Information Week (Recent DDOS) — White House (CyberSecurity Chief Melissa Hathaway) — DHS Data Privacy and Integrity Advisory Committee — Videos — Cyberspace Policy Review
This is very serious stuff folks. It does not matter which side of the fence you are politically. Our government’s first responsibility is to protect its citizens.
For those who remember, U.S. government cyber experts confirmed that the computer systems of several well known government agencies and both the Obama and McCain campaign teams were hacked last year by a foreign government. It is widely known that the hackers downloaded large quantities of files from both campaign networks, which officials believed was an attempt to gather information on the evolution of both camps’ policy positions. The information could also have been useful in negotiations with a future administration.
Newsweek magazine stated that the FBI and Secret Service had been called in, with one agent warning the Obama campaign: “You have a problem way bigger than what you understand. You have been compromised, and a serious amount of files have been loaded off your system.” As originally published by CBSNews:
President Obama on Friday confirmed that his presidential campaign suffered a cyber intrusion in which hackers gained access to a range of files.
In a speech in which he unveiled a plan for a comprehensive national cybersecurity strategy, the president said he understands what it is like to be a victim of a cyberattack because “it has happened to me and the people around me.”
Between the months of August and October, Obama said, hackers accessed files including policy papers and travel plans. Files pertaining to fundraising information were left untouched, he assured his supporters in a joking manner.
Now, for those that attended government briefings last year on potential “backdoor” access to both hardware and software products by foreign governments, I can attest to the fact that I saw “fear” in top IT managers’ faces. As others have pointed on various internet security chat rooms, a lot of folks who had dark hair before the briefings, had “gray hair when they left” the room.
If memory serves me, there were several “unclassified” briefings to the private sector and industry that were widely known around the Washington DC beltway. As an example, this FBI presentation on the fake Cisco Routers made its way on the internet. Again, no matter who you voted for, this subject matter is very important to the American people and the protection of our intellectual property.
Malware that targeted Web sites of The White House, Department of Homeland Security, the FAA, and others appears to be a MyDoom variant.
InformationWeek, By J. Nicholas Hoover July 8, 2009 05:25 PM (Emphasis mine)
The distributed denial of service (DDOS) attack that has hit more than two dozen United States and South Korean government agencies and companies since the weekend does not make use of some of the latest developments in malware and was likely developed for this specific attack, according to researchers in possession of the malware source code.
The attack, which attempts to flood Web servers with initial requests to connect, temporarily took down several federal government Web sites in the United States and Korea over the past few days, though most are back online.
The targets, according to a list compiled by Verisign iDefense, include the Web sites of The White House, the Department of Homeland Security, the Department of Defense and the Federal Aviation Administration as well as The New York Stock Exchange, NASDAQ, and The Washington Post.
Several agencies, including two not on Verisign’s list of 24 targets, confirmed to InformationWeek Government that they had been under attack. The Department of Treasury said it has experienced denial of service attacks over the past few days. The Department of Transportation, meanwhile, said it has been “experiencing network incidents” since the weekend and is cooperating with the United States Computer Emergency Response Team (US-CERT), one of the parties working to mitigate the attacks.
“US-CERT has issued a notice to federal departments and agencies, as well as other partner organizations, on this activity and advised them of steps to take to help mitigate against such attacks,” a Department of Homeland Security spokeswoman said in an e-mailed statement. “We see attacks on federal networks every day, and measures in place have minimized the impact to federal websites.”…
THE WHITE HOUSE
Office of the Press Secretary
For Immediate Release May 26, 2009
Statement by the President on the White House Organization for Homeland Security and Counterterrorism
As President, my highest priority is the safety and security of the American people. That is why, in February, I issued a Presidential Study Directive to look at how the White House should be organized to deal with the critical issues of homeland security and counterterrorism. I have carefully reviewed the findings and recommendations of that study, and am announcing a new approach which will strengthen our security and the safety of our citizens. These decisions reflect the fundamental truth that the challenges of the 21st Century are increasingly unconventional and transnational, and therefore demand a response that effectively integrates all aspects of American power.
Key decisions that I have made include:
- The full integration of White House staff supporting national security and homeland security. The new “National Security Staff” will support all White House policymaking activities related to international, transnational, and homeland security matters. The establishment of the new National Security Staff, under the direction of the National Security Advisor, will end the artificial divide between White House staff who have been dealing with national security and homeland security issues.
- Maintaining the Homeland Security Council as the principle venue for interagency deliberations on issues that affect the security of the homeland such as terrorism, weapons of mass destruction, natural disasters, and pandemic influenza. The Homeland Security Council, like its National Security Council counterpart, will be supported by the National Security Staff.
- The establishment of new directorates and positions within the National Security Staff to deal with new and emerging 21st Century challenges associated with cybersecurity, WMD terrorism, transborder security, information sharing, and resilience policy, including preparedness and response.
