Congress in the Cyber-Crosshairs

ACM TechNews points out the cover story of National Journal about what it will take to keep the next invader out of Congressional computers.

Two years ago, 15 House panels and members' offices were invaded by malware whose nature suggest the intrusions originated in China. One target, the office of House Representative Frank Wolf (R-Va) argued before the House that the fear of admitting vulnerability might be a reason underlying U.S. intelligence and national security's reluctance ro publicize the breaches sooner.

"I strongly believe that the appropriate officials, including those from the Department of Homeland Security and the FBI, should brief all members of Congress in a closed session regarding threats from China and other countries against the security of House technology, including our computers, BlackBerry devices, and phones," he said.

While it appears that there is little interest from members of Congress in discussing cyber vulnerabilities, it is likely because they have little understanding of them. Former director the DHS' Cyber Security Division Amit Yoran says

"As a member of Congress, you have so many issues competing for your attention and, historically, cyber-security hasn't been one that's won out. It's not an issue that is particularly well tracked by their constituents."

In a recent study prepared by the Center for Strategic and International Studies concluded for President-elect Barack Obama that Congress is unsuited for managing executive-branch cybersecurity due to the inconsistency and fragmentation of its oversight. The study group recommended that Obama take charge of cybersecurity and establish a new office for cyberspace in the Executive Office of the President that would collaborate closely with the National Security Council, "managing the many aspects of securing our national networks while protecting privacy and civil liberties."

See complete article at National Journal Magazine.

U.S. Is Losing Global Cyberwar, Commission Says

ACM TechNews summarizes an article in Business Week about how ill prepared the United States is for the challenges of 21st century cybersecurity. This woeful conclusion comes from a new report issued by the U.S. Commission on Cybersecurity.

The damage from cyber attack is real," states the cybersecurity group's report, referring to intrusions last year at the departments of Defense, State, Homeland Security, and Commerce as well as at NASA and the Natoinal Defense University in 2007.

The report calls for the creation of a Center for Cybersecurity Operations that would act as a regulator of computer security in both the public and private sectors.

"We're playing a giant game of chess now and we're losing badly," says commission member Tom Kellermann, a former World Bank security official who now is vice-president of Security Awareness at Core Security.

See full story in BusinessWeek.

Who Protects the Internet?

Slashdot calls attention to an interview with General Kevin Chilton , U.S. STRATCOM commander and the head of all military cyberwarefare appearing in TechCrunch, a technical weblog that profiles and reviews Internet products and companies.

The interview brings to light the critical question: Is the internet actually protected? Who protects us?

"Basically no one", says Jonathan Zittrain, American law professor, researcher and author. "At most, a number of loose confederations of computer scientists and engineers who seek to devise better protocols and practices — unincorporated groups like the Internet Engineering Task Force and the North American Network Operators Group. But the fact remains that no one really owns security online, which leads to gated communities with firewalls — a highly unreliable and wasteful way to try to assure security."

See more in TechCrunch.

You're Leaving a Digital Trail. What About Privacy?

ACM TechNews picked up an article published in The New York Times on how new technologies and the Internet's incursion into every aspect of life is creating what is coming to be called 'collective intelligence'.

While collective intelligence offers powerful capabilities, such as improving the efficiency of advertising or giving community groups new organizational capabilities, it is clear to all that, if misused, collective intelligence tools could create an Orwellian future on an unprecedented scale. Collective intelligence could be used by insurance companies, for example, to covertly identify people suffering from a particular disease and then deny them insurance coverage. Or the government or law enforcement could identify members of a protest group by monitoring social networks.

“There are so many uses for this technology — from marketing to war fighting — that I can’t imagine it not pervading our lives in just the next few years,” says Steve Steinberg, a computer scientist who works for an investment firm in New York.

Steinberg argues in a well-known Web posting that there were significant chances it would be misused, "This is one of the most significant technology trends I have seen in years; it may also be one of the most pernicious.”

See more in The New York Times.