Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

Report to President on Enhancing Resilience of Internet and Communications Ecosystem Against Botnets and Distributed Threats

“This draft report responds to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That order called for “resilience against botnets and other automated, distributed threats,” directing the Departments of Commerce and Homeland Security to “lead an open and transparent process to identify and promote action by appropriate stakeholders” with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets).” The Departments of Commerce and Homeland Security worked jointly on this effort through three approaches–hosting a workshop, publishing a request for comment, and initiating an inquiry through the President’s National Security Telecommunications Advisory Committee (NSTAC)–aimed at gathering a broad range of input from experts and stakeholders, including private industry, academia, and civil society. These activities contributed to the information gathering process for the agencies developing the recommendations in this draft report. The Departments are requesting comment, asking for further insight into the issues and goals raised by the report, as well as the proposed approach, current initiatives, and next steps. The draft will be finalized based on adjudication of received comments before submission to the President. The final report is due to the President on May 11, 2018.”

U.S. Army Concept for Cyberspace and Electronic Warfare Operations 2025-2040

The U.S. Army Concept for Cyberspace and Electronic Warfare Operations 2025-2040, CRS report via FAS. “TRADOC Pamphlet 525-8- 6, The U.S. Army Concept for Cyberspace and Electronic Warfare Operations expands on the ideas presented in TRADOC Pamphlet 525-3- 1, The U.S. Army Operating Concept: Win in a Complex World (AOC). This document describes how the… Continue Reading

Bill Would Establish Cybersecurity Inspections, Impose Mandatory Penalties, and Compensate Consumers for Stolen Data

“United States Senators Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) today introduced the Data Breach Prevention and Compensation Act to hold large credit reporting agencies (CRAs) – including Equifax – accountable for data breaches involving consumer data. The bill would give the Federal Trade Commission (FTC) more direct supervisory authority over data security at CRAs,… Continue Reading

What is the U.S. Digital Registry?

“Whether for access to emergency, financial or education public services, users need to trust they are engaging with official U.S. government digital accounts. To help prevent exploitation from unofficial sources, phishing scams, or malicious entities, the U.S. Digital Registry serves as a crowdsource resource for agencies, citizens, and developers to confirm the official status of… Continue Reading

DHS Handbook for Safeguarding Sensitive PII

Handbook for Safeguarding Sensitive PII Privacy Policy Directive 047-01-007, Revision 3. Published by the DHS Privacy Office. December 4, 2017. This Handbook provides best practices and DHS policy requirements to prevent a privacy incident involving PII/SPII during all stages of the information lifecycle: when collecting, storing, using, disseminating, or disposing of PII/SPII. This handbook explains:… Continue Reading

Tech giants responding to massive chip vulnerability alert

Just saying – don’t throw away all the paper and the books ok. Via Axios: “A nasty series of vulnerabilities affecting decades of chip processors from Intel and others is the root of the broadest security hole to date, affecting nearly all computers, smartphones and servers. Companies including Apple, Amazon, Microsoft and Google are scrambling… Continue Reading

ABA Journal – A strategy for defeating cyberthreats to lawyers

ABA Journal: ” Every week brings news of major new cyberattacks—the stealing of personal information from Equifax and the federal Office of Personnel Management, the Petya and WannaCry ransomware worms, the Russian hacking of the Democratic National Committee’s emails, to name a few. Indeed, the cyberthreat from criminals, hacktivists and state actors is growing. The… Continue Reading

WaPo – Extensive interviews illuminate rejection of Russia’s threat to US national security

The Washington Post – Doubting the intelligence, Trump pursues Putin and leaves a Russian threat unchecked: “Nearly a year into his presidency, Trump continues to reject the evidence that Russia waged an unprecedented assault on a pillar of American democracy and supported his run for the White House. Interviews with more than 50 U.S. officials… Continue Reading

S.177 – Data Security and Breach Notification Act of 2015

“Data Security and Breach Notification Act of 2015 – Requires the Federal Trade Commission (FTC) to promulgate regulations requiring commercial entities, nonprofit and for-profit corporations, estates, trusts, cooperatives, and other specified entities that own or possess data containing personal information (covered entities), or that contract to have a third-party maintain or process such data for… Continue Reading

NACD Public Company Governance Survey – top of list is cybersecurity

“The National Association of Corporate Directors (NACD), the authority on boardroom practices representing more than 17,000 board members, today released its 2017–2018 NACD Public Company Governance Survey, an annual survey that looks through a board lens into the chief areas of concern for corporate directors. Industry disruption, business-model disruption, changing global conditions, and cybersecurity threats… Continue Reading

GAO – DOD Needs to Address Cyber Incident Training Requirements

Defense Civil Support: DOD Needs to Address Cyber Incident Training Requirements, GAO-18-47: Published: Nov 30, 2017. Publicly Released: Nov 30, 2017. “The Department of Defense (DOD) did not develop a comprehensive plan for U.S. Cyber Command (CYBERCOM); instead, the department submitted a report consisting of a collection of documents that fully addressed two of the… Continue Reading

Google Study Says Phishing Attacks Are the Biggest Threats to Web Users

DeepDotWeb: “A study by Google discovered that phishing attacks through fake emails were as effective as compared to data breaches that exposed usernames and passwords. Cyber criminals or cyber groups manage to steal over 25,000 valid sets of web credentials for Gmail accounts every week, painting a picture of the extent this problem has reached.… Continue Reading