Brian Wrote :
There is a wide range of cybersecurity initiatives that exist on the international level through collaborative efforts between the Department of Homeland Security (DHS) and numerous organizational units (UMUC, 2012). According to UMUC (2012), some examples of these initiatives are:
· Federal Law Enforcement Training Center
· National Cyber Security Division
· National Communications System
· Office of Infrastructure Protection
· Office of Operations Coordination
· Privacy Office
· U.S. Secret Service
· U.S. Immigration and Customs Enforcement
· Organization of American States Assistance
“The National Cyber Security Division works to secure cyberspace and America’s cyber assets in cooperation with public, private, and international entities” (UMUC, 2012). This is done using several strategic plans and directives, such as the Presidential Decision Directive 7, the Information Technology Sector Specific Plan, the National Strategy to Secure Cyber Space, National Infrastructure Preparedness Plan, and the National Response Plan (UMUC, 2012). A challenge that the National Cyber Security Division faces in providing an effective deterrent to cybersecurity threats are the constant evolving technologies. These include for both good and bad. Cyber attacks are constantly evolving and so are the technologies use to protect from them. In order for the National Cyber Security Division to effectively deter them not only do they have to stay up-to-date but also so do all of the strategic plans and directives that they use.
Another initiative is the Federal Law Enforcement Training Center (FLETC) that emerged in the 1980s. This initiative puts forth “efforts to counter international hijackings and financial crimes” (UMUC, 2012). It now also extends law enforcement abroad to help against terrorist activity, international crime, and drug-trafficking (UMUC, 2012). It does those with the partner of Department of State. A challenge that the FLETC faces in providing an effective deterrent to cybersecurity threats are their international limitations. All though they have partnered abroad with select foreign nations they still have restrictions and limitations as to what exactly they can do.
Justin Wrote:
Mutual Legal Assistance Treaties (MLATs) are established between two or more nations and provide a formal means of exchanging evidence and information pertaining to criminal acts or cases that occur outside of a nation’s legal jurisdiction. The primary issue associated with MLATs and cybercrime is the inconsistency of host nation laws. Many nations feel that the idea of a global anti-crime initiative may contradict a nation’s fundamental principles (Finklea & Theohary, 2012, p.24). There is no standardized definition for cybercrime which means that one nation may view a virtual act as a crime and the other, with which the MLAT exists, may not. If the two nations agree on the legality of the act then the requesting nation may sub ...
Brian Wrote There is a wide range of cybersecurity initiatives .docx
1. Brian Wrote :
There is a wide range of cybersecurity initiatives that exist on
the international level through collaborative efforts between the
Department of Homeland Security (DHS) and numerous
organizational units (UMUC, 2012). According to UMUC
(2012), some examples of these initiatives are:
· Federal Law Enforcement Training Center
· National Cyber Security Division
· National Communications System
· Office of Infrastructure Protection
· Office of Operations Coordination
· Privacy Office
· U.S. Secret Service
· U.S. Immigration and Customs Enforcement
· Organization of American States Assistance
“The National Cyber Security Division works to secure
cyberspace and America’s cyber assets in cooperation with
public, private, and international entities” (UMUC, 2012). This
is done using several strategic plans and directives, such as the
Presidential Decision Directive 7, the Information Technology
Sector Specific Plan, the National Strategy to Secure Cyber
Space, National Infrastructure Preparedness Plan, and the
National Response Plan (UMUC, 2012). A challenge that the
National Cyber Security Division faces in providing an
effective deterrent to cybersecurity threats are the constant
evolving technologies. These include for both good and bad.
Cyber attacks are constantly evolving and so are the
technologies use to protect from them. In order for the National
Cyber Security Division to effectively deter them not only do
they have to stay up-to-date but also so do all of the strategic
plans and directives that they use.
Another initiative is the Federal Law Enforcement Training
Center (FLETC) that emerged in the 1980s. This initiative puts
2. forth “efforts to counter international hijackings and financial
crimes” (UMUC, 2012). It now also extends law enforcement
abroad to help against terrorist activity, international crime, and
drug-trafficking (UMUC, 2012). It does those with the partner
of Department of State. A challenge that the FLETC faces in
providing an effective deterrent to cybersecurity threats are
their international limitations. All though they have partnered
abroad with select foreign nations they still have restrictions
and limitations as to what exactly they can do.
Justin Wrote:
Mutual Legal Assistance Treaties (MLATs) are established
between two or more nations and provide a formal means of
exchanging evidence and information pertaining to criminal acts
or cases that occur outside of a nation’s legal jurisdiction. The
primary issue associated with MLATs and cybercrime is the
inconsistency of host nation laws. Many nations feel that the
idea of a global anti-crime initiative may contradict a nation’s
fundamental principles (Finklea & Theohary, 2012, p.24). There
is no standardized definition for cybercrime which means that
one nation may view a virtual act as a crime and the other, with
which the MLAT exists, may not. If the two nations agree on
the legality of the act then the requesting nation may submit for
assistance (Brenner & Schwerha, 2004, p.112). The host nation
may determine to what extent the requesting nation may receive
and view case evidence and pursue and prosecute the
perpetrator.
The theft of individual financial data from Target databases this
past November and December was believed to have originated
from a heating, ventilation, and air conditioning company that
had a financial account established with the company. It was
later discovered that the HVAC company was the victim of a
cyber-attack and was used as a gateway into Target’s databases.
