cyberclippings of cyberutility

cyberthanks to cyberdave cyberwalker amongst cyberothers…


Reducing Systemic Cybersecurity Risk

The authors have concluded that very few single cyber-related events have the capacity to cause a global shock. Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate. There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services. In addition, reliable Internet and other computer facilities are essential in recovering from most other large-scale disasters.

http://www.oecd.org/dataoecd/57/44/46889922.pdf


OECD’s Cyber Report Misses Key Facts

It s important to note that the professors have taken care to only address pure cyber war, not hybrid or multi-modal warfare where cyber is one component of a kinetic attack. Personally I think that greatly diminishes the value of the project because it ignores the evolving nature of cyber warfare, particularly as it has been conducted since late 2009 in favor of a theoretical academic exercise. And that s really the crux of my problem with this report it s more ivory tower than street and while parts of their work are well-researched, other parts show little to no research at all. Here are a few of their biggest flaws.

http://www.forbes.com/sites/jeffreycarr/2011/01/19/oecds-cyber-report-misses-key-facts/


Cyber Security and the UKs Critical National Infrastructure

[…]

The report is based on a series of high-level interviews through which the authors sought to gauge the various organizations overall understanding of, and response to, the problem of cyber security. Rather than interview communications officers or representatives of IT departments, the authors sought wherever possible to assess the level of cyber security awareness at board level, and particularly among the most senior executives who had no specific IT expertise.

http://www.chathamhouse.org/sites/default/files/public/Research/International%20Security/r0911cyber.pdf


Cybersecurity is a Board-Level Issue, Says Chatham House Report

Government should communicate cyber risk information in plain English

The ‘Cyber Security and the UK’s Critical National Infrastructure’ report from think tank Chatham House, sponsored by BAE Systems’ Detica business, recommended that businesses should make all staff across their organisations aware of cyber risks, and that this should be led from the top.

Senior management should be confident enough in their understanding of cyber security to “ask the right questions from those tasked with providing security within their organisation,” the report said.

“Critical National Infrastructure (CNI) enterprises [such as utilities and banking providers] should seek to take on greater responsibility and instil greater awareness about the nature of cyber risks across their organisations.

“Senior management should, for example, create incentives for departments and individual employees to recognise and address cyber dependencies and vulnerabilities as they arise,” the Chatham House report stated.

“However, this will only be achieved to the extent that board members are themselves more aware of the opportunities and threats presented by cyberspace.

http://www.csoonline.com/article/689885/cybersecurity-is-a-board-level-issue-says-chatham-house-report


U.S., Australia to add cyber realm to defense pact

Cyberattacks are about to carry even more weight, with the United States and Australia expected to include them in a mutual defense treaty.

The two nations will declare the cyber realm to be part of the 60-year-old treaty tomorrow, Reuters reports. The inclusion will mean that a cyberattack on one country could lead to a response by both.

“We will be releasing a joint statement saying that the ANZUS treaty applies to cyberspace,” Reuters quoted a senior U.S. defense official as saying of the rare move.

The Australia, New Zealand, United States Security Treaty, signed in 1951, is the military alliance that binds Australia and New Zealand and, separately, Australia and the United States to cooperate on defense matters in the Pacific region. The agreement, however, is understood today to relate to attacks in any area.

The expansion of the treaty will take place in San Francisco, where defense and diplomacy leaders from the U.S. and Australia are meeting 60 years after the alliance was sealed in the city on September 1. New Zealand has been an inactive partner of the alliance since 1985.

Speaking to the press today on a flight to San Francisco, U.S. Defense Secretary Leon Panetta said applying the cyber realm to ANZUS underscores the seriousness with which the U.S. views cyberthreats.

“I think it’s in large measure a recognition of what I’ve been saying time and time again, which is that cyber is the battlefield of the future,” Panetta said.

http://news.cnet.com/8301-1009_3-20106450-83/u.s-australia-to-add-cyber-realm-to-defense-pact/


Just a mouse click away from war

Kevin Rudd

THERE was a time when war was begun with a shot. Now it can begin with the simple click of a mouse. A silent attack that you may never even know occurred until it all unfolds in front of you.

This new world goes by the names of cyber security, cyber warfare or cyber terrorism.

