Shuyuan Mary Ho Metcalfe

If this year’s attacks on Adobe, LexisNexis, NASDAQ, US Airways, and dozens of other large and technologically sophisticated   US enterprises didn’t provide sufficient evidence that we are losing the cyber security war, the ongoing breaches by Anonymous   make it undeniable. Why are the world’s most IT savvy companies unable to keep attackers out of their networks?

Several factors are tipping the scales in favor of cyber criminals. These include lack of (threat) information sharing; insufficient automation of threat and vulnerability remediation; the absence of correlation between compliance, security and risk posture; the need to perform continuous security monitoring; and the ability to process huge volumes of data in order to detect and   mitigate cyber-attacks in a timely manner.

Fortunately, a new breed of security technology called Integrated Risk Management (IRM) platforms has emerged which can make threats and vulnerabilities visible and actionable, while enabling organizations to prioritize and address high risk security exposures before breaches occur.

Let’s take a look at how IRM systems can level the playing field in the cyber security war…

Continue with this article from Network World by clicking here.

During a House committee hearing on Wednesday, Roberta Stempfley — acting assistant secretary of the Department of Homeland Security’s Office of Cybersecurity and Communications — said her agency was aware of “about 16” reports of cybersecurity threats related to the  HealthCare.gov website.

Testifying before the House of Representatives Homeland Security Committee, Stempfley also said officials were aware of an unsuccessful attempt by hackers to organize a “denial of service” attack to overwhelm and take down the website.

Stempfley’s testimony marked the first time that the Obama administration publicly discussed cybersecurity threats to the website at the heart of the law known as Obamacare.

More available from Reuters.com by clicking here

More Americans’ identities were stolen in tax refund crimes in the first six months of 2013 than in all of 2012, said a U.S. Internal Revenue Service watchdog on Thursday who described the problem as “a growing epidemic.”

Tax refund fraud has exploded in recent years. Scammers typically use stolen names and Social Security numbers to file phony electronic tax forms for IRS refunds.
About 1.6 million Americans were victims of ID theft/tax refund crimes this year through June, up from 1.2 million taxpayers in all of 2012, the Treasury Inspector General for Tax Administration (TIGTA) said in a report.

“Identity theft is a growing epidemic,” said J. Russell George, TIGTA’s chief.

From Reuters / Chicago Tribune

Shuyuan spoke at Tallahassee Community College’s Center for Workforce Development in honor of National Cyber Security Awareness Month on Oct. 24. and was interviewed by WCTV Eyewitness News in Tallahassee.  Click here to see…

Dr. Ho, assistant professor at Florida State University iSchool, spoke about her research in cyber insider threats and online identity theft and potential careers in the field of cyber security.  She also talked about her role as an advisor for Florida State’s Cyber Defense team and discussed her work in designing online games as cyber defense experiment protocols.

National Cyber Security Awareness Month in October engages public and private sector partners to raise awareness and educate Americans about cyber security through a series of events and initiatives across the country.

TCC’s Center for Workforce Development specifically targeted Information Technology students as the audience for Ho’s speaking engagement as cyber security is one of the fastest growing careers in the nation.

Find the full story WCTV ran about Ho’s speech on Oct. 24 at:
http://www.wctv.tv/news/headlines/National-Cyber-Security-Awareness-Month-229164141.html.

LinkedIn’s new Intro service has put up a big sign advertising to cyber criminals, nation states and others ‘hack here, we’ve got loads of juicy data’. The architecture of its new service is innovative but compromises your security and privacy in ways you really should care about. Oh, and whilst I am at it, I’ll have a dig at Apple AAPL -1.12%for putting LinkedIn in this position in the first place. So how does it work?

The new service proudly announced on the LinkedIn LNKD -1.06% blog integrates with the Apple iOS native mail application to provide integrated details about the contact you are conversing with. Neat idea. What is interesting however is that LinkedIn has succeeded in integrating into the native Apple Mail application, an impressive feat of engineering given how intensely Apple restricts its applications and operating system ecosystem (more on the pros and cons of that later). In short, the application works by re-configuring your e-mail to proxy through LinkedIn servers so that as your e-mail passes through they can inject (inject sounds bad I know, but hold on and you will see how bad it is) a fancy banner at the top that looks like it has been integrated with the application natively.

