Transaction Search Form: please type in any of the fields below.
Date: April 29, 2024 Mon
Time: 11:36 pm
Time: 11:36 pm
Results for cybercrime (u.s.)
9 results foundAuthor: Friedman, Allan Title: Economic and Policy Frameworks for Cybersecurity Risks Summary: Congress and the Obama administration have advanced dozens of proposals addressing cybersecurity. While many of these bills propose admirable policies, they often attempt to address a wide range of issues under a poorly matched set of frameworks. This paper offers three observations built around a framework of risk management to help focus the discussion. First, we caution against conflating different threats simply because they all involve information technology. Crime, espionage and international conflict are very different threats, and grouping them together can lead to poorly framed solutions. Second, we argue that looking at cybersecurity from the perspective of economics can offer important insight into identifying important policy opportunities. Finally, we suggest a series of governance frameworks that can be used in a complementary fashion to address many of the issues discussed. Details: Washington, DC: Center for Technology Innovation, Brookings, 2011. 24p. Source: Internet Resource: Accessed September 20, 2011 at: http://www.brookings.edu/~/media/Files/rc/papers/2011/0721_cybersecurity_friedman/0721_cybersecurity_friedman.pdf Year: 2011 Country: United States URL: http://www.brookings.edu/~/media/Files/rc/papers/2011/0721_cybersecurity_friedman/0721_cybersecurity_friedman.pdf Shelf Number: 122796 Keywords: Cybercrime (U.S.)CybersecurityRisk Management |
Author: Rantala, Ramona R. Title: Cybercrime against Businesses, 2005 Summary: Presents the nature and prevalence of computer security incidents among 7,818 businesses in 2005. This is the first report to provide data on monetary loss and system downtime resulting from cyber incidents. It examines details on types of offenders, reporting of incidents to law enforcement, reasons for not reporting incidents, types of systems affected, and the most common security vulnerabilities. The report also compares in-house security to outsourced security in terms of prevalence of cyber attacks. Details: Washington, DC: U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Statistics, 2008. 20p. Source: Internet Resource: Bureau of Justice Statistics Special Report: Accessed April 11, 2012 at: http://bjs.ojp.usdoj.gov/content/pub/pdf/cb05.pdf Year: 2008 Country: United States URL: http://bjs.ojp.usdoj.gov/content/pub/pdf/cb05.pdf Shelf Number: 124921 Keywords: Business SecurityiComputer SecurityCrimes Against BusinessCybercrime (U.S.)Internet Crimes |
Author: Tehan, Rita Title: Cybersecurity: Authoritative Reports and Resources Summary: Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated by individuals, as well as countries. Targets have included government networks, military defenses, companies, or political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which also makes a response problematic. Congress has been actively involved in cybersecurity issues, holding hearings every year since 2001. There is no shortage of data on this topic: government agencies, academic institutions, think tanks, security consultants, and trade associations have issued hundreds of reports, studies, analyses, and statistics. This report provides links to selected authoritative resources related to cybersecurity issues. This report includes information on • “Legislation” • “Hearings in the 112th Congress” • “Executive Orders and Presidential Directives” • “Data and Statistics” • “Cybersecurity Glossaries” • “Reports by Topic” • Government Accountability Office (GAO) reports • White House/Office of Management and Budget reports • Military/DoD • Cloud Computing • Critical Infrastructure • National Strategy for Trusted Identities in Cyberspace (NSTIC) • Cybercrime/Cyberwar • International • Education/Training/Workforce • Research and Development (R&D) • “Related Resources: Other Websites” Details: Washington, DC: Congressional Research Service, 2012. 55p. Source: Internet Resource: R42507: Accessed April 30, 2012 at: http://www.fas.org/sgp/crs/misc/R42507.pdf Year: 2012 Country: United States URL: http://www.fas.org/sgp/crs/misc/R42507.pdf Shelf Number: 125104 Keywords: Cybercrime (U.S.)Cybersecurity |
