Terrorism Information Awareness Program.
The Defense Advanced Research Projects Agency DARPA has conducted research and development for systems such as the former Terrorism Information Awareness Program TIA 96 that are intended to help investigators discover covert linkages among people, places, things, and events related to possible terrorist activity see below for privacy issues. However, the TIA program and other similar proposals for domestic surveillance raised privacy concerns from lawmakers, advocacy groups, and the media.
Some privacy advocates have objected to the possibility that information gathered through domestic surveillance may be viewed by unauthorized users, or even misused by authorized users. Congress has moved to restrict or eliminate funding for the TIA program under S. Specifically, section part a limits use of funds for research and development of the TIA Program, except for "Processing, analysis, and collaboration tools for counterterrorism foreign intelligence" for military operations outside the United States.
Other Data Mining Search Technologies.
- The Hunting Forest (The Bear Kingdom);
- Top 50 Most Delicious Soup Recipes (Recipe Top 50s)!
- Spyware: Background and Policy Issues for Congress [December 21, ].
Should more research be encouraged into newer database search technologies that provide more protection for individual privacy while helping to detect terrorist activities? The Department of Defense is currently reviewing the capabilities of other data mining products using technology that may reduce domestic privacy concerns raised by TIA. For example, Systems Research and Development, a technology firm based in Las Vegas, has been tasked by the CIA and other agencies to develop a new database search product called "Anonymous Entity Resolution.
The product uses encryption to ensure that even if the scrambled records are intercepted, no private information can be extracted. Thus, terrorism watch lists and corporate databases could be securely compared online, without revealing private information.
Also, the Florida police department has, since , operated a counter terrorism system called the Multistate Anti-Terrorism Information Exchange MATRIX that helps investigators find patterns among people and events by combining police records with commercially available information about most U. MATRIX includes information that has always been available to investigators, but adds extraordinary processing speed. Each of the three top officials involved in the government's cybersecurity effort has resigned since the beginning of In January , Richard Clarke resigned from his position as cybersecurity adviser to the President, ending a year government career.
Clarke had been the cybersecurity adviser since October Three months later, in April , Howard Schmidt, Clarke's successor as adviser, resigned, ending a year government career. Before becoming the adviser in January , Schmidt had served as Clarke's deputy. In September , DHS formally announced the appointment of Amit Yoran as new director of its cybersecurity division. However, to some observers Yoran's resignation was unexpected.
Potential questions for Congress arising out of these resignations include the following: Were any of their resignations motivated in part by job-related concerns? If the latter, are these concerns indicative of any problems in the government's cybersecurity effort that need to be addressed? Why is the executive branch having difficulty holding onto senior cybersecurity officials?
Spyware: Background and Policy Issues for Congress
What effect has these resignations had on the government's efforts in cybersecurity? Are the government's efforts in this area suffering due to insufficient continuity of leadership? The level of influence for the director of cybersecurity position has become a subject of recent debate, where several observers have proposed strengthening the director's position by moving it out of DHS and into the White House, possibly under the Office of Management and Budget. However, some security industry leaders have favored elevating the position to the assistant secretary level within DHS, and have objected to moving the position to another department, saying that relocating the office now would possibly be disruptive to the government-industry relationships that are newly formed at DHS.
This bill proposes to create a National Cybersecurity Office headed by an Assistant Secretary for Cybersecurity within the DHS Directorate for Information Analysis and Infrastructure Protection, with authority for all cybersecurity-related critical infrastructure protection programs. On February 18, , the bill was referred to the House subcommittee on Economic Security, infrastructure Protection, and Cybersecurity. Unknown to the Soviets, the SCADA software, which was supposedly designed to automate controls for gas pipelines, was also infected with a secret Trojan Horse programmed to reset pump speeds and valve settings that would create pressures far beyond what was acceptable to pipeline joints and welds.
The result, in June , was a monumental nonnuclear explosion on the trans-Siberian gas pipeline, equivalent to 3 kilotons of TNT. However, the event remained secret because the explosion took place in the Siberian wilderness, and there were no known casualties. DHS officials maintain that an attack against computers could possibly result in disastrous effects in physical facilities. DHS officials have asserted that cybersecurity cuts across all aspects of critical infrastructure protection, and that cyberoperations cannot be separated from the physical aspects of businesses because they operate interdependently.
DHS officials have stated, "If we attempt to "stovepipe" our protection efforts to focus on the different types of attackers who may use the cyberinfrastructure, we risk the possibility of limiting our understanding of the entire threat environment.
The industry groups maintain that the challenges of protection in a globally networked cyberworld are sufficiently different from requirements for protection in the physical world that DHS needs a separate structure; one that is focused on cyberissues, and headed by a Senate-confirmed public official. Does the National Strategy to Secure Cyberspace present clear incentives for achieving security objectives? Suggestions to increase incentives may include requiring that all software procured for federal agencies be certified under the "Common Criteria" testing program, which is now the requirement for the procurement of military software.
However, industry observers point out that the software certification process is lengthy and may interfere with innovation and competitiveness in the global software market.