More available from Forbes Online by clicking here

Creating a science to detect and model cyberattacks and the risk and motivations behind them, and creating a response that can counter the attack and neutralize the cyberattackers in real time, is the aim of a cooperative agreement between the Army Research Laboratory and Penn State.

The five-year funding for the core and enhanced program is $23.2 million, with an additional $25 million for the optional five-year extension — a potential total of $48.2 million over the 10-year collaboration.

“We’re going to develop a new science of understanding how to make security-relevant decisions in cyberspace,” said Patrick D. McDaniel, professor of computer science and engineering and principal investigator on the project. “Essentially, we’re looking to create predictive models that allow us to make real-time decisions that will lead to mission success.”

From Penn State News…  For more information, click here

A pair of former government officials on Thursday pushed companies to focus less on preventing cyberattacks and more on building systems that allow them to quickly identify and rebound from intrusions, in response to a new survey suggesting current corporate security safeguards aren’t working.

More from Law360.com (free trial subscription required)

Dr. Shuyuan Ho, Assistant Professor at the School of Library and Information Studies (SLIS), Florida’s iSchool, has been awarded a two year grant from the National Science Foundation (NSF).

The grant team will be led by Dr. Ho (Principal Investigator) and includes Dr. Xiuwen Liu (Co-Principal Investigator) and Dr. Mike Burmester (Co-Principal Investigator), both from FSU Computer Science. The team is working in partnership with a leading visionary in online deception research; Dr. Jeffrey Hancock from Cornell Information Science Department.

This collaborative research between Florida State University and Cornell University is to identify language-action features from text-based messages that can be used to dynamically infer a social actor’s perceived trustworthiness. The team will investigate using optimal analysis techniques to calibrate trustworthiness reasoning, which can be used to computationally model actors’ deceptive behaviors in cyber space and to infer actors’ intent based on their words and actions.

Click here for more…

Edward Snowden accessed some secret national security documents by assuming the electronic identities of top NSA officials, said intelligence sources.

The NSA still doesn’t know exactly what Snowden took. But its forensic investigation has included trying to figure out which higher level officials Snowden impersonated online to access the most sensitive documents.

The NSA has as many as 40,000 employees. According to one intelligence official, the NSA is restricting its research to a much smaller group of individuals with access to sensitive documents. Investigators are looking for discrepancies between the real world actions of an NSA employee and the online activities linked to that person’s computer user profile. For example, if an employee was on vacation while the on-line version of the employee was downloading a classified document, it might indicate that someone assumed the employee’s identity.

The NSA has already identified several instances where Snowden borrowed someone else’s user profile to access documents, said the official.

Each user profile on NSAnet includes a level of security clearance that determines what files the user can access. Like most NSA employees and contractors, Snowden had a “top secret” security clearance, meaning that under his own user profile he could access many classified documents. But some higher level NSA officials have higher levels of clearance that give them access to the most sensitive documents.

As a system administrator, according to intelligence officials, Snowden had the ability to create and modify user profiles for employees and contractors. He also had the ability to access NSAnet using those user profiles, meaning he could impersonate other users in order to access files. He borrowed the identities of users with higher level security clearances to grab sensitive documents.

More available from NBC News – click here

Lying can be an art, but it’s also a science. Researchers have taken a closer look at what happens to a person when they tell a lie and have found out exactly what occurs in an individual’s brain. Yet exactly what happens doesn’t just depend on lying in general–it depends on what type of lie the person tells.

There are, in general, two types of lies. There are false descriptions and false denials. While false descriptions are deliberate flights of the imagination that we invent for something didn’t happen, false denials are brief lies that actually deny something that happened. False descriptions, surprisingly, are far more easily remembered.

More available from ScienceWorldReport.com