October 24, 2013
The National Institute of Standards and Technology (NIST) have published the Draft of Voluntary Cybersecurity Standards for Corporations (DVCSC) that outlines how to “identify, protect, detect, respond and recover from hackers.
NIST stated that the DVCSC “would offer a common language and mechanism for organisations to determine their current cyber security state, target improvements while balancing any risks and assessing progress towards their goals.”
The DVCSC collaborated with the Department of Homeland Security (DHS), the Department of Commerce (DoC) and the Department of US Treasury (DUST); as well as 3,000 “industry and academic experts”.
Patrick Gallagher, director of the NIST, said that the DVCSC is a “living document” and that “ultimately what we want to do is we want to turn today’s best practices into common and expected practices.”
Gallagher said: “We want to turn today’s best practices into common practices, and better equip organizations to understand that good cybersecurity risk management is good business. The framework will be a living document that allows for continuous improvement as technologies and threats evolve. Industry now has the opportunity to create a more secure world by taking ownership of the framework and including cyber risks in overall risk management strategies.”
Because of “relentless efforts” of hackers to disrupt the websites of financial institutions, the power grid and “other critical infrastructure” the common direct denial-of-service (DDoS) attack has become a “national security threat”.
President Obama urged the NIST to provide “voluntary minimal standards” through executive order so that Congress could be by-passed and the Obama administration’s agenda for controlling the free-flow of information on the web.
The NIST explains:
- How corporations can protect their network assets
- The necessity of software platforms and applications for government-sponsored internet controls
- Summaries on cybersecurity for corporate executives
- How corporations are responsible for implementing government-controls on their websites
- Setting federal information security policies
To make sure the new standards are fully understood and implemented, the NIST will hold a workshop November 14th and 15th on the “preliminary framework” at Carolina State University (CSU).
DHS announced that October is National Cyber Security Awareness Month (NCSAM).
NCSAM is “an opportunity to engage public and private sector stakeholders – especially the general public – to create a safe, secure, and resilient cyber environment. Everyone has to play a role in cybersecurity.”
DHS, through NCSAM, wants to raise “cybersecurity awareness across the nation and to working across all levels of government, the private sector, and internationally to protect against and respond to cyber incidents.”
The American public is encouraged to participate in NCSAM by:
- Attending an official DHS event
- Educating themselves on “how your government, law enforcement, business, school, or organization can take
- action during NCSAM”
- Educating public school students K – 12 on “internet safety and security”
- Spreading “tips, news and resources” provided by DHS on social media sites
The groups DHS intends to target are:
- Students K-12 and undergraduates
- Parents and Educators
- Young Professionals
- Senior citizens
- Small business owners
- Law enforcement
DHS has begun an initiative to purvey propaganda onto American citizens called Stop.Think.Connect. (STC). The STC have teamed with Microsoft to create public service announcements (PSAs) that convince average Americans on how to perceive the inflated threat hackers have on the US government’s cybersecurity.
To combat this nameless, faceless threat, the DHS is setting the foundation for a “cyber reserve” of IT experts that will be employed as needed during a cyber-attack.
Jane Holl Lute, DHS Deputy Secretary, wants to create the cyber reserve from retired government employees working in the private sector for intelligence technology corporations. Those chosen would conduct forensic investigations and be “intelligence liaisons” to the DHS.
In 2012, President Obama signed a secret policy directive that gives the military complete control over the internet should the US come under a cyberattack.
Being called Presidential Policy Directive 20, the alleged document (being classified) is a guideline that explains how specific federal agencies will be empowered by the Obama administration to intercept online “breaches of security” – including hacking and other digital attacks.
This document assures that the US government is taking the offensive and proactive approach to digital security where network defense is recognized as operations designed to ensure defense of national security.
Whether it means shutting down main servers or local computers that have been identified as targets, a complete shutdown of internet access (although it requires cybersecurity legislation) would not be out of the realm of possibility.
The military’s role in cybersecurity with regard to digital attacks will be to ensure US digital information, data, and privacy be protected. This new responsibility with be worked in conjunction with law enforcement network defenses that are being used to para-militarizing the web using cyber units.