“Bank of America, JPMorgan Chase, Citigroup, U.S. Bank, Wells Fargo, and PNC all suffered denial of service (DNS) attacks which occur when intruders are able to break in and overwhelm a server with web traffic,” (source…)
The book argues that computer security has evolved from a technical discipline to a strategic concept. The world’s growing dependence on a powerful but vulnerable Internet – combined with the disruptive capabilities of cyber attackers – now threatens national and international security.
Strategic challenges require strategic solutions. The author examines four nation-state approaches to cyber attack mitigation:
• Internet Protocol version 6 (IPv6)
• Sun Tzu’s Art of War
• Cyber attack deterrence
• Cyber arms control
The four threat mitigation strategies fall into several categories. IPv6 is a technical solution. Art of War is military. The third and fourth strategies are hybrid: deterrence is a mix of military and political considerations; arms control is a political/technical approach.
The Decision Making Trial and Evaluation Laboratory (DEMATEL) is used to place the key research concepts into an influence matrix. DEMATEL analysis demonstrates that IPv6 is currently the most likely of the four examined strategies to improve a nation’s cyber defense posture.
There are two primary reasons why IPv6 scores well in this research. First, as a technology, IPv6 is more resistant to outside influence than the other proposed strategies, particularly deterrence and arms control, which should make it a more reliable investment. Second, IPv6 addresses the most significant advantage of cyber attackers today – anonymity.
NB! The author will give a keynote at HITB2011KUL in October 2011.
About the Author Kenneth Geers, PhD, CISSP, is the U.S. Naval Criminal Investigative Service (NCIS) Cyber Subject Matter Expert. He was the first U.S. Representative to the NATO CCD COE in Tallinn, Estonia.
“States have an inherent right to self-defense that may be triggered by certain aggressive acts in cyberspace,” says the policy. Indeed, such aggressive acts might compel a country like the US to act even when the hacking is targeted at an allied country.”
Pentagon takes cyber-attacks as “acts of war” – PressTV
CBS 60 Minutes: Cyber War: Sabotaging the System 1/2
CBS 60 Minutes: Cyber War: Sabotaging the System 2/2
The term hacktivism (a portmanteau of hack and activism) was first used by designer/author Jason Sack in a 1995 InfoNation article about the media artist Shu Lea Cheang. Much as hacking can mean both constructive and destructive activitites, activism similarly includes both explicitly non-violent action (from the models of Martin Luther King and Mahatma Gandhi) and violent revolutionary activities (Che Guevara).
BBC Documentary on Hactivism
What WikiLeaks does and the possibility of a cyber war in the future.
DDoS attacks are growing in numbers. Discover Peakflow SP, a DDoS protection, threat management, and network visibility solution from Arbor Networks.
“Epsilon’s press release was only four sentences long, and merely stated that: On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.”
IEEE Spectrum is read by over 385,000 technology professionals and senior executives worldwide in the high technology sectors of industry, government, and academia. Subscribers include engineering managers and corporate and financial executives. Deans and provosts at every major engineering university and college throughout the world are also Spectrum readers.
NOTE: CHASE SENT THIS OUT APRIL 4, 2011
Note: This is a service message with information related to your e-mail address.
Chase is letting our customers know that we have been informed by Epsilon, a vendor we use to send e-mails, that an unauthorized person outside Epsilon accessed files that included e-mail addresses of some Chase customers. We have a team at Epsilon investigating and we are confident that the information that was retrieved included some Chase customer e-mail addresses, but did not include any customer account or financial information. Based on everything we know, your accounts and confidential information remain secure. As always, we are advising our customers of everything we know as we know it, and will keep you informed on what impact, if any, this will have on you.
We apologize if this causes you any inconvenience. We want to remind you that Chase will never ask for your personal information or login credentials in an e-mail. As always, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not Chase’s practice to request personal information by e-mail.
As a reminder, we recommend that you:
Don’t give your Chase OnlineSM User ID or password in e-mail.
Don’t respond to e-mails that require you to enter personal information directly into the e-mail.
Don’t respond to e-mails threatening to close your account if you do not take the immediate action of providing personal information.
Don’t reply to e-mails asking you to send personal information.
Don’t use your e-mail address as a login ID or password.
The security of your information is a critical priority to us and we strive to handle it carefully at all times. Please visit our Security Center at chase.com and click on “Fraud Information” under the “How to Report Fraud.” It provides additional information on exercising caution when reading e-mails that appear to be sent by us.
Patricia O. Baker
Senior Vice President
Chase Executive Office
If you want to contact Chase, please do not reply to this message, but instead go to Chase Online. For faster service, please enroll or log in to your account. Replies to this message will not be read or responded to.
CYBER CRIME COSTS $1 TRILLION GLOBALLY
See inside of a Cyber Crime War Center
Data theft and breaches from cybercrime may have cost businesses as much as $1 trillion globally in lost intellectual property and expenditures for repairing the damage last year, according to a new study from McAfee.
McAfee made the projection based on responses to a survey of more than 800 chief information officers in the U.S., United Kingdom, Germany, Japan, China, India, Brazil, and Dubai.
The respondents estimated that they lost data worth a total of $4.6 billion and spent about $600 million cleaning up after breaches, McAfee said.
Market research company StrategyOne was commissioned by Symantec to study Internet users in fourteen different countries, and found that 65% of the 77,000 in the study had been personally victimized by cybercrime.
But what’s the emotional impact of cybercrime? Symantec says its study is the first to pose that question to cybercrime victims, and it found that people are angry (58%), annoyed (51%), and feel cheated (40%), especially since most think their attackers will never be brought to justice. Furthermore, while 41% blame criminals for the attacks, and 14% blame insecure websites, 13% of cybercrime victims blame themselves.
Interestingly, however, only 51% of people said they’d change their behavior if they became a cybercrime victim, and only 44% of actual victims notified police about the crime.
This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of biotechnology and public policy issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.