cybersecurity act of 2012 summary
There's a story out of England I heard recently that's one of the most ironic tales of how developments in technology - cybersecurity, in particular - need to be taken more seriously.
The story started in 2009, when 18-year-old Nicholas Webber was arrested for using fraudulent credit card details to pay for a penthouse suite at the Hilton Hotel in Park Lane, Central London.
When police examined Webber's laptop, they found details of 100,000 stolen credit cards linked to losses totaling 16.2 million pounds ($24.6 million)
Turns out Webber ran the Internet crime forum GhostMarket. The site allowed hackers to meet up virtually, create computer viruses and share stolen IDs and private credit card data.
In 2011 Webber was sentenced to five years in prison. Once in prison Webber was allowed to participate in a computer class.
And earlier this year, he hacked the prison computer system.
The Cybersecurity Investment Opportunity Everyone Is Missing
China's Cyber Attacks on the United States Will Only Get Worse
Sometimes the truth is scarier than fiction, like in the case of China's cyber attacks on the United States.
In what reads more like a crime novel than a true story, a report released today (Tuesday) from Virginia-based cybersecurity firm Mandiant, a specific Chinese military unit is likely behind one of the largest cyber attacks aimed at American corporations and infrastructure.
China's Unit 61398, housed in a 12-story building in Shanghai with a headcount in the hundreds, is being accused of stealing "hundreds of terabytes of data from at least 141 organizations" since 2006. Some 115 targets in 20 different industrial sectors from energy and aerospace to transportation to financial institutions are said to have been violated.
The investigation tracked, for the first time, individual members of the savviest Chinese hacking group, dubbed "Comment Crew" and "Shanghai Group," directly to the military unit's headquarters. While Mandiant couldn't pinpoint the hackers' exact whereabouts inside the high-rise, the firm very convincingly makes the case that the building is where the attacks originated.
"Once [Unit 61398] has established access [to a target network], they periodically revisit the victim's network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contacts lists from victim organizations' leadership," the detailed 74-page report reads.
American officials also confirmed that digital forensic evidence presented by Mandiant leads to the Shanghai building as the prime source of the attacks, according to The New York Times, which first reported on Mandiant's findings Monday. Mandiant is the same firm The Times secured to investigate the cyber attacks that infiltrated their own systems in China last month.
The Chinese government adamantly denies the allegations. Chinese Foreign Ministry spokesperson Hong Lei said at a press conference the claims in the Mandiant report were unsupported.
"To make groundless accusations based on some rough material is neither responsible nor professional. Cyberattacks are anonymous and transnational, and it is hard to trace the origin of attacks, so I don't know how the findings of the report are credible," The Wall Street Journal reported.
The Cyber-Hacking of America Is Going to Cost Us Big Time
We've been warning for some time now that cybersecurity would emerge as one of the top issues to track.
Indeed, in column we published on February 1st , we even predicted that the cyber-hacking of America - especially from China, Russia and Iran - would turn into one of the top stories of 2013.
And that's precisely how it's turning out.
How the Pentagon Aims to Stop China's Cyber-Hacking of America
Given the deficit fears and budget skirmishes that are focus of the moment down in Washington, it's tough to get excited about defense-related investments right now.
Defense outlays are destined to shrink.
But there's one area where spending is slated to go up ...
And I mean go way up.
I'm talking, of course, about defense-related spending that will promote cybersecurity and combat cyber-terrorism.
Cybersecurity Companies Gear Up for Huge Role in 2013
Cyber threats from hacktivists, criminal enterprises, and others will only grow worse in 2013 and beyond - increasing the importance of cybersecurity companies.
This has led the Obama administration to continually warn about cyber threats that are capable of causing widespread damage.
In a recent speech, Defense Secretary Leon Panetta said computer assaults from rogue countries or terrorists could be as destructive as the Sept. 11 attacks. At the Pentagon, plans have been in place since 2010 to combat this threat.
But it's not just the nation's security that is at risk. Most global corporations are also vulnerable to cyberattacks.
An August cyberattack on Saudi Arabia's state oil company, Saudi Aramco, incapacitated about 30,000 computers. It was probably the most destructive attack ever launched against a non-government entity.
The risk of an attack is particularly high in the corporate sector because of the complacency of its executives. According to a recent study by the consultancy firm PwC, entitled PwC's 2013 Global State of Information Security Survey, most executives are too optimistic about their companies' ability to handle cyberattacks.
The study warned that the rise in the number and sophistication of security incidents globally, along with scrimped corporate budgets, are leaving many firms open to attack. The survey found that, in reality, only 8% of companies truly qualify as information security leaders, with many faults detected.
For example, one of the most common faults found was the lack of a security strategy (protection against malware, etc.) to address personal devices used for work purposes in the workplace.
Mark Lobel, a principal in PwC's Advisory practice, told the Financial Times, "Security models of the past decade are no longer effective. Companies...should prepare to play a new game - one that requires advanced skills and strategy to win against emerging threats."
To continue reading, please click here...
Cybersecurity Act Could Survive with Executive Order
The Senate shot down the Cybersecurity Act of 2012 (CSA2012) for a second time last Wednesday in a close 51-47 vote, leaving proponents to wonder if the bill is dead.
The Obama administration, however, is not quite ready to completely write off the act and looks ready to use whatever muscle it has to get the measure passed without full support. That's why the White House is likely to deliver an executive order to keep the act from disappearing.
"As tonight's vote in the Senate illustrates, the current prospects for a cybersecurity bill are limited. Congressional inaction in light of the risks to our nation may require the administration to issue an executive order as a precursor to the updated laws we need. We think the risk is too great for the Administration not to act," White House Cybersecurity Coordinator Michael Daniel said in a statement.
Daniel continued to state that the administration still believes "comprehensive legislation is needed to fully address the threat we face in cyberspace."
Defense Secretary Leon Panetta in a speech in New York last month said cyberattacks by extremist groups could deliver as much destruction as Sept. 11. He has called the resulting damage from cyberattacks comparable to a "digital Pearl Harbor."
To continue reading, please click here...