Author: Libicki, Martin C. Title: Crisis and Escalation in Cyberspace Summary: This report presents some of the results of a fiscal year 2011 RAND Project AIR FORCE study on the integration of kinetic and nonkinetic weapons, “U.S. and Threat Non-Kinetic Capabilities.” It discusses the management of cybercrises throughout the spectrum from precrisis to crisis to conflict. The basic message is simple: Crisis and escalation in cyberspace can be managed as long as policymakers understand the key differences between nonkinetic conflict in cyberspace and kinetic conflict in the physical world. Among these differences are the tremendous scope that cyberdefense affords; the near impossibility and thus the pointlessness of trying to disarm an adversary’s ability to carry out cyberwar; and the great ambiguity associated with cyberoperations—notably, the broad disjunction between the attacker’s intent, the actual effect, and the target’s perception of what happened. Thus, strategies should concentrate on (1) recognizing that crisis instability in cyberspace arises largely from misperception, (2) promulgating norms that might modulate crisis reactions, (3) knowing when and how to defuse inadvertent crises stemming from incidents, (4) supporting actions with narrative rather than signaling, (5) bolstering defenses to the point at which potential adversaries no longer believe that cyberattacks (penetrating and disrupting or corrupting information systems, as opposed to cyberespionage) can alter the balance of forces, and (6) calibrating the use of offensive cyberoperations with an assessment of their escalation potential. Details: Santa Monica, CA: RAND, 2012. 200p. Source: Internet Resource: Accessed January 24, 2013 at: http://www.rand.org/content/dam/rand/pubs/monographs/2012/RAND_MG1215.pdf Year: 2012 Country: United States URL: http://www.rand.org/content/dam/rand/pubs/monographs/2012/RAND_MG1215.pdf Shelf Number: 127383 Keywords: Computer CrimeCyberattacksCybercrime (U.S.)National SecurityTerrorism |
Author: U.S. Government Accountability Office' Wilhausen, Gregory C. Title: Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented Summary: Cyber attacks could have a potentially devastating impact on the nation’s computer systems and networks, disrupting the operations of government and businesses and the lives of private individuals. Increasingly sophisticated cyber threats have underscored the need to manage and bolster the cybersecurity of key government systems as well as the nation’s critical infrastructure. GAO has designated federal information security as a government-wide high-risk area since 1997, and in 2003 expanded it to include cyber critical infrastructure. GAO has issued numerous reports since that time making recommendations to address weaknesses in federal information security programs as well as efforts to improve critical infrastructure protection. Over that same period, the executive branch has issued strategy documents that have outlined a variety of approaches for dealing with persistent cybersecurity issues. GAO’s objectives were to (1) identify challenges faced by the federal government in addressing a strategic approach to cybersecurity, and (2) determine the extent to which the national cybersecurity strategy adheres to desirable characteristics for such a strategy. To address these objectives, GAO analyzed previous reports and updated information obtained from officials at federal agencies with key cybersecurity responsibilities. GAO also obtained the views of experts in information technology management and cybersecurity and conducted a survey of chief information officers at major federal agencies. Details: Washington, DC: GAO, 2013. 112p. Source: Internet Resource: GAO-13-187: Accessed February 16, 2013 at: http://www.gao.gov/assets/660/652170.pdf Year: 2013 Country: United States URL: http://www.gao.gov/assets/660/652170.pdf Shelf Number: 127647 Keywords: Computer CrimesComputer SecurityCritical Infrastructure SecurityCyber SecurityCybercrime (U.S.)Internet Crimes |
Author: Negroponte, John D. Title: Defending an Open, Global, Secure, and Resilient Internet Summary: Over the course of the last four decades, the Internet has developed from an obscure government science experiment to one of the cornerstones of modern life. It has transformed commerce, created social and cultural networks with global reach, and become a surprisingly powerful vehicle for political organization and protest alike. And it has achieved all of this despite—or perhaps because of—its decentralized character. Throughout its public history, the Internet has been built and overseen by an international group of technical experts and government and user representatives committed to maintaining an open and unfettered global network. This vision, however, and the Internet to which it gave rise, is under threat from a number of directions. States are erecting barriers to the free flow of information to and through their countries. Even Western governments do not always agree on common content standards—the United States, for example, is more accepting of neo-Nazi content or Holocaust denial than are France or Germany. Other countries’ efforts to control the Internet have gone far beyond limiting hate speech or pornography. Iran, China, Saudi Arabia, Russia, and others have considered building national computer networks that would tightly control or even sever connections to the global Internet. State and nonstate actors, moreover, now regularly attack the websites and internal systems of businesses. Most of these