menu

Contributor:

Steven Bucci

The National Cyber Awareness and Education Campaign

|
August 24, 2010

Those who read my Security Debrief posts or my Tweets will recognize (maybe with a groan) that one of my “issues” is the lack of action in Awareness and Education with regard to cybersecurity. It is not a sexy, nor a potentially lucrative issue, but I believe with all my heart that it is the foundational piece of any eventual “solution” to our cyber woes. Bottom line of Bucci’s rant is this: we need to make Awareness and Education a real priority and expend the money, time, and personnel to do it correctly.

Read More

Let's Not Talk Nonsense About Cyber

|
August 20, 2010

A recent blog post on Wire.com “Cyberwar Against Wikileaks? Good Luck With That” was brought to my attention by a good friend. She nominally just wanted my thoughts on the provocative article, but in effect, challenged me to blog on the subject. Some have argued that the U.S. Government could levy its cyber capabilities to stop WikiLeaks from sharing the classified information leaked to the online outlet by a young U.S. soldier. That defined a target is well within the capabilities of several different parts of the government, but it would be entirely self defeating. Using cyber capabilities to silence those with whom we disagree is exactly what privacy and civil liberties advocates fear most about the development of our cyber defenses.

Read More

Hertiage's Homeland Security Panels – Bucci Speaking on Cyber and Maritime

|
August 18, 2010

Next week, the Heritage Foundation will host “Homeland Security 2010: The Future of Defending the Homeland.” This will be a week-long series of panels aimed at providing a good background for Congressional Staffers new to Homeland Security issues. Heritage did this last year, and it was an excellent event. I will be sitting on two of the panels – maritime security and cybersecurity. The panels are open to the public and all are welcome. I highly recommend it.

Read More

Should We Seek Cyber Attribution?

|
July 26, 2010

Several news items of late have addressed the thorny issue of cyber attribution; that is, the ability to identify the sources of Web and network attacks. For cyber companies and some government agencies, attribution is the Holy Grail. However, if we develop technology that provides attribution, soon bad governments will get it too. They will surely use it against dissident elements inside their own countries to suppress free speech and abridge other civil rights of all sorts. Should we consciously forgo the possibility of deterring bad guys from cyber crime, cyber terror and cyber war because the technology could be used badly? I think the answer is clearly “no.”

Read More

Did Richard Clarke's Cyber Book Miss It?

|
July 21, 2010

You always feel a little shaky when you are planning on asserting that someone else is wrong. You feel more so when it is someone who is known as darn near a prophet in the particular field. However, no one has ever said that I was unwilling to express my opinions, so here goes. Richard Clarke, former adviser to multiple presidents, the Cassandra who warned of a coming attack before 9/11, now has a hit book out on the threat of a coming cyber war, why we are unprepared for it and what we must do. I will not attempt to do a complete review of the book, but I do want to point out two areas where I think Clarke missed the mark in his thinking.

Read More

Reflections from the White House Cyber Anniversary

|
July 15, 2010

On short notice, the White House gathered a distinguished group of industry, academic and Government types for a one-year anniversary of the President’s speech on cyber, hosted by Howard Schmidt. The President spoke for 10 minutes as well. No press attended, but an attendee gave me this summary of the event. A lot of what was said was known to all, but it was interesting to hear how they are bringing it together – especially the emphasis on industry partnerships, which every speaker (including the President) emphasized. I love celebrations, but we really need to move forward more aggressively.

Read More

Is the NSA's "Perfect Citizen" Really Big Brother?

|
July 12, 2010

OK, let me get this straight: a private sector company INVITES the National Security Agency (NSA) to place sensors on its privately owned network to help the company protect itself from unauthorized and unwanted cyber intrusions. Perfect Citizen, as it is called, is a program to detect cyber assaults on critical infrastructure, be they publically or privately held. The NSA will deploy sensors in critical infrastructure computer networks to detect a cyber attack. Some have worried that Perfect Citizen constitutes too much government monitoring in the private sector, conjuring comparisons to George Orwell’s 1984. But how in the world does Perfect Citizen constitute “Big Brother?”

Read More

Spying at the Biggest Arms Show in the World

|
July 7, 2010

At the recent Eurosatory Arms Show outside Paris, everyone seemed to be in dark suits and sunglasses. If you want a weapon or defense system, the latest hardware, or the means to stop it, this is your place. Spying at such events has always happened, and behind those suits and dark glasses there is an atmosphere of mutual distrust. Today, the threat has expanded. Cyber spying is alive and well at this very lucrative target environment.

Read More

Cyber Criminals May be Talented but they are not Superhuman

|
June 29, 2010

It is perhaps poetic that many of the “successful” cyber criminals can be and are being hacked in the same ways they attack their legitimate targets. We tend to attribute near god-like cyber powers to these miscreants, when in reality, they write into their software the same kind of weaknesses that they are so good at exploiting. One wonders why law enforcement is not doing more “reverse hacking.” In the same way cops “sting” drug dealers, unscrupulous government officials, and other criminals, they should be attacking cyber criminals.

Read More