Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

New GAO Reports – Critical Infrastructure Protection, EPA Regs and Electricity

  • CRITICAL INFRASTRUCTURE PROTECTION: DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts, GAO-14-507: Published: Sep 15, 2014. Publicly Released: Sep 15, 2014: “DHS is not positioned to manage an integrated and coordinated government-wide approach for assessments as called for in the NIPP because it does not have sufficient information about the assessment tools and methods conducted or offered by federal entities external to DHS with CI responsibilities, such as the Environmental Protection Agency, which oversees critical infrastructure activities related to water and wastewater systems. Consequently, opportunities exist for DHS to work with other federal entities to develop guidance as necessary to ensure consistency. Doing so would better position DHS and other federal entities with CI responsibilities to promote an integrated and coordinated approach for conducting vulnerability assessments of CI, as called for in the Homeland Security Act of 2002, presidential directives, and the NIPP.”
  • EPA REGULATIONS AND ELECTRICITY: Update on Agencies’ Monitoring Efforts and Coal-Fueled Generating Unit Retirements, GAO-14-672: Published: Aug 15, 2014. Publicly Released: Sep 15, 2014: “”Coal is a key domestic fuel source, producing about 37 percent of the nation’s electricity supply in 2012. Burning coal for electricity production results in the emission of pollutants such as sulfur dioxide (SO2), nitrogen oxides (NOx), and mercury and other metals. Coal-fueled electricity generating units are among the largest emitters of these pollutants. Using coal to generate electricity has been associated with human health and environmental concerns by the Environmental Protection Agency (EPA), the primary federal agency responsible for implementing many of the nation’s environmental laws. For example, according to EPA data, SO2 and NOx have been linked to respiratory illnesses and acid rain.”

Cyberthreats in past year impact 93% of financial services organizations

“Cyberattacks targeting financial services firms are on the rise, but are these organizations doing enough to protect business and customer data? According to a Kaspersky Lab and B2B International survey of worldwide IT professionals, 93% of financial services organizations experienced various cyberthreats in the past 12 months. And while cyber-attacks targeting financial services firms are on the rise, nearly oneContinue Reading

DARPA Open Catalog

“Welcome to the DARPA Open Catalog, which contains a curated list of DARPA-sponsored software and peer-reviewed publications. DARPA sponsors fundamental and applied research in a variety of areas including data science, cyber, anomaly detection, etc., that may lead to experimental results and reusable technology designed to benefit multiple government domains. The DARPA Open Catalog organizes publiclyContinue Reading

2014 Cost of Data Breach: Global Analysis

News release: “Throughout the world, companies are finding that data breaches have become as common as a cold but far more expensive to treat. With the exception of Germany, companies had to spend more on their investigations, notification and response when their sensitive and confidential information was lost or stolen. As revealed in the 2014Continue Reading

High level hacking of US financial system linked to Russia as FBI investigates

Bloomberg: “Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe. The attack resulted in the loss of gigabytes of sensitive data,Continue Reading

IBM X-Force Threat Intelligence Quarterly, 3Q 2014

Get a closer look at Heartbleed—from the latest attack activity to mitigation strategies - using 2014 mid-year data and ongoing research. IBM, August 2014. “Welcome to the latest quarterly report from the IBM® X-Force® research and development team. In this report, we’ll look at how the Heartbleed vulnerability—CVE-2014-0160, disclosed in April 2014—impacted organizations around the world.Continue Reading

How a Chinese National Gained Access to Arizona’s Terror Center

ProPublica:  The un-vetted computer engineer plugged into law enforcement networks and a database of 5 million Arizona drivers in a possible breach that was kept secret for years. by Ryan Gabrielson, ProPublica and Andrew Becker, Center for Investigative Reporting, August 26, 2014. “LIZHONG FAN’S DESK WAS AMONG A CROWD of cubicles at the Arizona Counter Terrorism InformationContinue Reading

New on LLRX – Four Part Series on Privacy and Data Security Violations

Via LLRX.com – fours new articles by law professor Daniel J. Solove on privacy, data protection and the harm caused by breaches. Privacy and Data Security Violations: What’s the Harm? - Daniel J. Solove is a Law professor at George Washington University Law School, an expert in information privacy law, and founder of TeachPrivacy, a privacy and securityContinue Reading

Backoff: New Point of Sale Malware

“This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharingand Analysis Center (FS-ISAC), and Trustwave Spiderlabs, acting under contract with the USSS. The purpose of this release is to provide relevant and actionable technical indicators for network defense. Recent investigations revealedContinue Reading

The Scope and Potential of FTC Data Protection

Hartzog, Woodrow and Solove, Daniel J., The Scope and Potential of FTC Data Protection (July 1, 2014). 83 George Washington Law Review, 2015, Forthcoming; GWU Law School Public Law Research Paper No. 2014-40; GWU Legal Studies Research Paper No. 2014-40. Available for download at SSRN: http://ssrn.com/abstract=2461096 “For more than fifteen years, the Federal Trade Commission (FTC)Continue Reading

Paper – TSA device flaws compromise airport security

Via FCW.com: “The cybersecurity vulnerabilities uncovered in a number of the Transportation Security Administration’s electronic security and personnel management devices are part of a growing problem for federal IT managers, according to the expert that discovered and reported the flaws. Billy Rios, director of threat intelligence at Qualys, a large security tech firm, presented a paper in earlyContinue Reading

Extensive interview of Edward Snowden – Wired

James Bamford, via Wired: “..Snowden will continue to haunt the US, the unpredictable impact of his actions resonating at home and around the world. The documents themselves, however, are out of his control. Snowden no longer has access to them; he says he didn’t bring them with him to Russia. Copies are now in the handsContinue Reading