Presidential Directive on CyberSecurity

The White House has placed the Justice Department squarely in charge of responding to cyberthreats against the United States, under a presidential directive issued Tuesday.

At the same time, the Homeland Security Department will immediately help agencies and companies, if requested, stanch the bleeding from a hacker assault on networks, or “assets,” President Barack Obama said.

Here is the direct URL for PPD #41.

Cybersecurity

DHS releases initial guidelines for cyber threat info-sharing.

The Department of Homeland Security is moving forward with the biggest piece of cybersecurity legislation passed last year, issuing preliminary guidance on how the private sector and government will communicate threat data as part of the Cybersecurity Information Sharing Act.

In cybersecurity — possibly more so than most other endeavors — knowledge really is power. Knowing the signature of an attack vector, the telltale signs of certain types of malware or, as DHS Secretary Jeh Johnson suggested, “the subject line of a spear-phishing email or the IP address of the computer from which it originated” can help defenders block malicious traffic and stop hackers in their tracks.

Cybersecurity and Public Policy – new report from NAS

The National Academies Press released a prepublication copy of the report, At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues, which details the basics of current information technology systems and associated cybersecurity concerns. Written for a general audience, the full report is 102 pages. You can download the summary, individual chapters, or the findings at no cost.

My source for this is the HSDL – see their posting with more details here.

A brief excerpt from the summary gives you an idea of the magnitude of the challenge:

The report emphasizes two central ideas. The cybersecurity problem will never be solved once and for all. Solutions to the problem, limited in scope and longevity though they may be, are at least as much nontechnical as technical in nature.

Cyber Threat – perceived and acted upon

It it interesting to note that some threats, even unusual ones, may get wide attention and result in protective actions.  The case in point is the recent cyber threat called Heartbleed. See: 61 percent of people who knew about Heartbleed actually did something about it. Some excerpts follow:

In a survey published Wednesday, the research group found that around 60 percent of American adults — and 64 percent of those online — were aware of the problem. Even more surprising, 39 percent of Internet users surveyed were not only aware of the issue but also took the extra steps of protecting their online accounts by either changing their passwords or canceling accounts.

While that may not seem like a particularly high number, just stop and think about how difficult it is to get 39 percent of Americans to do anything. And, according to researchers, the fact that the vast majority of people who’d actually heard about the flaw went ahead and took steps to protect themselves is pretty significant.

“Heartbleed” – the new technology threat

I just found a new item to add to my What Keeps Me Up at Night list.  It is this account in the Wall St. Journal of the new technology bug and the handful of people (literally) who are responsible for Internet security. See: Heartbleed Bug’s ‘Voluntary’ Origins; Internet Security Relies on a Small Team of Coders, Most of Them Volunteers; Flaw Was a Fluke. From the intro:

The encryption flaw that punctured the heart of the Internet this week underscores a weakness in Internet security: A good chunk of it is managed by four European coders and a former military consultant in Maryland.

On the practical side, here is some advice for actions that individuals can take to minimize or avoid the consequences of Heartbleed.  From the HuffPost: The Heartbleed Bug Goes Even Deeper Than We Realized — Here’s What You Should Do

Cyber Attacks Hit Home — this and all other WordPress blogs

The logo of the blogging software WordPress.

Image via Wikipedia

Yesterday there were several major attacks on the parent co. that hosts this blog (and millions of others), WordPress.  Here are some details. from the website TechCrunch.  The account is rather chilling, particularly the concerns that some countries, such as Libya, are blocking Internet access for an entire nation.

Yet another new threat for emergency managers and others to consider.