Put very simply, it means people, organisations, or for that matter, foreign governments using sophisticated computers to cripple the information systems of our biggest companies, our government departments or our defence forces.

Because if our corporate and government institutions lose their information systems, the country cannot operate effectively, if at all.

If, for example, some were smart enough, and malicious enough, to break into the elaborate computer information systems that run our electricity systems, we would lose power supply to households, small businesses, and much more.

http://www.dailytelegraph.com.au/news/opinion/just-a-mouse-click-away-from-war/story-e6frezz0-1226140275845


DoD: 24,000 files swiped in March from military contractor systems

Department of Defense Deputy Secretary William Lynn said that 24,000 files were taken in March from military contractor systems. That data leakage is increasingly common in the military complex. The good news? The DoD has a plan to fix its defenses.

Lynn didnt provide further details on the attack or the contractor. On Thursday, the DoD released its strategy for operating in cyberspace.

http://www.zdnet.com/blog/security/dod-24000-files-swiped-in-march-from-military-contractor-systems/9026


U.S. agencies making progress on cybercrime, officials say

But criminals continue to target U.S. businesses, with the FBI currently investigating 400 wire transfer cases

The FBI is investigating more than 400 cases involving unauthorized wire transfers from bank accounts of U.S. businesses, said Gordon Snow, the assistant director there. Those 400 cases involved the attempted theft of $255 million, with actual losses of $85 million, and the cases involving the takeover of accounts represent just one type of attack against financial systems, he said.

Snow also listed recent examples of payment processor breaches, stock trading fraud, ATM skimming, mobile banking attacks and other schemes targeting the U.S. financial system. Cybercriminals’ capabilities are at “an all-time high,” although combating cybercrime is a top priority for the FBI and other agencies, he said.

The annual cost of cybercrime is about $388 billion, including money and time lost, said Brian Tillett, chief security strategist at Symantec. That’s about $100 billion more than the global black market trade in heroin, cocaine and marijuana combined, he said.

http://www.computerworld.com/s/article/9220017/U.S._agencies_making_progress_on_cybercrime_officials_say


U.S. needs to be on-guard for a big cyberattack

The cost of cybercrime to the global economy is estimated at $1 trillion Alexander stated and malware is being introduced at a rate of 55,000 pieces per day, or one per second. As troubling as these statistics may be, Alexander said his bigger concern is, “what’s coming: a destructive element.”

http://www.computerworld.com/s/article/9220018/U.S._needs_to_be_on_guard_for_a_big_cyberattack


Bot army being assembled, awaiting orders

Network World – A mammoth army of infected computers is being assembled, but it’s unclear yet what purpose they will be put to.

Wave after wave of malicious email attachments has been sent out since August, and with average success rates for such mailings, millions of machines could be compromised, says Internet security firm Commtouch.

http://www.computerworld.com/s/article/9220057/Bot_army_being_assembled_awaiting_orders


THE COST OF CYBER CRIME

A Detica report in partnership with the Office of Cyber Security and Information Assurance in the Cabinet Office.

In our most-likely scenario, we estimate the cost of cyber crime to the UK to be 27bn per annum. A significant proportion of this cost comes from the theft of IP from UK businesses, which we estimate at 9.2bn per annum. In all probability, and in line with our worst-case scenarios, the real impact of cyber crime is likely to be much greater.

Although our study shows that cyber crime has a considerable impact on citizens and the Government, the main loser at a total estimated cost of 21bn is UK business, which suffers from high levels of IP theft and industrial espionage

http://www.detica.com/uploads/press_releases/THE_COST_OF_CYBER_CRIME_SUMMARY_FINAL_14_February_2011.pdf


The wartime economy

A recent report claims that cybercrime is costing the UK economy 27 billion annually. But Wendy Grossman argues that the report may be over-stating the case

Everyone loves a good headline, and 27 billion always makes a *great* one. In this case, that was the sum that a report written by the security consultancy firm Detica, now part of BAE Systems and issued by the Office of Cyber Security and Information Assurance (PDF) estimates that cybercrime is costing the UK economy annually.

