Blog Daily Listings RSS

Cybersecurity Awareness Month Part V

Tue, 03 Nov 2009 16:21:21 -0500

With National Cybersecurity Awareness Month now finished, I would like to remind everyone that cybersecurity is not an issue that requires our attention only one month a year. Instead, we need to be thinking about cybersecurity every time we turn on a computer. Further, as the threat of cyber attacks continues to increase, the U.S. Government and the nation as a whole need to continue to develop and identify the young cybersecurity experts who will keep our computers and digital networks secure and resilient.

One of the ways the U.S. Government cultivates future cyber defenders is through competitions such as the U.S. Cyber Challenge. This program, which is comprised of three separate cybersecurity challenges, has the goal of identifying 10,000 young Americans with the skills to fill the ranks of cybersecurity practitioners, researchers, and leaders. The program nurtures and develops their skills, gives them access to advanced education and exercises, and where appropriate, enables them to be recognized by colleges, companies, and government departments and agencies where their skills can be of the greatest value to the nation.

One of the amazing stories from this year’s U.S. Cyber Challenge is Michael Coppola. Michael is a high school senior and is the leading point scorer through two rounds of the Netwars challenge. Despite not having much formal cybersecurity training, Michael is beating teams of adults and cybersecurity professionals, and, as you can see in the interview excerpt below, remains humble and grounded. Keep up the good work, Michael!

Q. So, Michael, what we'd really like to hear about is what it was like to participate in the NetWars competition. But for starters, how did you even find out about it?

A. In May, a news collective, Digg, pointed me to an article on Forbes.com that described the NetWars contest but didn't provide any information on how to actually participate. About a month later, a link to the contest surfaced on the 2600 news feed, and the rest is history

Q. And just out of curiosity, you're in your senior year in high school - had you already taken computer science courses at school?

A. Yes, I've taken a few, but they don't offer computer security classes. I've taken Graphic Design, Web Design and Animation, and Computer Networking and Repair. I enrolled to take Introduction to Programming this year, but they cancelled it, because they couldn't find a suitable teacher.

Q. Did you ever wonder about what you might "win" or get out of it?

A. The original flyer said something about "cyber camps," but I didn't really know what that meant. I played just to play, and if I won anything from it, then all the better.

Q. Were you surprised when you won? Did you know that the second highest score came from a TEAM of five (?) players working together?

A. I was actually very surprised to be honest. I didn't expect to win, because I assumed that the people I was competing against would be in college with formal educations. Also, I had no idea the second place contestant was in fact a team of five until you asked me!

John Brennan is Assistant to the President for Homeland Security and Counterterrorism

Cybersecurity Awareness Month Part IV

Mon, 26 Oct 2009 18:59:01 -0400

During National Cybersecurity Awareness Month I have discussed the types of cyber threats that we face and some of the basic steps that all computer users can take to better protect themselves. This week, I’d like to address another important dimension of this shared responsibility – the role of America’s small businesses.

As the President said in his remarks for National Cybersecurity Awareness Month, the cyber threat has become one of the most serious economic and national security challenges we face as a nation. America’s competitiveness and our economic prosperity in the 21st century will depend on effective cybersecurity. This is especially true for the millions of small businesses that form the backbone of our economy. For this reason, the National Institute of Standards and Technology (NIST) at the Department of Commerce recently released a guidebook, Small Business Information Security: The Fundamentals, on cybersecurity fundamentals for small business owners. A video related to the guidebook is provided below.

As the guidebook states, “in the United States, the number of small businesses totals to over 95% of all businesses. The small business community produces around 50% of our nation’s Gross National Product (GNP) and creates around 50% of all new jobs in our country. Small businesses, therefore, are a very important part of our nation’s economy.”

However, these small businesses often do not have sufficient resources to effectively secure their cyber infrastructure. Criminals recognize this, and small businesses are more and more often becoming targets of cyber crime. The NIST guidebook helps to mitigate these risks by providing small business owners with detailed (but easy-to-understand) instructions on how to improve their cybersecurity posture.

The guidebook is divided into three sections: absolutely necessary cybersecurity practices, highly recommended practices, and other planning considerations. It includes instructions on topics such as activating and installing firewalls, securing wireless access points, and conducting online banking more securely. I recommend all business owners read this guidebook. Home users may also find many of the cybersecurity instructions useful.

To learn more about cybersecurity tips please also visit www.onguardonline.gov and www.dhs.gov/cyber.

John Brennan is Assistant to the President for Homeland Security and Counterterrorism

Cybersecurity Awareness Month Part III

Mon, 19 Oct 2009 16:39:00 -0400

To help raise awareness among all Americans, the President has designated October as National Cybersecurity Awareness Month. Last week, I wrote about some of the specific threats we face every time we use a computer. However, we are not helpless against these threats. In a video released last week, President Obama identified some basic things that all computer users can do to improve their cybersecurity and better protect themselves online. In this post, I would like to expand further on these tips that computer users can adopt to improve their "cyber hygiene."

Keep your security software and operating system up-to-date. At a minimum, your computer should have current anti-virus and anti-spyware software and a firewall to protect yourself from hackers and malicious software that can steal sensitive personal information. Hackers also take advantage of Web browsers and operating system software that do not have the latest security updates. Operating system companies issue security patches for flaws that they find in their systems, so it is important to set your operating system and web browser software to download and install security patches automatically.

