Monthly Archives: December 2011
COLLEGE PARK, MD /PRNewswire-USNewswire/ ~~ In a unique collaboration, an engineer and a criminologist at the University of Maryland, College Park, are applying criminological concepts and research methods in the study of cybercrime, leading to recommendations for IT managers to use in the prevention of cyber attacks on their networks.
Michel Cukier, associate professor of reliability engineering at the A. James Clark School of Engineering and Institute for Systems Research, and David Maimon, assistant professor of criminology and criminal justice in the College of Behavioral and Social Sciences, are studying cyberattacks from two different angles – that of the user and that of the attacker. Both are members of the Maryland Cybersecurity Center.
Their work is the first look at the relationship between computer-network activity patterns and computer-focused crime trends. “We believe that criminological insights in the study of cybercrime are important, since they may support the development of concrete security policies that consider not only the technical element of cybercrime but also the human component,” Maimon said.
In one study that focused on the victims of cyberattacks, the researchers analyzed data made available by the university’s Office of Information Technology, which included instances of computer exploits, illegal computer port scans and Denial of Service (DoS) attacks.
Applying criminological rationale proposed by the “Routine Activities Perspective,” Maimon and Cukier analyzed computer focused crime trends between the years 2007-2009 against the university network.
According to this perspective, which is designed to understand criminal victimization trends, successful criminal incidents are the consequence of the convergence in space and time of motivated offenders, suitable victims, and the absence of capable guardians. The researchers hypothesized that the campus would be more likely to be cyberattacked during business hours than during down times like after midnight and on weekends. Their study of the campus data confirmed their theories.
“Our analysis demonstrates that computer-focused crimes are more frequent during times of day that computer users are using their networked computers to engage in their daily working and studying routines,” Maimon said. “Users expose the network to attacks,” Cukier said. Simply by browsing sites on the Web, Internet users make their computers’ IP addresses and ports visible to possible attackers. So, “the users’ behavior does reflect on the entire organization’s security.”
Maimon, a sociologist, takes the study a step further. “Your computer network’s social composition will determine where your attacks come from,” he said. In a similar vein, “the kinds of places you go influence the types of attacks you get. Our study demonstrates that, indeed, network users are clearly linked to observed network attacks and that efficient security solutions should include the human element.”
Cukier adds, “The study shows that the human aspect needs to be included in security studies, where humans are already referred as the ‘weakest link.’”
Cukier and Maimon said the results of their research point to the following potential solutions:
1. Increased education and awareness of the risks associated with computer-assisted and computer-focused crimes among network users could prevent future attacks; 2. Further defense strategies should rely on predictions regarding the sources of attacks, based on the network users’ social backgrounds and online routines.
“Michel and David’s research exemplifies the interdisciplinary and comprehensive approach of the Maryland Cybersecurity Center,” noted Michael Hicks, director of the Maryland Cybersecurity Center. “Resources are not unlimited, so true solutions must consider the motivations of the actors, both attackers and defenders, as well as the technological means to thwart an attack. Michel, an engineer, and David, a criminologist, are considering both sides of this equation, with the potential for game-changing results.”
Maryland Cybersecurity Center: www.cyber.umd.edu
Michel Cukier Profile Page: www.enme.umd.edu/facstaff/fac-profiles/cukier.html
David Maimon Profile Page: www.ccjs.umd.edu/faculty/faculty.asp?p=209
About the Maryland Cybersecurity Center
Launched in 2010, the Maryland Cybersecurity Center was created as an interdisciplinary research center to bring together experts from computer science, engineering, business, public policy, economics, and the social and behavioral sciences to address our nation’s growing needs in cybersecurity. Maryland researchers will apply their unique expertise in wireless and network security, cryptography, secure software, cyber supply chain security & cybersecurity policy to generate ground-breaking, innovative solutions to current and future cybersecurity threats.
SOURCE University of Maryland
CONTACT: Missy Corley, firstname.lastname@example.org
Web Site: http://www.eng.umd.edu/
PISCATAWAY, NJ /PRNewswire/
“Free Isn’t Necessarily Free,” Warns IEEE Fellow Jeffrey Voas
Experts at IEEE – the world’s largest technical professional association – say smartphone owners are increasingly paying a high price for free mobile applications, with 2012 set to be a disruptive year of widespread mobile hacking. Research by IEEE Fellow Dr. Jeffrey Voas in the US has so far uncovered malware in more than 2,000 free smartphone apps. Voas says free, rogue applications like this will be the most common access-point for hackers over the next year.
“The issue with free apps is that you’re paying a price you don’t know about,” says Voas, who is also a computer scientist at the National Institute of Standards and Technology (NIST). “Of free mobile applications, approximately 1 in 100 now visibly contain malware – and that doesn’t even account for the ones where the malware is so hidden it’s impossible to spot. This number is growing by the day and with most of these rogue apps offering good functionality for free, it’s easy to be victimized.”
Adds Voas, “Smartphone users need to remember that free isn’t necessarily free. It can lead to hackers accessing all of the information stored on your phone and transmitting it within two to three seconds.”
