For more on this and other cybersecurity news, check out my weekly recap via ClearanceJobs.

—

Direct Link: http://www.clearancejobs.com/defense-news/663/cybersecurity-news-round-up-al-qaeda-cyber-capabilities-and-u-s-regulations-raise-concern

As President Obama’s cybersecurity coordinator Howard Schmidt announced his retirement this week, Michael Daniel, head of the national security division for the White House Office of Management and Budget, will prepare to step in and undoubtedly have his hands full while attempting to work with Congress and industry to manage emerging cyber threats. Read my full report via ClearanceJobs.

—

Direct Link: http://www.clearancejobs.com/defense-news/653/cybersecurity-news-round-up-new-cyber-czar-amid-emerging-cyber-threats

After a number of hearings, amendments, letters of support and calls to Congress to boot the bill, CISPA passed in the House Thursday evening on a 248-168 vote, with the bill’s cosponsors, Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), commending their colleagues for the bipartisan effort and calling on the Senate to quickly pass the legislation.

“The bill gives the federal government new authority to share classified cyber threat information with approved American companies and knocks down barriers to cyber threat information sharing,” the congressmen said in a statement after the bill’s passage. “With strong provisions built in to keep individual American’s private information private, the bill allows U.S. businesses to better protect their own networks and their corporate customers from hackers looking to steal intellectual property.”

But critics were not convinced that CISPA would actually keep “private information private,” raising concerns over what they said were vague descriptions of how information would be shared without jeopardizing consumer privacy.

Leading the pack of privacy hawks, the White House Office of Management and Budget (OMB) on Wednesday released a statement asserting that the bill “would allow broad sharing of information with governmental entities without establishing requirements for both industry and the Government to minimize and protect personally identifiable information.”

The OMB’s memo went on to warn that if CISPA “were presented to the President, his senior advisors would recommend that he veto the bill.”

Taking a similar side, in a separate letter to House representatives, 23 privacy interest groups came together to express their “grave concerns” for the bill, which they said would “allow companies that hold very sensitive and personal information to liberally share it with the government, which could then use the information without meaningful oversight for purposes unrelated to cybersecurity.”

Meanwhile, the bill did manage to muster support from a few heavy-hitters, including Facebook, which sent a letter to Reps. Rogers and Ruppersberger, suggesting that CISPA “addresses critical needs in cybersecurity” and would “enhance the ability of companies like Facebook to address cyber threats.”

Likewise, in a letter from the Business Roundtable, written by the organization’s chairman, Ajay Banga, president and CEO of MasterCard Worldwide, CISPA gained more support, as the group said the bill “represents an important step in creating a framework for the effective sharing of cybersecurity information.”

“There should be no Republican approach or Democratic approach to cybersecurity – these threats demand bipartisan, consensus-driven solutions,” Banga wrote in the letter to House leaders. “Urgent action is needed to establish a framework that responds to current and future cybersecurity threats.”

CISPA now heads to the Senate, where it is sure to face a few more hurdles, as it vies for attention against more comprehensive cyber bills like the Cybersecurity Act of 2012 and the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology (SECURE IT) Act of 2012.
____

This article is also featured on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/622/cybersecurity-news-round-up-cispa-passes-cyber-week-wraps-debates-remain

Despite the current congressional recess, the Cyber Intelligence Sharing and Protection Act (CISPA), introduced by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), was under fire this week for being too similar to SOPA, with critics claiming it’s just another way Congress intends to regulate the Internet.

CISPA, which Rogers and Ruppersberger said would “help the private sector defend itself from advanced cyber threats, without imposing any new federal regulations,” is catching flack as reports speculate that the bill will make its way to the House floor by the end of the month.

Refuting critics’ claims, Rogers told The Hill that comparing CISPA to SOPA is like “comparing apples and oranges,” calling the two bills “very different.”

