Cybersecurity Awareness Month Part V

cross-posted from the White House Blog

With National Cybersecurity Awareness Month now finished, I would like to remind everyone that cybersecurity is not an issue that requires our attention only one month a year. Instead, we need to be thinking about cybersecurity every time we turn on a computer. Further, as the threat of cyber attacks continues to increase, the U.S. Government and the nation as a whole need to continue to develop and identify the young cybersecurity experts who will keep our computers and digital networks secure and resilient.

One of the ways the U.S. Government cultivates future cyber defenders is through competitions such as the U.S. Cyber Challenge. This program, which is comprised of three separate cybersecurity challenges, has the goal of identifying 10,000 young Americans with the skills to fill the ranks of cybersecurity practitioners, researchers, and leaders. The program nurtures and develops their skills, gives them access to advanced education and exercises, and where appropriate, enables them to be recognized by colleges, companies, and government departments and agencies where their skills can be of the greatest value to the nation.

One of the amazing stories from this year’s U.S. Cyber Challenge is Michael Coppola. Michael is a high school senior and is the leading point scorer through two rounds of the Netwars challenge. Despite not having much formal cybersecurity training, Michael is beating teams of adults and cybersecurity professionals, and, as you can see in the interview excerpt below, remains humble and grounded. Keep up the good work, Michael!

Q. So, Michael, what we'd really like to hear about is what it was like to participate in the NetWars competition. But for starters, how did you even find out about it?
A. In May, a news collective, Digg, pointed me to an article on Forbes.com that described the NetWars contest but didn't provide any information on how to actually participate. About a month later, a link to the contest surfaced on the 2600 news feed, and the rest is history
Q. And just out of curiosity, you're in your senior year in high school - had you already taken computer science courses at school?
A. Yes, I've taken a few, but they don't offer computer security classes. I've taken Graphic Design, Web Design and Animation, and Computer Networking and Repair. I enrolled to take Introduction to Programming this year, but they cancelled it, because they couldn't find a suitable teacher.
Q. Did you ever wonder about what you might "win" or get out of it?
A. The original flyer said something about "cyber camps," but I didn't really know what that meant. I played just to play, and if I won anything from it, then all the better.
Q. Were you surprised when you won? Did you know that the second highest score came from a TEAM of five (?) players working together?
A. I was actually very surprised to be honest. I didn't expect to win, because I assumed that the people I was competing against would be in college with formal educations. Also, I had no idea the second place contestant was in fact a team of five until you asked me!

John Brennan is Assistant to the President for Homeland Security and Counterterrorism

N-Kick

The lines between communications technology and information technology (IT) are getting blurrier every day. Chances are that the cell phone you carry around can do a lot more than just make a phone call. It almost certainly has the capability to send a text message; it probably surfs the web; and it can likely pinpoint your location via GPS to get you to the nearest Starbucks.

So as various communications and information technologies become more interdependent, so too does the infrastructure that supports those technologies. Telecommunications networks, cell phone towers, and control centers are just some of the cyber assets that are becoming more and more interwoven everyday.

It’s DHS’ responsibility to coordinate with the private sector, which in large part owns and operates these increasingly seamless networks and systems. We took a big step today toward making sure that we can fulfill our role of being a good partner in the event of a disaster – be it natural or manmade.

This morning, Secretary Napolitano cut the ribbon on the National Cybersecurity & Communications Integration Center (NCCIC). The NCCIC (which we say N-Kick) is a new 24-hour watch and warning center that consolidates many of the Department’s cyber and communications operations centers that respond to emergency incidents.

The NCCIC co-locates the missions and functions of several of the Department’s most important cybersecurity facilities, such as the United States Computer Emergency Readiness Team (US-CERT), the National Coordinating Center (NCC) and the National Cybersecurity Center (NCSC) – and ultimately our private sector partners. This groundbreaking center is the result of collaboration of a Joint Industry-Government Tiger Team, the National Security Telecommunications Advisory Committee, and the Government Accountability Office.

The result is one solution: a unified operations center. The NCCIC will help the department detect, prevent, respond, and mitigate disruptions of voice and cyber communications technologies.

That cell phone relies on more technology and networking than ever before. We’re working every day to keep it safe.

To learn more about the DHS’s cybersecurity efforts, visit www.dhs.gov/cyber.

Answering your Questions

Last week, the Secretary delivered remarks via webcast to talk with the American public about cybersecurity, and to answer the public’s questions on the topic. We received many more questions than the Secretary had time for that morning, but she wanted to make sure we answered as many possible.