Dr. Madjid Merabti, an IEEE Senior Member and Professor of Networked Systems at Liverpool John Moores University, UK, says while the public has been trained to recognize cyber-security threats associated with their PCs and laptops, they do not see their smart phones as computers and subject to the same threats. And in some ways those threats are even worse.
“Unlike on a PC, where web browsers often give plenty of warning about dodgy websites with warning lights and alerts, the screens on smart phones are too small to display this protection,” Merabti says. “These devices contain identifying information, potentially saved passwords, and authentication details, and are much more likely to be misplaced or stolen than other larger portable computing equipment.”
Kevin Curran, a Senior Member of the IEEE and Head of the School of Computing and Intelligence Systems at the University of Ulster, UK, says businesses will be the main victims in 2012. “With more people using the same phone for business and personal reasons, the upsurge in smartphone hacking presents a real issue for businesses as well as consumers,” he says. “A company can have all appropriate firewalls in place, but it takes just one employee to download malware onto their phone. In fact, with more senior employees using phones for work, it is likely to be C-suite executives exposing businesses to vulnerabilities.”
According to Curran, a “trusted app” approach is needed to combat hackers, something he hopes can be in place by 2013. He says he expects an increased number of people hacked via mobile phones in 2012 will motivate the industry and governments to define and implement such a system.
IEEE and its members are responding to the growing cyber-security threats by sharing knowledge and understanding through publications such as IEEE Security & Privacy as well as the Silver Bullet Security Podcast with Gary McGraw. You can subscribe to the security podcast here. IEEE also holds an annual IEEE Symposium on Security and Privacy, with the next one being held 20-23 May 2012 in San Francisco. The full proceedings of the 2011 conference are available free online . In addition, IEEE’s 2012 International Conference on Information Security and Intelligence Control will be held 14-16 August 2012 in Yunlin, Taiwan.
Other resources from IEEE:
- IEEE Spectrum recently reported that there were approximately one million cyber crime victims each day last year across 24 countries. – Watch an IEEE.tv video interview with McAfee Vice President of Strategy Vimal Solanki on current threats from the 2011 NIKSUN World Wide Security and Mobility Conference. – The IEEE Xplore Digital Library provides subscribers with both conference proceedings and peer-reviewed, research, including a proposal for an “application lockbox” for mobile device security outlined at the 2011 International Conference on Information Technology: New Generations.
Curran said the numbers game is working to attract hacker attention. “We saw 2011 as the year of the social network attack,” he says. “But with the number of smartphone users now representing approximately 20 percent of the mobile market, we will now see an explosion in smartphone attacks, both by technical experts and by novices buying tools from dark websites and conducting low-tech but effective scams. It only takes a couple seconds to steal personal information.”
For more information on IEEE, or to speak with a member about cyber security, please contact: email@example.com.
IEEE, the world’s largest technical professional association, is dedicated to advancing technology for the benefit of humanity. Through its highly cited publications, conferences, technology standards, and professional and educational activities, IEEE is the trusted voice on a wide variety of areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics. Learn more: http://www.ieee.org.
FYI Tidbits // S. 1747 ~ Computer Professionals Update Act would eliminate overtime payment for IT professionals
The Computer Professionals Update Act, which amends provisions in the Fair Labor Standards Act of 1938, would exempt IT professionals who make at least $26.73 hourly from the overtime payment requirement. IT professionals in this case are defined as those whose duties relate to “computers, information systems, components, networks, software, hardware, databases, security, Internet, intranet or websites,” whether it is analysts, programmers, engineers, designers or developers, according to the bill.
Read more/learn more: http://fcw.com/Blogs/Management-Matters/2011/12/Proposal-to-eliminate-overtime-pay.aspx
Semper Fi Staffing Solutions LLC is a veteran owned and operated placement service. Companies hire us to identify and screen candidates for available positions. Our specialties span all industries from physical security to program developers.
TITLE: Project Manager – Disaster Recovery (interfacing w/ Coop)
Salary: $85 – $100k
LOCATION: Washington DC
Position Type: Full Time
Experience Requirement: Six years of experience providing management for DoD and/or the IC
Education Requirement: Bachelor’s degree or Equivalent Experience
Security clearance required: Active TS/SCI (SSBI w/ in last 4 years)
Certifications: Project Management Institute (PMI) Project Management Professional (PMP)certification or advanced degree in management.
Semper Fi Staffing Solutions LLC is currently seeking candidates with a current TS/SCI for a Project Manager position currently open in Washington, DC. Contact Joseph Reagan for more information. 225-281-8881 or email resume and cover letter to firstname.lastname@example.org for more information.
Description: Support a DoD customer, whose focus is on the fusion and analysis of Intelligence information.