The claim was almost immediately questioned by ZDNet’s Tom Espiner, who promptly checked it out with security experts. They complained that the report was full of “fake precision” (LSE professor Peter Sommer), “questionable calculations” (Harvard’s Tyler Moore), and “nonsense” (Cambridge’s Richard Clayton).

http://zine.openrightsgroup.org/comment/2011/the-wartime-economy


Mapping and Measuring Cybercrime

There is, as we have already noted, no legal definition of e-crime nor are data on the incidence, investigation or prosecution of e-crimes (that is to say, crimes committed by means of or with the assistance of the use of electronic networks) collected.

House of Lords Science and Technology Committee (2007: 64)

http://www.law.leeds.ac.uk/assets/files/staff/FD18.pdf


Cybercrime cost estimate is ‘sales exercise’, say experts

Cybercrime experts have questioned a 27 billion (US$43.8 billion) annual cybercrime cost figure released by the Cabinet Office in a report last week, saying it is little more than a sales exercise for Detica, the company that researched the report.

Professor Peter Sommer of the London School of Economics (LSE) called the report an “unfortunate item of British Aerospace puffery”. Detica is owned by BAE Systems, and is involved in intelligence analysis for the U.K. government. The company also sells data protection and information assurance products.

Sommer told ZDNet Asia’s sister site ZDNet UK that the Office of Cyber Security and Information Assurance (Oscia) should not have allied itself so closely with the report, which put a figure of 21 billion pound (US$34.1 billion) annual losses to U.K. businesses through crimes including intellectual-property theft and espionage. The remaining losses are attributed to consumers and the government.

http://www.zdnet.co.uk/news/security-threats/2011/02/18/cybercrime-cost-estimate-is-sales-exercise-say-experts-40091866/


Marcus Ranum

Cyberwar: a Whole New Quagmire. Part 1: The Pentagon Cyberstrategy http://fabiusmaximus.wordpress.com/2011/09/02/28486/

Cyberwar: a Whole New Quagmire. Part 2: Do as I say, not as I do shall be the whole of the law. http://fabiusmaximus.wordpress.com/2011/09/11/28842/

Cyberwar: a Whole New Quagmire. Part 3: Conflating Threats http://fabiusmaximus.wordpress.com/2011/09/14/28778/


Outage Affects Millions in Southwest, Mexico

A power outage accidentally triggered by an Arizona utility company worker darkened a broad swath of the Southwest and Mexico on Thursday, cutting power to millions of people, bringing some San Diego freeways and airport traffic to near-standstills and leaving inland desert residents sweltering without air conditioners in the summer heat, officials said.

http://abcnews.go.com/US/wireStory?id=14478079


Power Outage Worsened by Plant Shutdown

The first power generating station to shut down after an equipment failure in Arizona was in Mexicali.

http://www.nbclosangeles.com/news/local/Power-Outage-Exacerbated-by-Plant-Shut-Down-130017958.html


BritNed

BritNed Development Limited is the owner and operator of the high voltage direct current Interconnector between the Isle of Grain (GB) and Maasvlakte (NL), delivering unparalleled efficiency, reliability and safety, vital to the energy needs of Great Britain and the north-western European Region.

BritNed is an international organisation combining innovative technical and commercial expertise. BritNed employs highly skilled and motivated people who are proud of ‘their company. They work as one single team with one vision joining the expertise of TenneT and National Grid.

http://www.britned.com/


Russia Ukraine gas disputes

The Russia Ukraine gas disputes refer to a number of disputes between Ukrainian oil and gas company Naftogaz Ukrainy and Russian gas supplier Gazprom over natural gas supplies, prices, and debts. These disputes have grown beyond simple business disputes into transnational political issues involving political leaders from several countries that threaten natural gas supplies in numerous European countries dependent on natural gas imports from Russian suppliers, which are transported through Ukraine. Russia provides approximately a quarter of the natural gas consumed in the European Union; approximately 80% of those exports travel through pipelines across Ukrainian soil prior to arriving in the EU.[1]

http://en.wikipedia.org/wiki/Russia%E2%80%93Ukraine_gas_disputes


…you cry less if you’re drunk when you read them…

One Reply to “cyberclippings of cyberutility”

Leave a Reply

Your email address will not be published. Required fields are marked *