attacks are for theft—cost estimates of intellectual property losses range as high as $500 billion per year. Other activities are related to sabotage or espionage. Hacking and defacing websites or social media feeds is a frequently used tool of political competition, while destructive programs such as Stuxnet are becoming increasingly sophisticated. Such activities can be expected to become more commonplace as critical systems become more interconnected and financial and technical barriers to entry for cyber activities fall further. A balkanized Internet beset by hostile cyber-related activities raises a host of questions and problems for the U.S. government, American corporations, and American citizens. The Council on Foreign Relations launched this Task Force to define the scope of this rapidly developing issue and to help shape the norms, rules, and laws that should govern the Internet. The Task Force recommends that the United States develop a digital policy framework based on four pillars. First, it calls on the U.S. government to share leadership with like-minded actors, including governments, private companies, and NGOs, to develop a global security framework based on a common set of principles and practices. Next, the Task Force recommends that all future trade agreements between the United States and its trading partners contain a goal of fostering the free flow of information and data across national borders while protecting intellectual property and individual privacy. Third, the Task Force urges the U.S. government to define and actively promote a vision of Internet governance that involves emerging Internet powers and expands and strengthens governance processes that include representatives of governments, private industry, and civil society. Finally, the report recommends that U.S.-based industry work rapidly to establish an industry-led approach to counter current and future cyberattacks. The United States needs to act proactively on these fronts, lest it risk ceding the initiative to countries whose interests differ significantly from its own. The Task Force further argues for greater public debate in the United States about cyber capabilities as instruments of national security. Some forty countries, including the United States, either have or are seeking cyber weapons. Greater public scrutiny and discussion will, among other things, help define the conditions under which cyber weapons might be used—conditions which should likely be highly limited in scope and subject to substantial oversight. Details: New York: Council on Foreign Relations, 2013. 125p. Source: Internet Resource: Independent Task Force Report No. 70: Accessed August 19, 2013 at: http://www.cfr.org/cybersecurity/defending-open-global-secure-resilient-internet/p30836 Year: 2013 Country: United States URL: http://www.cfr.org/cybersecurity/defending-open-global-secure-resilient-internet/p30836 Shelf Number: 129640 Keywords: Cyber SecurityCybercrime (U.S.)Internet Crime |
Author: Libicki, Martin C. Title: Hackers Wanted: An Examination of the Cybersecurity Labor Market Summary: There is a general perception that there is a shortage of cybersecurity professionals within the United States, and a particular shortage of these professionals within the federal government, working on national security as well as intelligence. Shortages of this nature complicate securing the nation's networks and may leave the United States ill-prepared to carry out conflict in cyberspace. RAND examined the current status of the labor market for cybersecurity professionals - with an emphasis on their being employed to defend the United States. This effort was in three parts: first, a review of the literature; second, interviews with managers and educators of cybersecurity professionals, supplemented by reportage; and third, an examination of the economic literature about labor markets. RAND also disaggregated the broad definition of "cybersecurity professionals" to unearth skills differentiation as relevant to this study. In general, we support the use of market forces (and preexisting government programs) to address the strong demand for cybersecurity professionals in the longer run. Increases in educational opportunities and compensation packages will draw more workers into the profession over time. Cybersecurity professionals take time to reach their potential; drastic steps taken today to increase their quantity and quality would not bear fruit for another five to ten years. By then, the current concern over cybersecurity could easily abate, driven by new technology and more secure architectures. Pushing too many people into the profession now could leave an overabundance of highly trained and narrowly skilled individuals who could better be serving national needs in other vocations. Details: Santa Monica, CA: RAND, 2014. 106p. Source: Internet Resource: Accessed July 3, 2014 at: http://www.rand.org/pubs/research_reports/RR430.html Year: 2014 Country: International URL: http://www.rand.org/pubs/research_reports/RR430.html Shelf Number: 132617 Keywords: Computer CrimeCyberattacksCybercrime (U.S.)CybersecurityInternet CrimeNational SecurityTerrorism |
