American National Standards Institute. (2012, March). The financial impact of breached protected health information: A business case for enhanced PHI security. Retrieved from http://webstore.ansi.org/phi/[requires free registration]
The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security explores the reputational, financial, legal, operational, and clinical repercussions of a protected health information (PHI) breach on an organization, and provides a 5-step method – PHI Value Estimator (PHIve)- to assess specific security risks and build a business case for enhanced PHI security. This tool estimates the overall potential costs of a data breach to an organization, and provides a methodology for determining an appropriate level of investment needed to strengthen privacy and security programs and reduce the probability of a breach. A detailed example of costing a PHI breach using the PHIve method is provided.
Barrett, D. (2012, March 28). US outgunned in hacker war. Wall Street Journal, p. B1 [Full text available in Wall Street Journal database].
The Federal Bureau of Investigation’s top cyber cop offered a grim appraisal of the nation’s efforts to keep computer hackers from plundering corporate data networks: “We’re not winning,” he said. Shawn Henry, who is preparing to leave the FBI after more than two decades with the bureau, said in an interview that the current public and private approach to fending off hackers is “unsustainable.” Computer criminals are simply too talented and defensive measures too weak to stop them, he said.
His comments weren’t directed at specific legislation but came as Congress considers two competing measures designed to buttress the networks of critical U.S. infrastructure, such as electrical-power plants and nuclear reactors.
Boyens, J., Paulsen, C., Bartol, N., Moorthy, R., & Shankles, S. (2012, March). Notional supply chain risk management for federal information systems (Draft NISTIR 7622). Retrieved from http://csrc.nist.gov/publications/drafts/nistir-7622/second-public-draft_nistir-7622.pdf
This publication is intended to provide a wide array of practices that, when implemented, will help mitigate supply chain risk. It seeks to equip federal departments and agencies with a notional set of repeatable and commercially reasonable supply chain assurance methods and practices that offer a means to obtain an understanding of, and visibility throughout, the supply chain.
De Hert, P., & Papakonstantinou, V. (2012). The proposed data protection regulation replacing Directive 95/46/EC: A sound system for the protection of individuals. Computer Law & Security Review, 28(2), 201-207. [Full text can be requested from DocumentExpress.]
The recent release by the European Commission of the first drafts for the amendment of the EU data protection regulatory framework is the culmination of a consulting and preparation process that lasted more than two years. At the same time, it opens up a law-making process that is intended to take at least as much time. The Commission has undertaken the herculean task to amend the whole EU data protection edifice, through the introduction of a General Data Protection Regulation, intended to replace the EU Data Protection Directive 95/46/EC, and a Police and Criminal Justice Data Protection Directive, intended to replace the Framework Decision 2008/977/JHA. This paper shall focus at the replacement of the EU Data Protection Directive by the draft General Data Protection Regulation. Due to the fact that the draft Regulation is a long (and ambitious) text, a selection has been made, with the aim of highlighting its treatment of basic data protection principles and elements, in order to identify merits and shortcomings for the general data protection purposes.
EU ban censorship technology sales to Iran. (2012, March 27). Security and Defense Agenda. Retrieved from http://goo.gl/ARQb9
Technology banned includes deep packet inspection equipment, semantic processing engine equipment, speaker recognition/processing equipment, pattern recognition and pattern profiling equipment, semantic processing engine equipment and WEP and WPA code-breaking equipment. The EU also implemented a visa ban and asset freeze on officials whose work centres on censorship and propaganda.
Goodin, D. (2012, March 27). Google’s Chrome web store used to spread malware. Ars Technica. Retrieved from http://arstechnica.com/business/news/2012/03/googles-chome-web-store-used-to-spread-malware.ars
Crooks have found a new venue to push malware: the official Google Chrome Web Store. It was recently used to hawk Chrome browser extensions secretly hijacking users’ Facebook profiles. According to Kaspersky Lab expert Fabio Assolini, one malicious extension hosted on Google’s own servers contained hidden code that “can gain complete control” of the user’s Facebook profile. The extension then used that access to spread malicious messages and register Facebook Likes for certain items, also inviting fellow users to install it. The same operators advertised a service that delivered Likes of companies looking to promote their profiles. It costs about $27 per 1,000 Likes.
