October 2009 Archives

On October 29, 1969 the first ever message to travel between two computers connected via the ARPANET, the computer network that would become the Internet, crashed the system.  The first transmission of "login" was truncated to "lo"  but it did travel about 400 miles (643 kilometers) between UCLA and the Stanford Research Institute.

MORE INFO

A recent GAO report discussed how increased demand during a severe pandemic could exceed the capacities of Internet providers' access networks for residential users and interfere with teleworkers in the securities market and other sectors, according to a DHS study and providers (see figure below). Private Internet providers have limited ability to prioritize traffic or take other actions that could assist critical teleworkers. Some actions, such as reducing customers' transmission speeds or blocking popular Web sites, could negatively impact e-commerce and require government authorization. However, DHS has not developed a strategy to address potential Internet congestion or worked with federal partners to ensure that sufficient authorities to act exist. It also has not assessed the feasibility of conducting a campaign to obtain public cooperation to reduce nonessential Internet use to relieve congestion. DHS also has not begun coordinating with other federal and private sector entities to assess other actions that could be taken or determine what authorities may be needed to act.  GAO REPORT

Related, in the press ... READ MORE

The congressional advisory pane, U.S.-China Economic and Security Review Commission, has released a contracted report entitled: Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation.

The report concludes the government of the People's Republic of China (PRC) is a decade into a sweeping military modernization program that has transformed its ability to fight high tech wars. A major element of this modernization effort, known as informationization, is guided by the doctrine of fighting "Local War Under Informationized Conditions," i.e., the People's Liberation Army's efforts to develop a fully networked architecture capable of coordinating military operations on land, in air, at sea, in space and across the electromagnetic spectrum. DOWNLOAD

The Commission contracted with Northrop Grumman Corporation to produce this report on the basis of a competitive contract awarded in March 2009. Questions regarding this Report or the Commission's procedures for contracted research should be directed to: John Dotson, Research Coordinator for the Commission. 

A new DHS report titled The Macroeconomic Impacts of the 9/11 Attack: Evidence from Real-Time Forecasting evaluates the macroeconomic impacts of the 9/11 attack on US real GDP growth and the unemployment rate by examining how forecasts of these variables were revised after the attack occurred.  DOWNLOAD REPORT

The Commission on the Prevention of Weapons of Mass Destruction (WMD) Proliferation and Terrorism in an interim report card found that the administration has not given enough attention to the threat of biological warfare even as it has provided appropriate attention to the threat of nuclear weapons.

THE CLOCK IS TICKING: A Progress Report on America's Preparedness to Prevent Weapons of Mass Destruction Proliferation and Terrorism (October 21, 2009) DOWNLOAD

A recent Gallop Poll says that Americans fear having their identities "stolen" by cybercrooks more than they do becoming victims of a terror attack!

Sixty-six percent of U.S. adults say they worry "frequently" or "occasionally" about being a victim of identity theft,

MORE INFO

Two Silicon Valley engineers, are among just a handful of defendants to face federal charges under a section of the 13-year-old Economic Espionage Act, designed to prevent the illegal transfer of technology to foreign governments. READ MORE

Lan Lee of Palo Alto, CA, and Yuefe Ge of San Jose, CA, were indicted in 2007 on charges of economic espionage, theft of trades secrets, and conspiracy.  While employed by NetLogics Microsystems, the two allegedly conspired to steal trade secrets related to computer chip design and development from their employer and from another company, Taiwan Semiconductor Manufacturing Corporation.  They sought funding from the Government of China for their company, SICO Microsystems, Inc., which they created to develop and market products derived from and using the stolen trade secrets.

BACKGROUND

DHS has recently released a report from the Homeland Security and Analysis Institute that offers "recommendations on how the members of the DHS Intelligence Enterprise and the corresponding risk community can improve their collaboration in producing decision-quality threat inputs." It identifies "outstanding research issues" and a "need for greater cross-discipline familiarity" and recommends "moving beyond 'supply and demand' to mutually beneficial collaboration" and "leveraging systematic engagement to achieve better threat judgments."  VIEW REPORT

DHS has just published a notice in the Federal Register seeking public comment on three new standards identified for adoption under the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep).  Those of you who attended our Summer 2009 Quarterly meeting will recall that we were alerted to this upcoming event.

PS-Prep is a partnership between DHS and the private sector that enables private entities--including businesses, non-profit organizations and universities--to receive emergency preparedness certification from a DHS/FEMA accreditation system created in coordination with the private sector.