Author: Nolan, Andrew Title: Cybersecurity and Information Sharing: Legal Challenges and Solutions Summary: Over the course of the last year, a host of cyberattacks has been perpetrated on a number of high profile American companies. The high profile cyberattacks of 2014 and early 2015 appear to be indicative of a broader trend: the frequency and ferocity of cyberattacks are increasing, posing grave threats to the national interests of the United States. While considerable debate exists with regard to the best strategies for protecting America's various cyber-systems and promoting cybersecurity, one point of general agreement amongst cyber-analysts is the perceived need for enhanced and timely exchange of cyber-threat intelligence both within the private sector and between the private sector and the government. Nonetheless, there are many reasons why entities may opt to not participate in a cyber-information sharing scheme, including the potential liability that could result from sharing internal cyber-threat information with other private companies or the government. More broadly, the legal issues surrounding cybersecurity information sharing - whether it be with regard to sharing between two private companies or the dissemination of cyber-intelligence within the federal government - are complex and have few certain resolutions. In this vein, this report examines the various legal issues that arise with respect to the sharing of cybersecurity intelligence, with a special focus on two distinct concepts: (1) sharing of cyberinformation within the government's possession and (2) sharing of cyber-information within the possession of the private sector. With regard to cyber-intelligence that is possessed by the federal government, the legal landscape is relatively clear: ample legal authority exists for the Department of Homeland Security (DHS) to serve as the central repository and distributor of cyber-intelligence for the federal government. Nonetheless, the legal authorities that do exist often overlap, perhaps resulting in confusion as to which of the multiple sub-agencies within DHS or even outside of DHS should be leading efforts on the distribution of cyber-information within the government and with the public. Moreover, while the government has wide authority to disclose cyber-intelligence within its possession, that authority is not limitless and is necessarily tied to laws that restrict the government's ability to release sensitive information within its possession. With regard to cyber-intelligence that is possessed by the private sector, legal issues are clouded with uncertainty. A private entity that wishes to share cyber-intelligence with another company, an information sharing organization like an Information Sharing and Analysis Organization (ISAO) or an Information Sharing and Analysis Centers (ISAC), or the federal government may be exposed to civil or even criminal liability from a variety of different federal and state laws. Moreover, because of the uncertainty that pervades the interplay between laws of general applicability - like federal antitrust or privacy law - and their specific application to cyberintelligence sharing, it may be very difficult for any private entity to accurately assess potential liability that could arise by participating in a sharing scheme. In addition, concerns may arise with regard to how the government collects and maintains privately held cyber-intelligence, including fears that the information disclosed to the government could (1) be released through a public records request; (2) result in the forfeit of certain intellectual property rights; (3) be used against a private entity in a subsequent regulatory action; or (4) risk the privacy rights of individuals whose information may be encompassed in disclosed cyber-intelligence. The report concludes by examining the major legislative proposal - including the Cyber Intelligence Sharing and Protection Act (CISPA), Cybersecurity Information Sharing Act (CISA), and the Cyber Threat Sharing Act (CTSA) - and the potential legal issues that such laws could prompt. Details: Washington, DC: Congressional Research Service, 2015. 62p. Source: Internet Resource: R43941: Accessed April 25, 2015 at: http://www.fas.org/sgp/crs/intel/R43941.pdf Year: 2015 Country: United States URL: http://www.fas.org/sgp/crs/intel/R43941.pdf Shelf Number: 135398 Keywords: Cyber SecurityCybercrime (U.S.)Information SharingIntelligence GatheringInternet Crime |