Hoover, J. N. (2012, March 27). NSA chief: China behind RSA attacks. InformationWeek. Retrieved from http://www.informationweek.com/news/government/security/232700341
China is stealing a “great deal” of military-related intellectual property from the United States and was responsible for last year’s attacks against cybersecurity company RSA, U.S. Cyber Command commander and National Security Agency director Gen. Keith Alexander told the Senate Armed Services Committee on Tuesday.
“I can’t go into the specifics here, but we do see [thefts] from defense industrial base companies,” Alexander said, declining to go into details about other attacks. “There are some very public [attacks], though. The most recent one was the RSA exploits.” RSA had earlier pinned the attacks on a “nation state.” [Full video of related hearing].
Hunton, P. (2012). Data attack of the cyber criminal. Computer Law & Security Review, 28(2), 201-207. [Full text can be requested from DocumentExpress.]
It is increasingly argued that the primary motive of the cybercriminal and the major reason for the continued growth in cyberattacks is financial gain. In addition to the direct financial impact of cybercrime, it can also be argued that the digital data and the information it represents that can be communicated through the Internet, can have additional intrinsic value to the cybercriminal. In response to the perceived value and subsequent demand for illicit data, a sophisticated and self-sufficient underground digital economy has emerged. The aim of this paper is to extend the author’s earlier research that first introduced the concept of the Cybercrime Execution Stack by examining in detail the underlying data objectives of the cybercriminal. Both technical and non-technical law enforcement investigators need the ability to contextualise and structure the illicit activities of the cybercriminal, in order to communicate this understanding amongst the wider law enforcement community. By identifying the potential value of electronic data to the cybercriminal, and discussing this data in the context of data collection, data supply and distribution, and data use, demonstrates the relevance and advantages of utilising an objective data perspective when investigating cybercrime.
Kaiser Permanente data breach affects thousands of employees. (2012, March 23). InfoSecurity. Retrieved from http://www.infosecurity-magazine.com/view/24739/kaiser-permanente-data-breach-affects-thousands-of-employees/
Managed health care consortium Kaiser Permanente has notified thousands of current and former employees that their personal information was found on an external hard drive purchased in a second-hand store in California. Kaiser Permanente said employee names, phone numbers, social security numbers, and other personal information was found on a non-Kaiser external hard drive in a California second-hand store in September, according to a report by KXL news radio.
Khan, M. N. A. (2012). Performance analysis of Bayesian networks and neural networks in classification of file system activities. Computers & Security [in press]. [Full text available in ScienceDirect database].
Comprehending state of a file system at any given time is vital for performing digital forensic analyses. Clear picture of the file system activities help reconstruct post-event timeline of the unauthorized or malicious accesses made on a system in order to uncover evidence of the digital crime. This paper describes a comparative performance analysis of the Bayesian networks and Neural networks techniques to classify the state of file system activities in terms of execution of applications based on the pattern of manipulation of specific files during some specific period of time. In particular, this paper discusses the construction of a Bayesian networks and neural networks from the predetermined knowledge of the manipulation of file system artifacts and their corresponding metadata information by a set of software applications. The variability among the execution patterns of various applications indicate that the Bayesian network based model is more appropriate tool compared to neural networks – due to its ability to enable pattern learning and detection even from an incomplete dataset. The focus of this paper is to highlight intrinsic worth of the learning approach of the Bayesian network methodology for a given dataset of training examples in comparison to the techniques used for supervised learning in ordinary neural networks. The paper also highlights the efficacy of Bayesian network technique to proficiently handle large volumes of datasets.
Kierkegaard, P. (2012). Medical data breaches: Notification delayed is notification denied. Computer Law & Security Review, 28(2), 201-207. [Full text can be requested from DocumentExpress.]
