MAINMEMBERSCALENDARAEA NEWSCAREER EDUCATION CENTERCONTACT US

 

PUBLIC EDUCATIONISSUESACTION IN TRENTONFIND YOUR LOCAL AUTHORITESLINKSQUESTIONS?

This page is brought to you by the AEA IT Group. Check here often for the latest computer information.  If you have specific topics of interest please email Karen. 
 

**Updated May 25, 2010**
 

 

Cyber Information & Alerts
Click here for the latest alerts.
Updated  6/11/10

ICS-CERT - Industrial Control Systems Cyber Emergency Response Team
Click here for further info

http://www.economist.com/node/16478792/print

The Internet Threat - War in the Fifth Domain

After land, sea, air, and space, warfare has entered the fifth domain: cyberspace. By breaking up data and sending it over multiple routes, the Internet can survive the loss of large parts of the network. Yet some of the global digital infrastructure is more fragile. More than nine-tenths of Internet traffic travels through undersea fiber-optic cables, and these are dangerously bunched up in a few chokepoints - for example, around New York, the Red Sea, or the Luzon Strait in the Philippines. Internet traffic is directed by just 13 clusters of potentially vulnerable domain-name servers. Western analysts think China deploys the most assiduous, and most shameless, cyberspies, but Russian ones are probably more skilled and subtle. The next step after penetrating networks to steal data is to disrupt or manipulate them. If military targeting information could be attacked, for example, ballistic missiles would be useless. General Keith Alexander, Director of the National Security Agency (NSA) and head of the Pentagon's new Cyber Command, says the Defense Department and NSA started cooperating on cyberwarfare in late 2008 after "a serious intrusion into our classified networks." Jim Lewis of the Center for Strategic and International Studies says this refers to the penetration of Central Command, which oversees the wars in Iraq and Afghanistan, through an infected thumb-drive.

 

Nobody knows what, if any, damage was caused. But the thought of an enemy lurking in battle-fighting systems alarms the top brass. Cyberweapons are most effective in the hands of big states. But because they are cheap, they may be most useful to the comparatively weak. They may well suit terrorists. Fortunately, perhaps, the likes of al-Qaida have mostly used the Internet for propaganda and communication. It may be that jihadists lack the ability to, say, induce a refinery to blow itself up. Or it may be that they prefer the gory theater of suicide-bombings to the anonymity of computer sabotage for now.

FBI Suspects Terrorists Are Exploring Cyber Attacks (posted 11/23/09)
 The FBI is looking at people with suspected links to al-Qaida who have shown an interest in mounting an attack on computer systems that control critical US infrastructure, a senior official told Congress Tuesday. While there is no evidence that terrorist groups have developed sophisticated cyber-attack capabilities, a lack of security protections in US computer software increases the likelihood that terrorists could execute attacks in the future, the official warned. If terrorists were to amass such capabilities, they would be wielded with "destructive and deadly intent," Steven Chabinsky, deputy assistant director of the FBI's Cyber Division, told the Senate Judiciary Committee Tuesday. "The FBI is aware of and investigating individuals who are affiliated with or sympathetic to al-Qaida who have recognized and discussed the vulnerabilities of the US infrastructure to cyber-attack," Chabinsky told the committee, without providing details. Such infrastructure could include power grids and transportation systems. The control systems of US infrastructure as well as money transfers are now connected directly or indirectly to the Internet. Hackers have been able to penetrate computer systems running components of the U.S. electric grid as well as divert bank transfers. In an interview Tuesday, former Homeland Security Secretary Michael Chertoff said al-Qaida already has some cyber-attack capability. "I don't think they're the most capable in the world, but they have some capability," he said.

http://online.wsj.com/article/SB125850773065753011.html?mod=WSJ_hpp_MIDDLENexttoWhatsNewsSecond

 

All This Functionality in One Device!
Mobile communication devices (includes Blackberrys, iPhones, smart phones in general) have become indispensable tools for today's highly mobile society. Small and relatively inexpensive, these multifunction devices can be used not only for voice calls but also text messages, email, Internet access along with stand alone applications similar to those performed on a desktop computer. A significant amount of personal, private and/or sensitive information may accumulate or be accessed via these devices.  Additionally, some of these devices may allow you to access your home computer or your corporate network. 

What Risks Do They Present?
While the devices offer many benefits and conveniences, they also pose risks to you and/or your organization’s security. As these devices continue to take on the characteristics of personal computers, they also inherit the same potential risks. Some of the primary risks include the following:

    • The portability of the device leads to a higher likelihood of loss of the device.  Millions of mobile communication devices are lost each year.

