Tag Archives: cyberattacks

Cybersecurity: Prevention and Recovery

In a world growing increasingly dependent on technology, the prevention of cyberattacks is more critical than ever. Our reports explain the importance of increasing the usability of security technologies, recommend strategies for future research aimed at countering cyberattacks, and consider how information technology systems can be used to not only maximize protection against attacks, but also respond to threats.

Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop

In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they …

[more]

Legal Issues Concerning Transit Agency Use of Electronic Customer Data

TRB’s Transit Cooperative Research Program (TCRP) Legal Research Digest (LRD) 48: Legal Issues Concerning Transit Agency Use of Electronic Customer Data explores the advantages, disadvantages, risks, and benefits for transit agencies moving to …

[more]

Federal Statistics, Multiple Data Sources, and Privacy Protection: Next Steps

The environment for obtaining information and providing statistical data for policy makers and the public has changed significantly in the past decade, raising questions about the fundamental survey paradigm that underlies federal statistics. New …

[more]

Protection of Transportation Infrastructure from Cyber Attacks: A Primer

TRB’s Protection of Transportation Infrastructure from Cyber Attacks: A Primer provides transportation organizations with reference materials concerning cybersecurity concepts, guidelines, definitions, and standards. The primer is a joint product …

[more]

Cybersecurity Dilemmas: Technology, Policy, and Incentives: Summary of Discussions at the 2014 Raymond and Beverly Sackler U.S.-U.K. Scientific Forum

Individuals, businesses, governments, and society at large have tied their future to information technologies, and activities carried out in cyberspace have become integral to daily life. Yet these activities – many of them drivers of economic …

[more]

Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop

Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to …

[more]

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, …

[more]

Engaging Privacy and Information Technology in a Digital Age

Privacy is a growing concern in the United States and around the world. The spread of the Internet and the seemingly boundaryless options for collecting, saving, sharing, and comparing information trigger consumer worries. Online practices of …

[more]

Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit …

[more]

Sony Hack Emphasizes Need for Improved Cybersecurity

Last month’s hacking of Sony Pictures Entertainment has highlighted the vulnerability of companies to cyberattack. The hackers stole confidential documents, deleted the originals, and left threatening messages. With the computers unusable even days after the attack, employees resorted to using white boards to do their work. Meanwhile, the hackers released the confidential documents to journalists, and five Sony movies to the public at large.

The Sony hack clearly demonstrates a need for improved cybersecurity. Governments are not the only ones vulnerable, and state secrets are not the only targets. To learn more about how we can prevent future cyberattacks with improved security, check out our Cybersecurity Collection:

 

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-based networks. Cybersecurity is vital to protecting all of …

[more]

Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit vulnerabilities in the nation s critical information systems, thereby causing considerable suffering and damage. Online e-commerce business, government agency files, and identity records are all …

[more]

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, little has been written about the use of cyberattack as an instrument of U.S. policy. …

[more]

Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop

Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use, configure, or operate systems in ways that are inadvertently insecure. Moreover, security and privacy technologies originally were developed in a context in which system administrators had …

[more]

Gauss Malware – Cyberattack or Cyber Exploitation? NRC Reports Explain.

The recent Gauss malware attack has been the hot topic of the cyber community and several technology magazines have dedicated lengthy articles about the seriousness of the virus. We asked Dr. Herbert Lin, cyber attack expert and chief scientist at the Computer Science and Telecommunications Board of the National Research Council, to weigh in and explain the significance of the Gauss malware virus currently affecting the Middle East. Here’s what he had to say:

“A number of public reports have asserted that Gauss is state-sponsored malware directed against customers of Middle Eastern banks for the purpose of gathering intelligence on those banks and customers. If this is its only purpose (and no reports have yet surfaced indicating that Gauss is an agent intended to steal money), then Gauss is an agent of cyber exploitation rather than cyber attack. But even if Gauss is state-sponsored, it would be just one more example of how nations conduct espionage operations against entities of interest with all the tools at their disposal.