So today, Secretary Napolitano sat down to do just that. Check out the Secretary's video below.

Viewing this video requires the Flash 9 plugin.

Cybersecurity Awareness Month Part IV

Cross-posted from The White House Blog.

During National Cybersecurity Awareness Month I have discussed the types of cyber threats that we face and some of the basic steps that all computer users can take to better protect themselves. This week, I’d like to address another important dimension of this shared responsibility – the role of America’s small businesses.

As the President said in his remarks for National Cybersecurity Awareness Month, the cyber threat has become one of the most serious economic and national security challenges we face as a nation. America’s competitiveness and our economic prosperity in the 21st century will depend on effective cybersecurity. This is especially true for the millions of small businesses that form the backbone of our economy. For this reason, the National Institute of Standards and Technology (NIST) at the Department of Commerce recently released a guidebook, Small Business Information Security: The Fundamentals, on cybersecurity fundamentals for small business owners. A video related to the guidebook is provided below.

View the video

As the guidebook states, “in the United States, the number of small businesses totals to over 95% of all businesses. The small business community produces around 50% of our nation’s Gross National Product (GNP) and creates around 50% of all new jobs in our country. Small businesses, therefore, are a very important part of our nation’s economy.”

However, these small businesses often do not have sufficient resources to effectively secure their cyber infrastructure. Criminals recognize this, and small businesses are more and more often becoming targets of cyber crime. The NIST guidebook helps to mitigate these risks by providing small business owners with detailed (but easy-to-understand) instructions on how to improve their cybersecurity posture.

The guidebook is divided into three sections: absolutely necessary cybersecurity practices, highly recommended practices, and other planning considerations. It includes instructions on topics such as activating and installing firewalls, securing wireless access points, and conducting online banking more securely. I recommend all business owners read this guidebook. Home users may also find many of the cybersecurity instructions useful.

To learn more about cybersecurity tips please also visit www.onguardonline.gov and www.dhs.gov/cyber.

John Brennan is Assistant to the President for Homeland Security and Counterterrorism

News and Events Roundup- October 22nd

From Federal Computer Week, about Secretary Napolitano’s speech on Cybersecurity Month:

Homeland Security Secretary Janet Napolitano has gone online to urge private persons to help bolster the country's cybersecurity.

During a speech broadcast on the Homeland Security Department's Web site Oct. 20, Napolitano described computer security as a major scientific and technical challenge with great economic and national security implications. She said everyday people - not just the government - share the responsibility for cybersecurity.

"It's an opportunity for you as an individual to personally to contribute to our national security," Napolitano said. "Securing your home computer helps you and your family - it also helps your nation in some very important ways."

Napolitano said people should:

Install and activate firewalls for their computers and Internet connection.

Ensure that anti-virus and anti-spyware is installed and up-to-date.

Check computer settings to make sure operating systems and applications are automatically patched.

Avoid suspect Web sites, downloading suspicious documents or attachments, or opening e-mail messages from unknown persons.

Perform regular back ups.

Use strong passwords.

Educate children.

From the Washington Times, on the H1N1 vaccine:

Secretary of Homeland Security Janet Napolitano on Wednesday morning acknowledged a delay in the distribution of H1N1 vaccine but said the program should be back on schedule around December.

The Centers for Disease Control and Prevention (CDC) wanted to have 40 million doses shipped by the end of October, but will have roughly 28 million to 30 million.

Ms. Napolitano told CNN before testifying on Capitol Hill that the problem was a manufacturing delay, not a shortage.

"There will be a vaccine for everybody who wants it," she said.

From SC Magazine, on Philip Reitinger's attendance at the RSA Conference in England:

International collaboration and recruitment of experienced people is needed to win the battle against cybercrime.

Speaking at the RSA Conference Europe, the US department of homeland security(DHS) deputy undersecretary of the national protection and programs directorate Philip Reitinger, claimed that the right people are working on battling cybercrime but it needs to be vastly increased.

Reitinger said: “We need developers who work through university who learn to write code. We need to have ethically sound people, people who have a mind for the criminal, make sure that people are used to people's business but have to have the public's interest at heart.

“They need to have a blackhat perspective, and need to do threat modelling. Understanding weaknesses to do a good job of security systems. I think we are trying to invest in the right way.”

From KXO-AM El Centro, CA,on a drug seizure at the Andrade port of entry:

More than 29 pounds of cocaine worth nearly $1 million was seized Tuesday night at the Andrade port of entry.

