RSS

Kategori information security

Addressing Cyber Instability

0 kommentarer Av Sparad i information security, international issues 31 december 2012 @ 9:29

The Cyber Conflict Studies Association (CCSA) released its full “Addressing Cyber Instability” monograph earlier this month. It is available for download at the CCSA website and will be coming out in paperback, hardback, and ePub in the future.

In addition to legal issues, the monograph covers various concerns in cyberspace such as strategy, military doctrine and organization, non-state actors, and critical infrastructure protection.

A collabortive effort from two years of research and dialogue, the monograph was authored by Matt Devost, Maeve Dion, Jason Healey, Bob Gourley, Sam Liles, James Mulvenon, Hannah Pitts, and Greg Rattray, and was edited by James Mulvenon and Greg Rattray.

12th European Conference on Information Warfare and Security (ECIW-2013)

0 kommentarer Av Sparad i information security, international issues, technology 21 september 2012 @ 9:48

Recently announced was a First Call for papers for the 12th European Conference on Information Warfare and Security (ECIW-2013) which is being hosted by the University of Jyväskylä , Jyväskylä, Finland on 11-12 July 2013

This call will close on 20th December 2012.

The 12th European Conference on Information Warfare and Security (ECIW) is an opportunity for academics, practitioners and consultants from Europe and elsewhere who are involved in the study, management, development and implementation of systems and concepts to combat information warfare or to improve information systems security to come together and exchange ideas. There are several strong strands of research and interest that are developing in the area including the understanding of threats and risks to information systems, the development of a strong security culture, as well as incident detection and post incident investigation. This conference is continuing to establish itself as a key event for individuals working in the field from around the world.

For more information please go to http://academic-conferences.org/eciw/eciw2013/eciw13-call-papers.htm

Academic research, case studies and work-in-progress/posters are welcomed approaches. PhD Research, proposals for roundtable discussions, non-academic contributions and product demonstrations based on the main themes are also invited. Please feel free to circulate this message to any colleagues or contacts you think may be interested.

Selected papers presented at the Conference will be considered for publication in a special issue of both the Journal of Information Warfare: http://www.jinfowar.com and the International Journal of Cyber Warfare and Terrorism (IJCWT) published by Information Resources Management Association, USA.( DOI: 10.4018/IJCWT, ISSN: 1947-3435, EISSN: 1947-3443). Additionally, selected papers from the conference will be considered for publication in the International Journal of Electronic Security and Digital Forensics published by Inderscience UK (ISSN:1751-1911X)

Tanzania establishes Computer Emergency Response Team

0 kommentarer Av Sparad i information security 4 februari 2012 @ 22:01

Tanzania has joined global initiative to fight cyber crimes and strengthen cyber security by establishing the Computer Emergency Response Team (CERT).
The Tanzania CERT is established under section 124 of Electronic and Postal Communications Act (EPOCA), Act No.3 of 2010. Details of the Tanzania CERT composition and functions are provided for under the EPOCA CERT Regulations 2011, Government Notice No.419 of 2011.

For more information see:  http://www.tcra.go.tz/regulation/cert.pdf or http://www.tcra.go.tz/policy/epoca.pdf

Cyber Security in 2012

0 kommentarer Av Sparad i computer crime, information security, international issues, privacy & data protection 2 januari 2012 @ 12:05

Last month saw a variety of discussions regarding what cyber security issues may continue, or be introduced, in the new year. Experts highlighted increasing threats conducted via mobile computing and social media, as well as continued cyber espionage. There was a warning that expliotation may shift to damage or disruption. Discussions also continued past years’ debates regarding a possible increase of national legislation requiring incident reporting. Some forecasts of 2012 included recommendations to invest in cyber security companies, which likely will see a long future of growth opportunity!

Here’s a short list of various predictions. Add yours, or link to others, in the comments.

