The White House has placed the Justice Department squarely in charge of responding to cyberthreats against the United States, under a presidential directive issued Tuesday.
At the same time, the Homeland Security Department will immediately help agencies and companies, if requested, stanch the bleeding from a hacker assault on networks, or “assets,” President Barack Obama said.
Here is the direct URL for PPD #41.
The Department of Homeland Security is moving forward with the biggest piece of cybersecurity legislation passed last year, issuing preliminary guidance on how the private sector and government will communicate threat data as part of the Cybersecurity Information Sharing Act.
In cybersecurity — possibly more so than most other endeavors — knowledge really is power. Knowing the signature of an attack vector, the telltale signs of certain types of malware or, as DHS Secretary Jeh Johnson suggested, “the subject line of a spear-phishing email or the IP address of the computer from which it originated” can help defenders block malicious traffic and stop hackers in their tracks.
The National Academies Press released a prepublication copy of the report, At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues, which details the basics of current information technology systems and associated cybersecurity concerns. Written for a general audience, the full report is 102 pages. You can download the summary, individual chapters, or the findings at no cost.
My source for this is the HSDL – see their posting with more details here.
A brief excerpt from the summary gives you an idea of the magnitude of the challenge:
The report emphasizes two central ideas. The cybersecurity problem will never be solved once and for all. Solutions to the problem, limited in scope and longevity though they may be, are at least as much nontechnical as technical in nature.
It it interesting to note that some threats, even unusual ones, may get wide attention and result in protective actions. The case in point is the recent cyber threat called Heartbleed. See: 61 percent of people who knew about Heartbleed actually did something about it. Some excerpts follow:
In a survey published Wednesday, the research group found that around 60 percent of American adults — and 64 percent of those online — were aware of the problem. Even more surprising, 39 percent of Internet users surveyed were not only aware of the issue but also took the extra steps of protecting their online accounts by either changing their passwords or canceling accounts.
While that may not seem like a particularly high number, just stop and think about how difficult it is to get 39 percent of Americans to do anything. And, according to researchers, the fact that the vast majority of people who’d actually heard about the flaw went ahead and took steps to protect themselves is pretty significant.
I just found a new item to add to my What Keeps Me Up at Night list. It is this account in the Wall St. Journal of the new technology bug and the handful of people (literally) who are responsible for Internet security. See: Heartbleed Bug’s ‘Voluntary’ Origins; Internet Security Relies on a Small Team of Coders, Most of Them Volunteers; Flaw Was a Fluke. From the intro:
The encryption flaw that punctured the heart of the Internet this week underscores a weakness in Internet security: A good chunk of it is managed by four European coders and a former military consultant in Maryland.
On the practical side, here is some advice for actions that individuals can take to minimize or avoid the consequences of Heartbleed. From the HuffPost: The Heartbleed Bug Goes Even Deeper Than We Realized — Here’s What You Should Do
One of many articles lately, arguing we should not wait for the digital Pearl Harbor, but start to take action on cybersecurity threats.
- Sec. of Defense warns of dangerous cybersecurity risks (sallysspecialservices.wordpress.com)
- Sec. of Defense warns of dangerous cybersecurity risks (wtvr.com)
Yesterday there were several major attacks on the parent co. that hosts this blog (and millions of others), WordPress. Here are some details. from the website TechCrunch. The account is rather chilling, particularly the concerns that some countries, such as Libya, are blocking Internet access for an entire nation.
Yet another new threat for emergency managers and others to consider.