DHS Press Release

PS-PREP On-Line Resource Center

PS-PREP Fact Sheet

Federal Register Announcement

RELATED:  The DHS/FEMA PS-PREP program is meeting some harsh criticism from industry. READ MORE

It turns out the guy in charge of fighting cybercrime was nearly conned in a phishing scam.  FBI Director Mueller told a recent Commonwealth Club of California event in San Francisco audience that he started to respond to what appeared a "perfectly legitimate" email from his bank before he realized it was a phishing email !

In this same talk Director Mueller recognized the value of the InfraGard program.

READ MORE...

October 14, 2009
Crowne Plaza
Foster City, CA


Event Flyer ... Mark you calendar

Conference Web Site ...

Experts suggest that in the event of a widespread cyberattack, the United States could face the same lack of coordination and preparedness the nation experienced after the Sept. 11 terrorist attacks because the government has not developed clear policies for how to respond.  READ MORE

RELATED:  Terrorists nearing ability to launch big cyberattacks against U.S.  READ MORE

Lt. Gen. Keith B. Alexander is the director of the National Security Agency, the largest intelligence agency in the government, and with little public fanfare he has been setting up the central nervous system in the government's new campaign to defend cyberspace. The agency historically has not been a front-line guardian of civilian government networks, much less the systems that run privately owned electrical plants, dams and financial systems. But that is changing. READ MORE

Next Meeting:
6:30 pm - 9:00 pm
October 7, 2009


Cubberley H-1
4000 Middlefield Rd., RM H-1
Palo Alto, , CA

Topic:  The Front Door is Unlocked - Advanced Website Security Schemes are often still vulnerable to Simple Attacks

Speaker:  Arian Evans / Director of Operations at WhiteHat in Santa Clara 

MORE INFO

"We're not getting a cyber czar; we're getting a coordinator. A czar is a bad idea. A coordinator is a great idea," Homeland Security Deputy Undersecretary Philip Reitinger said todayt. He also defended the prolonged process for hiring the official, who will report jointly to the National Security Council and National Economic Council. "We need the right person, not a person immediately" .  READ MORE

October 19-22, 2009 / Bethesda, Maryland

> Discussions of actual control system cyber incidents
> Discussions of threats to control systems
> Discussions of control system design limitations reducing fail safe capabilities
> Demonstrations of compromising control systems (not just hacking) using actual control system equipment
> Nuclear plant cyber security regulations
> Smart Grid cyber security issues
> Status of congressional legislation affecting control system cyber security

MORE INFO...

The Sixth Annual National Cyber Security Awareness Month will be celebrated during October 2009, as a collective effort among the Multi-State Information Sharing and Analysis Center , the U.S. Department of Homeland Security's National Cyber Security Division , the National Cyber Security Alliance and the National Association of State Chief Information Officers .

One might ask ... Where is InfraGard???

National Cyber Security Awareness Month Webcast
October 8, 2009 - 2:00pm-3:00pm Eastern
Topic: Our Shared Responsibility -- The Strategy for Promoting Cyber Security Awareness

This webcast will address strategies on how to promote cyber security awareness at all levels - including government, businesses and academia - with specific advice about how you can be actively involved to help facilitate a safe Internet experience. This webcast is a must-attend for anyone who wants to enhance computer security education and awareness throughout their organizations and learn about best practices from some of the nation's leading cyber security organizations.  MORE INFO

ARTICLE:  FBI, NCTC, DHS explain how they work together to defeat terrorists, READ MORE

PRESS RELEASE:  FBI, NCTC, DHS testimony to Senate Homeland Security and Governmental Affairs Committee. READ MORE

The hearing web archive includes the testimony from the heads of the FBI, National Counter-Terrorism Center (NCTC), and Homeland Security Department (DHS), MORE INFO

FBI WMD coordinators are often unfamiliar with local threats, Says DOJ Inspector General "Weapons of mass destruction specialists at FBI regional offices often lack an understanding of local WMD threats and routinely fail to contribute to local risk assessments, the U.S. Justice Department's inspector general concluded in" a recent report.  READ MORE

DOJ Inspector General Report

By infiltrating a criminal computer network aimed at infecting visitors to legitimate websites, university researchers have gained firsthand insight into the scale and scope of so-called "drive-by downloading." They found more than 6,500 websites hosting malicious code that redirected nearly 340,000 visitors to malicious sites.  READ MORE