Read Cybersecurity and Cyberwar Online
Authors: Peter W. Singer Allan Friedman,Allan Friedman
40 million users
“Security Firm RSA Offers to Replace SecurID Tokens,” BBC News, June 7, 2011,
http://www.bbc.co.uk/news/technology-13681566
.
DigiNotar's bankruptcy
Kim Zetter, “DigiNotar Files for Bankruptcy in Wake of Devastating Hack,”
Threat Level
(blog),
Wired
, September 20, 2011,
http://www.wired.com/threatlevel/2011/09/diginotar-bankruptcy/
.
A conservative estimate
Richard S. Betterley, “Cyber/Privacy Insurance Market Surveyâ2012: Surprisingly Competitive, as Carriers Seek Market Share,” Betterley Risk Consultants, June 2012, p. 5,
http://betterley.com/samples/cpims12_nt.pdf
, accessed August 11, 2013.
Joel Brenner explains
Joel F. Brenner, “Privacy and Security: Why Isn't Cyberspace More Secure?”
Communications of the ACM
53, no. 11 (November 2010): p. 34,
http://www.cooley.com/files/p33-brenner.pdf
.
Larry Clinton
US Government Accountability Office, Testimony before the Senate Judiciary Committee, US Senate; testimony of Larry Clinton, President and CEO of the Internet Security Alliance, November 17, 2009,
http://www.judiciary.senate.gov/pdf/09-11-17Clinton'sTestimony.pdf
.
Cyberspace Policy Review put it
Executive Office of the President of the United States, “Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure.”
“requirements of the security rule”
Julie Bird, “Boston Teaching Hospital Fined $1.5M for ePHI Data Breach,”
FierceHealthIT
, September 18, 2012,
http://www.fiercehealthit.com/story/boston-teaching-hospital-fined-15m-ephi-data-breach/2012-09-18#ixzz2OC67Xiwh
.
“the same resumes”
Ellen Nakashima, “Federal Agencies, Private Firms Fiercely Compete in Hiring Cyber Experts,”
Washington Post
, November 13, 2012.
add another 600
Ibid.
one industry consultant explained
Loren Thompson, “Cyberwarfare May Be a Bust for Many Defense Contractors,”
Forbes
, May 9, 2011,
http://www.forbes.com/sites/beltway/2011/05/09/washingtons-cyberwarfare-boom-loses-its-allure/
.
3 to 10 percent
Karen Evans and Franklin Reeder,
A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters
, Center for Strategic and International Studies, November 2010, p. 6,
http://csis.org/files/publication/101111_Evans_HumanCapital_Web.pdf
, accessed August 11, 2013.
tens of thousands more
Brittany Ballenstedt, “Building Cyber Warriors,”
Government Executive
, August 15, 2011, p. 40,
http://www.nextgov.com/cybersecurity/2011/08/building-cyber-warriors/49587/
.
By one estimate
Brian Fung, “You Call This an Army? The Terrifying Shortage of U.S. Cyberwarriors,”
National Journal
, last modified May 30, 2013,
http://www.nationaljournal.com/tech/you-call-this-an-army-the-terrifying-shortage-of-u-s-cyber-warriors-20130225
.
cybersecurity expert
Ralph Langner, “Deterrence in Cyberspace: Debating the Right Strategy with Ralph Langner and Dmitri Alperovitch,” remarks at the Brookings Institution, Washington, DC, September 20, 2011,
http://www.brookings.edu/events/2011/09/20-cyberspace-deterrence
.
only 40 percent
Ballenstedt, “Building Cyber Warriors,” p. 40.
explains Alan Palmer
Ibid.
a 2011 study
Ibid.
education for free
Ibid., p. 43.
fellowship program
Ibid.
vibrant for job prospects
Fung, “You Call This an Army?”
full-time job after graduation
Ibid., p. 42.
about 25 percent
Graham Warwick, “Talent Spotting: Aerospace, Defense Must Compete with Other Sectors to Recruit and Retain Cyberexperts,”
Aviation Week & Space Technology
185, no. 18 (May 23, 2011).
Lynn Dungle
Ibid.
