March 9, 2009 · 9:21 am

Counterintelligence is not a security issue?

That seems to be what some people within our national security apparatus thinks

Within the Office of the Director of National Intelligence you will find the Office of the National Counter intelligence Executive (ONCIX). ONCIX is headed by Dr. Brenner, the National Counter intelligence Executive and staffed by senior counter intelligence (CI) and other specialists from across the national intelligence and security communities. Dr. Brenner said, there is growing acceptance that we face a cyber counter intelligence problem, not a security problem. He has also stated that about 140 foreign intelligence surveillance organizations currently target the United States. As you may recall we reported earlier that Spy-Ops has estimated that there are currently 140 countries with active cyber warfare programs in place.

Leave a comment

Filed under cybersecurity

March 8, 2009 · 9:20 am

Stem Cell Policy – battles begin anew

President Obama is announcing his much anticipated change in stem cell policy.

The president’s action, which will carry out a campaign pledge, involves a long-controversial intersection of science and personal moral beliefs.  NYT

Monday’s announcement will not mean an immediate change in policy as the NIH will take several months to create the new regulations.  However, that does not mean that opponents will wait.

Georgia will be first to react as the state senate will take a bill (SB 169) pronounced “dead” for this session on March 5 to make it illegal to destroy any human embryo (no matter how created – with sperm and egg or via somatic nuclear cell transfer).

Leave a comment

Filed under stem cell, Uncategorized

March 8, 2009 · 8:25 am

Gas Taxes — which form to take?

Should we shift from taxes on gallons of fuel to miles driven (or is one a proxy for the other?)

Officials Seek Way to Fill a Gas Tax Gap
By STEVE FRIESS
Published: March 8, 2009
Officials across the country are testing systems that could move Americans from paying a per-gallon tax at the pump to some form of fee based on road usage.

Leave a comment

Filed under Evaluation

March 7, 2009 · 7:05 am

Buddy, did you know your anti-virus has expired?

So — would you want the state police writing you a ticket for failure to secure your computer?  Lawrence Pingree poses an interesting tool to consider.

The government could then scan the IP address space issued in the USA and then it could then issue “fix-it” tickets (similar to what is done today for cars) for Internet connected systems that contained vulnerabilities.

Seriously, how do you embed proper practices into the individual psychie?

Take for example peer-to-peer file sharing programs.  Leakage of data files has occurred over nets constructed by employees trying to “share” some music.  Some call P2P a “national security threat“.  Security experts, however, point to the human side of the security equation:

The problem, experts say, is that employees are violating corporate policy by using P2P at work or on work laptops to download MP3 files, or they take the work laptop home and their children install file-sharing software on it.

Ninety-three percent of P2P disclosures in the enterprise are inadvertent, said Tiversa Brand Director Scott Harrer. “You can’t really guard against human error,” he said.

The NSA is being accused of a power grab with respects to which agency manages cybersecurity.  Not too sure I want them policing my network.  (Does anyone here black helicopters hovering nearby?)

A top federal cybersecurity official resigned this week in a letter sharply critical of what he described as a power grab by the National Security Agency.

Rod Beckström, director of Homeland Security’s National Cybersecurity Center, said in his letter that NSA “effectively controls DHS cyber efforts through detailees, technology insertions,” and has proposed moving some functions to the agency’s Fort Meade, Md., headquarters.

Leave a comment

Filed under cyber policy, cybersecurity

Tagged as

March 4, 2009 · 9:08 am

Weaponizing the Web

SecurityFix has  a sobering post on systems that are “owned” by gangs in Russia.  Here is the M.O. for such gangs:

In DDoS assaults, cyber gangsters demand tens of thousands of dollars in protection money from businesses. If the businesses refuse to pay, the criminals order hundreds or thousands of compromised computers that they control to flood the Web sites with meaningless traffic, crippling the businesses and preventing legitimate visitors from transacting with the sites.

Those same systems can be bought to attack any target.

Leave a comment

Filed under cybersecurity

March 2, 2009 · 6:41 am

Stem Cell Research – Status of Research

Interesting advances — but nothing set in concrete yet.

“The point is, we don’t know yet what the end potential of either of these approaches will be,” said Mark A. Kay of Stanford University. “No one has cured any disease in people with any of these approaches yet. We don’t know enough yet to know which approach will be better.”

Leave a comment

Filed under stem cell

March 2, 2009 · 6:38 am

Modernizing Govt ain’t so simple

Great read about the bumps that the Obama team have encountered to replicate the communiation apparatus used during the campaign in the White House.

Leave a comment

Filed under Government Information, Policy

March 1, 2009 · 4:18 pm

Obama EMT investment – Government reacting to market failure

NYT story notes how the investment to create incentives to single practice physicians is classic textbook reactionto market failure:

… only about 17 percent of the nation’s physicians are using computerized patient records, according to a government-sponsored survey published last year in The New England Journal of Medicine.“This is really not a technology problem,” observed Erik Brynjolfsson, an economist at the Sloan School of Management at the Massachusetts Institute of Technology. “It’s a matter of incentives and market failure.”

Leave a comment

Filed under electronic medical records

Tagged as

February 25, 2009 · 9:15 am

Community Reaction to Adobe Security threat

SecurityFix describes the Adobe vs cybersec community discourse concerning a flaw that was discovered last year.  The organizations noted in this report represent a volunteer group (shadowserver), a proprietary intrusion prevention company (Sourcefire).  No government organizations mentioned regarding an event that touches many users across all organizational sectors.

There is a blog (VRT) that reports on findings from the Sourcefire research team.

1 Comment

Filed under cybersec organizations, cybersecurity, Uncategorized

February 25, 2009 · 4:56 am

Another hub in the cybersecurity Network

Former Washington Gov. Gary Locke is slated to be appointed Secretary of Commerce:

Experience in technology policy will also be important for the next commerce secretary, Cantwell said, since he will have to appoint the next director of the National Institute of Standards and Technology, oversee the U.S. Patent and Trademark Office, and provide leadership on issues like cybersecurity.

The National Institute of Standards and Technology (NIST) does important stuff — like set standards and prescriptions such as the new guide on maintaining data security while teleworking.  This riveting 46 page how to is written in “broad language in order to be helpful to any group that engages in telework. (see NIST release)”

In the executive summary you will find the important steps any individual should take before connecting at home or at the local cafe.

  • Before implementing any of the recommendations or suggestions in the guide, users should back up all data and verify the validity of the backups. Readers with little or no experience configuring personal computers, consumer devices, or home networks should seek assistance in applying the recommendations. Every telework device’s existing configuration and environment is unique, so changing its configuration could have unforeseen consequences, including loss of data and loss of device or application functionality.
  • Before teleworking, users should understand not only their organization’s policies and requirements, but also appropriate ways of protecting the organization’s information that they may access.
  • Teleworkers should ensure that all the devices on their wired and wireless home networks are properly secured, as well as the home networks themselves.
  • Teleworkers who use their own desktop or laptop PCs for telework should secure their operating systems and primary applications.
  • Teleworkers who use their own consumer devices for telework should secure them based on the security recommendations from the devices’ manufacturers.
  • Teleworkers should consider the security state of a third-party device before using it for telework.

Each of the steps are reasonable — but who will invest the resources required to make those steps effective?

Standards are being published and have been published for some time.  Yet, breaches continue to occur.  So, is the current status of policy and policy outcomes optimal or do we need to create another paradigm for cybersecurity?

Leave a comment

Filed under broadband, cybersecurity, electronic medical records, federal cyber security, Policy

Tagged as , , ,