CFR.org - Cybersecurity

ECOSOC Draft Resolution 20/7: Promotion of Activities Relating to Combating Cybercrime, Including Technical Assistance and Capacity-building

Tue, 01 May 2012 16:40:10 -0400

The UN Economic and Social Council (ECOSOC) Draft Resolution 20/7: Promotion of Activities Relating to Combating Cybercrime, Including Technical Assistance and Capacity-building was adopted in April 2011.

Additional Protocol to the Convention on Cybercrime

Tue, 01 May 2012 16:09:20 -0400

The Additional Protocol to the Council of Europe's Convention on Cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems, was adopted in Strasbourg, France on January 28, 2003.

CRS: Cybersecurity: Authoritative Reports and Resources

Rita Tehan — Mon, 30 Apr 2012 13:27:03 -0400

This Congressional Research Service report compiles hearings, legislation, data, and other reports on cybersecurity.

Five Secrets Anonymous Should Steal From China

Adam Segal — Fri, 20 Apr 2012 18:19:38 -0400

Adam Segal says that rather than just defacing websites, Anonymous should target five specific Chinese websites to obtain real secrets.

CRS: Cybersecurity: Selected Legal Issues

Thu, 05 Apr 2012 13:38:32 -0400

This report discusses selected legal issues that frequently arise in the context of recent legislation to address vulnerabilities of critical infrastructure to cyber threats.

NYT: How China Steals Our Secrets

Richard Clarke — Mon, 02 Apr 2012 11:23:35 -0400

Richard Clarke, former special adviser to the president for cybersecurity, says the proposed cybersecurity bill would not do much to stop Chinese cyber espionage. He suggests that the Obama administration act to stop the threat.

UN General Assembly Resolution 57/239, Cybersecurity

Fri, 30 Mar 2012 11:21:09 -0400

UN General Assembly Resolution 57/239 regarding the "creation of a global culture of cybersecurity" was adopted on January 31, 2003.

Council of Europe Convention on Cybercrime

Fri, 30 Mar 2012 11:00:24 -0400

The Council of Europe Convention on Cybercrime was opened for signature on November 23, 2001

Nuclear Security Summit, Seoul, March 2012: Multinational Statement on Nuclear Information Security

Tue, 27 Mar 2012 16:50:01 -0400

The White House released this multinational statement on nuclear information security on March 27, 2012 during the U.S.' participation in the nuclear security summit in Seoul, South Korea.

FP: Think Again: Cyberwar

Mon, 27 Feb 2012 15:41:55 -0500

Foreign Policy's Thomas Rid writes that we shouldn't fear the digital bogeyman--virtual conflict is still more hype than reality.

Cybersecurity Policy

Fri, 24 Feb 2012 15:28:32 -0500

Recent cyber attacks on corporate, governmental, and non-profit organizations and prompted debate on Internet governance and Internet freedom. How can the United States protect "cyberspace as a national asset," without restricting "the free and open nature of the Internet"? What should countries consider when developing international cybersecurity standards and protocol? What should their citizens know to protect their information and their rights? Cybersecurity Policy Research Links provide news, background information, legislation, analysis, and international efforts to protect government and the public's information.

Cybersecurity Act of 2012 (Proposed)

Fri, 24 Feb 2012 14:42:48 -0500

The Cybersecurity Act of 2012 (S. 2105) was introduced by Senator Joseph Lieberman in the U.S. Senate on February 14, 2012.

The summary states, "Directs the Secretary of Homeland Security (DHS), in consultation with owners and operators of critical infrastructure, the Critical Infrastructure Partnership Advisory Council, and other federal agencies and private sector entities, to: (1) to conduct a top-level assessment of cybersecurity risks to determine which sectors face the greatest immediate risk, and beginning with the sectors identified as having the highest priority, conduct, on a sector-by-sector basis, cyber risk assessments of the critical infrastructure; (2) establish a procedure for the designation of critical infrastructure; (3) identify or develop risk-based cybersecurity performance requirements; and (4) implement cyber response and restoration plans. Sets forth requirements for securing critical infrastructure, including notification of cyber risks and threats and reporting of significant cyber incidents affecting critical infrastructure."

Chinese Computer Games

Adam Segal — Fri, 24 Feb 2012 12:13:31 -0500

In March 2011, the U.S. computer security company RSA announced that hackers had gained access to security tokens it produces that let millions of government and private-sector employees, including those of defense contractors such as Lockheed Martin, connect remotely to their office computers.

Securing U.S. Cyberspace

Jonathan Masters — Wed, 22 Feb 2012 16:37:13 -0500

Most critical information systems in the United States are operated by the private sector and remain vulnerable to cyber attacks. Newly proposed legislation would require businesses to meet minimum standards of protection, but has raised concerns about regulatory overreach.

CRS: Federal Laws Relating to Cybersecurity

Eric A. Fischer — Tue, 21 Feb 2012 14:13:17 -0500

The Congressional Research Service reports that for more than a decade, various experts have expressed increasing concerns about cybersecurity in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised.

CRS: Critical Infrastructures: Background, Policy, and Implementation

John D. Moteff — Tue, 21 Feb 2012 14:01:42 -0500

The Congressional Research Service looks at some of issues surrounding America's critical infrastructure, identifying critical assets, assessing vulnerabilities and risks, and appraising policies.