6-minute intervals
Ibid.
professional hacker websites
Ibid.
reach the top
Ibid.
“123456”
Mat Honan, “Kill the Password: Why a String of Characters Can't Protect Us Anymore,”
Gadget Lab
(blog),
Wired
, November 15, 2011,
http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/
.
“bad guys can hide in”
Cyber Terrain conference, Spy Museum, Washington, DC, May 18, 2011.
85 percent of targeted intrusions
Ian Wallace, “Why the US Is Not in a Cyber War,”
Daily Beast
, March 10, 2013,
http://www.thedailybeast.com/articles/2013/03/10/why-the-u-s-is-not-in-a-cyber-war.html
.
risks in the realm
Schroeder, “The Unprecedented Economic Risks of Network Insecurity,” p. 174.
“security wasn't important”
Steven Bucci, “Looking Forward,” remarks at the Washington Post Cybersecurity Summit, November 13, 2012.
“That's pathetic”
Ben Hammersley, “Speech to the UK's Information Assurance Advisory Council,” remarks to the Information Assurance Advisory Council, London, September 7, 2011,
http://www.benhammersley.com/2011/09/my-speech-to-the-iaac/
.
smart and responsible user
“Tips to Avoid Cyber Thieves,”
Washington Post
, November 13, 2012,
http://www.washingtonpost.com/postlive/tips-to-avoid-cyber-thieves/2012/11/12/fe12c776-28f4-11e2-96b6-8e6a7524553f_story.html
.
“damned stupid on computers”
Cyber Terrain Conference, Spy Museum, Washington DC, May 18, 2011.
“database-friendly formats”
Honan, “Kill the Password.”
One study of hacked websites
Ibid.
37 percent of the total data
Ibid.
122,400 processor cores
Jon Brodkin, “World's Top Supercomputer from '09 is now Obsolete, Will Be Dismantled,”
Ars Technica
, March 31, 2013,
http://arstechnica.com/information-technology/2013/03/worlds-fastest-supercomputer-from-09-is-now-obsolete-will-be-dismantled/
.
John Nasibett once said
Brian Monger, “Knowing Who Your Market Is and What They Want,”
SmartaMarketing
, November 11, 2012,
http://smartamarketing.wordpress.com/2012/11/11/knowing-who-your-market-is-and-what-they-want/
.
40 to 80 percent
Ray, “Cloud Computing Economics: 40â80 percent Savings in the Cloud,”
CloudTweaks
, April 9, 2011,
http://www.cloudtweaks.com/2011/04/cloud-computing-economics-40-80-savings-in-the-cloud/
.
General Martin Dempsey
General Martin Dempsey, “Defending the Nation at Network Speed,” remarks at the Brookings Institution, Washington, DC, June 27, 2013.
$149 billion in 2014
Transparency Market Research, “Cloud Computing Services Market-Global Industry Size, Market Share, Trends, Analysis and Forecasts, 2012â2018,”
http://www.transparencymarketresearch.com/cloud-computing-services-market.html
, accessed August 11, 2013.
a Brookings report explored
Allan A. Friedman and Darrell M. West, “Privacy and Security in Cloud Computing,”
Issues in Technology Innovation
, no. 3, the Brookings Institution (October 26, 2010),
http://www.brookings.edu/research/papers/2010/10/26-cloud-computing-friedman-west
.
“
allowed Netflix to approach”
David Carr, “Giving Viewers What They Want,”
New York Times
, February 24, 2013,
http://www.nytimes.com/2013/02/25/business/media/for-house-of-cards-using-big-data-to-guarantee-its-popularity.html?pagewanted=all
.
closeted sexual orientation
Ryan Singel, “Netflix Spilled Your Brokeback Mountain Secret, Lawsuit Claims,”
Threat Level
(blog),
Wired
, December 17, 2009,
http://www.wired.com/threatlevel/2009/12/netflix-privacy-lawsuit/
.
prank call
Daniel Thomas, “Mobile Revolution Marks Fortieth Year,”
Financial Times
, April 3, 2013,
http://www.ft.com/intl/cms/s/0/4efdaf92-9c73-11e2-ba3c-00144feabdc0.html#axzz2QHyT5GGa
.