A drug detection dog assigned to the Yuma Sector Border Patrol alerted to a California registered SUV as it attempted to enter the United States from Mexico at the Andrade port of entry. Further inspection of the vehicle led to the discovery of a compartment below the floorboards. 29.7 pounds of cocaine was found found hidden in the compartment. The vehicle , drugs and 26-year old woman driver of the SUV were all turned over to the Immigration and Customs Enforcement office.

Public Events
10 AM EDT
U.S. Immigration and Customs Enforcement Office of Investigations Deputy Assistant Director Janice Ayala and U.S. Customs and Border Protection Cargo and Conveyance Security Executive Director Todd Owen will testify about cargo threats at land ports of entry before the House Committee on Homeland Security Subcommittee on Border, Maritime and Global Counterterrorism
311 Cannon House Office Building
Washington, D.C.

Streaming Now: Secretary Napolitano on Cybersecurity

UPDATE: Oct. 23rd, 11:15 a.m. The full video of the live stream has been posted on our Leadership Journal.

UPDATE: 1 :30 p.m. We will be posting the taped video of the Secretary's remarks later today. Thanks to everyone for your participation and for the terrific questions.
________

Head over to our LIVE page now to watch Secretary Napolitano deliver remarks on cybersecurity.

You can also submit questions for the Secretary during her address.

LIVE on dhs.gov

So here's a first...

Tune in tomorrow to dhs.gov at 11:00 AM EDT for an exclusive live address from Secretary Napolitano on cybersecurity. We will broadcast her remarks at dhs.gov, and you can submit a question for the Secretary to answer during her address.

The Secretary will talk about our shared responsibility for staying safe online, and the department's leadership role in cybersecurity.

Check it out tomorrow at 11:00 AM EDT.

Cybersecurity Awareness Month Part II

Cross-posted from the White House Blog

In my last blog post, I linked to President Obama’s proclamation announcing the start of National Cybersecurity Awareness Month. This week, I would like to discuss in more detail the cyber threats that we are facing as a Nation and as individuals. A key theme for this month is that cybersecurity is "our shared responsibility." Each one of us must take the time to increase our awareness of the cyber risks that are present every time we turn on our computers.

Just the other day, the media was breaking a story about the latest generation of malicious software designed to steal money from bank accounts. This "bank Trojan," called URLzone provides a sophisticated interface for managing theft from numerous accounts and deceives the account owner with false statements.

For years, research institutions have noted a steady increase in number of malicious programs that are being used to exploit the vulnerabilities of our computers. A vast percentage of all e-mail is spam, which tries to lure us into downloading software, visiting an infected website or social networking account, or even making a phone call in order to get us to reveal information useful for identity theft or to steal money. Many of these malicious actors are now sending out fake emails from the Internal Revenue Service.

Sophisticated cyber criminals are bypassing individual computer users and are attacking financial institutions. To them, the motivation is simple. Why steal one bank account record when you can steal millions? Fortunately, our law enforcement agencies have had some remarkable successes against key groups responsible for cyber attacks. Just last week, nearly 100 people were arrested in the United States and Egypt on charges of computer fraud, conspiracy to commit bank fraud, money laundering, and aggravated identify theft. Last month the U.S. Government convicted the individual responsible for the theft and sale of more than 40 million credit and debit card numbers from numerous U.S. retailers with losses of more than $21 billion. You can learn more about federal law enforcement efforts in combating cyber crime here, here, and here.

And then there are the botnets, which are large numbers of compromised computers that are controlled remotely by criminals or other malicious actors. Some computer experts have estimated that one quarter of all personal computers are part of a botnet. The Conficker worm has been around for about a year and has managed to spread into millions of machines through network connections and portable media such as thumb drives. These botnets appear to be used primarily for supporting criminal activities such as spam, but we worry that such large botnets could be used to launch unprecedented denial-of-service attacks against banking, government, or other important websites.

As you can see, the cyber threat is quite real. Every day dozens of Federal departments and agencies work with their industry partners to help mitigate these threats. And while we have made great strides thwarting the efforts of cyber criminals, more needs to be done. Next week, I will write more about the basic cybersecurity tips that every computer user should know and adopt.

