A quick survey of recent cyber news . . .
***
From Business Wire, and via YahooNews, the American Association of Airport Executives (AAAE) will be the first “initial pilot participant to ‘go live’ as part of the National Strategy for Trusted Identities in Cyberspace (NSTIC) initiate.” For those unaware, NSTIC is an online identity authentication initiative that has been soldiering on despite funding woes and criticism. According to the article, AAAE members will “utilize their smartphones or tablets to verify their identity each time they access the website sections that house sensitive data.” Jeremy Grant, Senior Exec. Advisor for Identity Management at NIST, had this to say:
We’re excited the first of the five NSTIC pilots has reached a “go live” milestone – and expect to see more of these in the months to come. It’s an important step toward the creation of an Identity Ecosystem where all Americans can choose from a marketplace of more privacy-enhancing, convenient and secure solutions to use in lieu of passwords when they go online.
Along similar lines, John Fontana wrote for ZDNet on how NSTIC is dodging sequester cuts, noting that “[t]he U.S. federal budget sequestration is not expected to eliminate or reduce any of the pilots and programs in place as part of the National Strategy for Trusted Identities in Cyberspace (NSTIC), according to a source at the Commerce Department.”
***
Eric A. Fischer, Edward C. Liu, John Rollins, and Catherine A. Theohary co-authored a Congressional Research Service report titled The 2013 Cybersecurity Executive Order: Overview and Considerations for Congress. As with all CRS reports, this is good stuff. A quick snippet:
Entities posing a significant threat to the cybersecurity of critical infrastructure assets include
cyberterrorists, cyberspies, cyberthieves, cyberwarriors, and cyberhacktivists. E.O. 13636
addresses such threats by, among other things,• expanding to other CI sectors an existing Department of Homeland Security program for
information sharing and collaboration between the government and the private sector;• establishing a broadly consultative process for identifying CI with especially high priority
for protection;• requiring the National Institute of Standards and Technology to lead in developing a
Cybersecurity Framework of standards and best practices for protecting CI; and• requiring regulatory agencies to determine the adequacy of current requirements and their
authority to establish requirements to address the risks.
***
Stewart Baker wrote an interesting article for The Hollywood Reporter discussing how Chinese hackers want to steal movie secrets. The article described Chinese cyberexploitation methods and aims (which most of you are already aware of) and how that fits in with swiping scripts and gaining negotiation advantages.
Perhaps Hollywood could run a form of active defense where they hype up scripts like “A Good Day to Die Hard”, trolling Chinese hackers with trash movies.
***
John Reed, for Foreign Policy, discussing a recent Defense Science Board report (which you can find here):
The Defense Science Board’s new report on protecting the Pentagon’s computer networks calls for the development of a special force armed with its own bombers, cruise missiles, and cyber weapons to respond to a devastating cyber attack. Kind of like a mini, conventionally-armed Strategic Command for cyber deterrence.
Paul Rosenzweig wrote for Lawfare and also considered the Defense Science Board report.
***
I retweeted this on our Twitter account, but it’s worth a second look. Foreign Policy’s Marc Ambinder wrote on how the NSA is helping companies fight back against Chinese hackers:
In the coming weeks, the NSA, working with a Department of Homeland Security joint task force and the FBI, will release to select American telecommunication companies a wealth of information about China’s cyber-espionage program, according to a U.S. intelligence official and two government consultants who work on cyber projects. Included: sophisticated tools that China uses, countermeasures developed by the NSA, and unique signature-detection software that previously had been used only to protect government networks.
***
Nextgov’s Aliya Sternstein reported that the Pentagon is stopping the Cyber Fast Track program. The Cyber Fast Track program–a DARPA initiative which made too much sense–provided hackers with quick money to fluidly respond to new threats.
***
Eric Engleman writes for Bloomberg Businessweek on the Telecom Industry’s pushback against cybersecurity. Notably, there is concern over whether digital products makers (like Apple and Google) should face regulation similar to critical infrastructure providers (like telecommunications, satellite, and cable companies).
***
Cheryl Pellerin reports for the American Forces Press Service on how CyberComm is adapting to understand cyber battlespace.
***
Via Foreign Policy’s John Reed, a good (albeit it vanilla) interview with Gen. C. Robert Kehler, StratComm chief and the US military’s top cyber officer. The General touches on cyber issues in the interview.
***
Matt Sledge reports for The Huffington Post on Kim Dotcom’s allegations that the NSA was involved with his copyright infringement case.
***
Tony Romm, for Politico, regarding how little has changed politically in the cybersecurity legislation battle.
***
Jason Healey wrote an article for US News considering how President Obama’s cyberwarfare strategy will backfire.
***
Michael Knigge writes for DeutscheWelle on the German approach to cyber hacking.
Leave a Reply