Cybersecurity Awareness Month Part V

cross-posted from the White House Blog

With National Cybersecurity Awareness Month now finished, I would like to remind everyone that cybersecurity is not an issue that requires our attention only one month a year. Instead, we need to be thinking about cybersecurity every time we turn on a computer. Further, as the threat of cyber attacks continues to increase, the U.S. Government and the nation as a whole need to continue to develop and identify the young cybersecurity experts who will keep our computers and digital networks secure and resilient.

One of the ways the U.S. Government cultivates future cyber defenders is through competitions such as the U.S. Cyber Challenge. This program, which is comprised of three separate cybersecurity challenges, has the goal of identifying 10,000 young Americans with the skills to fill the ranks of cybersecurity practitioners, researchers, and leaders. The program nurtures and develops their skills, gives them access to advanced education and exercises, and where appropriate, enables them to be recognized by colleges, companies, and government departments and agencies where their skills can be of the greatest value to the nation.

One of the amazing stories from this year’s U.S. Cyber Challenge is Michael Coppola. Michael is a high school senior and is the leading point scorer through two rounds of the Netwars challenge. Despite not having much formal cybersecurity training, Michael is beating teams of adults and cybersecurity professionals, and, as you can see in the interview excerpt below, remains humble and grounded. Keep up the good work, Michael!

Q. So, Michael, what we'd really like to hear about is what it was like to participate in the NetWars competition. But for starters, how did you even find out about it?
A. In May, a news collective, Digg, pointed me to an article on Forbes.com that described the NetWars contest but didn't provide any information on how to actually participate. About a month later, a link to the contest surfaced on the 2600 news feed, and the rest is history
Q. And just out of curiosity, you're in your senior year in high school - had you already taken computer science courses at school?
A. Yes, I've taken a few, but they don't offer computer security classes. I've taken Graphic Design, Web Design and Animation, and Computer Networking and Repair. I enrolled to take Introduction to Programming this year, but they cancelled it, because they couldn't find a suitable teacher.
Q. Did you ever wonder about what you might "win" or get out of it?
A. The original flyer said something about "cyber camps," but I didn't really know what that meant. I played just to play, and if I won anything from it, then all the better.
Q. Were you surprised when you won? Did you know that the second highest score came from a TEAM of five (?) players working together?
A. I was actually very surprised to be honest. I didn't expect to win, because I assumed that the people I was competing against would be in college with formal educations. Also, I had no idea the second place contestant was in fact a team of five until you asked me!

John Brennan is Assistant to the President for Homeland Security and Counterterrorism

Cybersecurity Awareness Month Part IV

Cross-posted from The White House Blog.

During National Cybersecurity Awareness Month I have discussed the types of cyber threats that we face and some of the basic steps that all computer users can take to better protect themselves. This week, I’d like to address another important dimension of this shared responsibility – the role of America’s small businesses.

As the President said in his remarks for National Cybersecurity Awareness Month, the cyber threat has become one of the most serious economic and national security challenges we face as a nation. America’s competitiveness and our economic prosperity in the 21st century will depend on effective cybersecurity. This is especially true for the millions of small businesses that form the backbone of our economy. For this reason, the National Institute of Standards and Technology (NIST) at the Department of Commerce recently released a guidebook, Small Business Information Security: The Fundamentals, on cybersecurity fundamentals for small business owners. A video related to the guidebook is provided below.

View the video

As the guidebook states, “in the United States, the number of small businesses totals to over 95% of all businesses. The small business community produces around 50% of our nation’s Gross National Product (GNP) and creates around 50% of all new jobs in our country. Small businesses, therefore, are a very important part of our nation’s economy.”

However, these small businesses often do not have sufficient resources to effectively secure their cyber infrastructure. Criminals recognize this, and small businesses are more and more often becoming targets of cyber crime. The NIST guidebook helps to mitigate these risks by providing small business owners with detailed (but easy-to-understand) instructions on how to improve their cybersecurity posture.

The guidebook is divided into three sections: absolutely necessary cybersecurity practices, highly recommended practices, and other planning considerations. It includes instructions on topics such as activating and installing firewalls, securing wireless access points, and conducting online banking more securely. I recommend all business owners read this guidebook. Home users may also find many of the cybersecurity instructions useful.

To learn more about cybersecurity tips please also visit www.onguardonline.gov and www.dhs.gov/cyber.

John Brennan is Assistant to the President for Homeland Security and Counterterrorism

Cybersecurity Awareness Month Part II

Cross-posted from the White House Blog

In my last blog post, I linked to President Obama’s proclamation announcing the start of National Cybersecurity Awareness Month. This week, I would like to discuss in more detail the cyber threats that we are facing as a Nation and as individuals. A key theme for this month is that cybersecurity is "our shared responsibility." Each one of us must take the time to increase our awareness of the cyber risks that are present every time we turn on our computers.

Just the other day, the media was breaking a story about the latest generation of malicious software designed to steal money from bank accounts. This "bank Trojan," called URLzone provides a sophisticated interface for managing theft from numerous accounts and deceives the account owner with false statements.

For years, research institutions have noted a steady increase in number of malicious programs that are being used to exploit the vulnerabilities of our computers. A vast percentage of all e-mail is spam, which tries to lure us into downloading software, visiting an infected website or social networking account, or even making a phone call in order to get us to reveal information useful for identity theft or to steal money. Many of these malicious actors are now sending out fake emails from the Internal Revenue Service.

Sophisticated cyber criminals are bypassing individual computer users and are attacking financial institutions. To them, the motivation is simple. Why steal one bank account record when you can steal millions? Fortunately, our law enforcement agencies have had some remarkable successes against key groups responsible for cyber attacks. Just last week, nearly 100 people were arrested in the United States and Egypt on charges of computer fraud, conspiracy to commit bank fraud, money laundering, and aggravated identify theft. Last month the U.S. Government convicted the individual responsible for the theft and sale of more than 40 million credit and debit card numbers from numerous U.S. retailers with losses of more than $21 billion. You can learn more about federal law enforcement efforts in combating cyber crime here, here, and here.

And then there are the botnets, which are large numbers of compromised computers that are controlled remotely by criminals or other malicious actors. Some computer experts have estimated that one quarter of all personal computers are part of a botnet. The Conficker worm has been around for about a year and has managed to spread into millions of machines through network connections and portable media such as thumb drives. These botnets appear to be used primarily for supporting criminal activities such as spam, but we worry that such large botnets could be used to launch unprecedented denial-of-service attacks against banking, government, or other important websites.

As you can see, the cyber threat is quite real. Every day dozens of Federal departments and agencies work with their industry partners to help mitigate these threats. And while we have made great strides thwarting the efforts of cyber criminals, more needs to be done. Next week, I will write more about the basic cybersecurity tips that every computer user should know and adopt.

John Brennan is Assistant to the President for Homeland Security and Counterterrorism