The details of financial transactions in the Middle East are clearly interesting to those who follow the development of weapons of mass destruction, the evasion of sanctions, and terrorist activities, and it would not be surprising if nations use cyber espionage to obtain information that they could not otherwise obtain from the banking systems in question.”

The National Research Council has produced a number of significant reports on cyber security and related subjects, which are all free to download from www.NAP.edu.

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

Download Free PDF

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities390 pages | Paperback | Price: $44.10The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal… [more]
Proceedings of a Workshop on Deterring Cyberattacks

Download Free PDF

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy400 pages | Paperback | Price: $70.65In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity… [more]
Toward a Safer and More Secure Cyberspace

Download Free PDF

Toward a Safer and More Secure Cyberspace328 pages | Paperback | Price: $51.30Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit… [more]
Critical Code

Download Free PDF

Critical Code: Software Producibility for Defense160 pages | Paperback | Price: $31.27Critical Code contemplates Department of Defense (DoD) needs and priorities for software research and suggests a research agenda and related actions. Building on two prior books–Summary of a Workshop on Software Intensive Systems and… [more]
Toward Better Usability, Security, and Privacy of Information Technology

Download Free PDF

Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop70 pages | Paperback | Price: $18.90Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use,… [more]

Take 5: Top Books for Computer Scientists

Got scientists and engineers on your holiday shopping list? Take five and check out our top gift ideas. NAP books and merchandise make thoughtful gifts for thinking people.

The Future of Computing Performance

The Future of Computing Performance: Game Over or Next Level?

The end of dramatic exponential growth in single-processor performance marks the end of the dominance of the single microprocessor in computing. The era of sequential computing must give way to a new era in which parallelism is at the forefront. Although…
Details

Biometric Recognition

Biometric Recognition: Challenges and Opportunities

Biometric recognition–the automated recognition of individuals based on their behavioral and biological characteristic–is promoted as a way to help identify terrorists, provide better control of access to physical facilities and financial accounts, and…
Details

Toward a Safer and More Secure Cyberspace

Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit…
Details

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations.  Although there is a substantial literature on the potential impact of a cyberattack on the societal…
Details

Proceedings of a Workshop on Deterring Cyberattacks

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity…
Details

Cybersecurity: Issues in Defending Networks and Systems from Cyberattack and Cyberespionage

Last week the International Monetary Fund (IMF) reported that it was a target of a cyber break-in, an attack designed to infiltrate the IMF in order to gain sensitive insider privileged information. Intrusions into secure networks of organizations such as the IMF focus the public’s attention on the subject of cybersecurity. We asked Herb Lin, Chief Scientist at NRC’s Computer Science and Telecommunications Board, for his perspective.

“The IMF incident is troubling in the same way that many other break-ins are troubling—they point to weaknesses in the cybersecurity of organizations important to national and international economies, national security, and economic prosperity. Cyberattacks destroy or damage computer systems or the information in them; cyber exploitations (or cyber espionage) obtain from computers information that should be kept confidential. These kinds of operations are the threats against which effective cybersecurity measures need to be taken by everyone, but especially by organizations that play key roles in society.”

Toward a Safer and More Secure Cyberspace discusses cybersecurity from a defensive perspective. It explores the nature of online threats and examines security vulnerabilities of the Internet and in computer systems and networks. In addition, it considers why organizations have failed to adopt measures that could make them more secure against cyberthreats.

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities focuses on the policy and operational dimensions of cyberattack and cyberexploitation and distinguishes between the two. This book also discusses policy and legal frameworks for the use of cyberattack as an instrument of national policy. It describes the current international and domestic legal structure as it might apply to cyberattack, and considers analogies to other domains of conflict to develop relevant insights.

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy is a collection of papers by experts in the field about various aspects of cyberattack. This book is phase two of a project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government.

These books can inform debate and contribute to decision-making. PDFs of these and others titles from the Computer Science and Telecommunications Board are free to download.

