The Ultimate Guide to Choosing WordPress Pros and Cons
2013 01-14
1. GW CSPRI Newsletter
January 14, 2013
From the Cyber Security Policy and Research Institute of The George Washington
University, www.cspri.seas.gwu.edu.
This newsletter is a weekly summary of events related to cyber security policy and
research, with a special focus on developments and events in the Washington, DC area.
Faculty and student readers of this newsletter with new and important cyber security
research to report (especially new papers or results by GW faculty and students) are
encouraged to send notifications of this to cspriaa@gwu.edu. A short (up to three
sentences) description of why you think the research is important is required.
Contents
Events
Legislative Lowdown
Cyber Security Policy News
Recent Publications and Media
Events
-Jan. 14, 5:30 p.m. - 8:30 p.m., NoVa Hackers Association Meetup - This informal
group of security professionals from around the NoVA/DC area coordinates one or two
monthly events – an evening meetup with presentations on the second Monday of the
month and various lunch or bar meetups. QinetiQ, 11091 Sunset Hills Road, Reston, VA.
More information.
-Jan 15, 6:30 p.m. - 8:00 p.m., ISSA DC Meetup - The National Capital Chapter of the
ISSA is comprised of information security professionals located in the Washington D.C.
Metropolitan Area. Members are actively involved in information security in government
agencies, the military, non-profit organizations, and in large and small companies. The
chapter holds regular meetings at various locations throughout the D.C. area. Through
its meetings and other events, the chapter fosters professional development and support
for computer and information security professionals. Membership is open to practicing
security professionals or to those with an interest in the profession. New members are
always welcome — please feel free to attend one of our open meetings or to contact
the chapter for more information. Monthly meetings generally take place on the third
2. Tuesday of every month in the evenings. Government Printing Office, 732 North Capitol
Street. More information.
-Jan. 17, 2:00 p.m. - 3:00 p.m., Mobile Security: Confronting Challenges - Mobile
attacks driven by financially motivated hackers, political “hacktivism” and vandalism
are rapidly increasing in number and sophistication. Data and identities are already being
stolen and agency communications intercepted. Agencies must act now to provide highly
secure mobile access, while remaining productive and efficient on these devices. This
free Webcast will cover how to implement a long-term, comprehensive mobile security
plan; ways to transition network securities to mobile; and how to protect agencies from
malicious mobile applications. The speaker will be Rodney Dilts, director, security
technology network-based security engineering and development, AT&T Chief Security
Office. More information.
-Jan. 22-23, 9th Annual State of the Net Conference - The State of the Net Conference
is the largest information technology policy conference in the U.S. and the only one
with over 50 percent Congressional staff and government policymakers in attendance.
This year's conference will feature a keynote luncheon discussion between Travis
Kalanick, CEO & Co-Founder, Uber, and Congressman Bob Goodlatte (R-VA), Co-
Chair, Congressional Internet Caucus. Hyatt Regency, 400 New Jersey Ave., NW. More
information.
-Jan. 24, 6:00p.m. - 7:00 p.m., America the Cyber-Vulnerable - CSPRI and GW’s
Computer Science Department is sponsoring a talk by Joel Brenner, former senior
counsel at the National Security Agency. This event will be open to the public, and
the topic of discussion will be the new faces of cyber-security threats, and what these
threats mean to government, businesses, and the public. Computer Science Department
Conference Room 736, Phillips Hall, 801 22nd Street, NW. More information will be
forthcoming in next week’s newsletter.
Legislative Lowdown
-Nearly a year after a wave of online protests killed two anti-piracy bills, lawmakers are
skittish about moving forward with legislation aimed at cracking down on websites that
illegally distribute copies of movies and music, Jennifer Martinez writes for The Hill.
The House's Stop Online Piracy Act (SOPA) and Senate's Protect IP Act (PIPA) grabbed
national attention when Wikipedia, Reddit and scores of other websites went dark on Jan.
18 to protest the bills. The public outcry over the bills led lawmakers to pull their support,
and spurred others who were previously quiet on the anti-piracy measures to speak out
in opposition. The fracas over SOPA and PIPA a year ago is still fresh on the minds of
lawmakers, making it doubtful that similar legislation will surface in the opening months
3. of the 113th Congress.
-The Hill also notes that Sen. Rand Paul (R-Ky.) wants to protect emails and text
messages the same way phone conversations are via an amendment to a bill reauthorizing
the Foreign Intelligence Surveillance Act. Paul introduced an amendment, The Fourth
Amendment Protection Act, to clarify that the Fourth Amendment to the Constitution
protects U.S. citizens from unreasonable searches and seizures, even those that result
from searches being done by a U.S. intelligence agency monitoring a foreign national
overseas. H.R. 5949 would extend for five years the ability of U.S. intelligence
authorities to surveil terrorists overseas without first getting permission from a court.