But hackers who oppose both bills aren’t waiting around for the House to make the call, with the now-infamous hacktivist group Anonymous claiming responsibility this week for a series of denial-of-service cyber attacks on the websites of the organizations supporting CISPA.

Top technology trade association TechAmerica, a backer of the bill, was one of the organizations to come forward, reporting on Monday that its website was temporarily shuttered by the hackers.

“These types of strong-arm tactics have no place in the critical discussions our country needs to be having about our cybersecurity, they just underscore the importance of them,” TechAmerica president and CEO Shawn Osborne said in a statement. “CISPA is designed to defend against cyber attacks and keep the internet free and open. We will continue to advocate for its passage.”

Meanwhile, the hackers don’t appear ready to stand down, as a Twitter account believed to be associated with the group tweeted Thursday that CISPA would “obliterate #privacy protections and undermine #Internet #freedom.”

In a separate tweet, accompanied by a halting YouTube video, Anonymous wrote, “This time we are not playing nice! Expect our full fury!”

____

This article is also featured on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/608/cybersecurity-news-round-up-hackers-take-on-cyber-bill

As the former US Special Envoy for Middle East Peace under the Obama Administration, Mitchell warned that much of the population growth is happening in poor regions of the world, where increased competition for land, water, other natural resources and political power are contributing to inequality, injustice and the absence of freedom.

Citing a rise in the population of the Muslim world, Mitchell expressed concern for the return of Islamic fundamentalism, suggesting that that growth had stifled opportunities, communities and economies, and ultimately contributed to the revolutions now known as the Arab Spring.

“What the Islamic countries need is what people need everywhere,” suggested Mitchell, calling for the modernization of economies, the widespread acquisition of knowledge and technical skills, job creation and the strengthening of governance.

Mitchell went on to stress the significance for the US and other countries to continue to support an end to the deep-rooted Israeli-Palestinian conflict, which he said would be “easy to say, but difficult to achieve.”

Regarding the European debt crisis, the retired senator said the US has long been a leader in creating political, economic and military alliances, including the United Nations, NATO and the European Union, with the ring of nation states and, therefore, has an obligation to ensure that Europe resolves its financial issues “in a manner that does not undermine those impressive political achievements.”

Mitchell also acknowledged the United States’ leadership in the nuclear age, noting that many of the countries with nuclear capabilities have voluntarily agreed to refrain from using them.

But the senator went on to warn that the controversial nuclear programs of North Korea and Iran, in particular, could dramatically increase the risk of a non-governmental terrorist organizations gaining access to weapons he said would increase instability and cause a major threat to our already-heightened national security concerns.

“Every previous conflict came to an end and life continued,” noted Mitchell, citing numerous wars endured throughout history. “Nuclear war would not only be an end, it could be the end for civilization as we know it.”

____

This article is also featured on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/600/senator-casts-outlook-on-public-diplomacy-at-government-technology-conference

Similar to the bill Sen. John McCain (R-Ariz.) and seven of his Senate colleagues released at the beginning of the month, Reps. Mary Bono Mack (R-Cali.) and Marsha Blackburn (R-Tenn.) on Tuesday unveiled their version of the “Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology Act of 2012,” or the SECURE IT Act, for short.

Adding to the growing list of cyber bills already introduced in Congress this year, Reps. Bono Mack and Blackburn’s bill intends to enhance information sharing between the private and public sectors and calls for harsher criminal penalties for hackers, just as the Senate’s SECURE IT Act has proposed.

“Under our legislation, our nation’s best and brightest minds will finally be freed to work hand-in-hand to share information, develop safety protocols and put into place critical early-warning systems – much like a Weather Service advisory before a tornado – but shared between companies and federal authorities,” Rep. Bono Mack said in a statement. “And just as importantly, we can accomplish all of this during these difficult economic times without creating a new bureaucracy and spending money that we don’t have, while protecting consumer privacy at the same time.”

