2013 01-14


Published on

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

2013 01-14

  1. 1. GW CSPRI NewsletterJanuary 14, 2013From the Cyber Security Policy and Research Institute of The George WashingtonUniversity, www.cspri.seas.gwu.edu.This newsletter is a weekly summary of events related to cyber security policy andresearch, with a special focus on developments and events in the Washington, DC area.Faculty and student readers of this newsletter with new and important cyber securityresearch to report (especially new papers or results by GW faculty and students) areencouraged to send notifications of this to cspriaa@gwu.edu. A short (up to threesentences) description of why you think the research is important is required.ContentsEventsLegislative LowdownCyber Security Policy NewsRecent Publications and MediaEvents-Jan. 14, 5:30 p.m. - 8:30 p.m., NoVa Hackers Association Meetup - This informalgroup of security professionals from around the NoVA/DC area coordinates one or twomonthly events – an evening meetup with presentations on the second Monday of themonth and various lunch or bar meetups. QinetiQ, 11091 Sunset Hills Road, Reston, VA.More information.-Jan 15, 6:30 p.m. - 8:00 p.m., ISSA DC Meetup - The National Capital Chapter of theISSA is comprised of information security professionals located in the Washington D.C.Metropolitan Area. Members are actively involved in information security in governmentagencies, the military, non-profit organizations, and in large and small companies. Thechapter holds regular meetings at various locations throughout the D.C. area. Throughits meetings and other events, the chapter fosters professional development and supportfor computer and information security professionals. Membership is open to practicingsecurity professionals or to those with an interest in the profession. New members arealways welcome — please feel free to attend one of our open meetings or to contactthe chapter for more information. Monthly meetings generally take place on the third
  2. 2. Tuesday of every month in the evenings. Government Printing Office, 732 North CapitolStreet. More information.-Jan. 17, 2:00 p.m. - 3:00 p.m., Mobile Security: Confronting Challenges - Mobileattacks driven by financially motivated hackers, political “hacktivism” and vandalismare rapidly increasing in number and sophistication. Data and identities are already beingstolen and agency communications intercepted. Agencies must act now to provide highlysecure mobile access, while remaining productive and efficient on these devices. Thisfree Webcast will cover how to implement a long-term, comprehensive mobile securityplan; ways to transition network securities to mobile; and how to protect agencies frommalicious mobile applications. The speaker will be Rodney Dilts, director, securitytechnology network-based security engineering and development, AT&T Chief SecurityOffice. More information.-Jan. 22-23, 9th Annual State of the Net Conference - The State of the Net Conferenceis the largest information technology policy conference in the U.S. and the only onewith over 50 percent Congressional staff and government policymakers in attendance.This years conference will feature a keynote luncheon discussion between TravisKalanick, CEO & Co-Founder, Uber, and Congressman Bob Goodlatte (R-VA), Co-Chair, Congressional Internet Caucus. Hyatt Regency, 400 New Jersey Ave., NW. Moreinformation.-Jan. 24, 6:00p.m. - 7:00 p.m., America the Cyber-Vulnerable - CSPRI and GW’sComputer Science Department is sponsoring a talk by Joel Brenner, former seniorcounsel at the National Security Agency. This event will be open to the public, andthe topic of discussion will be the new faces of cyber-security threats, and what thesethreats mean to government, businesses, and the public. Computer Science DepartmentConference Room 736, Phillips Hall, 801 22nd Street, NW. More information will beforthcoming in next week’s newsletter.Legislative Lowdown-Nearly a year after a wave of online protests killed two anti-piracy bills, lawmakers areskittish about moving forward with legislation aimed at cracking down on websites thatillegally distribute copies of movies and music, Jennifer Martinez writes for The Hill.The Houses Stop Online Piracy Act (SOPA) and Senates Protect IP Act (PIPA) grabbednational attention when Wikipedia, Reddit and scores of other websites went dark on Jan.18 to protest the bills. The public outcry over the bills led lawmakers to pull their support,and spurred others who were previously quiet on the anti-piracy measures to speak outin opposition. The fracas over SOPA and PIPA a year ago is still fresh on the minds oflawmakers, making it doubtful that similar legislation will surface in the opening months
  3. 3. of the 113th Congress.-The Hill also notes that Sen. Rand Paul (R-Ky.) wants to protect emails and textmessages the same way phone conversations are via an amendment to a bill reauthorizingthe Foreign Intelligence Surveillance Act. Paul introduced an amendment, The FourthAmendment Protection Act, to clarify that the Fourth Amendment to the Constitutionprotects U.S. citizens from unreasonable searches and seizures, even those that resultfrom searches being done by a U.S. intelligence agency monitoring a foreign nationaloverseas. H.R. 5949 would extend for five years the ability of U.S. intelligenceauthorities to surveil terrorists overseas without first getting permission from a court.Cyber Security Policy News-The Department of Homeland Security last week urged Internet users to disable Java,a widely-used Web browser component that was found to have a critical security flawthat hackers have been exploiting to massively compromise computers. The flaw, whichaffects Windows, Mac and Linux machines, prompted an emergency update from Javamaker Oracle Corp. But many experts are calling on Internet users to remove Javacompletely, saying that few Web sites use it and that hackers are constantly findingpreviously unknown vulnerabilities in the software, which is installed on more than 850million computers worldwide.