Cyber Security Policy News
-The Department of Homeland Security last week urged Internet users to disable Java,
a widely-used Web browser component that was found to have a critical security flaw
that hackers have been exploiting to massively compromise computers. The flaw, which
affects Windows, Mac and Linux machines, prompted an emergency update from Java
maker Oracle Corp. But many experts are calling on Internet users to remove Java
completely, saying that few Web sites use it and that hackers are constantly finding
previously unknown vulnerabilities in the software, which is installed on more than 850
million computers worldwide.
-The Internet genius and cofounder of the popular Web site Reddit.com committed
suicide at his Brooklyn home, The New York Post writes. The story has set off a
whirlwind of controversy in the blogosphere over allegations that the U.S. prosecutors
have been overzealous and misguided in pursuing Swartz for hacking charges. Police
found Aaron Swartz, 26, unconscious at 9:30 a.m. last Friday in the bedroom of his
Sullivan Place apartment building in Crown Heights. Swartz was found dead as he faced
up to 35 years in jail for stealing academic documents that he planned to post online
for free. Time Magazine writes that the young whiz believed deeply that information
— particularly that which might benefit society — should be made available for free to
the public. In 2011, Swartz was indicted on federal data theft charges for breaking into
the M.I.T. computer system and allegedly downloading 4.8 million documents from the
subscription based academic research database JSTOR.
-American businesses want more help from government officials in fighting cyber
attacks, although they continue to oppose government-prescribed safeguards, MasterCard
Inc. Chief Executive Ajay Banga said last week. Mr. Banga is head of the information
and technology committee at the Business Roundtable, a trade group that is set to start
a push Wednesday for closer cooperation with Washington on computer security. The
Wall Street Journal reports that the effort is, in part, intended to head off a push by some
4. policy makers for more regulation of private sector computer security. Last year, business
interests helped soften and ultimately defeat a Senate cybersecurity bill that would have
created a new regime of voluntary cybersecurity standards. Since then, American banks
have continued to fend off harassment from Iranian hackers.
-California Attorney General Kamala Harris has issued a report describing best practices
for mobile application privacy, according to Privacy Times. The report, "Privacy on
the Go," recommends that app developers implement safeguards such as privacy-by-
design and notice, but stops short of setting forth a comprehensive set of Fair Information
Practices. The report follows a law that requires all service providers doing business
in California, such as mobile app developers, to have a privacy policy available to
consumers.
-The Iranian government is behind online attacks that have slowed or crashed American
bank websites, U.S. officials tell The New York Times. The Times writes that the skill
required to carry out attacks on this scale has convinced United States government
officials and security researchers that they are the work of Iran, most likely in retaliation
for economic sanctions and online attacks by the United States. But not everyone is
convinced the attacks are that sophisticated. Robert D. Graham, chief executive of
security research firm Errata Security, penned an op-ed panning the conclusion that
the attacks somehow signaled an advanced or government-backed adversary. "I know
no of competent security researcher that has been convinced this is the work of Iran's
government," Graham writes. "The only people who agree with that statement are those
with something to sell, either pimping new government regulations or products."
-The Chinese government late last year approved regulations that will require all of
the country's Internet users to register their names after a flood of online complaints
about official abuses rattled Communist Party leaders. The Associated Press writes that
authorities say the law will strengthen protections for personal information, but that it
also is likely to curtail the Internet's status as a forum to complain about the government
or publicize corruption.
Meanwhile, Iranian officials are having a tougher time maintaining censorship blocks
on their citizens, writes NextGov. Iran has been fighting a largely losing battle as far as
wholesale censorship is concerned. So the country, in a move that represents equal parts
concession and repression, is reportedly taking another tack: According to Agence France
Press, the country is developing "intelligent software" that aims to manipulate, rather
than fully control, citizens' access to social networks. Instead of blocking Facebook, or
Twitter, or even Google ... the regime, per the report, will allow controlled access to
those services.
Recent Publications and Media
5. -The Chinese broadcaster CCTV interviewed CSPRI legal fellow Evan Sills last week
for a Chinese language broadcast on data privacy and security. They discussed U.S.
Government guidelines on data collection and retention, as well as the changing threat
landscape in the age of cloud computing and mobile devices.
-CSPRI Researcher Paul Rosenzweig has published Cyber Warfare: How Conflicts in
Cyberspace Are Challenging America and Changing the World. As described by Prof.
Rosenzweig, Cyber Warfare is "about how we try to reap the benefits in productivity
and information sharing that come from a globalized web of cyber connections while
somehow managing to avoid (or at least reduce) the damage done by malfeasant
actors." In addition to teaching at GW Law, Prof. Rosenzweg is founder of Red Branch
Consulting PLLC, a homeland security consulting company, and senior advisor to The
Chertoff Group, and he formerly served as deputy assistant secretary for policy in the
Department of Homeland Security.
The Cyber Security Policy and Research Institute (CSPRI) is a center for GW and the
Washington area to promote technical research and policy analysis of problems that
have a significant computer security and information assurance component. More
information is available at our website, http://www.cspri.seas.gwu.edu.