The EU and the United States have implemented data breach notification rules that cover the health sectors. Nevertheless, data breach incidents involving medical data continue to rise, especially in the US and the UK. The HITECH Act, Pub. L. 111-5 Title XIII is the first federal health breach notification law in the US to be characterized by less government intrusions, while the revised EU Privacy Directive, 2009/136/EC calls for tougher privacy protection for data held by electronic communication providers. While the EU law sets a global de facto standard, the law remains toothless without strong enforcement mechanisms.
Klinger, D. (2012, March 28). Satellite jamming becoming a big problem in the Middle East and North Africa. Ars Technica. Retrieved from http://arstechnica.com/science/news/2012/03/satellite-jamming-becoming-a-big-problem-in-the-middle-east.ars
The Arab Spring has had yet another consequence — satellite jamming, and the practice is serious enough to threaten the satellite operators’ business. Two operators, Arabsat and Nilesat, complained about the jamming in the Satellite 2012 Conference in Washington, D.C. last week, according to an article in Space News. Arabsat is a 21-country consortium that provides broadcasting to over 100 countries in the Middle East, Africa, and Europe. Nilesat is an Egypt-based operator that carries 415 channels to the Middle East and North Africa. The satellites also provide broadband, telephone, and VSAT service. Jamming and rounding up satellite dishes has become a common practice for governments wishing to limit unfavorable coverage in their own (or sometimes other people’s) countries
Ly, C., Ma, M., Li, H., Ma, J., & Niu, B. (2012). A security enhanced authentication and key distribution protocol for wireless networks. Security and Communications Networks, 5(4), 343-352. [Full text can be requested from DocumentExpress.]
In this paper, we propose an enhanced authentication and key distribution protocol to prevent off-line guessing attacks. Security analysis and formal verification prove that the proposed solution has strong security functionality to protect system from various malicious attacks.
Macalintal, I. (2012, March 28). Game change: Mac users now also subject to targeted attacks. Retrieved from http://goo.gl/iRgP1
After [Trend Micro’s] previous finding involving a targeted attack whose payload were OS-dependent, we encountered a more recent run that leads to a malicious file specifically affecting Mac OSX. The said malware, detected asTROJ_MDROPR.LB, is a Trojan being used in Pro-Tibetan targeted campaigns, as initially described by Alienvault.
This development in targeted attacks just shows that the groups behind campaigns such as this one are taking into consideration changes in the computing landscape, such as the increase in the number of Mac users. This adjustment to affect Macs also shows that they are refining their scope, and are really customizing their tools to suit their targets.
Nicolett, M. (2012, March 20). Using SIEM for targeted attack detection. [Full text available in the Gartner database].
Organizations that have deployed security monitoring technologies need to develop activity reports and a monitoring process that is overseen by the security organization but includes the assistance of “outsiders” with specific domain expertise. The most common domains needed are: network, system, database and application. Rapid discovery of a breach is more likely when real-time monitoring is supplemented with context-enriched activity and exception reports that are examined on a daily basis by people who have domain specific knowledge. It is the combination of real-time security monitoring, context (threat, vulnerability, user, asset, data and application) and “smart eyeballs” on dally activity reports that will improve your chances of early breach detection beyond the current 15% success rate. This approach is more effective when management processes have been implemented and there is some degree of role-based access control. The approach requires the cooperation of areas external to IT security, such as the database administration, server support and application support teams.
Perlroth, N., & Markoff, J. (2012, March 26). Symantec dissolves a Chinese alliance. New York Times. Retrieved from http://www.nytimes.com/2012/03/27/technology/symantec-dissolves-alliance-with-huawei-of-china.html
Less than four years after Huawei Technologies and Symantec teamed up to develop computer network security products, the joint venture is being dismantled because Symantec feared the alliance with the Chinese company would prevent it from obtaining United States government classified information about cyberthreats.
More from the NYT this week: US envoy to Russian accuses TV station of hacking; Case based in China puts face on persistent hacking; Europe cracks down on cybercrime
Prince, B. (2012, March 26). Open source security vulnerabilities plague large organizations. SecurityWeek. Retrieved from http://www.securityweek.com/open-source-security-vulnerabilities-plague-large-organizations
An analysis of a widely-used repository for open source components revealed that Global 500 organizations collectively downloaded more than 2.8 million insecure components in one year.