Toward a Safer and More Secure Cyberspace
Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit…
Details

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations.  Although there is a substantial literature on the potential impact of a cyberattack on the societal…
Details

Proceedings of a Workshop on Deterring CyberAttacks
Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity…
Details

Science and the Future of Computing: Parallel Processing to Meet Tomorrow’s Challenges

Fast, inexpensive computers are now essential for nearly all human endeavors and have been a critical factor in increasing economic productivity, enabling new defense systems, and advancing the frontiers of science. For the last half-century, computers have been doubling in performance and capacity every couple of years. For example, the raw performance of a 1970s supercomputer is now available in a typical modern cell phone. The remarkable growth in computing throughout the lifetimes of most people has resulted in the expectation that such phenomenal progress will continue well into the future. As our demand for increased technology performance shows no signs of slowing, it becomes apparent that we need to find ways to sustain increasing performance.

In their efforts to make faster computers, scientists have concentrated on reductions in transistor size, enabling more transistors to be packed onto computer chips. Current chips range from several complex processors to hundreds of simpler processors. To use chip multiprocessors, applications must use a parallel programming model, which divides a program into parts that are then executed in parallel on distinct processors. However, much software today is written according to a sequential programming model, and applications written this way cannot easily be sped up by using parallel processors. The Future of Computing Performance: Game Over or Next Level? recommends that our nation place a much greater emphasis on IT and computer-science research and development focused on improvements and innovations in parallel processing, and on making the transition to computing centered on parallelism.

This book also discusses the need for research and development on much more power-efficient computing systems at all levels of technology, including devices, hardware architecture, and software. The Future of Computing Performance makes recommendations aimed at supporting and focusing research, development, and education in parallel computing. It sets a path forward to sustain growth in computer performance so that we can enjoy the next level of benefits to society.

This book and others from the Computer Science and Telecommunications Board can inform discussion and guide decision-making.

The Future of Computing Performance The Future of Computing Performance: Game Over or Next Level?

The end of dramatic exponential growth in single-processor performance marks the end of the dominance of the single microprocessor in computing. The era of sequential computing must give way to a new era in which parallelism is at the forefront. Although…
Details

 

Wireless Technology Prospects and Policy Options Wireless Technology Prospects and Policy Options

The use of radio-frequency communication–commonly referred to as wireless communication–is becoming more pervasive as well as more economically and socially important. Technological progress over many decades has enabled the deployment of several successive…
Details

 

Transforming Combustion Research through Cyberinfrastructure Transforming Combustion Research through Cyberinfrastructure

Combustion has provided society with most of its energy needs for millennia, from igniting the fires of cave dwellers to propelling the rockets that traveled to the Moon. Even in the face of climate change and the increasing availability of alternative energy…
Details

 

Biometric Recognition Biometric Recognition: Challenges and Opportunities

Biometric recognition–the automated recognition of individuals based on their behavioral and biological characteristic–is promoted as a way to help identify terrorists, provide better control of access to physical facilities and financial accounts, and…
Details

 

Critical Code Critical Code: Software Producibility for Defense

Critical Code contemplates Department of Defense (DoD) needs and priorities for software research and suggests a research agenda and related actions. Building on two prior books–Summary of a Workshop on Software Intensive Systems and…
Details

 

Toward Better Usability, Security, and Privacy of Information Technology Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop

Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use,…
Details

 

Proceedings of a Workshop on Deterring CyberAttacks Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity…
Details

 

Report of a Workshop on The Scope and Nature of Computational Thinking Report of a Workshop on The Scope and Nature of Computational Thinking

Report of a Workshop on the Scope and Nature of Computational Thinking presents a number of perspectives on the definition and applicability of computational thinking. For example, one idea expressed during the workshop is that computational thinking is a…
Details

 

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations.  Although there is a substantial literature on the potential impact of a cyberattack on the societal…
Details

 

Take 5: Top 5 Books on Science and Technology

The scientists and engineers on your list may not always be the easiest people to shop for during the holidays. It should come as no surprise that we have recommendations. Take five and finish your holiday shopping with our most-recommended books for the scientifically-minded.

