Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

2016 Data Breach Investigations Report

Via Verizon: “For the ninth time, the 2016 Data Breach Investigations Report (DBIR) lifts the lid on what’s really happening in cybersecurity. The 2016 dataset is bigger than ever, examining over 100,000 incidents, including 2,260 confirmed data breaches across 82 countries. With data provided by 67 contributors including security service providers, law enforcement and government agencies, this year’s report offers unparalleled insight into the cybersecurity threats you face.  Take a look through the list of published data breaches and one thing will immediately strike you: no location, industry or organization is immune from attack. Even with the strongest defenses, you can’t bank on not being breached. But you can deter the criminals. The 2016 Data Breach Investigations Report helps you understand how cybersecurity breaches occur, what the most likely attack types are for your industry and what techniques you can adopt to reduce the risk. And it’s not just for IT. A breach impacts the whole organization, so all senior executives need to understand the threats and be aware of the risks. Our executive summary gives you all the information you need in an easy-to-digest format…”

Cybersecurity: Overview Reports and Links to Government, News, and Related Resources

Via FAS, CRS report – Cybersecurity: Overview Reports and Links to Government, News, and Related Resources, March 2, 2016 (R44405) “Much is written on the topic of cybersecurity. This CRS report and those listed below direct the reader to authoritative sources that address many of the most prominent issues. Included in the reports are resources andContinue Reading

Smart Farming May Increase Cyber Targeting Against US Food and Agriculture Sector

FBI/USDA Notification: “The FBI and the US Department of Agriculture (USDA) assess the Food and Agriculture (FA) Sector is increasingly vulnerable to cyber attacks as farmers become more reliant on digitized data. While precision agriculture technology (a.k.a. smart farming) a reduces farming costs and increases crop yields, farmers need to be aware of and understandContinue Reading

Let’s Encrypt Reaches 2,000,000 Certificates

EFF: “The Let’s Encrypt certificate authority issued its two millionth certificate on Thursday, less than two months after the millionth certificate. As we noted when the millionth certificate was issued, each certificate can cover several web sites, so the certificates Let’s Encrypt has issued are already protecting millions and millions of sites. This rapid adoptionContinue Reading

IG Review of NASA’s Information Security Program

Final Memorandum, Review of NASA’s Information Security Program (IG-16-016; A-15-005-01), April 14, 2016. “As part of our annual review of NASA’s compliance with the Federal Information Security Management Act of 2002 (FISMA) for fiscal year 2015, we reviewed a representative sample of 29 information systems from NASA Centers, Headquarters, and the Jet Propulsion Laboratory (JPL)Continue Reading

Paper – OPM Demonstrated that Antiquated Security Practices Harm National Security

Handing Over the Keys to the Castle – OPM Demonstrated that Antiquated Security Practices Harm National Security. Institute for Critical Infrastructure Technology. July 2015. “In this digital age, information is secured, coveted, and exfiltrated by nation states, hacktivists, and ambitious actors because, now more than ever, knowledge is power. Modern needs dictate that only authorizedContinue Reading

Paper – Gone in Six Characters: Short URLs Considered Harmful for Cloud Services

Gone in Six Characters: Short URLs Considered Harmful for Cloud Services  – Martin Georgiev, Vitaly Shmatikov (Submitted on 10 Apr 2016) “Modern cloud services are designed to encourage and support collaboration. To help users share links to online documents, maps, etc., several services, including cloud storage providers such as Microsoft OneDrive and mapping services suchContinue Reading

EU Parliament adopts General Data Protection Regulation

European Parliament News: “New EU data protection rules [EU General Data Protection Regulation (“GDPR”)] which aim to give citizens back control of their personal data and create a high, uniform level of data protection across the EU fit for the digital era was given their final approval by MEPs on Thursday. The reform also setsContinue Reading

DoD tests public key infrastructure for DTIC secure website access

SecureIDNews:  “The federal government’s use of user IDs and passwords for access to its applications could soon give way to more secure PKI-based credentials if more government entities follow the lead of the U.S. Department of Defense. The Defense Department is leveraging PKI to better protect its information systems, with the intent of making accessContinue Reading

FTC Announces Significant Enhancements to IdentityTheft.gov

“For the first time, identity theft victims can now go online and get a free, personalized identity theft recovery plan as a result of significant enhancements to the Federal Trade Commission’s IdentityTheft.gov website. The new one-stop website is integrated with the FTC’s consumer complaint system, allowing consumers who are victims of identity theft to rapidlyContinue Reading

Cybersecurity: Legislation, Hearings, and Executive Branch Documents

CRS Report – Cybersecurity: Legislation, Hearings, and Executive Branch Documents, Rita Tehan, Information Research Specialist. March 30, 2016. “Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated against individuals, corporations, and countries. Targets have included government networks, companies, and political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomaticContinue Reading

GAO Reports – Defense Support of Civil Authorities during Cyber Incidents, Library Services for Those with Disabilities, Retirement Security

Civil Support: DOD Needs to Clarify Its Roles and Responsibilities for Defense Support of Civil Authorities during Cyber Incidents, GAO-16-332: Published: Apr 4, 2016. Publicly Released: Apr 4, 2016. Library Services for Those with Disabilities: Additional Steps Needed to Ease Access to Services and Modernize Technology, GAO-16-355: Published: Apr 4, 2016. Publicly Released: Apr 4,Continue Reading