Blog Entry #20: 2013 Predictions

LINK: http://www.redorbit.com/news/technology/1112732086/cyber-threat-forecast-georgia-tech-2013/

            The last article for this blog project is a fitting one, as it takes a look at the cyber threat predictions made by Georgia Tech for the coming year.   Topping the Georgia Tech Information Security Center 's and the Georgia Tech Research Institute's Georgia Tech Emerging Cyber Threats Report for 2013 is cloud computing.  The panel that compiled the list of predictions feels cloud computing will abused for malicious purposes, namely creating networks of "zombie machines" to do their bidding.  The panel also voiced concern that cyber criminals might "[use] cloud computing resources to create clusters of temporary virtual attack systems.  2013 might also see problems with globalized supply chains.  Here is a list of some of the other issues deemed serious by the panel:

Globalized Supply Chains - There is a very real risk that products manufactured in other countries could have security flaws that allow for cyber espionage and even cyber attack.

Search History Poisoning - Manipulating search engine algorithms and controlling what information is seen by an internet user can be a powerful tool for someone who wants control over what people see.

Mobile Threats including Browser and Wallet Vulnerabilities - This threat is not as severe as previously thought thanks to the app store model.  However, the growth in popularity of mobile devices, combined with the high use of the mobile web and mobile wallet, makes mobile devices a tempting target for cyber criminals.

Malware Counteroffensive - Malware authors will make every effort to make their malicious code more robust.  They might incorporate techniques similar to DRM and find new ways to make their malware less detectable.

Clearly education is the key to protecting the public.  With the push toward cloud computing and mobile devices, businesses and consumers will need to be more vigelent in the protection of their data.

Blog Entry #19: Congress Inaction

LINK: http://www.informationweek.com/government/security/congress-kills-cybersecurity-bill-white/240142198

 

            The Senate again held a vote on, and failed to approve, legislation which would provide comprehensive cyber security regulatory reform.  The bill in question is the Cyber Security Act of 2012.  In recent months, security professionals and national security officials have urged Congress to act, but Republicans and the U.S. Chamber of Commerce seem to feel the bill is inadequate and will cost too much to implement.  In light of the lack of action by Congress over the past few months, President Obama has "signed the classified Presidential Policy Directive 20, which sets new cyber defense standards for government agencies, including standards for defensive measures that might require agencies to reach outside their own networks."  The official White House stance is that if Congress is not willing to act, they will.  It is unclear how much of this is political posturing, even after the election, but what is clear is the need for cyber security improvements for the government and private sector.  The White House has also prepared a draft executive order, concerning cyber security.  This order would "direct the NIST to set cyber security standards for eighteen critical infrastructure industries. The Department of Homeland Security would encourage adoption of these standards, and agencies responsible for regulating critical infrastructure industries would be responsible for proposing potentially mandatory cyber security regulations for those industries." 

            This executive order might be a bandage for the time being, but it is not comprehensive and will not offer good long term protection where it is needed most.  As Harry Reid points out, there is no liability protection for companies should they be hit by a cyber attack.  After reading about the U.S.-China Economic and Security Review Commission report it is clear now more than ever this country is at risk of being hurt by a cyber attack.  The report called China "the most threatening actor in cyberspace".  Hopefully, this will not be another case of reactive government.  They need to take a proactive approach in order to prevent what some would call a cyber Pearl Harbor.

Blog Entry #18: Homeland Security

LINK: http://www.politico.com/news/stories/1012/83124.html?hp=r9

            More and more articles have been showing up lately concerning the cyber threat threatening the United States.  Several key government officials have given talks concerning the topic, including Leon Panetta and most recently Janet Napolitano.  Her concern as Homeland Security Secretary is well warranted.  According Tony Romm, Napolitano's talk was one of many lately to stress the importance of shoring up the nation's cyber defenses and infrastructure.  She referenced the damage done by hurricane Sandy and compared it to an attack that could just as easily wreak havoc on our utilities.  As of today, there are still people without power and fuel shortages.  A group that had even moderate resources might be able to inflict far worse damage in the US. 

            Romm notes that legislation is on tap to make cyber security reforms, but he also says "stakeholders are less than optimistic the chamber will pass a bill."  Hopefully now that Obama has been elected he will be more likely to enact an executive order that will provide better security for our major infrastructure.  Even if some in the government are not happy with Obama's progress, Napolitano feels the Obama administration is committed to creating a more secure environment and is even "putting money into cybersecurity."  Let's hope this is true.  After all, we are completely dependent on eletricity and gasoline.  If a larger area was without power and fuel for weeks, it could be a horrible situation.

Blog Entry #17: ANONYMOUS

Link: http://www.theregister.co.uk/2012/11/05/anon_nov5_protests/

            Anonymous was back in the news on the 5th. They have reportedly attacked Paypal, ImageShack, and Symantec. The attack was part of a global day of protest, paying tribute to Guy Fawkes Night. John Leyden reveals that Anonymous has boasted it leaked 28,000 passwords, emails, and names of customers from Paypal. Named on their twitter feed as #OpNov5, The AnonymousPress twitter feed tweeted out the details of various attacks that took place and some that were allegedly planned by various factions of the hacktavist group. Symantec may have had "email addresses and other personal data from hundreds of security researchers" leaked. A couple of the big attacks today were carried out by exploiting zero-day bugs.
            In addition to the data theft attacks, "several NBC websites were defaced with the message "Remember, remember the fifth of November" (extracts from a nursery rhyme about Guy Fawkes and the Gunpowder plot to blow up the UK Parliament in 1605). These less political attacks seem to be deepening the rift between various groups within anonymous. Personally, they don't seem to serve any purpose outside of showing that the sites can be hacked.