Cyberwarfare

Cyberwarfare raises issues of growing national interest and concern.

Cyberwarfare can be used to describe various aspects of defending and attacking information and computer networks in cyberspace, as well as denying an adversary’s ability to do the same. Some major problems encountered with cyber attacks, in particular, are the difficulty in determining the origin and nature of the attack and in assessing the damage incurred.

A number of nations are incorporating cyberwarfare as a new part of their military doctrine. Some that have discussed the subject more openly include the United Kingdom, France, Germany, Russia, and China. Many of these are developing views toward the use of cyberwarfare that differ from those of the United States, and in some cases might represent national security threats.

Cyberterrorism is also an issue of growing national interest. Many believe terrorists plan to disrupt the Internet or critical infrastructures such as transportation, communications, or banking and finance. It does seem clear that terrorists use the Internet to conduct the business of terrorism, but on closer inspection, however, it is not clear how or whether terrorists could use violence through the Internet to achieve political objectives.

Although the U.S. government is striving to consolidate responsibility for and focus more attention on cyberwarfare issues, it is not clear how successful those efforts will be. Congress may choose to examine critically the policies, organization, and legal framework that guides executive ranch decisionmaking on issues of cyberwarfare.

Saturday, October 17, 2009

National Cybersecurity Awareness Month

http://www.dhs.gov/files/programs/gc_1158611596104.shtm


National Cybersecurity Awareness Month


October marks the sixth annual National Cybersecurity Awareness Month sponsored by the Department of Homeland Security. The theme for National Cybersecurity Awareness Month 2009 is “Our Shared Responsibility” to reinforce the message that all computer users, not just industry and government, have a responsibility to practice good “cyber hygiene” and to protect themselves and their families at home, at work and at school.

Americans can follow a few simple steps to keep themselves safe online. By doing so, you will not only keep your personal assets and information secure but you will also help to improve the overall security of cyberspace.

It is Our Shared Responsibility to stay safe online.

How You Can Contribute to Cybersecurity Awareness

Here are a few steps that you can take to not only participate in National Cybersecurity Awareness Month, but also enhance cybersecurity 365 days a year:

Take Action - There are many things businesses, schools, and home users can do to practice cybersecurity during National Cybersecurity Awareness Month and beyond.

  • Make sure that you have anti-virus software and firewalls installed, properly configured, and up-to-date. New threats are discovered every day, and keeping your software updated is one of the easier ways to protect yourself from an attack. Set your computer to automatically update for you.
  • Update your operating system and critical program software. Software updates offer the latest protection against malicious activities. Turn on automatic updating if that feature is available.
  • Back up key files. If you have important files stored on your computer, copy them onto a removable disc and store it in a safe place.

Endorse - Demonstrate your commitment to cybersecurity.

  • Show your organization's commitment to cybersecurity and National Cybersecurity Awareness Month by signing the online endorsement form at www.staysafeonline.org.
  • Create a section for cybersecurity on your organization's Web site. Download banners atwww.staysafeonline.org and post them on your organization's home page.
  • Add a signature block to your e-mail:
    "October is National Cybersecurity Awareness Month. Stay Safe Online! Visithttp://www.staysafeonline.org for the latest cybersecurity tips."

Educate - Find out what more you can do to secure cyberspace and how you can share this with others.

  • Participate in the National Cyber Security Alliance Cyber Security Awareness Volunteer Education (C-SAVE) Program and help educate elementary, middle, and high-school students about Internet safety and security. For more information or to download the C-Save curriculum, visit www.staysafeonline.org/content/c-save.
  • Review cybersecurity tips with your family.
  • Print and post these cybersecurity tips near your computer and network printers.
  • Use regular communications in your business—newsletters, e-mail alerts, Web sites, etc.—to increase awareness on issues like updating software processes, protecting personal identifiable information, and securing your wireless network.

For more information on Awareness Month and for additional material, please visit www.us-cert.gov and www.staysafeonline.org/ncsam.

Cybersecurity Resources

The Department partners with a number of cybersecurity organizations throughout the year to educate all citizens on the importance of implementing effective cybersecurity practices. These partnerships also make National Cybersecurity Awareness Month possible by uniting public and private sector efforts to secure cyberspace. National Cybersecurity Awareness Month materials and resources can be found at the following sites:



NATIONAL CENTER FOR CRITICAL INFORMATION PROCESSING AND STORAGE

NATIONAL CENTER FOR CRITICAL INFORMATION PROCESSING AND STORAGE

The Committee recommends $46,130,000 within Security Activities for data center development. This includes the budget request level (which includes operation and maintenance costs for the National Center for Critical Information Processing and Storage [NCCIPS] and the second data center) and an additional $22,300,000 solely to be used to support transition of Department systems to NCCIPS, to support the dual cost of operation and maintenance during the transition, and to develop a sharable common operating environment. NCCIPS is a federally owned and managed facility established to reduce Federal data center costs and to protect critical Federal information.

