test, and evaluation laboratory for C4ISR (command, control, communications, computers, intelligence, surveillance, and reconnaissance). Under the contract, SAIC will provide cyberspace operational support as required, including the examination of the science, architecture, engineering, functionality, interface and interoperability of cyber systems, services and capabilities. SAIC may also provide support in areas including requirements analysis, concept development, software design and implementation; and systems integration. SAIC is one of four contractors that will compete for task orders under the contract.

"SAIC has demonstrated expertise and leadership in the science, system architecture and engineering of these critical cyber systems," said Larry Cox, SAIC senior vice president and business unit general manager. "We look forward to leveraging that expertise in support of the operational planning and execution, and technology development required to assure superiority for the warfighter in the cyberspace domain." (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS INTELLIGENCE BRIEFING: Northrop Grumman Awarded Contract to Provide Cyberspace Operations Solutions to the U.S. Navy

GCIS CYBER-SECURITY BRIEFING:

 

ISSUED BY: GCIS Communications Command Center

SOURCE: GlobalSecurity

02March2011 9:47amEST

GCIS CYBER-SECURITY UPDATE: MCLEAN, Va. (GLOBE NEWSWIRE) — Northrop Grumman Corporation (NYSE:NOC) has been awarded a contract for cyberspace operations supporting the U.S. Navy's Space and Naval Warfare Systems Center Pacific (SSC Pacific) to provide cyberspace science, research, engineering and technology integration.

The cyberspace operations contract is an indefinite-delivery indefinite-quantity (IDIQ) contract structure with a two-year base period with three one-year option years with a potential value of $200 million. Northrop Grumman is one of four companies that will compete for task orders under the contract. Work on this contract will be performed primarily in San Diego.

"Northrop Grumman has a wide breadth of experience and past performance in the cyberspace operations domain," said Kevin Sculley, Northrop Grumman vice president, integrated mission systems. "Through our longstanding relationship with the SSC Pacific organization, we have been successful in providing them new technologies. This contract will help further define our cyberspace solutions to the new generation of warfighters and assure the Navy's information dominance vision for the future."

The scope of the contract will include examining the science, architecture, engineering, functionality, interface and interoperability of cyberspace operations systems, services and capabilities. Northrop Grumman will perform operations and requirements analysis, concept formulation and development, feasibility demonstrations and operational support. Additionally, the team will design and implement software as well as systems integration, test and evaluation, and demonstration. (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS INTELLIGENCE BRIEFING: Outdated rules limit Gov-employed hackers

GCIS CYBER-SECURITY BRIEFING:

 

ISSUED BY: GCIS Communications Command Center

SOURCE: NextGov

02March2011 9:40amEST

GCIS CYBER-SECURITY UPDATE: Friendly hackers and other computer whizzes who could help bolster government's cyber defenses often are unable to collaborate with the Homeland Security Department because of outdated policies that Congress and the White House must reform, former DHS Secretary Tom Ridge said on Tuesday.

Ridge, his successor Michael Chertoff and current DHS Secretary Janet Napolitano discussed the evolution of threats to the United States, including those to network security, at a Georgetown University event, hosted by the Aspen Institute, to mark the department's 8th anniversary.

The federal government is short tens of thousands of cyber experts, by some estimates, and is aggressively trying to attract new talent through scholarships and other youth competitions. For example, a program that the National Science Foundation runs covers the cost of books, tuition, and room and board for students willing to concentrate in information security and then work for the government.

Napolitano said the Office of Personnel Management has granted DHS direct authority to hire 1,000 cybersecurity specialists.

Despite such opportunities, members of the hacker community remain wary of working with the government. They know how to find network weaknesses, but might be leery of sharing such talents, if lending a hand requires navigating through too much red tape. (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBER-SECURITY BRIEFING: General Dynamics Awarded $78 Million Cyber Operations Contract by U.S. Navy

 

ISSUED BY: GCIS Communications Command Center

SOURCE: Global Security

01March2011 5:30amEST

GCIS CYBER-SECURITY UPDATE: FAIRFAX, Va. – General Dynamics has been awarded a $78.4 million multiple-award, indefinite-delivery indefinite-quantity (IDIQ) contract by the U.S. Navy to examine the science, architecture, engineering, functionality, interface and interoperability of cyberspace systems at the tactical, operational and strategic levels. The contract was awarded by the Space and Naval Warfare Systems Center Pacific, San Diego, Calif.

The contract is one of four awarded by the Navy. The contract has a total potential value of $204 million over five years if all options are exercised.