Protect your personal information online. Millions of people become victims of identity theft each year. One way that cyber criminals convince computer users to divulge their confidential personal information is through fake "phishing" emails, which are often cleverly disguised to look like authentic emails. Be wary of clicking on links in emails that are unfamiliar and be very cautious about providing personal information online, such as your password, financial information, or social security number.

Know who you are dealing with. It is remarkably simple for online scammers to impersonate a legitimate business, so you need to know who you are dealing with. If you are thinking about shopping on an unfamiliar website, do some independent research before you buy. Similarly, before you download software, be sure that the software developer is trustworthy. Cyber criminals will often embed the capability to steal passwords and files into free software.

Learn what to do if something goes wrong. If your computer gets hacked, the effects may be obvious (e.g., deleted or corrupted files), or they may be subtle (e.g., slow computing performance). As a first step, you should scan your computer with updated anti-virus software. You may wish to get professional assistance through your computer’s manufacturer, computer retail store, or local computer technician. You can also alert the appropriate authorities by contacting your Internet Service Provider or the Internet Crime Complaint Center. The Federal Trade Commission (FTC) can assist if you are subject to identity theft. You can also forward spam or phishing emails to the FTC at spam@uce.gov.

To learn more about cybersecurity tips please visit www.onguardonline.gov and www.dhs.gov/cyber.

John Brennan is Assistant to the President for Homeland Security and Counterterrorism.

Cybersecurity Awareness Month Part II

Mon, 12 Oct 2009 15:45:00 -0400

In my last blog post, I linked to President Obama’s proclamation announcing the start of National Cybersecurity Awareness Month. This week, I would like to discuss in more detail the cyber threats that we are facing as a Nation and as individuals. A key theme for this month is that cybersecurity is "our shared responsibility." Each one of us must take the time to increase our awareness of the cyber risks that are present every time we turn on our computers.

Just the other day, the media was breaking a story about the latest generation of malicious software designed to steal money from bank accounts. This "bank Trojan," called URLzone provides a sophisticated interface for managing theft from numerous accounts and deceives the account owner with false statements.

For years, research institutions have noted a steady increase in number of malicious programs that are being used to exploit the vulnerabilities of our computers. A vast percentage of all e-mail is spam, which tries to lure us into downloading software, visiting an infected website or social networking account, or even making a phone call in order to get us to reveal information useful for identity theft or to steal money. Many of these malicious actors are now sending out fake emails from the Internal Revenue Service.

Sophisticated cyber criminals are bypassing individual computer users and are attacking financial institutions. To them, the motivation is simple. Why steal one bank account record when you can steal millions? Fortunately, our law enforcement agencies have had some remarkable successes against key groups responsible for cyber attacks. Just last week, nearly 100 people were arrested in the United States and Egypt on charges of computer fraud, conspiracy to commit bank fraud, money laundering, and aggravated identify theft. Last month the U.S. Government convicted the individual responsible for the theft and sale of more than 40 million credit and debit card numbers from numerous U.S. retailers with losses of more than $21 billion. You can learn more about federal law enforcement efforts in combating cyber crime here, here, and here.

And then there are the botnets, which are large numbers of compromised computers that are controlled remotely by criminals or other malicious actors. Some computer experts have estimated that one quarter of all personal computers are part of a botnet. The Conficker worm has been around for about a year and has managed to spread into millions of machines through network connections and portable media such as thumb drives. These botnets appear to be used primarily for supporting criminal activities such as spam, but we worry that such large botnets could be used to launch unprecedented denial-of-service attacks against banking, government, or other important websites.

As you can see, the cyber threat is quite real. Every day dozens of Federal departments and agencies work with their industry partners to help mitigate these threats. And while we have made great strides thwarting the efforts of cyber criminals, more needs to be done. Next week, I will write more about the basic cybersecurity tips that every computer user should know and adopt.

John Brennan is Assistant to the President for Homeland Security and Counterterrorism

National Cybersecurity Awareness Month

Thu, 01 Oct 2009 15:20:00 -0400

Today, per a Presidential Proclamation and a Senate Resolution, marks the start of the sixth annual National Cybersecurity Awareness Month. As stated in the President’s Cyberspace Policy Review, cybersecurity is a national priority and is vital to our economy and the security of our nation. The financial industry, our government networks, and your home computers are under continual attack from a variety of malicious actors, including domestic hackers, international organized crime rings, and foreign intelligence agencies. They are stealing your identities and financial information, sensitive government data, and proprietary industry information. As President Obama stated in his May 29th speech, "America's economic prosperity in the 21st century will depend on cybersecurity."

However, there is much that we can do to reduce our vulnerability and improve our resilience to cyber attacks, and we call on all Americans this month to recognize their role in improving the nation’s cybersecurity. One of the themes for this year’s National Cybersecurity Awareness Month is that cybersecurity is a shared responsibility. This refers to the fact that government, industry, and the individual computer user must all play a role in securing our information networks and data. Public-private partnerships are critical to these efforts, and one example of this partnership is the National Cybersecurity Alliance. This joint industry and government organization provides a variety of information on National Cybersecurity Awareness Month activities. Further, the National Association of State Chief Information Officers (NASCIO) provides information on cybersecurity efforts happening within your state.

During the month of October, I will be posting additional information on this blog regarding a variety of cybersecurity topics, including Cyber Threat, Cybersecurity Tips for the Home User, and Cybersecurity Careers.

Please check back here weekly for additional cybersecurity information.

John Brennan is the Deputy National Security Advisor and Assistant to the President for Homeland Security and Counterterrorism