News & Events and Other Interesting Stuff

CrisisCampSiliconValley will be hosted by Carnegie Mellon Silicon Valley in the NASA Ames Research Park, Moffett Field, California from March 26th through March 28th, 2010, as part of the Carnegie Mellon Silicon Valley Disaster Management Initiative. 

CrisisCampSiliconValley will be a goal-oriented bar-camp - bring your demos/data and be ready to communicate. CrisisCamps bring together domain experts, developers and first responders around improving technology and practice for humanitarian crisis; CrisisCampSiliconValley will focus on the Bay Area and beyond. Prizes for further development of technology and collaboration (e.g., prototype testing, funding roadmaps) will be awarded.

MORE INFO

The National Cybersecurity Awareness Campaign Challenge invites cyber professionals and anyone who is interested to submit ideas for improving the public's security awareness and literacy.  READ MORE

DHS National Cybersecurity Awareness Campaign Challenge web site ...

A report released by security firm McAfee during this week's RSA security conference in San Francisco provides a couple of new details about the "Operation Aurora" attacks that affected some 34 U.S. companies.  Hackers targeted source code management systems manipulating a little-known trove of security flaws that would allow easy unauthorized access to the intellectual property it is meant to protect.  READ MORE

The White House has declassified part of the government's cybersecurity plan, publishing parts of it that discuss intrusion detection systems for federal computer networks and the government's role in securing critical infrastructure.  READ MORE

Another viewpoint...Few details in White House summary of cyber plan - The decision to publish a summary of the cyber initiative on the White House blog came just a month after the Washington-based Electronic Privacy Information Center (EPIC) filed a lawsuit in federal court seeking release of the computer security document.  The EPIC's executive director.
added, however, that the entire document still needs to be made public, including the legal authorities the government operates under and the privacy safeguards it employs when scrutinizing Internet traffic for cyber threats. READ MORE

Yet another viewpoint...Critics not satisfied with partial revelation of secret cybersecurity plan, READ MORE


The Comprehensive National Cybersecurity Initiative

Transparent Cybersecurity

As the most wired nation on Earth, the US offers the most targets of significance, yet our cyber-defenses are woefully lacking.  The problem is not one of resources; even in our current fiscal straits, we can afford to upgrade our defenses. The problem is that we lack a cohesive strategy to meet this challenge.  So says Michael McConnell, the former director of national intelligence. READ MORE

Another viewpoint...  Is all the Cyberwar Hype Going to Destroy the Open Internet, READ MORE

Yet another viewpoint ...  White House Cyber Czar: 'There Is No Cyberwar', READ MORE

On February 23, 2010 the U.S. Senate Committee on Commerce, Science, and Transportation held a committee hearing on Cybersecurity: "Next Steps to Protect Our Critical Infrastructure".  The testimony from the witnesses at the hearing and a wecast of the hearing are available on-line, click here. 

This hearing comes with a renewed focus and on the heels of two, high-profile cyberattacks. Legislation is being formulated by Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine), the chairman and ranking member of the Senate Commerce Committee, respectively. Both lawmakers have long clamored for a federal cybersecurity bill, charging that current measures -- including the legislation passed by the House last year -- are too piecemeal to protect the country's Web infrastructure.  READ MORE

To make better cybersecurity-related decisions a senior FBI official recommends considering a simple algebraic equation:  risk = threat x vulnerability x consequence; rather than solely focusing on threat vectors and actors.  READ MORE

Each factor is important, Steven Chabinsky, deputy assistant director at the FBI's Cyber Division, said during a panel discussion at the Armed Forces Communications and Electronics Association Homeland Security Conference in Washington.

Chabinsky said the risk model is compelling is because risk drops down to zero if any of those three elements or variables is zero. He said the risk model is the first place he goes when he needs to step back strategically.

A report in the NY Times concludes that the series of so-called "Aurora"online attacks on dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, say people involved in the investigation. READ MORE

Follow-up / Feb 22, 2010

U.S. Pinpoints Coder Behind Google Attack ... The man, a security consultant in his 30s, posted sections of the program to a hacking forum where he described it as something he was "working on".  READ MORE