Author: Libicki, Martin C. Title: The Defender's Dilemma: Charting a Course Toward Cybersecurity Summary: Cybersecurity is a constant, and, by all accounts growing, challenge. Although software products are gradually becoming more secure and novel approaches to cybersecurity are being developed, hackers are becoming more adept, their tools are better, and their markets are flourishing. The rising tide of network intrusions has focused organizations' attention on how to protect themselves better. This report, the second in a multiphase study on the future of cybersecurity, reveals perspectives and perceptions from chief information security officers; examines the development of network defense measures and the countermeasures that attackers create to subvert those measures; and explores the role of software vulnerabilities and inherent weaknesses. A heuristic model was developed to demonstrate the various cybersecurity levers that organizations can control, as well as exogenous factors that organizations cannot control. Among the report's findings were that cybersecurity experts are at least as focused on preserving their organizations' reputations as protecting actual property. Researchers also found that organizational size and software quality play significant roles in the strategies that defenders may adopt. Finally, those who secure networks will have to pay increasing attention to the role that smart devices might otherwise play in allowing hackers in. Organizations could benefit from better understanding their risk posture from various actors (threats), protection needs (vulnerabilities), and assets (impact). Policy recommendations include better defining the role of government, and exploring information sharing responsibilities. Key Findings Common Knowledge Confirmed Security postures are highly specific to company type, size, etc.; and there often aren't good solutions for smaller businesses. Quarantining certain parts of an organization offline can be a useful option. Responding to the desire of employees to bring their own devices and connect them to the network creates growing dilemmas. Chief information security officers (CISOs) feel that attackers have the upper hand, and will continue to have it. Reasonable Suppositions Validated Customers look to extant tools for solutions even though they do not necessarily know what they need and are certain no magic wand exists. CISOs want information on the motives and methods of specific attackers, but there is no consensus on how such information could be used. Current cyberinsurance offerings are often seen as more hassle than benefit, only useful in specific scenarios, and providing little return. Surprising Findings A cyberattack's effect on reputation (rather than more direct costs) is the biggest cause of concern for CISOs. The actual intellectual property or data that might be affected matters less than the fact that any intellectual property or data is at risk. In general, loss estimation processes are not particularly comprehensive. The ability to understand and articulate an organization's risk arising from network penetrations in a standard and consistent matter does not exist and will not exist for a long time. Recommendations Know what needs protecting, and how badly protection is needed. It was striking how frequently reputation was cited by CISOs as a prime cause for cybersecurity spending, as opposed to protecting actual intellectual property. Knowing what machines are on the network, what applications they are running, what privileges have been established, and with what state of security is also crucial. The advent of smart phones, tablets, and so forth compounds the problem. Know where to devote effort to protect the organization. A core choice for companies is how much defense to commit to the perimeter and how much to internal workings. Consider the potential for adversaries to employ countermeasures. As defenses are installed, organizations must realize they are dealing with a thinking adversary and that measures installed to thwart hackers tend to induce countermeasures as hackers probe for ways around or through new defenses. Government efforts aren't high on CISO's lists, but governments should be prepared to play a role. By and large, CISOs we interviewed did not express much interest in government efforts to improve cybersecurity, other than a willingness to cooperate after an attack. Yet it seems likely that government should be able to play a useful role. One option is to build a body of knowledge on how systems fail (a necessary prerequisite to preventing failure), and then share that information. A community that is prepared to share what went wrong and what could be done better next time could produce higher levels of cybersecurity. Details: Santa Monica, CA: RAND, 2015. 162p. Source: Internet Resource: Accessed September 28, 2016 at: http://www.rand.org/content/dam/rand/pubs/research_reports/RR1000/RR1024/RAND_RR1024.pdf Year: 2015 Country: United States URL: http://www.rand.org/content/dam/rand/pubs/research_reports/RR1000/RR1024/RAND_RR1024.pdf Shelf Number: 140475 Keywords: Computer Crime Cyberattacks Cybercrime (U.S.) Cybersecurity Internet CrimeNational Security Terrorism |