Unlike the Senate’s proposed bipartisan Cybersecurity Act of 2012 introduced in February, the SECURE IT Act intends to place less responsibility in the hands of the Department of Homeland Security, with Rep. Blackburn suggesting the bill “puts the private sector in the driver’s seat, instead of relying on overly prescriptive government mandates that hamper growth and weaken response capabilities.”

But Congress isn’t the only government entity recognizing the need for the private sector’s cyber support. At a Senate Armed Services Committee meeting held this week, director of the National Security Agency and head of the US Cyber Command Gen. Keith Alexander said that the Department of Defense (DoD) needs the industry’s help in halting foreign hackers from stealing US data and wealth.

Warning that a majority of the nation’s cyber threats originate in China, Gen. Alexander told the Senate committee that an “astounding” amount of the US’ intellectual property has been heisted by foreign hackers, with nearly six million cyber attack attempts threatening DoD networks each day.

The cyber commander went on to call it “increasingly critical” for the private sector to work with the federal government, reporting cyber attacks as they occur, in an effort to thwart off potentially devastating attacks made against US networks.

But beyond China, the Defense Department may soon be seeing more severe cyber attack attempts coming out of Asia, as the Pentagon reported this week that North Korea has been working to strengthen its cyber capabilities.

According to Reuters, as the US military prepares for North Korea to yet again defy diplomacy with an expected launch of a long-range missile next month, Army Gen. James Thurman, commander of US Forces Korea, warned Congress that “a skilled team of hackers was the newest addition to North Korea’s capabilities that also include chemical and biological weapons.”

Gen. Thurman went on to advise that sophisticated cyber attacks “are ideal for North Korea, providing the regime a means to attack (South Korean) and US interests without attribution, and have been increasingly employed against a variety of targets including military, governmental, educational and commercial institutions.”

Thus, with or without signed cyber legislation or industry support, the US must prepare for ample attacks to come.

____

This article is also featured on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/592/cybersecurity-news-round-up-congress-dod-and-north-korea-move-on-cyber

In a newly released annual report to Congress, the OMB offered up its assessment of cybersecurity at the federal level – and the results showed mixed reviews.

The report, issued under the Federal Information Security Management Act (FISMA), addressed the strengths and weaknesses of federal cybersecurity for the Fiscal Year (FY) 2011, touting a list of accomplishments and proposing plans to overcome obstacles.

Noting that the United States Computer Emergency Readiness Team (US-CERT) receives security incident reports from federal, state and local governments, as well as commercial enterprises, US citizens and international cyber organizations, the OMB reported that the US-CERT processed 107,655 incidents in FY 2011.

Though the figure was only up slightly from the 107,439 reports filed with the US-CERT in 2010, the OMB said that the number of cyber attacks targeting the federal government had increased by nearly five percent in the course of one year.

Including phishing, viruses, Trojans, worms, malicious websites, policy violations, suspicious network activities and social engineering issues on the US-CERT’s list of reported cyber incidents, the OMB said malicious codes continue to be the most widely reported cause of cyber attacks and hacking attempts against the federal government.

However, the OMB noted that “significant progress” was made in 2011 towards enhancing the government’s cyber capabilities to fend off potential attacks. Citing the US information breach spurred by WikiLeaks, the OMB said all 24 federal agencies now have privacy policies in place to protect data. The report also pointed out that the government is working to encrypt all of its laptops and portable devices to ensure that federal information is further secure, as more government employees take up teleworking to cut costs.

And speaking of costs, what was the bill for federal cybersecurity in FY 2011? $13.3 billion, according to the report, with the Department of Defense topping the chart, spending over $10 billion of the cyber budget. The United States Agency for International Development (USAID) spent the least on cybersecurity out of all 24 government agencies in 2011, cashing out in low millions.

But beyond the dollar amounts, cybersecurity is costing organizations headaches and stress, as well. And the UK’s BBC News may be feeling just that after announcing this week that it had fallen victim to a “sophisticated cyber attack.”

