The sharing of knowledge among security professionals is vital to helping everyone stay ahead of developing threats.
.
Fact Sheet: Protecting Our Federal Networks Against Cyber Attacks
April 8, 2008
Information technology has grown to provide both government and the private sector with an efficient and timely means of delivering essential services around the world. As a result, these critical systems remain at risk from potential attacks via the Internet. It is the policy of the United States to prevent or minimize disruptions to our critical information infrastructure in order to protect the public, the economy, government services, and the national security of the United States.
Cyber Security Threat Assessment
Oct. 22, 2007
Given the constantly evolving nature of cyber threats, the Congressional Internet Caucus Advisory Committee hosted a broad educational briefing to provide a Cyber Security Threat Assessment. The threat assessment was designed to show the nature of the cyber security threat; how it has matured, how the capabilities of attackers have evolved, what our vulnerabilities are and how cyber attacks are organized. The Threat Assessment covered a broad array of sectors and break down the nuances in threats to each sector.
Titan Rain - How Chinese Hackers Targeted Whitehall - Richard Norton-Taylor,
Sept. 5, 2007
Chinese hackers, some believed to be from the People's Liberation Army, have been attacking the computer networks of British government departments, the Guardian has learned.
The attackers have hit the network at the Foreign Office as well as those in other key departments, according to Whitehall officials.
Over-Confidence Is Pervasive Amongst Security Professionals - Framingham, MA - Sept. 11, 2007
CSO Magazine has released the results of the 2007 E-Crime Watch Survey. This year's study revealed that while security events and electronic crimes were staeady against last year's findings, there are real concerns that security executives may be becoming over confident.
Conducted with the U.S Secret Service, Carnegie Mellon Universlty Software Engineering Institute's CERT® Program and Microsoft Corporation, the fourth annual survey polled 671 security executives and law enforcement officials.
The 12th Annual Computer Crime and Security Survey - by Robert Richardson, Director, Computer Security Institute
For the past five years, this survey – perhaps the most widely quoted set of statistics in the industry – has shown a drop in average extimated losses due to cybercrime. This year, however, the tide has turned and respondents have reported a significant upswing.
The Evolution of Cyber Warfare - by Greg Bruno, February 27, 2008
In the spring of 2007, when Estonian authorities removed a monument to the Red Army from its capital city, Tallinn, a diplomatic row erupted with neighboring Russia. Days later, the computerized infrastructure of Estonia’s high-tech government began to fray, victimized by what experts in cybersecurity termed a coordinated “denial of service” attack. A flood of bogus requests for information from computers around the world conspired to cripple the websites of Estonian banks, media outlets, and ministries for days. Estonia denounced the attacks as an unprovoked act of aggression from a regional foe (though experts still disagree on who perpetrated it—Moscow has denied any knowledge). Experts in cybersecurity went one step further: They called it the future of warfare.
The Dogs of Web War - by Rebecca Grant, Air Force Magazine Online, January 2008
US armed forces face “peer” adversaries in only one area—military cyberspace.
After years of claims and counterclaims concerning the severity of national security threats in cyberspace, the picture is at last starting to become clear. Recent jousting within cyberspace has provided clues about what to expect from combat in this new domain.
IBM Security Report 2007 - This white paper shows how the IBM Internet Security Systems™ X-Force® research and development team discovered, analyzed and recorded new vulnerabilities and the status of varying threats throughout the first six months of this year. pdf
The Information Technology Laboratory (ITL) of the National Institute of Standards and Technology (NIST) publishes ITL bulletins on topics of significant interest to the information systems community.
Forensics Techniques: Helping Organizations Improve Their Responses to Information Security Incidents - pdf
Intrusion Detection and Prevention Systems - pdf
CRS Report to Congress:
The Economic Impact of Cyber-Attacks - pdf
Cisco Issues Inaugural Report on Global Security Landscape
2007 Edition Provides Threat Intelligence in Seven Risk Categories, Predictions for Next Year, and Guidance from Company's Top Security Experts - pdf
The link below provides a library of White Papers on forensics from WindowSecurity.com:
http://www.windowsecurity.com/whitepapers/forensics/
Mike Andrews of Foundstone has written a timely article on the state of internet security that begins:
"Today’s Internet is a rapidly evolving place. What were once the hot technologies (gopher, FTP, telnet) are quickly being replaced by others (RSS, AJAX, SOAP). Such is the same with security; whereas in the ’90s most attacks targeted networks, today most target the applications that run on top of them.
(Read Article)
This prescient paper from 2001 should be viewed as a clear warning to policymakers and security professionals. Just as the terrorist attacks of September 11, 2001 defied what many thought possible, cyber attacks could escalate in response to United States and allied retaliatory measures against the terrorists responsible for the attack. This paper examines case studies of political conflicts that have led to attacks on international cyber systems.
Cyber Attacks During the War on Terrorism: A Predictive Analysis - pdf