 

Internet Governance 2012-2015 – Draft Council of Europe Strategy

0 kommentarer Av Sparad i freedom of expression, information security, international issues, privacy & data protection 17 december 2011 @ 14:36

A few weeks ago the Council of Europe held another in a series of conferences* related to its draft strategy on internet governance. While the strategy is obviously rooted in the COE’s human rights authorities, it may interest some blawblaw readers to note the impacts this strategy may have on state responsibilities for security – basically creating a duty of care for states to ensure the security and availability of the internet as a requirement for guaranteeing and enabling human rights (e.g., freedom of expression, assembly, rights to access information, etc.). According to a follow-up email from the conference organizers, the COE member states will discuss this draft strategy early in the new year, “with a view to its adoption soon thereafter.”

* A number of Swedish representatives from government, private sector, and academia participated in the recent conference (view the program and watch the webcast).

Government cyber security experts

0 kommentarer Av Sparad i computer crime, information security 5 februari 2011 @ 11:29

A recent article has reported that the U.S. Secret Service is investigating several hacks into Nasdaq in 2010. Some folks may wonder why the Secret Service has the lead, and not the FBI. Well, the Secret Service does not just protect the President, visiting heads of state, and other important people. It has a second mission, that of protecting the U.S. financial infrastructure and payment systems. In fact, the original purpose for creating the Secret Service was to fight financial fraud (specifically, counterfeiting). Hence the Secret Service’s establishment within the Treasury Department of the U.S. government (rather than, say, the Department of Justice or Homeland Security). Note that the Cyber Storm III exercise last year was controlled from the Secret Service headquarters.

Living in D.C. from 2003-2010, I lent many a sympathetic ear to colleagues at DHS who were frustrated that DHS had not recruited and maintained a computer security staff nearly the size of the stable of cyber experts at the Secret Service. Perhaps some of these concerns helped prompt the new-DHS secretary to announce in 2009 a new 3-year initiative to hire 1,000 new cyber security experts. Does anyone have news on how that initiative is going? According to this article, the DHS Cybersecurity & Communications office trebled its staff in 2009 and was hoping to double it further in 2010. But it appears that a 2009-2010 DHS virtual cybersecurity job fair resulted in only 190 tentative offers (no info on the number of acceptances).

Other countries obviously may face similar problems in recruiting and sustaining a government cyber security force (especially when the private sector positions have higher salaries and generally have to deal with less day-to-day red tape). At the recent visit of Estonian delegates to Sweden, during a cyber security seminar at the Swedish National Defence College, there was brief mention of Estonia’s use of a sort of “cyber national guard” in addition to the standing government agencies (here’s a story with more detail). Not sure how that would work in a country the size of the U.S. … but for any Law & IT masters students out there, the “cyber national guard” concept, and related issues of “volunteer cyber forces,” may make for interesting thesis material!

Seminar at FHS on 11 February

0 kommentarer Av Sparad i information security, international issues 20 januari 2011 @ 13:35

Law and Cooperation for Disaster Management and International Cyber Security

11 February, from 09:00 - 11:00

Description of research under discussion (PDF) available here.

If you are interested in attending, please email Mariana Osihn in advance with your name and organization. mariana.osihn@fhs.se

You will need to take your ID.
FHS is located at Drottning Kristinas väg 37.

Looking forward to a good discussion!

China lost close to 20 Billion Yuan to cybercrime in 2010

0 kommentarer Av Sparad i computer crime, information security, privacy & data protection 19 januari 2011 @ 16:54

Close to 20 billion yuan, roughly €2.2 billion or SEK20.2 billion, was lost to Cybercrime in China in 2010 according to recent figures released from Beijing Rising Information Technology Co and reported by several Chinese news sources.

On-line gamers and online banking customers were amongst the worst affected, as they accounted for more than 70% of the total according to aforementioned computer security service provider. One online banking user was quoted as having lost more than 600.000 Yuan, roughly €66.000 or SEK606.000, in an attack on his account from a Trojan horse[1] targeting his bank account..