The perpetrators used the account to upload malicious software
designed to steal credit and debit card credentials and pin
numbers. In a matter of days, the software moved across
3. Target’s global customer base, exposing over 40 million
accounts (Krebs, 2013). Investigators have traced the card data
to multiple destinations; one drop being in Brazil. The U.S.
government has submitted an MLAT to the Brazilian
government to gain access to Target data on the exploited
server. U.S. officials are still unclear as to the origination of the
software and investigators are skeptical that a perpetrator will
be found, at least within the United States.
MLATs play a critical role in solving international crimes and
they provide a reasonable foundation for international
cooperation and collaboration among law enforcement agencies.
In 2003, a police officer in Denmark discovered disturbing
pictures on the Internet of a child being sexually abused. The
officer transmitted the pictures through an INTERPOL database
which led to the arrest of Brian Schellenberger of North
Carolina. Because of the officer’s diligence, five of
Schellenberger’s victims were found and rescued. In Australia,
2005, a Queensland officer had infiltrated a U.S. citizen who
had been distributing child pornography. The officer contacted
the Federal Bureau of Investigation which led to the arrest of
Walter J. Kemic. The Australian officer had just completed an
online investigation course at the FBI offices prior to returning
to Australia (Bell, A.E., 2007). Due to mutual legal assistance,
law enforcement officials were able to collect the evidence
necessary to prosecute the perpetrators.
Larry Wrote:
What are the elements of the Risk Management Framework?
According to the National Infrastructure Protection Plan
(NIPP), the Risk Management Framework (RMF) is described as
follows: (DHS, 2013)
Set Security Goals
Identify assets, systems, networks and functions
Assess risks
Prioritize
4. Implement protective programs
Measure effectiveness
These guidelines can help an organization protect their assets
while helping to maintain a strong security posture. It is also
the responsibility of the organization to conduct their due
diligence and utilize all available avenues in trying to secure
their infrastructure and information. The NIPP RMF document
is also very similar to the National Institute of Standards and
Technology (NIST) Special Publications (SP) 800-37 which is
the Guide for Applying the Risk Management Framework to
Federal Information Systems. This document is primarily used
within the DoD and federal government to help protect their
networks and systems.
B. Why should organizations consider the use of that
framework for a cybersecurity program?
One of the biggest concerns within our public and private
sectors is the security of our critical infrastructure. This
infrastructure consists of our power grid, water, transportation,
communications, financial and medical systems to name a few.
These areas are prime targets for the hacker and/or hacktivist as
they try and infiltrate these networks. There have been several
cases showing that these systems are very vulnerable and can be
easily attacked. In 2007, there was a “computer glitch” that
occurred within the systems that control the updating of Dow
Jones Industrial Average. The glitch caused a delay in the
updates which required switching to the backup system. Once
the update was completed, massive sell-off had occurred and the
Dow had its biggest loss since after 9/11. (McCarthy, Burrow,
Dion, & Pacheco, 2009) This issue was never identified as a
cyber-attack but this example just goes to show how damaging a
simple computer glitch can be to our infrastructure.
The previous issue could have turned out to be a major issue if
it had indeed been some sort of criminal cyber-attack. Many of
our critical infrastructure programs are under constant attack
and need to be protected from many of these cyber-criminals,
5. hackers, hacktivists or other actors. By implementing and using
the guidelines associated within the RMF, organizations will be
in a better position to detect, deter, prevent and reduce any of
the vulnerabilities that can be exploited by any known or
unknown cyber-criminal.
John Wrote:
Cyber security awareness and education programs are an
important step to take for risk mitigation because cyber threats
exist at every user level. In effort to bring awareness and
education to the business sector and also make this information
available to all U.S. citizens, the Department of Homeland
Security advertises and distributes cyber security information
under National Initiative for Cybersecurity Education (NICE).
One recent NICE outreach program, Stop-Think-Connect,
utilizes the internet, public forums, and promotes training tools
to use for cybersecurity education programs. The NICE webpage
(hosted on the DHS website) gives the program mission
statement as follows, “The Stop.Think.Connect. Campaign is a
national public awareness campaign aimed at increasing the
understanding of cyber threats and empowering the American
public to be safer and more secure online” (DHS, 2010). The
tenants of this campaign are as follows: (1) Stop: Before you
use the Internet, take time to understand the risks and learn how
to spot potential problems; (2) Think: Consider how your
actions online could impact your safety, or your family’s; and
(3)Connect: Enjoy the Internet with greater confidence,
knowing you’ve taken the right steps to safeguard yourself and
your computer.Clearly, the intended audience is the individual
user.
The NICE program spawned out of the Cyberspace Policy
Review, issued by President Obama in 2009. It is of important
and relevant note to highlight the goal of the Cyberspace Policy
Review, which is to “become the blueprint from which our
nation's cybersecurity foundation will transform into an assured
6. and resilient digital infrastructure for the future” (DHS, 2010).
A major element of the NICE public awareness campaign is the
promotion of Cyber Security Awareness Month, occurring
annually in the month of October. Education and training
programs disseminated through Cyber Security Awareness
Month support the NICE outreach program efforts by
distributing national cybersecurity awareness through public
service events; delivering formal cybersecurity education at the
public schools level, from K-12 to Vocational/Technical
schools; providing a federal cybersecurity workforce structure;
and hosting cybersecurity workforce training and professional
development for federal government civilian, military, and
contactor personnel (The White House).