The study was the result of an analysis by Aspect Security in cooperation with Sonatype. Sonatype operates the Central Repository, which contains 300,000 components and is used by more than 60,000 development organizations worldwide. As both the open source ecosystem and adoption of its technologies continue to grow a rapid pace, security is being challenged and undermined by a lack of awareness of vulnerabilities and the extent to which open source components are being used.
Ragan, S. (2012, March 28). Attackers using Taidoor trojan to target think tanks and US-Taiwan interests. SecurityWeek. Retrieved from http://www.securityweek.com/attackers-using-taidoor-trojan-target-think-tanks-and-us-taiwan-interests
In 2008, the Taidoor Trojan made its first appearance on the Web. It started by attacking government agencies, but the group behind it expanded their reach by targeting a wide range of victims. Now, based on research from Symantec, it appears that the group running Taidoor is interested in think tanks, especially those that are focused on Taiwan.
While Taidoor started out by targeting governments, between 2009 and 2010, the malware shifted gears. Government victims were counted among those in the media, financial, telecom and manufacturing sectors. The length of the attack, almost four years now, shows that the group responsible for Taidoor is persistent if nothing else.
Thamilarasu, G., & Sridhar, R. (2012). A cross-layer game for energy-efficient jamming detection in ad hoc networks. Security and Communications Networks, 5(4), 364-373. [Full text can be requested from DocumentExpress.]
This paper proposes a game theoretic framework using cross-layer mechanism to detect jamming attacks in wireless networks. Jamming is formulated as a non co-operative Bayesian game to analyze the interaction between attacker and monitoring nodes in the network. The cross-layer (CL) detection engine detects and records statistical PHY/MAC layer information such as average RTS/DATA retransmission value and average carrier sensing failure duration value. The cross-layer decision component uses these measurements to estimate the current game state and decides the optimal monitoring strategy.
United States. Federal Trade Commission. (2012, March 27). FTC charges that security flaws in RockYou game site exposed 32 million email addresses and passwords. Retrieved from http://www.ftc.gov/opa/2012/03/rockyou.shtm
The operator of a social game site has agreed to settle charges that, while touting its security features, it failed to protect the privacy of its users, allowing hackers to access the personal information of 32 million users. The Federal Trade Commission also alleged in its complaint against RockYou that RockYou violated the Children’s Online Privacy Protection Act Rule (COPPA Rule) in collecting information from approximately 179,000 children. The proposed FTC settlement order with the company bars future deceptive claims by the company regarding privacy and data security, requires it to implement and maintain a data security program, bars future violations of the COPPA Rule, and requires it to pay a $250,000 civil penalty to settle the COPPA charges.
Wilshusen, G. C. (2012, March 27). IT supply chain – additional efforts needed by national security-related agencies to address risks. Statement of Gregory C. Wilshusen, Director Information Security Issues [United States Government Accountability Office]. Retrieved from http://www.gao.gov/assets/590/589617.pdf
Reliance on a global supply chain introduces multiple risks to federal information systems and underscores the importance of threat assessments and mitigation. Supply chain threats are present at various phases of a system’s development life cycle and could create an unacceptable risk to federal agencies.
In its report, GAO recommended that the Departments of Energy, Homeland Security, and Justice take steps, as needed, to develop and document policies, procedures, and monitoring capabilities that address IT supply chain risk. In commenting on a draft of the report, the departments generally concurred with the recommendations. [Related article from SecurityWeek].
Yang, J., & Chen, Y. (2012). Toward attack-resistant localization under infrastructure attacks. Security and Communications Networks, 5(4), 384-403. [Full text can be requested from DocumentExpress.]