John Brennan is Assistant to the President for Homeland Security and Counterterrorism

National Cybersecurity Awareness Month

Cross-posted from the White House Blog

Today, per a Presidential Proclamation and a Senate Resolution, marks the start of the sixth annual National Cybersecurity Awareness Month. As stated in the President’s Cyberspace Policy Review, cybersecurity is a national priority and is vital to our economy and the security of our nation. The financial industry, our government networks, and your home computers are under continual attack from a variety of malicious actors, including domestic hackers, international organized crime rings, and foreign intelligence agencies. They are stealing your identities and financial information, sensitive government data, and proprietary industry information. As President Obama stated in his May 29th speech, "America's economic prosperity in the 21st century will depend on cybersecurity."

However, there is much that we can do to reduce our vulnerability and improve our resilience to cyber attacks, and we call on all Americans this month to recognize their role in improving the nation’s cybersecurity. One of the themes for this year’s National Cybersecurity Awareness Month is that cybersecurity is a shared responsibility. This refers to the fact that government, industry, and the individual computer user must all play a role in securing our information networks and data. Public-private partnerships are critical to these efforts, and one example of this partnership is the National Cybersecurity Alliance. This joint industry and government organization provides a variety of information on National Cybersecurity Awareness Month activities. Further, the National Association of State Chief Information Officers (NASCIO) provides information on cybersecurity efforts happening within your state.

During the month of October, I will be posting additional information on this blog regarding a variety of cybersecurity topics, including Cyber Threat, Cybersecurity Tips for the Home User, and Cybersecurity Careers.

Please check back here weekly for additional cybersecurity information.

John Brennan is the Deputy National Security Advisor and Assistant to the President for Homeland Security and Counterterrorism

National Cybersecurity Awareness Month

Everyone thinks about cybersecurity now and then. Whether you’re setting up your business’ website, or opening a new checking account, or sitting down with your child to get on the internet; it’s an issue that affects all of us. Cybercrimes and the security of our private and government cyber infrastructure are critical parts of the department’s mission to secure our homeland – by making sure that we are all safer online.

October is National Cybersecurity Awareness Month, and the Secretary was joined this morning by Deputy Secretary of Defense William J. Lynn III, White House National Security Staff Acting Senior Director for Cybersecurity Chris Painter, Deputy Under Secretary for NPPD and Director of the National Cybersecurity Center Phil Reitinger, and Director of the Secret Service Mark Sullivan at an event here in Washington, D.C. to kick it off. During the event, Secretary Napolitano took the opportunity to announce the department’s new authority to recruit and hire up to 1,000 cybersecurity professionals across DHS to fill critical roles – including cyber risk and strategic analysis; cyber incident response; vulnerability detection and assessment; intelligence and investigation; and network and systems engineering.

“Effective cybersecurity requires all partners—individuals, communities, government entities and the private sector—to work together to protect our networks and strengthen our cyber resiliency,” said Secretary Napolitano. “This new hiring authority will enable DHS to recruit the best cyber analysts, developers and engineers in the world to serve their country by leading the nation’s defenses against cyber threats.”

Throughout October, we’ll be talking about ways you can make yourself, your business, and your family safer online. Cybersecurity, like preparing for a natural disaster or for a terrorist attack, is a shared responsibility; every American has a role to play. How can you contribute? That’s easy:

Take Action - There are many things businesses, schools, and home users can do to practice cybersecurity during National Cybersecurity Awareness Month and beyond.

• Make sure that you have anti-virus software and firewalls installed, properly configured, and up-to-date. New threats are discovered every day, and keeping your software updated is one of the easier ways to protect yourself from an attack. Set your computer to automatically update for you.
• Update your operating system and critical program software. Software updates offer the latest protection against malicious activities. Turn on automatic updating if that feature is available.
• Back up key files. If you have important files stored on your computer, copy them onto a removable disc and store it in a safe place.

Endorse - Demonstrate your commitment to cybersecurity.

• Create a section for cybersecurity on your organization's Web site.
• Add a signature block to your e-mail:"October is National Cybersecurity Awareness Month. Stay Safe Online!
• Find more resources at US CERT.

Educate - Find out what more you can do to secure cyberspace and how you can share this with others.

• Participate in the National Cyber Security Alliance Cyber Security Awareness Volunteer Education (C-SAVE) Program and help educate elementary, middle, and high-school students about Internet safety and security.
• Review cybersecurity tips with your family.
• Use regular communications in your business—newsletters, e-mail alerts, Web sites, etc.—to increase awareness on issues like updating software processes, protecting personal identifiable information, and securing your wireless network.

Check out the new Cybersecurity Awareness Month page on dhs.gov to learn more, and stay tuned throughout the month.