- Retaining the position of Assistant to the President for Homeland Security and Counterterrorism (AP/HSCT) as my principal White House advisor on these issues, with direct and immediate access to me. The security of our homeland is of paramount importance to me, and I will not allow organizational impediments to stand in the way of timely action that ensures the safety of our citizens.
- Creating a new Global Engagement Directorate to drive comprehensive engagement policies that leverage diplomacy, communications, international development and assistance, and domestic engagement and outreach in pursuit of a host of national security objectives, including those related to homeland security.
The United States faces a wide array of challenges to its security, and the White House must be organized to effectively and efficiently leverage the tremendous talent and expertise of the dedicated Americans who work within it. The creation of the National Security Staff and the other recommendations from the study that I have approved will help to keep our country safe and our Homeland secure.
THE White House BLOG
FRIDAY, MAY 29TH, 2009 AT 10:00 AM
Securing Our Digital Future Posted by Melissa Hathaway
Melissa Hathaway, Cybersecurity Chief at the National Security Council, discusses securing our nation’s digital future:
The globally-interconnected digital information and communications infrastructure known as cyberspace underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety and national security. The United States is one of the global leaders on embedding technology into our daily lives and this technology adoption has transformed the global economy and connected people in ways never imagined.
My boys are 8 and 9 and use the Internet daily to do homework, blog with their friends and teacher, and email their mom; it is second nature to them. My mom and dad can read the newspapers about their daughter on-line and can reach me anywhere in the world from their cell phone to mine. And people all over the world can post and watch videos and read our blogs within minutes of completion. I can’t imagine my world without this connectivity and I would bet that you cannot either.
Now consider that the same networks that provide this connectively also increasingly help control our critical infrastructure. These networks deliver power and water to our households and businesses, they enable us to access our bank accounts from almost any city in the world, and they are transforming the way our doctors provide healthcare. For all of these reasons, we need a safe Internet with a strong network infrastructure and we as a nation need to take prompt action to protect cyberspace for what we use it for today and will need in the future.
Protecting cyberspace requires strong vision and leadership and will require changes in policy, technology, education, and perhaps law. The 60-day cyberspace policy review summarizes our conclusions and outlines the beginning of a way forward in building a reliable, resilient, trustworthy digital infrastructure for the future. T
here are opportunities for everyone—individuals, academia, industry, and governments—to contribute toward this vision. During the review we engaged in more than 40 meetings and received and read more than 100 papers that informed our recommendations. As you will see in our review there is a lot of work for us to do together and an ambitious action plan to accomplish our goals. It must begin with a national dialogue on cybersecurity and we should start with our family, friends, and colleagues.
We are late in addressing this critical national need and our response must be focused, aggressive, and well-resourced. We have garnered great momentum in the last few months, and the vision developed in our review is based on the important input we received from industry, academia, the civil liberties and privacy communities, others in the Executive Branch, State governments, Congress, and our international partners.
We now have a strong and common view of what is needed to achieve change. Ensuring that cyberspace is sufficiently resilient and trustworthy to support U.S. goals of economic growth, civil liberties and privacy protections, national security, and the continued advancement of democratic institutions requires making cybersecurity a national priority.
Watch experts from the public and private sectors discuss the Administration’s combined arms approach to securing our nation’s digital future:
As previously mentioned in this posting (White House Cyberspace Policy Review Requires Full Implementation of HSPD-12), the White House Cyberspace Policy Review (76 Pages, pdf) requires the Federal implementation of HSPD-12. This review resulted from President Obama directing a 60-day, comprehensive review to assess U.S. policies and structures for cybersecurity. Page 34 Specifically states (Emphasis mine):
The Federal government, following the guidance of Homeland Security Presidential Directive 12 (HSPD-12), is seeking to leverage the federal interoperable identity credentialing mechanism across the federal enterprise.
The Federal government should ensure resources are available for full federal implementation of HSPD-12. The Federal government also should consider extending the availability of federal identity management systems to operators of critical infrastructure and to private-sector emergency response and repair service providers for use during national emergencies.
The DHS Data Privacy and Integrity Advisory Committee provides advice at the request of the Secretary of Homeland Security and the DHS Chief Privacy Officer on programmatic, policy, operational, administrative, and technological issues within the DHS that relate to personally identifiable information, as well as data integrity and other privacy-related matters. The committee was established by the Secretary of Homeland Security under the authority of 6 U.S.C. section 451 and operates in accordance with the provisions of the Federal Advisory Committee Act (FACA) (5 U.S.C. App)
Please Note: The below webpages are offered as a reading room of materials related to this Federal Advisory Committee. All materials including meeting minutes, draft and final reports, agendas, etc. are either for or by the Committee and do not necessarily reflect the opinions and/or positions of the DHS Privacy Office or the Department. The Committee may choose to use these materials and others to provide advice to the Privacy Office and the Department on privacy and data integrity issues and ultimately the Department may choose to consider that advice. These materials are offered purely to provide transparency into the Committee’s process.