Duties: Provide project management and planning support for Disaster Recovery (DR) (cooperating with the Continuity of group) coordination and planning. Attend all DR planning and exercise execution sessions. Develop project plans developed in unison with stakeholders and other internal organizations. Manage financial, personnel, and equipment resource availability for assigned DR project actions. Coordinate internal and external tasking related to DR, as well as coordinating planning efforts to ensure an enterprise wide DR policy is developed and maintained. Position will also serve as the cognizant authority for employee designation and site assignment in the case of a COOP event. On a continuing basis, member will conduct risk assessments and adjust DR policy accordingly. Member will coordinate with system engineers to develop detailed engineering plans for DR. Ensure each service owner develops their own Disaster Recovery Plan (DRP) to identify how each service will be recovered in the event of a disaster or failed hardware/software operation. Support new project identification and tracking and project requirements evaluation and functional analysis. Lead the evaluation of preliminary design, schedule and cost estimates to include a list of materials including hardware and software. Validate project concepts with the customers and stakeholders to create or validate business cases for management decisions. Create or review and finalize project implementation plans. Define, manage, monitor and control project scope, cost, risk and schedule. Plan for and ensure adequate project documentation is completed. Provide oversight of system installation, system testing, and monitoring of deployment into the production environment. Define requirements for end-user training and system administration and operational support staff. Perform or lead project close-out activities and define plan for system deactivation and/or retirement. Provide weekly status reports of projects, and when required brief status reports (quad charts) to senior government management.
Minimum Qualifications (continued):
ADDITIONAL DESIRED QUALIFICATIONS:
Candidate must be customer oriented as our success is heavily based upon their satisfaction, which has at least as much to do with people skills and communications as technical capabilities. In addition to technical excellence, our clients judge us on promptness, attention to detail, presentation, and communication with their staff. Benefits Summary:
Sotera Defense Solutions, Inc. (Sotera) is an mid-sized national security technology company delivering systems, solutions and services in support of the critical missions of the Intelligence Community, Department of Defense, Department of Homeland Security and federal law enforcement agencies charged with ensuring the safety and security of our nation.
It has 1,400 employees focused on counterterrorism, cyber operations, intelligence, C4ISR and force mobility solutions to our customers throughout the national security community.
Sotera delivers services and solutions ranging from command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) systems and advanced engineering to counterterrorism, intelligence and expeditionary field support for customers in the Department of Defense, Department of Homeland Security, Intelligence Community and federal law enforcement agencies.
Technology and Intelligence Services
Counterterrorism Intelligence and Analysis
Sotera assists the Intelligence Community and other national security customers by facilitating the flow of critical information between U.S. government agencies to enhance decision making to protect the safety and economic well-being of our nation.
By providing IT specialists, software developers and counterterrorism subject matter experts to a number of agencies, Sotera contributes to the creation and analysis of actionable intelligence.
A key area of its expertise involves the monitoring of multiple classified and unclassified networks for potential terrorist-related threats and threat notification for rapid decision-making. Sotera is an industry leader in the field of terrorist watchlisting.
Cyber Intelligence and Cyber Operations
Sotera delivers cyber security systems and software engineering expertise in support of the critical intelligence, counterterrorism, and cyber security missions of our national security customers.
It is an industry leader in the design, development and deployment of next generation net-centric mission solutions that collect, analyze and protect vital information in cyberspace, leveraging core competencies in systems engineering and architecture, software engineering, content exploitation and defense analytics.
Data Analysis and Intelligence Information Sharing
Sotera deploys analytical tools and subject matter experts to facilitate faster and more thorough analysis of threats for critical intelligence-related, federal law enforcement, homeland security and counterterrorism missions, and it enables information to be shared across multiple agencies.
By integrating key data sources and exploring direct and non-obvious relationships of interest, its solutions support collaboration and information sharing and threat detection, helps ensure the mitigation of risks to our national security.
C4ISR and Mission Systems
Sotera designs and delivers C4ISR and mission-related systems to support U.S. Warfighters, wherever they operate.
It enhances command and control systems, develops C4I mission applications and mission planning solutions, as well as research, develop and evaluate electronic countermeasure techniques. Sotera designs and deploys computer-based navigation systems and geospatial information systems that integrate data from multiple sensors providing decision-makers with real-time situational awareness of the coastal waterways and port/harbor environments.
In addition to the maritime domain, these systems are used to protect critical infrastructure, secure borders, provide physical security information management and improve decision-making capabilities of national security customers.
Assured Enterprise IT
Sotera delivers mission-focused Assured Enterprise IT services and solutions to national security agencies operating in mission-critical environments and zero tolerance settings.
The expertise of Sotera IT specialists is focused on enterprise architecture and systems engineering, IT & network security, network engineering and intelligence analysis. Customer intimacy, technology leadership and development of its technical staff are essential elements in its approach and adeptness at delivering quick reaction solutions to mission-critical scenarios.
Network Design and Management
Sotera develops, deploys and operates sophisticated and secure networks for agencies across the defense, homeland security, intelligence and federal law enforcement communities.
Its network solutions support data and system integration, information security and cross-agency collaboration critical to operations in a complex and evolving cyber-security environment. Solutions include network topology design, data encryption, algorithm development, cross domain solutions development, data visualization and high assurance guard (HAG) development, which enables the transfer of classified and unclassified data to and from multiple security enclaves.
Learn more about Sotera Defense Solutions, Inc.
Job Interview Tips
An interview gives you the opportunity to showcase your qualifications to an employer, so it pays to be well prepared. The following information provides some helpful hints.
Information to bring to an interview: