recommended reading


Intel Firm Links Ukraine Energy Debt With Potential Cyber Assault

By Aliya Sternstein // May 2, 2014

Russian President Vladimir Putin
Russian President Vladimir Putin // Mikhail Klimentyev, Presidential Press Service/AP

A Web intelligence company says Putin-sponsored cyber assaults against Ukraine could coincide with deadlines for paying Russia for energy.

Recorded Future, partly funded by CIA venture capital firm In-Q-Tel, drew data from social media, blogs, news and trade reports, such as analysis from Oil&Gas Eurasia, as well as other sources to create a speculative timeline of potential future clashes. The firm’s software system processed data on 55 references to future events that are related to Ukraine’s debt to Russian-controlled gas exporter Gazprom.

For example, regime officials reportedly have said that Ukraine must reimburse Gazprom about $3.5 billion for fuel it has already used, plus advance payments -- or Gazprom will cut off gas for domestic use in June.

In June, analysts say it's possible Russia could exert pressure on Ukraine by using cyber power, perhaps by disrupting online services or penetrating Ukraine's communications systems. "We generally make a point that cyber capabilities are just one tool in the geopolitical toolkit," Scott Donnelly, an open source researcher with the CIA-backed startup, said on Friday.

"Cyberattacks don't occur in a vacuum, and they occur in support of specific objectives," he added. 

Some cybersecurity specialists believe Russia...

Cybersecurity May Be Going the Way of Country Music

By Jessica Herrera-Flanigan // April 28, 2014

Country music artist Toby Keith
Country music artist Toby Keith // Chris Pizzello/Invision/AP

Late last year Entertainment Weekly writer Grady Smith compiled the YouTube video Why Country Music Was Awful in 2013, explaining “so much of what's on the radio these days sounds exactly the same!”  I’m an old school country music fan (my husband likes to say I’m so old school I listen to both country and “western” music) so when I saw that video, it confirmed my thoughts on a lot of today’s music.

So what does that have to do with cybersecurity, you ask?  Well, in recent months, I’ve noticed that cybersecurity may be going the way of country music where we are overloaded with the same message over and over again from more and more sources. Publications are dedicating entire sections and subscriptions to cybersecurity threats (aka Armageddon scenarios). Companies are creating cybersecurity units and divisions in hopes of jumping on the $$$ created by cybersecurity threats and fears. If turning on the radio last year told me that every good country boy needs a truck, a dirt road, a drink, and gal in short shorts, opening up my browser to news tells me that cybersecurity failures are stressful, scary, and probably my (and every...

One Chart Shows Why You Shouldn’t Trust the Feds With Your Data

Sergey Nivens/

We reported in January about the spike in government data breaches that has compromised the personal information of federal employees and citizens.

A report released Wednesday by the Government Accountability Office shows that security incidents involving personally identifiable information more than doubled between 2009, when there were 10,481 such breaches, and 2013, when the number climbed to 25,566.

Collectively, the breaches affect hundreds of thousands of people and cost taxpayers millions of dollars. For example, in July 2013, hackers stole a variety of information, including Social Security numbers, bank account numbers and security questions and answers associated with more than 104,000 individuals from an Energy Department computer system. According to Energy’s inspector general, the costs of assisting affected individuals and lost productivity stemming from the breach could top $3.7 million, GAO noted. 

Among other problems, GAO noted that only one of seven agencies reviewed by auditors correlated an assigned risk level with breaches of personal information and none of the seven consistently documented lessons learned from their breach responses.  

Op-Ed: Agency IT Budgets Aren’t Keeping Pace with Malware Threat

By Mohamad Elbarasse // March 20, 2014

Pavel Ignatov/

If federal agencies hope to fight malware and cybersecurity threats in 2015 they need to allocate more IT funds towards cyber.

Over the past few years government leaders have consistently prioritized and increased funding for cybersecurity initiatives. In the administration’s proposed budget for 2015, the cyber goals are no less lofty, but funding has not increased enough to effectively address the issue. In fact, cybersecurity spending is slated to drop by about $30 million. Lawmakers will have to increase budgets to attain the goals, or agencies will have to sacrifice some of their planned initiatives.

Recently, the Homeland Security Department released the first in a series of annual reports on cybersecurity trends from the U.S. Computer Emergency Readiness Team. According to the publication, “US-CERT Security Trends Report: 2012 in Retrospect,” the most significant conclusion from the analysis is that malware in particular is becoming more prevalent and its threat to cybersecurity more complex.

US-CERT collected data from both public and private sources, including the department’s EINSTEIN system. The data showed that roughly 8 percent of consumer grade users experienced a malware infection in 2012; one in five infections was caused by unintentional installation of malicious or infected...

The Internet of Things Means More Things to Hack

By Jessica Herrera-Flanigan // March 14, 2014

High-tech, Wi-Fi-connected trash cans are placed around London to monitor commuters.
High-tech, Wi-Fi-connected trash cans are placed around London to monitor commuters. // Lefteris Pitarakis/AP

People often ask me if I “stay off the grid” by refusing to participate in online shopping and banking and express surprise when I tell them I don't bother. "Doesn’t it scare you?" they ask. "Aren’t you worried your information will be compromised?”

Yes and yes, but staying away from the Internet isn't much of an option. Plus, as the recent retail store credit card debacles have demonstrated, bad things can happen to shoppers no matter if they are online or physically in a store.

What scares me more than someone stealing my information as I shop on Zulily or Amazon is how quiet the drumbeat has been on securing the broader Internet of things.

In the past month we learned that hackers broke into the Target financial systems via an HVAC system. While the complete details are unknown, it is believed that a phishing attack using malware at an HVAC subcontractor allowed hackers to gain network credentials to reach Target’s financial systems.

As more of the items we use every day get online capabilities, our lives and the Internet of things are increasingly interconnected.  From my desk, I can control the temperature of my...