Request for Applicants for Appointment
The Department of Homeland Security Privacy Office is seeking applicants for membership terms on the DHS Data Privacy and Integrity Advisory Committee to expire in 2012 and 2013. If you are interested in applying for membership on the DHS Data Privacy and Integrity Advisory Committee, please submit the following documents to Martha K. Landesberg, Executive Director, at the address provided below by June 8, 2009:
A letter explaining your qualifications for service on the Committee; and
A resume that includes a detailed description of your experience that it is relevant to the Committee’s work.
Please send your documents to Martha K. Landesberg, Executive Director, DHS Data Privacy and Integrity Advisory Committee, by either of the following methods:E-mail: PrivacyCommittee@dhs.gov Fax: 703-235-0442
In support of the Department of Homeland Security’s policy on gender and ethnic diversity, qualified women and minorities are encouraged to apply for membership.For additional information please see the Federal Register Notice.
Request for Comments
Please provide any comments in writing to email@example.com, by postal mail, or by fax. All comments will be considered on an ongoing basis.
Reports, Recommendations, & Communications
- Final White Paper on Department of Homeland Security Information Sharing and Access Agreements approved by the Department of Homeland Security Data Privacy and Integrity Advisory Committee in public session on May 14, 2009 (PDF, 11 pages – 182 KB)
- Options for Verifying the EIN or Otherwise Authenticating the Employer in the E-Verify Program, Adopted December 3, 2008. (2008-02) (PDF, 5 pages – 56 KB). The Data Privacy and Integrity Committee made seven recommendations to the Secretary of Homeland Security and the DHS Chief Privacy Officer to address certain privacy and data security risks associated with the identification and authentication processes of the Department’s E-Verify system
- Recommendations on Addressing Privacy Impacts in Department of Homeland Security Grants to State, Local, and Tribal Governments and other Organizations, Adopted September 17, 2008. (2008-01) (PDF, 1 page – 22 KB). The Data Privacy and Integrity Committee made four recommendations to the Secretary of Homeland Security and the DHS Chief Privacy Officer to address privacy impacts in DHS Grant-making process to State, local and tribal governments and other organizations.
- Comments Regarding the Notice of Proposed Rulemaking for Implementation of the REAL ID Act, Adopted May 7, 2007 (2007-01) (PDF, 9 pages – 278 KB). The Data Privacy and Integrity Committee made twelve recommendations to the Secretary and the Chief Privacy Officer of the Department of Homeland Security regarding the Department’s implementation of the REAL ID Act of 2005.
- The Use of Commercial Data, Adopted December 6, 2006 (2006-03) (PDF, 13 pages – 227 KB). The Data Privacy and Integrity Advisory Committee (the Committee) has made additional recommendations to its previous report on the use of commercial data and issues the following report to the Secretary and Chief Privacy Officer of the Department of Homeland Security (DHS).
- The Use of RFID for Human Identity Verification, Adopted December 6, 2006 (2006-02) (PDF, 13 pages – 270 KB). The Data Privacy and Integrity Advisory Committee (the Committee) issues this report to the Secretary and the Chief Privacy Officer of the Department of Homeland Security (DHS).
- Framework for Privacy Analysis of Programs, Technologies, and Applications, Adopted March 7, 2006 (2006-01) (PDF, 10 pages – 256 KB). The Data Privacy and Integrity Advisory Committee has developed a report to serve as the framework for the Committee to analyze programs, technologies and applications at the Department of Homeland Security (DHS).
- Recommendations on the Secure Flight Program, Adopted December 6, 2005 (2005-02) (PDF, 4 pages – 87 KB). The Data Privacy and Integrity Advisory Committee has examined the Secure Flight Program and issues this report to the Secretary and the Chief Privacy Officer of the Department of Homeland Security (DHS).
- The Use of Commercial Data to Reduce False Positives in Screening Programs Adopted September 28, 2008 (2005-01) (PDF, 16 pages – 220 KB), First Report of the DHS Privacy Advisory Committee.
- Letter to Deputy Secretary Michael Jackson, (PDF, 2 pages – 72 KB) regarding the Committee’s intent to examine the Secure Flight program to assess the program’s approach to data privacy and integrity.
Advisory Committee Leadership
Privacy Advisory Committee members have diverse expertise in privacy, security, and emerging technology, and come from large and small companies, the academic community, and the non-profit sector. The members also reflect a depth of knowledge on issues of data protection, openness, technology, and national security. Members for the first term will serve staggered terms of two years, three years, or four years and all subsequent members will serve for a period of four years.
- Committee Charter (Renewed) (PDF, 3 pages – 22 KB). This renewed charter governs the Department of Homeland Security Data Privacy and Integrity Advisory Committee.
- Notice of Establishment, April 9, 2004 (PDF, 4 pages – 338 KB)
- DHS Announces Appointments to Privacy Advisory Committee, February 23, 2005.
Another Privacy View?
Cyberspace Policy Review Links