    • When Bluetooth and/or wireless (not cellular) communications are enabled, these devices are subject to the risk of eavesdropping and “highjacking”.

    • “Malware” available, that if installed on your device, can allow a perpetrator remote access to your device to listen and record all of your calls, send text messages to the perpetrator whenever you make or receive a call, read all of your messages, make calls on your behalf from your phone, access all of the information on your phone, trace your location and enable the speaker functionally on the phone to listen in on conversations even when the phone is not in use. 

    • Sites purporting to offer “free games or ring tones” are major vectors for distributing malware.

    • While the reports of worms and viruses impacting these devices are relatively low, this is expected to increase in the future. 

Despite the risks outlined above, many users do not understand how vulnerable their mobile device is or how to deploy important security settings and controls.

What Can I Do to Secure My Mobile Communication Device?

The following outlines steps you can take to protect your mobile communication device.  Some of the steps are dependant upon the functionality of your device.

    • Use a password to access your device.  If the device is used for work purposes, you should follow the password policy issued by your organization.
    • If the Bluetooth functionality is not used, check to be sure this setting is disabled.  Some devices have Bluetooth-enabled by default.  If the Bluetooth functionality is used, be sure to change the default password for connecting to a Bluetooth enabled device. 
    • Do not open attachments from untrusted sources.  Similar to the risk when using your desktop, you risk being exposed to malware when opening unexpected attachments.
    • Do not follow links to untrusted sources, especially from unsolicited email or text messages.  Again, as with your desktop, you risk being infected with malware.
    • If your device is lost, report it immediately to your carrier or organization.  Some devices allow the data to be erased remotely.
    • Review the security setting on your device to ensure appropriate protection.  Be sure to encrypt data transmissions whenever possible.
    • Enable storage encryption.  This will help protect the data stored on your device in the event it is lost or stolen, assuming you have it password protected!
    • Beware of downloading any software to your device.  If the device is used for work, follow your organization’s policy on downloading software.  
    • Before disposing of the device be sure to wipe all data from it and/or or follow your organization’s policy for disposing of computer equipment. 

For more information on securing mobile communication devices, please visit:

National Cyber Alert System - Cyber Security Tip ST06-007, Defending Cell Phones and PDAs Against Attack
http://www.us-cert.gov/cas/tips/ST06-007.html
NIST Special Publication 800-124, Guidelines on Cell Phone and PDA Security
http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf
FTC Consumer Alert – The 411 on Disposing of Your Old Cell Phone http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt044.shtm

WTHR News story on “Tapping Your Cell Phone” http://www.wthr.com/Global/story.asp?s=9346833
McAfee – The Web’s Most Dangerous Search Terms
http://us.mcafee.com/en-us/local/docs/most_dangerous_searchterm_us.pdf

For more monthly cyber security newsletter tips visit:
www.msisac.org/awareness/news/

The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment.  While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture. Organizations have permission--and in fact are encouraged--to brand and redistribute this newsletter in whole for educational, non-commercial purposes.

Brought to you by: www.msisac.org


Rogue (Fake) Anti-Virus Software: How to Spot It & Avoid It! (posted 5/26/09)
Click here for info

 

Water Sector Cyber Security Roadmap
The Water Sector Coordinating Council Cyber Security Working Group has released The Roadmap to Secure Control Systems in the Water Sector. This work was undertaken as a result of the urgent need to secure cyber systems. The document presents a strategic framework that considers the risks and vulnerabilities of water and wastewater utility process control systems, and identifies milestones for utilities in securing systems over the next ten years.

Water industry leaders strategize that implementing this roadmap will result in process control systems throughout the water sector but with no loss of critical function in vital applications during and after a cyber event. This vision confronts the overwhelming technical, business, operational, and societal challenges that lie ahead in strengthening the resilience of critical systems against increasingly sophisticated cyber attacks.
 
The Roadmap integrates the expertise of a broad cross-section of asset owners and operators, industrial control systems experts, and government leaders, who met during workshops held in September and December 2007. The Roadmap was developed by the Water Sector Coordinating Council Cyber Security Working Group with support from the Department of Homeland Security National Cyber Security Division and the American Water Works Association. (posted 4/15/08)
  Click here to view or download the document.

The Division of Local Government Services and the State Office of Information Technology are continuing its efforts to link government technology coordinators throughout the State using GovConnect. This initiative will help public agency technology coordinators work with their peers and deliver a higher quality service to the public. If your agency's tech coordinator has not been receiving e-mail from us about technology issues, they should sign up for the service at: www.nj.gov/dca/surveys/tcsurvey.htm