Should the National Strategy to Secure Cyberspace rely on voluntary action on the part of private firms, home users, universities, and government agencies to keep their networks secure, or is there a need for possible regulation to ensure best security practices? Has public response to improve computer security been slow partly because there are no regulations currently imposed? Two of the former cybersecurity advisers to the president have differing views: Howard Schmidt has stated that market forces, rather than the government, should determine how product technology should evolve for better cybersecurity; however, Richard Clarke has stated that the IT industry has done little on its own to improve security of its own systems and products.
Should software product vendors be required to create higher quality software products that are more secure and that need fewer patches? Software vendors may increase the level of security for their products by rethinking the design, or by adding more test procedures during product development. However, some vendors reportedly have said that their commercial customers may not be willing to pay the increased costs for additional security features.
Should computer security training be made available to all computer users to keep them aware of constantly changing computer security threats, and to encourage them to follow proper security procedures? The survey showed that most home users do not have adequate protection against hackers, do not have updated antivirus software protection, and are confused about the protections they are supposed to use and how to use them.
Will incentives, education programs, or public awareness messages about computer security encourage home PC users to follow the best security practices? Many computers taken over by Internet hackers belong to small businesses or individual home users who have not had training in best computer security practices and who may not feel motivated to voluntarily participate in a training program. Vulnerabilities that require government and corporate systems administrators to install software patches also affect computers belonging to millions of home PC users.
What can be done to improve sharing of information between federal government, local governments, and the private sector to improve computer security? Effective cybersecurity requires sharing of relevant information about threats, vulnerabilities, and exploits. A recent GAO survey of local government officials recommended that DHS strengthen information sharing by incorporating states and cities into its federal "enterprise architecture" planning process.
Should information voluntarily shared with the federal government about security vulnerabilities be shielded from disclosure through Freedom of Information Act requests? Many firms are reluctant to share important computer security information with government agencies because of the possibility of having competitors become aware of a company's security vulnerabilities through FOIA.
International Cooperation Against Cyberattack. How can the United States better coordinate security policies and international law to gain the cooperation of other nations to better protect against a computer attack? Pursuit of hackers may involve a trace back through networks requiring the cooperation of many Internet. Service Providers located in several different nations.
Members of government, industry, NGOs, and academia from many nations met at Stanford to discuss the growing problem, and a clear consensus emerged that greater international cooperation is required. Currently, thirty-eight countries, including the United States, have signed the Council of Europe's Convention on Cybercrime, published in November The Convention seeks to better combat cybercrime by harmonizing national laws, improving investigative abilities, and boosting international cooperation.
Supporters argue that the Convention will enhance deterrence, while critics counter it will have little effect without participation by countries in which cybercriminals operate freely.
Offshore Development of Software. Terrorist networks are known to exist in several countries such as Malaysia and Indonesia, where IT contract work has been outsourced. Other possible recipients of outsourced projects are Israel, India,. Pakistan, Russia and China.
Other observers point out that restricting offshore development may not be effective for improving national security because many foreign workers are also currently employed by domestic firms to develop computer software within the United States. The following bills identify recent legislative activity that is related to prevention of cyberterrorism, or related to collection of information on possible terrorist activities. Sponsored by Senator Shelby Richard, this law corrects industrial resource shortfalls for radiation-hardened electronics, and defines "critical infrastructure" to include physical and cyberbased assets.
A cyberattack is sometimes also called a Computer Network Attack CNA , because a network connection enables this type of attack.
Spyware | Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC)
Computer hackers traditionally use five basic steps to gain unauthorized access, and subsequently take over computer systems. These five steps can also be employed by terrorist groups. The steps are frequently automated through use of special hacker tools freely available to anyone via the Internet. These sophisticated hacker tools are usually shared only among an exclusive group of other highly-skilled hacker associates. The hacker tactics described in this report are also explained in detail in many sources that list possible defenses against computer attack.
Reconnaissance and Pre-operative Surveillance In this first step, hackers employ extensive pre-operative surveillance to find out detailed information about an organization that will help them later gain unauthorized access to computer systems. The most common method is social engineering, or tricking an employee into revealing sensitive information such as a telephone number or a password. Other methods include dumpster diving, or rifling through an organization's trash to find sensitive information such as floppy disks or important documents that have not been shredded.
This step can be automated if the attacker installs on an office computer a virus, worm, or "Spyware" program that performs surveillance and then transmits useful information, such as passwords, back to the attacker. It may remain undetected by firewalls or current anti-virus security products while monitoring keystrokes to record web activity or collect snapshots of screen displays and other restricted information for transmission back to an unknown third party.
Step 2. Scanning Once in possession of special restricted information, or a few critical phone numbers, an attacker performs additional surveillance by scanning an organization's computer software and network. This process goes slowly, sometimes lasting months, as the attacker looks for several vulnerable openings into a system. Step 3: Gaining Access Once the attacker has developed an inventory of software and configuration vulnerabilities on a target network, he or she may quietly take over a system and network by using a stolen password to create a phony account, or by exploiting a vulnerability that allows them to install a malicious Trojan Horse, or automatic "bot" that will await further commands sent through the Internet.
Step 4: Maintaining Access Once an attacker has gained unauthorized access, he or she may secretly install extra malicious programs that allow them to return as often as they wish.