The Committee also includes language in the bill withholding the availability of $200,000,000 for obligation until the Department of Homeland Security submits to the Committee the report on data center transition required by Senate Report 110-84, which is to include: (1) the schedule for data transition by Department component; (2) costs required to complete the transition by fiscal year; (3) identification of items associated with the transition required to be procured and the related procurement schedule; and (4) the identification of any transition costs provided in fiscal years 2007 and 2008. The report submitted should separate these requirements and costs by data center and include fiscal year 2009 data.

Consistent with section 888 of Public Law 107-296, the Committee instructs the Department to implement the consolidation plan in a manner that shall not result in a reduction to the Coast Guard's Operations Systems Center mission or its Government-employed or contract staff levels. A general provision is included for this purpose.

HOMELAND SECURE DATA NETWORK

Included in the amount recommended by the Committee is $47,673,000, as requested in the budget, for the Homeland Secure Data Network.

ANALYSIS AND OPERATIONS

Appropriations, 2008 1$306,000,000
Budget estimate, 2009333,262,000
Committee recommendation 2320,200,000
1 Excludes a rescission of $8,700,000 pursuant to Public Law 110-161.
2 Excludes a rescission of $2,500,000.

The account supports activities to improve the analysis and sharing of threat information, including activities of the Office of Intelligence and Analysis and the Office of Operations Coordination.

COMMITTEE RECOMMENDATIONS

The Committee recommends $320,200,000 for Analysis and Operations. This is an increase of $14,200,000 from the fiscal year 2008 level and a decrease of $13,062,000 from the budget request. The details of these recommendations are included in a classified annex accompanying this report.

DHS INTELLIGENCE EXPENDITURE PLAN

No later than 60 days after the date of enactment of this act, the Secretary shall submit a fiscal year 2009 expenditure plan for the Office of Intelligence and Analysis [I&A], including balances carried forward from prior years, that includes the following: (1) fiscal year 2009 expenditures and staffing allotted for each program, as identified in the March 2008 expenditure plan submitted to the Committee, as compared to each of years 2007 and 2008; (2) all funded versus on-board positions, including Federal full-time equivalents [FTE], contractors, and reimbursable and non-reimbursable detailees; (3) an explanation for maintaining contract staff in lieu of Government FTE; (4) a plan, including dates or timeframes for achieving key milestones, to reduce the office's reliance on contract staff in lieu of Federal FTE; (5) funding, by object classification, including a comparison to fiscal years 2007 and 2008; and (6) the number of I&A funded employees supporting organizations outside I&A and within DHS.

STATE AND LOCAL FUSION CENTERS

The Committee directs the Department's Chief Intelligence Officer to continue quarterly updates to the Committees on Appropriations that detail progress in placing DHS intelligence professionals in State and local fusion centers. These reports shall include: the qualification criteria used by DHS to decide where and how to place DHS intelligence analysts and related technology; total Federal expenditures to support each center to date and during the most recent quarter of the current fiscal year, in the same categorization as materials submitted to the Committees on Appropriations on March 23, 2007; the location of each fusion center, including identification of those with DHS personnel, both operational and planned; the schedule for operational stand-up of planned fusion centers and their locations; the number of DHS-funded employees located at each fusion center, including details on whether the employees are contract or government staff; the privacy protection policies of each center, including the number of facility personnel trained in Federal privacy, civil rights, and civil liberties laws and standards; and the number of local law enforcement agents at each center approved or pending approval to receive and review classified intelligence information.

U.S. Homeland Security 1,000 cybersecurity experts

U.S. Homeland Security wants to hire 1,000 cybersecurity experts

Dept. of Homeland Security needs experts needed to fill out vast network protection goals
By Michael Cooney , Network World , 10/01/2009The Department of Homeland Security is looking to hire 1,000 cybersecurity professionals in the next three years according to the agency’s secretary Janet Napolitano.

The department now has the authority to recruit and hire cybersecurity professionals across DHS over the next three years in order to help fulfill its mission to protect the nation’s cyber infrastructure, systems and networks, she said.

