The recent Gauss malware attack has been the hot topic of the cyber community and several technology magazines have dedicated lengthy articles about the seriousness of the virus. We asked Dr. Herbert Lin, cyber attack expert and chief scientist at the Computer Science and Telecommunications Board of the National Research Council, to weigh in and explain the significance of the Gauss malware virus currently affecting the Middle East. Here’s what he had to say:

“A number of public reports have asserted that Gauss is state-sponsored malware directed against customers of Middle Eastern banks for the purpose of gathering intelligence on those banks and customers. If this is its only purpose (and no reports have yet surfaced indicating that Gauss is an agent intended to steal money), then Gauss is an agent of cyber exploitation rather than cyber attack. But even if Gauss is state-sponsored, it would be just one more example of how nations conduct espionage operations against entities of interest with all the tools at their disposal.

The details of financial transactions in the Middle East are clearly interesting to those who follow the development of weapons of mass destruction, the evasion of sanctions, and terrorist activities, and it would not be surprising if nations use cyber espionage to obtain information that they could not otherwise obtain from the banking systems in question.”

The National Research Council has produced a number of significant reports on cyber security and related subjects, which are all free to download from www.NAP.edu.

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities390 pages | Paperback | Price: $44.10The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal… [more]

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy400 pages | Paperback | Price: $70.65In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity… [more]

Toward a Safer and More Secure Cyberspace328 pages | Paperback | Price: $51.30Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit… [more]

Critical Code: Software Producibility for Defense160 pages | Paperback | Price: $31.27Critical Code contemplates Department of Defense (DoD) needs and priorities for software research and suggests a research agenda and related actions. Building on two prior books–Summary of a Workshop on Software Intensive Systems and… [more]

Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop70 pages | Paperback | Price: $18.90Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use,… [more]