Under the contract, General Dynamics will provide basic and applied cyberspace research, digital forensics and reverse engineering capabilities, information operations expertise, cyber mission planning, doctrine and policy development, as well as modeling and simulation. General Dynamics will also provide software design and implementation as well as systems integration, test and evaluation and demonstration.

“As a cyber systems integrator, General Dynamics offers a full breadth of cyber domain capability, as well as the ability to tap into the technologies of our strategic partners,” said John Jolly, vice president and general manager of General Dynamics Advanced Information Systems’ Cyber Systems division. “Utilizing best-in-breed technologies and building unique mission-specific cyber tools for a comprehensive approach to cyber operations, we will help ensure the Navy achieves its mission at sea and in cyber space.” (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBER-SECURITY BRIEFING: Computer users facing new backdoor threat

 

ISSUED BY: GCIS Communications Command Center

SOURCE: World Net Daily

28February2011 10:00amEST

GCIS CYBER-SECURITY UPDATE: Data encryption is a method of protecting information from unauthorized use, and will make a cell phone call sound like static and turn an e-mail into gibberish

But according to a report from Joseph Farah's G2 Bulletin, sources have reported that two software companies have partnered with defense contractor General Dynamics to work on a project code-named "Task B" that has as its goal the mission of slipping a backdoor onto a laptop without the owner's knowledge.

The team ultimately found four methods of entering a computer's information system and while few computers have all four entry points, almost all have at least two, allowing code to be slipped into the computer without the user's knowledge and ultimately spread to entire networks from that single machine. (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBER-SECURITY BRIEFING: DoD wants common cyber picture

 

ISSUED BY: GCIS Communications Command Center

SOURCE: Federal News Radio

28February2011 7:30amEST

GCIS CYBER-SECURITY UPDATE: The U.S. Cyber Command may be operational, but it's lacking a crucial component – situational awareness.

Brig. Gen. John Davis, director of current operations for the Defense Department's Cyber Command, said situational awareness has been his number one challenge from the start.

DoD launched Cyber Command in November. With components in each organization, it is responsible for shielding 15,000 military networks.

Davis spoke Wednesday at a forum of industry leaders during a conference sponsored by the Armed Forces Communication and Electronics Association. He said while situational awareness isn't fully operational, Cyber Command does have some pieces in place and have put a lot of thought into the type of system needed to complete the project.

"In terms of where we're headed, we've outlined some effects-based operational requirements that we think are our near-term priorities," Davis said. "So these are going to drive us. And we always translate it back to our operational requirements to drive where we're headed with situational awareness."

Davis said even though he focuses on Cyber Command – specific requirements, there are common threads between government and private sectors when it comes to cybersecurity concerns and needs.

"We all share the same infrastructure," Davis said. "Ninety percent of what I use to do military missions across DoD rides on the commercial infrastructure. You can't separate this stuff out – it's all interconnected. So there should be a lot of common threads that run throughout what I need as a military commander and what you all are seeing." (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBER-SECURITY BRIEFING: New Cybersecurity Bill Not A Hit With Civil Liberties Groups

 

ISSUED BY: GCIS Communications Command Center

SOURCE: HS Today

25February2011 8:00pmEST

GCIS CYBER-SECURITY UPDATE: The Cybersecurity and Internet Freedom Act, introduced February 17 by Senate Homeland Security and Governmental Affairs Committee Chairman, Sen. Joe Lieberman, (I-Conn.) ranking member Sen. Susan Collins, (R-Maine), and Federal Financial Management Subcommittee Chairman Sen. Tom Carper (D-Del.), is meeting with a chilly reception by civil liberties groups.
 
The bill is a revision of legislation originally proposed last year, Protecting Cyberspace as a National Asset Act of 2010, that was updated to counter fears that the law, if enacted, could allow a president to shut down or otherwise take control of the Internet in an emergency via a “kill switch."
 
The  new bill explicitly states that “neither the President, the Director of the National Center for Cybersecurity and Communications or any officer or employee of the United States Government shall have the authority to shut down the Internet.” It also provides an opportunity for judicial review of designations of our most sensitive systems and assets as “covered critical infrastructure.”
 
“We want to clear the air once and for all,” Libermann said when reintroducing the bill. “There is no so-called ‘kill switch’ in our legislation because the very notion is antithetical to our goal of providing precise and targeted authorities to the President.”
 
Civil liberties groups including  the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF), voiced concerns over the new bill, insisting that that powers granted to the federal government in the bill remain potentially excessive.
 