Trustworthy location information is important because it is a critical input to a wide variety of location-based applications. However, the localization infrastructure is vulnerable to physical attacks, and consequently, the localization results are affected. In this paper, we aim to achieve robust localization under infrastructure attacks. We first investigated the impact of infrastructure attacks on localization and showed that the performance of location estimations degraded significantly under the attack. We then derived an attack-resistant scheme that is not algorithm specific and can be integrated with existing localization algorithms. Our attack-resistant scheme exploited the characteristics of the geometric patterns returned by location estimates under the attack; that is, the localization results of a wireless device under the normal situation were clearly clustered together, whereas the localization results were scattered when an attack was present. Thus, our attack-resistant scheme is grounded on K-means clustering analysis of intra-distance of localization results from all possible combinations of any three access points. To evaluate the effectiveness and scalability of our proposed scheme, we used received signal strength for validation and applied our approach to three broad classes of localization algorithms: lateration based, fingerprint matching, and Bayesian networks. We validated our scheme in the ORBIT test bed (North Brunswick, NJ, USA) using an 802.11 (Wi-Fi) network and in a real office building environment using an 802.15.4 (ZigBee) network. The extensive experimental results demonstrated that the application of our scheme could help the broad range of localization algorithms to achieve comparable or even better localization performance when under infrastructure attacks as compared with normal situations without attack, thus, effectively eliminating the effects of infrastructure attacks.
Zetter, K. (2012, March 26). Microsoft seizes ZeuS servers in anti-botnet rampage. Wired. Retrieved from http://www.wired.com/threatlevel/2012/03/microsoft-botnet-takedown/
Microsoft continued its war on botnets last week with a raid that involved seizing servers controlling millions of zombie computers caught in the spell of the ZeuS malware.
Under a court order, Microsoft employees, accompanied by agents from the U.S. Marshals Service, raided two web hosting companies in Pennsylvania and Illinois on Friday, disabling web servers used as command-and-control centers for the botnets and seizing some 800 web addresses that allowed cybercriminals to infect computers in order to steal banking credentials and siphon money from victims’ accounts. [Related article from the New York Times].
Zhang, Y., Xiao, Y., Ghaboosi, K., Zhang, J., & Deng, H. (2012). A survey of cyber crimes. Security and Communications Networks, 5(4), 422-437. [Full text can be requested from DocumentExpress.]
This paper provides a survey of cyber crimes that have actually occurred. First, cyber crimes in the digital world are compared with crimes in the physical world. Then, cyber crimes are categorized according to the roles of computers or networks.
Zhang, Y., Xiao, Y., Chen, M., Zhang, J., Deng, H. (2012). A survey of security visualization for computer network logs. Security and Communications Networks, 5(4), 404-421. [Full text can be requested from DocumentExpress.]
Although great efforts have already been made regarding security problems, networks are still threatened by all kinds of potential attacks, which may lead to huge damage and loss. In this survey, we looked into different security visual analytics, and we organized them into five categories.
CALLS FOR PAPERS
The 14th ACM Workshop on Multimedia and Security [Coventry, England, Sept. 6-7, 2012]
ICER ’12: International Computing Education Research Conference [Auckland, New Zealand, Sept. 10-12, 2012]
7th International Workshop on Critical Information Infrastructures Security [Lillehammer, Norway, Sept. 17-18, 2012]
The 7th International Conference on Legal, Security and Privacy Issues in IT Law [Athens, Greece, Oct. 2-4, 2012]
31st International Symposium on Reliable Distributed Systems [Irvine, CA, Oct. 8-11, 2012.]
19th ACM Conference on Computer and Communications Security [Raleigh, NC, Oct. 16-18]
Workshop on Security in Communications Networks, Held in Conjunction with IEEE LCN 2012 [Clearwater, FL, Oct. 22-25, 2012]
17th Nordic Conference in Secure IT Systems [Karlskrona, Sweden, Oct. 31 – Nov. 2, 2012.]
6th International Conference on Network and System Security [Wu Yi Shan, Fujian, China, Nov. 21-23, 2012]
IEEE Transactions on Information Forensics and Security, Special Issue on Privacy and Trust Management in Cloud and Distributed Systems [June 1, 2013, deadline May 31, 2012]
IEEE Network Magazine, Special Issue on Cyber Security of Networked Critical Infrastructures [January 2013, deadline June 1, 2012)