Chinese Hacking May Slow, But...

Adam Segal — Tue, 21 Feb 2012 09:20:09 -0500

Adam Segal says Chinese hacking is not going away soon, and with no international consensus on cyber standards, companies need to do a better job of protecting intellectual property and trade secrets.

Google Must Remember Our Right to Be Forgotten

Richard A. Falkenrath — Wed, 15 Feb 2012 10:36:19 -0500

Richard A. Falkenrath says changes to national privacy law are essential to protect personal privacy in the age of pervasive social media and cloud computing--and Google's new privacy policy points even more firmly to the need for a right to be forgotten.

Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise

Tue, 03 Jan 2012 14:08:36 -0500

The Department of Homeland Security national strategy on cybersecurity, "Blueprint for a Secure Cyber Future", was released in November 2011.

Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program

Tue, 03 Jan 2012 13:54:47 -0500

The foreward of this National Science and Technology Council strategy document, written by John P. Holdren (Assistant to the President for Science and Technology and Director, Office of Science and Technology Policy) states,

"This report, Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program was developed by the NITRD agencies and directly responds to the need for a new cybersecurity R&D strategy. As recommended in the CyberspacePolicy Review's near-term action plan, Trustworthy Cyberspace replaces the piecemeal approaches of the past with a set of coordinated research priorities whose promise is to "change the game," resulting in a trustworthy cyberspace. As called for in the policy review's mid-term action plan, this plan identifies opportunities to engage the private sector in activities for transitioning promising R&D into practice. In addition, and consistent with the PCAST recommendations, it prioritizes the development of a "science of security" to derive first principles and the fundamental building blocks of security and trustworthiness.

I am pleased to commend this Federal cybersecurity R&D strategic plan as part of the Administration's comprehensive effort to secure the future of the Nation's digital infrastructure."

Bloomberg: China-Based Hacking of 760 Companies Shows Cyber Cold War

Michael Riley, and John Walcott — Thu, 15 Dec 2011 13:38:36 -0500

Cyber espionage has become a critical aspect of Chinese economic growth, write Michael Riley and John Walcott.

Police Data in the Cloud

Richard A. Falkenrath — Wed, 30 Nov 2011 22:07:46 -0500

Richard A. Falkenrath discusses how the modern American police department must balance its information technology needs--including cloud computing services--against the unique legal framework within which it operates.

Hague’s Closing Remarks at the London Conference on Cyberspace

William Hague — Wed, 02 Nov 2011 15:16:42 -0400

British Foreign Secretary William Hague gave these remarks at the London Conference on Cyberspace on November 2, 2011.

Why a Cybersecurity Treaty Is a Pipe Dream

Adam Segal, and Matthew C. Waxman — Thu, 27 Oct 2011 16:08:17 -0400

Adam Segal and Matthew C. Waxman discuss the London Conference on Cyberspace and argue that progress toward a vision of cybersecurity and freedom will be incremental and achieved through multiple arrangements between state and private actors rather than through a global accord.

Cyber Governance and Instability (Video)

Paul Twomey, and Stewart A. Baker — Wed, 07 Sep 2011 12:00:48 -0400

Paul Twomey, chief executive officer of Argo Pacific, discusses the challenges posed by the present state of global cyber instability for governance at both the corporate and international levels.

This event is made possible in partnership with the Atlantic Council and the Cyber Conflict Studies Association.

Cyber Governance and Instability (Audio)

Paul Twomey, and Stewart A. Baker — Wed, 07 Sep 2011 11:30:57 -0400

Paul Twomey, chief executive officer of Argo Pacific, discusses the challenges posed by the present state of global cyber instability for governance at both the corporate and international levels.

This event is made possible in partnership with the Atlantic Council and the Cyber Conflict Studies Association.

Cyber Governance and Instability

Paul Twomey, and Stewart A. Baker — Tue, 06 Sep 2011 12:02:41 -0400

Paul Twomey, former president and CEO of the Internet Corporation for Assigned Names and Numbers (ICANN), discusses the challenges posed by the present state of global cyber instability for governance at both the corporate and internatinoal levels.

Cybertheft and the U.S. Economy

Dmitri Alperovitch, and Jonathan Masters — Thu, 11 Aug 2011 13:52:32 -0400

The steady theft of U.S. intellectual property by foreign cyberattackers could mean decreased economic growth, reduced competitiveness, and loss of jobs, says McAfee cybersecurity expert Dmitri Alperovitch.

Vanity Fair: Enter the Cyber-dragon

Michael Joseph Gross — Thu, 04 Aug 2011 13:38:21 -0400

Hackers have attacked America's defense establishment, as well as companies from Google to Morgan Stanley to security giant RSA, and fingers point to China as the culprit. Michael Joseph Gross gets an exclusive look at the raging cyber-war--Operation Aurora! Operation Shady rat!--and explains why Washington has been slow to fight back.

McAfee: Operation Shady RAT Revealed

Dmitri Alperovich — Thu, 04 Aug 2011 05:31:44 -0400

McAfee reports in a white paper on Operation Shady RAT, a set of targeted intrusions into the cyber infrastructure of over seventy global institutions in the last five years.