tag:blogger.com,1999:blog-20236701.post172591169029792173..comments2024-01-02T19:45:37.874-05:00Comments on National Security Policy: A Framework For Thinking About Cyber Security PolicyRobert Farleyhttp://www.blogger.com/profile/12233771830519084383noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-20236701.post-75654005136333160492012-11-28T22:44:10.500-05:002012-11-28T22:44:10.500-05:00Changing the nature of software development to avo...Changing the nature of software development to avoid significant vulnerability to cyber attacks would certainly be a step in the right direction for achieving cyber security. Security updates are designed for addressing vulnerability for software in current use. But how do we address the security threat posed by theft of outdated systems? As you correctly state, the greater risk in a cyber attack is to the systems and information rather than to the network. With rapidly changing technology, systems themselves quickly become replaced. I would argue that a program for ensuring the protection of old systems is equally important as addressing the development of new software for national security. <br /><br />The International Atomic Energy Agency (IAEA) announced today that one of its old computer servers was hacked by an anti-Israeli, pro-Iranian hacker group, identified as Parastoo. The hackers claimed to have stolen the contact information for nearly 200 scientists and officials associated with the IAEA. The names include scientists at U.S., British, European, and Japanese universities, as well as Russia’s Space Research Institute. The group has already posted numerous e-mail addresses of these personnel on the Parastoo website, and is threatening to post the employees’ personal information, unless the IAEA takes immediate action to investigate Israel’s nuclear power plant for evidence of nuclear weapons. The group further demands that the individuals listed sign a petition for the investigation, lest they be considered party to a crime in the event that Israel causes a nuclear incident. The group also vowed to become a permanent fixture in the hacker community. <br /><br />An IAEA spokesperson stated that the server from which the information was stolen was shut down some time ago, and that efforts to eliminate vulnerability were taken well before it was hacked. Although it is believed that the stolen data did not include information related to the confidential work carried out by the IAEA, technical and security teams are still trying to analyze the situation to ensure that information is no longer vulnerable. Whether information on the IAEA's work was hacked or not, the question of whether it could have been is incredibly alarming simply due to the IAEA's work in nuclear energy. <br /><br />While these types of cyber attacks do not pose a disruption to sensitive networks, they still pose a major security threat, as there is little chance of recovering the information once it is taken, and no limit as to how the information will be shared or used. Unfortunately, in this type of cyber attack, there is no “patch”. An attack cannot be fixed, it can only be prevented. While technical experts are devising a way to create foolproof software, they should not forget the dire importance of counseling agencies and companies on how to protect what they are no longer using. <br />SweetBhttps://www.blogger.com/profile/09457944338695795924noreply@blogger.com