SIGNALScape

Industry Can, Must Do More to Help FBI Cybersecurity Efforts

July 30, 2013
By Robert K. Ackerman
E-mail About the Author

Companies that are hacked have valuable information that can help prevent future cyber intrusions, said an FBI cyber expert. Rick McFeely, executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the bureau is depending on industry to share vital information on cyber attacks.

“A key part of what the FBI does is victim notification,” McFeely said. “But, by calling out methods used to attack one company, we can see if those methods are being used to attack others. We now do that [a great deal].

“We need you to report it immediately,” he said, addressing industry. “If you share malware, we can tell you how others mitigated the same situation.” He added that the FBI is working to develop a tool that identifies malware’s fingerprints.

One problem the bureau has had with industry is that companies often expect to learn the identity of the intruder. That is not always possible given confidential sources of information, and the FBI discourages firms from seeking that data. “We need to get away from the constant need of private industry to know who’s behind the keyboard,” McFeely states. “We need to worry less about positively identifying [intruders] and focus on their intent and capability. We provide intelligence so you can defend your own networks, not so you can identify where an attack comes from.”

FBI Creates New Cyber Information Sharing Portal

July 30, 2013
By Robert K. Ackerman
E-mail About the Author

The FBI has created an information sharing portal for cyber defense modeled on its Guardian counterterrorism portal. Known as iGuardian, the trusted portal represents a new FBI thrust to working more closely with industry on defeating cyberthreats. It is being piloted within the longtime InfraGard portal, according to an FBI cyber expert.

 

Security Measures Need to Raise the Cost of Operations for Hackers

July 30, 2013
By Robert K. Ackerman
E-mail About the Author

Hackers need to pay a greater price for intrusions if network security is to be effective, said a former director of national intelligence. Adm. Dennis Blair, USN (Ret.), who also is a former commander of the U.S. Pacific Command, told the audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the nation needs to raise the cost to the hacker without breaking the bank for the defender.

The admiral emphasized that he is not advocating the legalization of counter-cyber attacks—as much as the concept appeals to him. Instead, he called for legalization of “a myriad of nondestructive counter cyber attacks” that would raise the minimal cost to these hackers.

Some measures might involve empowering cyber operators to take action against hackers. Adm. Blair suggested establishing the cyber equivalent of private surveillance cameras with the ability to turn evidence over to the authorities, and maybe even creating the digital equivalent of a citizen’s arrest.

Other defensive measures could thwart cyber marauders. These might take the form of documents that self destruct when unauthorized users try to open them, for example, and the digital equivalent of indelible ink that is used for marking money.

The former head of the U.S. Pacific Command cited China as an example of a cyber adversary that should be impressed with the need for supporting cybersecurity rules and laws. “We need to put more penalties into the equation instead of relying on Chinese maturing,” he offered. “How many U.S. companies must go out of business, how many billions of dollars must be lost, before the Chinese realize it’s in their best interest to cooperate in cybersecurity?”

Financial Incentives May Compel Private Sector Security

July 30, 2013
By Robert K. Ackerman
E-mail About the Author

Legislation that creates both positive and negative incentives may be necessary for industry to incorporate effective network security. The role of the insurance industry also can be brought to bear to convince companies it is in their best interest to ensure the sanctity of their data.

These points were offered by Rep. Mac Thornberry (R-TX). He told the morning audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the government should pursue a private sector approach as part of its efforts to strengthen information security in the United States.

“We need to make cyber a bigger deal at the CEO [chief executive officer] level, and to do that we need to have money involved,” he said. This would include market incentives for companies to secure their information. And, the counterpart would be a financial penalty for those firms that do not pursue adequate security.

“You have to have a stick with those carrots,” he continued. “A company that loses vital data because they didn’t have effective security involved pays a price.”

The congressman added that the insurance industry should be brought into play as well. The government needs to push cyber insurance that establishes minimum requirements and provides discounts for advanced security measures. This might work the same way that auto and home insurers provide discounts for safety technologies.

Congressman Decries “Political Demagogues” Who Threaten Security Measures

July 30, 2013
By Robert K. Ackerman
E-mail About the Author

Many elected officials who opposed the National Security Agency’s (NSA’s) broad surveillance efforts were “demagogues” who did not know the real issues involved, said a member of the House Permanent Select Committee on Intelligence. Rep. Mac Thornberry (R-TX) told the morning audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the people in the House who voted to cut funding for the NSA’s surveillance efforts preferred taking a stand to understanding the situation. Those who voted against cutting the NSA’s funding were the people who’ve been getting the intelligence briefings.

Rep. Thornberry decried the NSA’s opponents as “people who don’t want to go to the briefings, they don’t want their minds to be cluttered by the facts, they just want to feed their Twitter streams.” Those who did attend the briefings understood the scope of the threat and recognized the vital importance of these efforts in protecting the United States.

The NSA controversy provides some guidelines, he continued. It points out that the real challenge is with laws and policies—above all, public confidence. As the threat has grown, policies have not kept up. The country needs an open discussion with as many facts that can be publicized.

“The more we can talk about cyber and intelligence in the open, the better we will be … the less the demagogues can take it and run with it,” the congressman declared.

Senate to Bring Cyber Bill Mirroring House Effort

July 30, 2013
By Robert K. Ackerman
E-mail About the Author

The U.S. Senate is moving on a cyber bill that is more in line with the approach being taken by the House, said a member of the House Permanent Select Committee on Intelligence. Rep. Mac Thornberry (R-TX) told the morning audience at the AFCEA Global Intelligence Forum at the National Press Club in Washington, D.C., that this bill may be marked up by the Senate Commerce Committee this week. It would turn to standards established by the National Institute of Standards and Technology (NIST) for private sector guidelines.

Thornberry reflected on how the House passed four separate cyber bills a year ago, but they died in the Senate as that body pursued a single large bill. The congressman endorsed the House concept of legislating cybersecurity in “discrete, bite-size chunks” that reach across the relevant government committees and agencies.

The congressman called for greater cooperation between Congress and the White House, saying that this can produce a cyber policy that benefits the nation as a whole. The more the administration and Congress work together, the more their work becomes the policy of the nation rather than that of any particular administration, Republican or Democrat. “Only with this partnership can we have the solutions the country needs,” he declared.

Sandia Speeds Intellectual Property Sharing With Small Business

July 29, 2013

To facilitate innovation development, Sandia National Laboratories is building a portfolio of intellectual property (IP) that businesses can license in as little as an hour. The ready-to-sign licenses feature simplified language and pared-down terms, conditions and reporting requirements. Up-front fees are in the $3,000 range, and royalty percentages are low.

Sandia has approximately 1,300 patents available for licensing, and while large companies often take advantage of this IP, small firms often do not have the human or financial resources to seize the opportunity. The new license procedure enables entrepreneurs to click on one link and download all of the information they need. The licenses are nonexclusive, so any number of companies can make use of the technology.

“These are all technologies that no one has licensed in areas where small businesses might be able to get a foothold,” Bob Westervelt, business development specialist, Sandia, says. “A small company could take any of these licenses and run with it.” Currently, eight patents qualify for the program, but Sandia officials say the portfolio could reach up to 50. Additional information about Sandia technology transfer opportunities is available online.

Pages