The hit came just one month after the BBC’s Director-General Mark Thompson blogged about his suspicion that the government of Iran was conducting “repeated jamming of international TV stations such as BBC Persian TV, preventing the Iranian people from accessing a vital source of free information.”

“I don’t want to go into any more detail about these incidents except to say that we are taking every step we can, as we always do, to ensure that this vital service continues to reach the people who need it,” Thompson said in a statement.

So while the OMB has provided its cyber report for public review, it looks like we’ll have to wait to see what happens as the BBC assesses its attack behind closed doors.

____

This article is also featured on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/575/cybersecurity-news-round-up-cyber-attacks-up-for-public-and-private-review

The bill, which is an alternative to the recently-released bipartisan Cybersecurity Act of 2012, has been dubbed the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology Act of 2012, or the SECURE IT Act, and aims to provide greater US cybersecurity through fewer regulations.

Suggesting that some of the private sector’s collaboration with the government should come on a voluntary basis, the bill intends to enhance information sharing and threat reporting relationships by updating the federal government’s security standards, strengthening cyber crime statutes and undertaking greater cybersecurity research and development efforts.

“Our bill represents a new way forward in protecting the American people and the country’s cyber infrastructure from attack,” said Sen. Chuck Grassley (R-Iowa), a co-sponsor of the legislation, in a statement. “It’s a bill that can be supported by all partners that have an interest in cybersecurity. Instead of the heavy hand of the government, our approach promotes information sharing and keeps the taxpayers’ wallets close.”

In addition to Sens. McCain and Grassley, other co-sponsors of the bill include Sens. Kay Bailey Hutchison (R-Tex.), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Alaska), Dan Coats (R-Ind.), Ron Johnson (R-Wis.) and Richard Burr (R-NC).

Meanwhile, over on the West Coast, security professionals spent the week at the annual RSA Conference in San Francisco, where the focus was less on cyber regulations and more on the realities of cyber attacks, threats and trends the industry is seeing across the globe.

Kicking off the weeklong conference, Arthur Coviello, Jr., executive chairman of RSA and vice president of EMC Corporation, noted that hackers are taking advantage of the increasingly digital world, exploiting holes and stealing financial, personal and intellectual property.

With the continued rise of hyperconnectivity, Coviello said the industry must focus more on “big data,” that is, mass datasets that are often challenging to manage and difficult to secure, including the large quantities of data being spurred by Internet search indexing, social media, multimedia and e-commerce.

Scott Charney, a vice president of Microsoft, also emphasized the industry’s need to adapt to a more data-rich world.  Calling for privacy principles applicable to big data, as well as the development of domestic and international frameworks enabling government to more easily access data, Charney suggested that both the private and public sectors take up a more holistic approach to cybersecurity, not just focused on prevention and recovery, but also on the notions of detection and containment.

From the public sector side, Deputy Secretary of Defense Ashton Carter made an appearance at the conference to point out that the Defense Department is honing their efforts in on three specific cyber threats: attacks on federal networks, vulnerabilities in critical infrastructure and the theft of intellectual property.

To address those issues, Carter asked that the industry support cybersecurity legislation on Capitol Hill.  And while he did not name any bill in particular, Carter said congressional legislation would “enable the government to share threat information with the private sector without any charges of favoritism or excessive control, [and would] enable private sector parties to report intrusions to the government without exposing themselves to liability or giving government unwarranted access to our private communication.”

Carter’s colleague, Robert Mueller, III, director of the US Federal Bureau of Investigation, also addressed RSA attendees, focusing more specifically on the looming cyber threats and ongoing intrusions.

Pointing out that hackers are becoming increasingly cyber savvy, Mueller said that the FBI has formed 63 offices around the globe to combat cyber espionage, terrorism and attacks, with agents positioned in the police departments of high cyber crime countries such as Romania, Estonia, Ukraine and the Netherlands.