“The president would have essentially unchecked power to determine what services can be connected to the Internet or even what content can pass over the Internet in a cybersecurity emergency,” EFF Senior Staff Attorney Kevin Bankston said in a statement Friday. “Our concerns have not changed.” (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBER-SECURITY BRIEFING: Hacked and Hijacked: What to Do if Your E-mail Account Gets Compromised

 

ISSUED BY: GCIS Communications Command Center

SOURCE: Switched

24February2011 8:00pmEST

GCIS CYBER-SECURITY UPDATE: While there aren't any hard and fast figures on what the number one cause of e-mail infiltration is, the overarching theme usually points to one extremely weak link: user behavior. Despite the many ways an e-mail account can be hacked, the one common element is that you, the owner, essentially allow it.

Every few years, studies show that the one reason spam is still so prevalent is because it actually works — a percentage of knuckleheads can always be expected to open a spam message, read it, and be tempted by whatever wares or schemes are offered. Of course, many of those e-mails (and sometimes pop-up windows from strangers on IM, Skype and similar apps) are actually phishing attacks that dupe recipients into believing they've been sent a legitimate message from a business or friend. Naive users will then reply with the requested login information.

A fair number of people also think nothing of checking their e-mail on a public computer — in a library, electronics store or Internet cafe — and simply neglect to log out. It's a momentary lapse of reason (particularly since we don't recommend checking e-mail on any public computer), and can be the equivalent of walking away from an ATM right after entering your password.

The other gargantuan user misstep is having weak, easily determined passwords, or using the same combination of login e-mail addresses and passwords across different sites. If a hacker breaks into one site, they can quickly try the same logins on all the popular sites — to potentially devastating effect. But, before you beat yourself up, it's also possible that your login information has been stolen because your PC, or one you've used, has been infected with spyware or some other assorted malware. (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBER-SECURITY BRIEFING: Air Force Seeks Fake Online Social Media Identities

The military has issued a request for bids on software to let it spread messages and make online friends using non-existent identities on social media sites.

 

ISSUED BY: GCIS Communications Command Center

SOURCE: Information Week

23February2011 7:25pmEST

GCIS CYBER-SECURITY UPDATE: The United States Air Force is taking an unusual approach to cyber-security with a request for bids for "Persona Management Software," which would let someone command an online unit of non-existent identities on social media sites. The move became a major topic last week following the release of emails from private security firm HBGary, which were disclosed after an attack by Wikileaks competitor and collaborator Cryptome.org.

According to Solicitation Number: RTB220610 , the armed services division sought a software program that could manage 10 personas per user, including background; history; supporting details, and cyber presences that are " technically, culturally and geographacilly [sic] consistent. Individual applications will enable an operator to exercise a number of different online persons from the same workstation and without fear of being discovered by sophisticated adversaries. Personas must be able to appear to originate in nearly any part of the world and can interact through conventional online services and social media platforms. The service includes a user friendly application environment to maximize the user's situational awareness by displaying real-time local information." (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.

GCIS CYBER-SECURITY BRIEFING: Internet "Kill Switch": Mapping Out Government’s Proper Role in Cybersecurity

ISSUED BY: GCIS Communications Command Center

SOURCE: The Heritage Foundation

22February2011 2:03pmEST

GCIS CYBER-SECURITY UPDATE: The problem is indeed a challenging one. Clearly, the federal government needs the ability to protect its own interests, some of which require use of the private-sector portions of the Internet. Likewise, the government is charged with providing “for the common defense,” and all Americans would expect it to play a role in defending, say, the West Coast electrical grid against a Chinese assault.

The recent report of Chinese infiltration of Canadian government computers is a salient demonstration of the need for some defensive measures. And the reality is that if pre-enforcement judicial review of any governmental order is required, it is possible that the governmental response will be delayed so long that it proves ineffective.

But equally clearly, giving the government power over the private sector and the Internet is fraught with peril to civil liberties. Even though the legislation has explicit language denying presidential power to cut Americans off from the Internet generally (and even though any President of either party should not be presumed to exercise powers granted in a dictatorial way), the recent experiences in Egypt make it clear how relatively easy it is for an autocratically minded leader to take control of private conduct.

And even when government acts with good intent, mistakes happen—for example, the recent error in which DHS mistakenly seized a number of innocent domain names that it thought were tied to child pornography but were not. Post-enforcement judicial review is of less value after the order has already been given and implemented. (read full report)

"GCIS INTELLIGENCE UPDATE" is an intelligence briefing presented by Griffith Colson Intelligence Service, and provided to the public for informative purposes only. All subject matter is credited to it's source of origin, and is not intended to represent original content authored by GCIS, it's partners or affiliates. All opinions presented are those of the author, and not necessarily those of GCIS or it's partners.