You are a SPECIAL Librarian! You are a Military Librarian!

Tag Archive | "privacy and security"

Research Links: Cybersecurity Policy

Research Links: Cybersecurity Policy
Source: Council on Foreign Relations

How can the United States protect cyberspace “control system of our country,” without restricting the open “flow of information on the Internet”? What should countries consider when developing international cybersecurity standards and protocol? What should their citizens know to protect their information and their rights? Cybersecurity Policy Research Links provide news, background information, legislation, analysis, and international efforts to protect government and the public’s information.

Posted in Links of InterestComments Off

Cyberculture and Personnel Security

Cyberculture and Personnel Security
Source: Defense Personnel Security Research Center
Report I — Orientation, Concerns, and Needs (PDF)

Computers and related technologies, such as smart phones and video games, are now a common part of everyday life. Many people spend a large portion of their waking hours using and socializing through these devices, forming what is known as a cyberculture. Personnel security investigative and adjudicative standards were developed before these products were widely available; however, cyberculture bears relevance to personnel security due both to the presence of existing security issues and potential effects on psychological outcomes and workplace performance. Although cyberculture has many beneficial effects, this project evaluates how participation can negatively affect personnel security and employee performance. This initial report provides context, outlines presently actionable findings and strategies, highlights some questions that cannot yet be answered, and draws on outside research to guide future research. Information from many sources was examined, including academic research journals, other federal organizations, news reports, and cyber environments, to understand cyber activities relevant to personnel security. Participation is widespread in U.S. society and popular among all age groups. Some cyber activities, such as foreign associations, can be reportable per existing investigative criteria, so procedures should be updated appropriately and promptly. Other topics require research before action is recommended. One concern is how online disinhibition, where people who become more willing to disclose personal information, deceive, or become hostile, affects personnel security. Increased willingness to disclose may amplify the counterintelligence concerns for individuals targeted by hostile parties. There are also many potential negative effects on impulse control, mental health, physical health, and workplace behavior. Future research is intended to further guide policy, workforce awareness, investigations, and adjudications.

Report II – Ethnographic Analysis of Second Life (PDF)

This report presents the results from an ethnographic examination of a popular virtual social environment, Second Life, as the second part of a larger effort to study the impact of participation in cyber activities on personnel security and safety. Research has shown that cyber participation can spill over into individuals’ offline lives, which could be of security concern to the extent that their online behavior demonstrates poor judgment and/or undermines their reliability. Several immersive ethnographic methods were used in the present study, including participation observation, group discussions, and one-on-one interviews with 148 Second Life users who resembled the demographics of clearance holders. The reported findings include a description of behaviors of potential concern, a set of case studies that outline the behaviors of actual users, and a framework of user personas that attempts to distinguish between innocuous use of no apparent security concern from problematic use that may pose risks to national security. These findings contain implications for updating personnel security policy regarding cyber involvement.

Posted in Links of InterestComments Off

DoD Press Briefing on Navy Yard Shooting investigations

Defense Department Press Briefing on Implementation Plans as a Result of the Washington Navy Yard Shooting Investigations and Reviews by Secretary Hagel and Navy Secretary Mabus in the Pentagon Briefing Room
Source: U.S. Department of Defense

Okay. Six months ago, the Department of Defense lost 12 members of its family in a senseless act of violence at the Washington Navy Yard. I said at the time that where there are gaps or inadequacies in the department’s security, we’ll find them and we’ll correct them.

And accordingly today, I’m announcing steps DoD is taking to enhance physical security at our installations and improve security clearance procedures responding to lessons learned from this terrible, terrible tragedy. These new measures are based on the recommendations of two reviews that I ordered in the aftermath of the shooting, including an internal review, led by Undersecretary of Defense for Intelligence Michael Vickers, and an outside review, led by former Assistant Secretary of Defense Paul Stockton, who is with us today, and retired Admiral Eric Olson.

Secretary Mabus, who joins me here this morning, also directed the Department of the Navy to conduct its own reviews of security standards, which complemented our work. I appreciate the hard work and the thorough analysis that went into all of these efforts by all of these people.

The reviews identified troubling gaps in DoD’s ability to detect, prevent, and respond to instances where someone working for us, a government employee, member of our military, or a contractor, decides to inflict harm on this institution and its people.

Posted in Links of InterestComments Off

RAND: Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar

Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar
Source: RAND Corporation

Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets for both tools (e.g., exploit kits) and take (e.g., credit card information). This report, part of a multiphase study on the future security environment, describes the fundamental characteristics of these markets and how they have grown into their current state to explain how their existence can harm the information security environment. Understanding the current and predicted landscape for these markets lays the groundwork for follow-on exploration of options to minimize the potentially harmful influence these markets impart. Experts agree that the coming years will bring more activity in darknets, more use of crypto-currencies, greater anonymity capabilities in malware, and more attention to encrypting and protecting communications and transactions; that the ability to stage cyberattacks will likely outpace the ability to defend against them; that crime will increasingly have a networked or cyber component, creating a wider range of opportunities for black markets; and that there will be more hacking for hire, as-a-service offerings, and brokers. Experts disagree, however, on who will be most affected by the growth of the black market (e.g., small or large businesses, individuals), what products will be on the rise (e.g., fungible goods, such as data records and credit card information; non-fungible goods, such as intellectual property), or which types of attacks will be most prevalent (e.g., persistent, targeted attacks; opportunistic, mass “smash-and-grab” attacks).

Posted in Links of InterestComments Off

RAND: Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar

Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar
Source: RAND Corporation

Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets for both tools (e.g., exploit kits) and take (e.g., credit card information). This report, part of a multiphase study on the future security environment, describes the fundamental characteristics of these markets and how they have grown into their current state to explain how their existence can harm the information security environment. Understanding the current and predicted landscape for these markets lays the groundwork for follow-on exploration of options to minimize the potentially harmful influence these markets impart. Experts agree that the coming years will bring more activity in darknets, more use of crypto-currencies, greater anonymity capabilities in malware, and more attention to encrypting and protecting communications and transactions; that the ability to stage cyberattacks will likely outpace the ability to defend against them; that crime will increasingly have a networked or cyber component, creating a wider range of opportunities for black markets; and that there will be more hacking for hire, as-a-service offerings, and brokers. Experts disagree, however, on who will be most affected by the growth of the black market (e.g., small or large businesses, individuals), what products will be on the rise (e.g., fungible goods, such as data records and credit card information; non-fungible goods, such as intellectual property), or which types of attacks will be most prevalent (e.g., persistent, targeted attacks; opportunistic, mass “smash-and-grab” attacks).

Posted in Links of InterestComments Off

Blog Archives