Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Hackers continue to leak federal government employee data

NextGov.com: “The group of hacktivists, Anonymous, claimed in a tweet on Wednesday they hacked the Census Bureau and leaked employee details online. The hack was in protest of TTIP (Transatlantic Trade and Investment Partnership), which is an agreement being negotiated between the U.S. and E.U. critics say would increase corporate power and make it more difficult to regulate markets. The leaked Census Bureau data includes names, emails, phone numbers, positions and password hashes of employees.”

NIST – Securing Electronic Health Records on Mobile Devices

“Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment or incorrect prescriptions. Yet, the use of mobile devices toContinue Reading

White Paper – Comparing Expert and Non-Expert Security Practices

Google Online Security Blog: “Today, you can find more online security tips in a few seconds than you could use in a lifetime. While this collection of best practices is rich, it’s not always useful; it can be difficult to know which ones to prioritize, and why. Questions like ‘Why do people make some securityContinue Reading

GAO Reports – Defense Infrastructure, Federal Green Building, IRS Examination Selection, Low-Income Housing Tax Credit, Teacher Preparation Programs

Defense Infrastructure: Improvements in DOD Reporting and Cybersecurity Implementation Needed to Enhance Utility Resilience Planning, GAO-15-749: Published: Jul 23, 2015. Publicly Released: Jul 23, 2015. Federal Green Building: Federal Efforts and Third-Party Certification Help Agencies Implement Key Requirements, but Challenges Remain, GAO-15-667: Published: Jul 23, 2015. Publicly Released: Jul 23, 2015. IRS Examination Selection: InternalContinue Reading

Leaked drone company emails reveal plans to deliver spyware using drones

Cora Currier – The Intercept: “There are lots of ways that government spies can attack your computer, but a U.S. drone company is scheming to offer them one more. Boeing subsidiary Insitu would like to be able to deliver spyware via drone. The plan is described in internal emails from the Italian company Hacking Team, which makes off-the-shelf software that can remotely infectContinue Reading

General guide to account opening – consultative document

Bank for International Settlements: “The Basel Committee on Banking Supervision has today issued for public consultation a revised version of the General guide to account opening, which was first published in February 2003. Most bank-customer relationships start with an account opening procedure. The customer information collected and verified at this stage is crucial in orderContinue Reading

Handing Over the Keys to the Castle

Handing Over the Keys to the Castle – OPM Demonstrated that Antiquated Security Practices Harm National Security. Institute for Critical Infrastructure Technology. July 2015. “In this digital age, information is secured, coveted, and exfiltrated by nation states, hacktivists, and ambitious actors because, now more than ever, knowledge is power. Modern needs dictate that only authorizedContinue Reading

FFIEC Cybersecurity Assessment Tool June 2015

FFIEC Cybersecurity Assessment Tool June 2015. OMB Control 1557-0328. Expiration Date: December 31, 2015. “In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool (Assessment), on behalf of its members, to help institutions identify their risks and determine their cybersecurity maturity. TheContinue Reading

Optimal Design and Defense of Networks Under Link Attacks

“Bravard, Christophe and charroin, liza, Optimal Design and Defense of Networks Under Link Attacks (July 1, 2015). Available for download at SSRN: http://ssrn.com/abstract=2631443 “Networks facilitate the exchange of goods and information and create benefits. We consider a network composed of complementary nodes, i.e., nodes that need to be connected to generate a positive payoff. ThisContinue Reading

Symantec Intelligence Report June 2015

“There is good news this month on the email-based front of the threat landscape. According to our metrics, the overall spam rate has dropped to 49.7 percent. This is the first time this rate has fallen below 50 percent of email for over a decade. The last time Symantec recorded a similar spam rate wasContinue Reading

GAO Reports – DOD Business Systems Modernization, Insider Threats, Patient Protection, Senate Public Records, Space Launch System

DOD Business Systems Modernization: Additional Action Needed to Achieve Intended Outcomes, GAO-15-627: Published: Jul 16, 2015. Publicly Released: Jul 16, 2015. Insider Threats: DOD Should Improve Information Sharing and Oversight to Protect U.S. Installations, GAO-15-543: Published: Jul 16, 2015. Publicly Released: Jul 16, 2015. Patient Protection and Affordable Care Act: Observations on 18 Undercover TestsContinue Reading

Is There a Judicial Remedy for Victims of Federal Data Breaches?

CRS Legal Sidebar – Is There a Judicial Remedy for Victims of Federal Data Breaches? “The scope of information believed to have been compromised by a series of cyber-intrusions at the Office of Personnel Management (OPM) continues to grow. OPM recently announced that further investigation of the initial breach affecting 4.2 million current and formerContinue Reading