“We must continue to build our collective capabilities to fight the cyber threat,” said Mueller, calling for more domestic and international collaboration.  “We must share information. We must work together to safeguard our property, to safeguard our privacy, safeguard our ideas and safeguard our innovation.”

But for now it seems no country, company or consumer is safe from the hacking that’s happening on the Internet.  And as technology continues to be integrated into much of our daily lives, individuals and groups across the globe are using it as a means of affecting political and social change – a move commonly referred to as hacktivism.

In an RSA panel discussion on the topic, PBS NewsHour’s Jeffrey Brown, FBI cyber unit chief Eric Strom, cyber crime author and former BBC journalist Misha Glenny and MANDIANT vice president Grady Summers noted that hacktivism is on the rise in the US and abroad.

Citing the group Anonymous as perhaps the world’s most notorious hacktivists, Glenny described the organization’s hackers as “extremely powerful,” with distributed denial-of-service (DDoS) cyber attacks that have taken down federal and corporate websites, following the clash of opinions on controversial sharing sites like WikiLeaks and MegaUpload.

But despite the group’s often-negative reputation, the panelists agreed that Anonymous has helped in making cybersecurity an imperative issue, not only to IT professionals, but now to C-suite executives and PR, legal and privacy teams.

“I think it’s going to be around for a long time,” said FBI’s Strom in reference to hacktivism, further suggesting to the security-centric conference-goers, “Everyone in this room is going to be employed for a long time.”

____

This article is also featured on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/564/cybersecurity-news-round-up-cyber-bills-rsa-big-data-and-hacktivism

As a collaborative effort of members from the Senate Committees on Commerce, Homeland Security and Governmental Affairs, and Intelligence, the bill is being cosponsored by Sens. Joe Lieberman (I-Conn.), Susan Collins (R-Maine), Jay Rockefeller (D-W.Va.) and Dianne Feinstein (D-Cali.).

Breaking down the 205-page bill, the measures included intend to: determine the greatest cyber vulnerabilities; protect the nation’s most critical infrastructure; protect and promote innovation; improve information sharing while protecting privacy and civil liberties; improve the security of the federal government’s networks; clarify the roles of federal agencies; strengthen the cybersecurity workforce; and coordinate cybersecurity research and development.

And while the Senate has touted support from tech industry titans like Cisco, Oracle, TechAmerica and the Business Software Alliance, in addition to the Washington Post, not everyone is on board with the bill.

At a hearing for the legislation held Thursday by the Senate Committee on Homeland Security and Government Affairs (HSGAC), the US Chamber of Commerce’s Thomas Ridge, chairman of the organization’s National Security Task Force, said that the Chamber, representing over three million businesses, would not back the bill in its current form.

“Instead of adding to the regulatory burden, Congress should work to reduce the fragmented rules and bureaucracies placed on industry,” testified Ridge. “The optimal way forward will not be found in layering additional regulations on the business community.”

Meanwhile, not all senators are endorsing the bill either.  Joining the session, HSGAC member Sen. John McCain (R-Ariz.) said the legislation is an offshoot of other failed cyber bills introduced year-upon-year and “has already been placed on the calendar by the majority leader, without a single markup or any executive business meeting by any committee of relevant jurisdiction” – a move he called “wrong.”

“To suggest that this bill should move directly to the Senate Floor because it has ‘been around’ since 2009 is outrageous,” said McCain.  “In addition to these valid process concerns, I also have policy issues with the bill.”

McCain went on to say he is worried that the proposed act would carry with it high costs for American taxpayers and would ultimately “stymie job-creation.”  As a solution, the senator vowed that after the Presidents Day recess, he would introduce an alternative cyber bill, which he said already has the support of seven ranking members of relevant Senate committees.

With the alternative bill coming as a curveball to many on the committee, Chairman Lieberman said he was “disappointed” in McCain’s plan, noting that he and Sen. Collins gave every senator “a fair chance” to incorporate their own measures into their legislation.