Ensuring the Integrity, Accessibility, and Stewardship of Research Data in the Digital Age Ensuring the Integrity, Accessibility, and Stewardship of Research Data in the Digital Age

As digital technologies are expanding the power and reach of research, they are also raising complex issues. These include complications in ensuring the validity of research data; standards that do not keep pace with the high rate of innovation; restrictions…
Details

Science and Decisions Science and Decisions: Advancing Risk Assessment

Risk assessment has become a dominant public policy tool for making choices, based on limited resources, to protect public health and the environment. It has been instrumental to the mission of the U.S. Environmental Protection Agency (EPA) as well as other…
Details

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations.  Although there is a substantial literature on the potential impact of a cyberattack on the societal…
Details

Rising Above the Gathering Storm Rising Above the Gathering Storm: Energizing and Employing America for a Brighter Economic Future

In a world where advanced knowledge is widespread and low-cost labor is readily available, U.S. advantages in the marketplace and in science and technology have begun to erode. A comprehensive and coordinated federal effort is urgently needed to bolster U.S….
Details

Strengthening Forensic Science in the United States Strengthening Forensic Science in the United States: A Path Forward

Scores of talented and dedicated people serve the forensic science community, performing vitally important work. However, they are often…
Details

Herb Lin Speaks About Cyberattack and Stuxnet

Stuxnet is a quickly mutating computer worm that has been infiltrating computers in Iran. Discovered in June, Stuxnet has been found in over 45,000 computers in various countries, but the vast majority of infected systems are in Iran.

The 2009 title Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities provides insight and a context with which to view the Stuxnet situation. We asked Herb Lin, the Study Director and one of the editors of the book, for his perspective.

“Stuxnet is the first reported incident of malware aimed at computerized industrial control systems that (allegedly) seeks to cause actual damage to these systems, rather than just extracting information from them. That is, it appears to be an instrument of cyberATTACK and not just one of cyberEXPLOITATION. (The difference between cyberattack and cyberexploitation is addressed in the 2009 report on cyberattack.)

The 2009 report also provides the necessary background to understand many aspects of the Stuxnet incident, including the difficulty of attributing the source of a cyberattack, the intelligence support needed for a successful cyberattack to occur, the significance of nation state involvement, and the potential utility of cyberattack as an instrument of clandestine national policy.”

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities is available to download at no charge online at the NAP website. Links to this title and other National Academies reports that may also interest you are listed below.

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations.  Although there is a substantial literature on the potential impact of a cyberattack on the societal…

Details

Proceedings of a Workshop on Deterring CyberAttacks Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity…

Details

Toward Better Usability, Security, and Privacy of Information Technology Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop

Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use,…

Details

Toward a Safer and More Secure Cyberspace Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit…

Details

Five new books: Iraq & Afghanistan Vets, Biofuels, Cyberattacks and more

There were five new books on the NAP site this week, touching the topics of military and veterans; transportation and infrastructure; information security and privacy; industry and labor; and energy and energy conservation. Check out all of our topics for more books on all of these topics and more.

Since it’s such a popular feature of our site, I’ll point out that all of this week’s new publications have free PDFs to download. Happy reading!

Featured Publication

Returning Home from Iraq and Afghanistan: Preliminary Assessment of Readjustment Needs of Veterans, Service Members, and Their Families (final)

Nearly 1.9 million U.S. troops have been deployed to Afghanistan and Iraq since October 2001. Many service members and veterans face serious challenges in readjusting to normal life after returning home. This initial book presents findings on the most critical challenges, and lays out the blueprint for the second phase of the study to determine how best to meet the needs of returning troops and their families.

All New Publications This Week

Technologies and Approaches to Reducing the Fuel Consumption of Medium- and Heavy-Duty Vehicles (prepublication)

Letter Report for the Committee on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy (final)

The Dragon and the Elephant: Understanding the Development of Innovation Capacity in China and India: Summary of a Conference (final)

Expanding Biofuel Production: Sustainability and the Transition to Advanced Biofuels: Summary of a Workshop (final)