20.2 percent in 2012
Neil Walker, “The Mobile Revolution 2012,”
State of Search
,
http://www.stateofsearch.com/the-mobile-revolution-2012/
, accessed August 11, 2013.
One 2013 study
Stephen Lawson, “Study: One-quarter of U.S. Patents Issued This Year Will Be in Mobile,”
ITworld
, March 27, 2013,
http://www.itworld.com/mobile-wireless/350027/study-one-quarter-us-patents-issued-year-will-be-mobile
.
350,000 unique variants
Proofpoint, Inc., “Cyber-Security Risks Rise with Spike in Spam Variety,” March 1, 2013,
http://www.proofpoint.com/about-us/security-compliance-and-cloud-news/articles/cyber-security-risks-rise-with-spike-in-spam-variety-397144
.
The UN, for example, predicts
“The State of Broadband 2012: Achieving Digital Inclusion for All,” Report by the Broadband Commission, September 2012,
http://www.broadbandcommission.org/Documents/bb-annualreport2012.pdf
, accessed August 11, 2013.
As The Economist observed
“To Each Their Own,”
Economist
, April 6, 2013,
http://www.economist.com/news/special-report/21574634-chinas-model-controlling-internet-being-adopted-elsewhere-each-their-own
.
WeMo switched the fan on
Clive Thompson, “No Longer Vaporware: The Internet of Things Is Finally Talking,”
Wired
, December 6, 2012,
http://www.wired.com/opinion/2012/12/20-12-st_thompson/
.
Donald Rumsfeld
Charles M. Blow, “Knowns, Unknowns, and Unknowables,”
New York Times
, September 26, 2012,
http://campaignstops.blogs.nytimes.com/2012/09/26/blow-knowns-unknowns-and-unknowables/
.
advanced persistent threat (APT):
A cyberattack campaign with specific, targeted objectives, conducted by a coordinated team of specialized experts, combining organization, intelligence, complexity, and patience.
Advanced Research Projects Agency (ARPA):
Formed in 1958 after the Sputnik launch, the American defense agency dedicated to preventing technological surprises for the United States and creating such surprises for its foes. With a focus on expanding the frontiers of science and technology, it provided much of the funding for a series of initiatives that evolved into the modern Internet. It was renamed DARPA (for Defense) in 1972, and continues to focus on long-term defense-related research and development.
Advanced Research Projects Agency Network (ARPANET):
The precursor to the modern Internet. Funded by ARPA, it began in 1969 with a first link between UCLA amd Stanford, growing to link forty nodes by 1972 and then exponentially as more universities and research centers around the world joined.
air-gap:
To physically isolate a computer or network from other unsecure networks, including the public Internet, to prevent network-enabled attacks. It sounds nice in theory, but it is extremely hard to ensure complete isolation in practice.
Anonymous:
A decentralized but coordinated collection of users from various Internet forums, who gather to conduct organized attacks, protests, and other actions using cyber means. The most noted of the hactivist groups, its motives range from political protest to vigilantism to sheer amusement.
asymmetric cryptography:
The practice of securing data using a public key, which is shared with everyone, and a private key that remains secret. Data encrypted with the public key can only be decrypted with the private key, and vice versa. This allows secure communications without a shared secret.
Autonomous System (AS):
An independent network serving as a node in the interconnected Internet. Traffic between ASs is governed by the Internet protocols and routing policies.
Bitcoin:
A popular digital currency, first developed in 2008, that offers significant anonymity and requires no centralization or coordinated control.
botnet:
A network of “zombie” computers controlled by a single actor. Botnets are a common tool for malicious activity on the Internet, such as denial-of-service
attacks and spam, since they provide free (stolen) computation and network resources while hiding the identity of the controller.
Centers for Disease Control and Prevention (CDC):
A public agency that coordinates research, communications, and information sharing for public health in the United States.
certificate authority (CA):
A trusted organization that produces signed digital “certificates” that explicitly tie an entity to a public key. This allows asymmetric cryptography users to trust that they are communicating with the right party.