But beyond the discord, the Cybersecurity Act did manage to muster support in a trio of testimonies from Department of Homeland Security Sec. Janet Napolitano, Center for Strategic and International Studies cyber fellow James Lewis and Microsoft Vice President Scott Charney.

Suggesting that the bill would give businesses, states and local governments the immunities they need to share information about cyber threats or incidents, Sec. Napolitano told the committee she believes it has made “great progress toward reaching a consensus that will help protect the American people, federal government networks and systems and our nation’s critical infrastructure.”

Likewise, Lewis testified, “This bill has much that is good in it.  Other sections, on education, information sharing, research, international cooperation, and on how the federal government secures its systems all make important contributions. Each deserves to be passed. But by themselves, or packaged together as a basket of low hanging fruit, they are inadequate to meet the risks we face today.”

Capping off the HSGAC hearing, Charney commended the committee for addressing cybersecurity, adding that his corporation, Microsoft, supports the new legislation and believes the proposal provides an “appropriate framework” to address the current cyber threats.

“Major emerging economic powers such as China and India are becoming centers of gravity for technology and innovation,” Charney included in his remarks.  “Given that the United States will not have the same market forces at play in the future, the United States must seek other means to continue providing global leadership in cybersecurity.  I believe that what we have seen from Congress, in its extensive deliberations to craft a statutory response to cybersecurity, provides a solid basis for continued US leadership.”

Charney closed with a quote, “Security remains a journey not a destination.”  And thus, with the debates already arising from the Cybersecurity Act of 2012, it seems the journey continues…

____

This article is also featured on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/548/cybersecurity-news-round-up-dissecting-the-senate-cyber-bill

According to some of the latest reports, the wait will come to an end today, with the Senate Homeland Security and Governmental Affairs Committee (HSGAC) set to roll out the bill.

But along with the wait are mixed views and heightened concerns over what measures will make their way into the proposal.

Last year, just one week shy of today, HSGAC Chairman Joe Lieberman (I-Conn.), alongside fellow committee members, Sens. Susan Collins (R-Maine) and Tom Carper (D-Del.), unveiled the Cybersecurity and Internet Freedom Act of 2011, which intended to provide the Department of Homeland Security with authority over private networks in the event of a “national cyber emergency.”

The bill, which failed to reach a floor debate, was criticized by many in the industry and deemed a “Big Brother” approach to cybersecurity.

This year, similar concerns are being raised, as the Associated Press has reported that the new legislation “is intended to ensure that computer systems running power plants and other essential parts of the country’s infrastructure are protected from hackers, terrorists or other criminals.”

With a large majority of the nation’s critical infrastructure owned by the private sector, many of these businesses believe that the legislation would increase their costs, meanwhile doing nothing to enhance cybersecurity.

“Where the market has worked, and systems are appropriately secure, we don’t interfere,” Sen. Lieberman told the AP. “But where the market has failed, and critical systems are insecure, the government has a responsibility to step in.”

But another group may be making plans to step in, as well.  In anticipation of the bill, a Twitter page associated with hacktivist group Anonymous this week tweeted its notion that the Senate may be planning to incorporate the much-debated privacy bills, the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA), into the cybersecurity package.

“Le sigh. US Senate REALLY wants to go another round with the Internet? — Senate sneaks in SOPA under a new name…” the tweet included.

But until we get a sneak peak or full-text view of the bill, it’s safe to say the scrutiny will remain.

—

Other cybersecurity news making headlines this week:

Hacker releases Symantec source code (Reuters)

Cyber attack is top threat for Olympics: Expert (CNBC)

Report: US tied for 4th among 23 countries in cyber defense (Defense News)

Tax breaks considered to improve cybersecurity on vital networks (Bloomberg)

FBI hacked while Congress ponders cybersecurity legislation (Time Magazine)

____

This article is also featured on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/542/cybersecurity-news-round-up-awaiting-the-senate-cyber-bill