NetworkWorld Extra: 12 changes that would give US cybersecurity a much needed kick in the pants

“This new hiring authority will enable DHS to recruit the best cyber analysts, developers and engineers in the world to serve their country by leading the nation’s defenses against cyber threats,” Napolitano stated. DHS his the focal point for the security of cyberspace -- including analysis, warning, information sharing, vulnerability reduction, mitigation, and recovery efforts for public and private critical infrastructure information systems.

The hiring authority, which results from a collaborative effort between DHS, the Office of Personnel Management and the Office of Management and Budget, lets DHS staff up to 1,000 positions over three years across all DHS agencies to fulfill critical cybersecurity roles—including cyber risk and strategic analysis; cyber incident response; vulnerability detection and assessment; intelligence and investigation; and network and systems engineering.

The need for DHS to bolster its security realm is a hot topic. A Government Accountability Office report this year said that while DHS established the National Cyber Security Division to be responsible for leading national day-today cybersecurity efforts that has not enabled DHS to become the national focal point for security as envisioned.

The GAO said the Defense Department and other organizations within the intelligence community that have significant resources and capabilities have come to dominate federal efforts. The group told the GAO there also needs to be an independent cybersecurity organization that leverages and integrates the capabilities of the private sector, civilian government, law enforcement, military, intelligence community, and the nation's international allies to address incidents against the nation's critical cyber systems and functions.

The cybersecurity jobs announcement comes on the same day that the FBI said fraudsters are targeting social networking sites with increased frequency and users need to take precautions, the FBI warned.

The FBI said fraudsters continue to hijack accounts on social networking sites and spread malicious software by using various techniques. One technique involves the use of spam to promote phishing sites, claiming there has been a violation of the terms of agreement or some other type of issue which needs to be resolved. Other spam entices users to download an application or view a video. Some spam appears to be sent from users' "friends", giving the perception of being legitimate. Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected, the FBI stated.

Meanwhile legislators are trying to encourage cooperation among universities and businesses to develop technology needed to carry out a strategic government effort to fight cyber attacks.

A US House subcommittee is recommending a bill that calls for a university-industry task force to coordinate joint cybersecurity research and development projects between business and academia. The Cybersecurity Research and Development Amendments Act of 2009 was approved recently by the House Committee on Science and Technology's Research and Science Education Subcommittee.

The legislation would set up a scholarship program that pays college bills for students who study in fields related to cybersecurity. They would also get summer internships in the federal government. In return the students would agree to work as cybersecurity professionals within the federal government for a period equal to the number of years they received scholarships. If there aren't any jobs there, they would work for state or local governments in the same capacity or teach cybersecurity courses.

Department of Homeland Security on Lookout for IT Security Pros

Department of Homeland Security on Lookout for IT Security Pros

By: Brian Prince

The Department of Homeland Security has gotten the OK to hire as many as 1,000 new IT pros during the next three years to bolster cyber-security.

DHS Secretary Janet Napolitano made the announcement Oct. 1 during remarks tied to the start of National Cybersecurity Awareness Month. The new hiring authority is the result of a collaborative effort between DHS, the Office of Personnel Management, and the Office of Management and Budget.

"Effective cyber-security requires all partners—individuals, communities, government entities and the private sector—to work together to protect our networks and strengthen our cyber-resiliency," Napolitano said. "This new hiring authority will enable DHS to recruit the best cyber-analysts, developers and engineers in the world to serve their country by leading the nation's defenses against cyber-threats."

The list of positions to be filled covers areas such as cyber-risk and strategic analysis, cyber-incident response, and vulnerability detection and assessment.

The need to hire more security pros has been noted by others, such as in a report from the Partnership for Public Service and consulting company Booz Allen Hamilton released in July. In that report, the authors outlined a number of problems involved in recruiting and hiring cyber-security pros, as well as strategies for resolving the problems.

President Obama declared May 29 that his administration was making cyber-security a national priority. As part of that effort, the president authorized a 60-day assessment of the government's cyber-security. In addition, he announced the creation of the position of national cyber-coordinator, but it has not yet been filled.

Napolitano emphasized the importance of partnerships between the public and private sectors in protecting the country's cyber-infrastructure. DHS officials said they do not anticipate needing to fill all 1,000 slots.

"This is impressive and clearly an indication that DHS has won confidence in the White House to lead the federal government's cyber-security response," said Roger Thornton, CTO of Fortify Software.