Next to that, some form of phishing[2] was detected on more than 1.75 million websites, which, according to the report, in turn infected at least 44 million computers in 2010. This  means the number of infections in 2010 is the tenfold of 2009.

After the very rapid expansion of China’s ecommerce sector, a large increase in online expenditure followed which summed up has been reported to have topped 4.5 trillion yuan (roughly €500 billion or SEK4.6 trillion) in 2010.
Unfortunately computer security has not kept pace with the very rapid expansion of China’s ecommerce sector, which has granted cybercriminals the opportunity to attack vulnerabilities.

[1] A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but (perhaps in addition to the expected function) steals information or harms the system. Wikipedia

[2] In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Wikipedia

Source: Peopledaily.com.cn

Pentagon revamps its security in the wake of Wikileaks

0 kommentarer Av Sparad i information security 18 januari 2011 @ 21:38

Wikileaks release of classified documents has compelled the Pentagon to revamp its data security settings.

For details  visit:

http://homelandsecuritynewswire.com/pentagon-revamps-security-wake-wikileaks

European Commissioner for Digital Agenda: “Wikileaks compels a more open government”

0 kommentarer Av Sparad i access to information & transparency, e-government, information security, international issues 24 december 2010 @ 20:01

Governments must be transparent and should be as open as possible, according to European Commissioner for Digital Agenda, Neelie Kroes.
This is both important and practical, for with fewer secrets there can also be less leaked.

This is one of the lessons Kroes draws from the “Wikileaks saga,” as she describes the leak of 250,000 secret U.S. official messages.
Kroes taught her American audience a lesson on the ins and outs of this spectacle, which has dominated the world news now for weeks.

Wikileaks compels openness
The “top secret” telegrams were on SiprNet, a private intranet for the U.S. Defense and Foreign Affairs. But they were not really secret as at least 2.5 million officers and soldiers have access to all files. Private Bradley Manning is suspected of the mega leak, he has been confined to solitary confinement as of May.

Kroes: “From the perspective of cyber security this stresses the necessity of combating the threat of theft of confidential information in our possession.
“But, she stresses: “We, as governments and official organizations should be sure that we are as transparent and open as possible. I think this is important in itself, but it also has an enormous practical advantage: it reduces the amount of information that must be specially protected. ”

DDoS attacks
Kroes notes two other newsworthy events around “Cable Gate”, such as the cessation by Amazon and EveryDNS of the hosting of Wikileaks.
She wonders aloud: “Was there a case of violating the terms of service of the differents providers?

And finally, the numerous cyber attacks through DDoS* attacks on Wikileaks sites, and sites which blocked Wikileaks such as PayPal, Mastercard and Visa**. Even though information on how many PCs took part in these attacks is unreliable, Kroes noted that “it does show that such attacks can be organized by a small group of people.”
On the other hand, the services of the affected firms were hardly affected by the DDoS attacks. According to Kroes these results demonstrate the resilience of cloud architecture***.

Privacy by design
The European Commissioner for ICT matters stressed that trans-Atlantic, public-private partnership is crucial to combating cyber crime and  protecting “the integrity of the internet”. To that end, last month the EU-US Working Group on Cyber Security and Cyber-crime was created.
Besides stressing embedded security Kroes reiterates the importance of “embedded privacy” in technologies and business processes. “Those who only see privacy as a cost are near-sighted: currently it is already a competitive advantage, in the future it will be a necessary condition.”

* A DDoS attack or distributed denial of service attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. (Wikipedia) . Essentially making accessing that webserver impossible.

** See PayPal says it stopped Wikileaks payments on US letter

*** Cloud computing is Internet-based computing, whereby shared servers provide resources, software, and data to computers and other devices on demand, as with the electricity grid. (Wikipedia)

Läs äldre poster

Copyright © blawblaw
Nyheter om, från och kring institutet för rättsinformatik

Byggt på Notes Blog Core
Powered by WordPress