-The Internet genius and cofounder of the popular Web site Reddit.com committedsuicide at his Brooklyn home, The New York Post writes. The story has set off awhirlwind of controversy in the blogosphere over allegations that the U.S. prosecutorshave been overzealous and misguided in pursuing Swartz for hacking charges. Policefound Aaron Swartz, 26, unconscious at 9:30 a.m. last Friday in the bedroom of hisSullivan Place apartment building in Crown Heights. Swartz was found dead as he facedup to 35 years in jail for stealing academic documents that he planned to post onlinefor free. Time Magazine writes that the young whiz believed deeply that information— particularly that which might benefit society — should be made available for free tothe public. In 2011, Swartz was indicted on federal data theft charges for breaking intothe M.I.T. computer system and allegedly downloading 4.8 million documents from thesubscription based academic research database JSTOR.-American businesses want more help from government officials in fighting cyberattacks, although they continue to oppose government-prescribed safeguards, MasterCardInc. Chief Executive Ajay Banga said last week. Mr. Banga is head of the informationand technology committee at the Business Roundtable, a trade group that is set to starta push Wednesday for closer cooperation with Washington on computer security. TheWall Street Journal reports that the effort is, in part, intended to head off a push by some
  4. 4. policy makers for more regulation of private sector computer security. Last year, businessinterests helped soften and ultimately defeat a Senate cybersecurity bill that would havecreated a new regime of voluntary cybersecurity standards. Since then, American bankshave continued to fend off harassment from Iranian hackers.-California Attorney General Kamala Harris has issued a report describing best practicesfor mobile application privacy, according to Privacy Times. The report, "Privacy onthe Go," recommends that app developers implement safeguards such as privacy-by-design and notice, but stops short of setting forth a comprehensive set of Fair InformationPractices. The report follows a law that requires all service providers doing businessin California, such as mobile app developers, to have a privacy policy available toconsumers.-The Iranian government is behind online attacks that have slowed or crashed Americanbank websites, U.S. officials tell The New York Times. The Times writes that the skillrequired to carry out attacks on this scale has convinced United States governmentofficials and security researchers that they are the work of Iran, most likely in retaliationfor economic sanctions and online attacks by the United States. But not everyone isconvinced the attacks are that sophisticated. Robert D. Graham, chief executive ofsecurity research firm Errata Security, penned an op-ed panning the conclusion thatthe attacks somehow signaled an advanced or government-backed adversary. "I knowno of competent security researcher that has been convinced this is the work of Iransgovernment," Graham writes. "The only people who agree with that statement are thosewith something to sell, either pimping new government regulations or products."-The Chinese government late last year approved regulations that will require all ofthe countrys Internet users to register their names after a flood of online complaintsabout official abuses rattled Communist Party leaders. The Associated Press writes thatauthorities say the law will strengthen protections for personal information, but that italso is likely to curtail the Internets status as a forum to complain about the governmentor publicize corruption.Meanwhile, Iranian officials are having a tougher time maintaining censorship blockson their citizens, writes NextGov. Iran has been fighting a largely losing battle as far aswholesale censorship is concerned. So the country, in a move that represents equal partsconcession and repression, is reportedly taking another tack: According to Agence FrancePress, the country is developing "intelligent software" that aims to manipulate, ratherthan fully control, citizens access to social networks. Instead of blocking Facebook, orTwitter, or even Google ... the regime, per the report, will allow controlled access tothose services.Recent Publications and Media
  5. 5. -The Chinese broadcaster CCTV interviewed CSPRI legal fellow Evan Sills last weekfor a Chinese language broadcast on data privacy and security. They discussed U.S.Government guidelines on data collection and retention, as well as the changing threatlandscape in the age of cloud computing and mobile devices.-CSPRI Researcher Paul Rosenzweig has published Cyber Warfare: How Conflicts inCyberspace Are Challenging America and Changing the World. As described by Prof.Rosenzweig, Cyber Warfare is "about how we try to reap the benefits in productivityand information sharing that come from a globalized web of cyber connections whilesomehow managing to avoid (or at least reduce) the damage done by malfeasantactors." In addition to teaching at GW Law, Prof. Rosenzweg is founder of Red BranchConsulting PLLC, a homeland security consulting company, and senior advisor to TheChertoff Group, and he formerly served as deputy assistant secretary for policy in theDepartment of Homeland Security.The Cyber Security Policy and Research Institute (CSPRI) is a center for GW and theWashington area to promote technical research and policy analysis of problems thathave a significant computer security and information assurance component. Moreinformation is available at our website, http://www.cspri.seas.gwu.edu.