Ukraine under cyber attack once again by Russia

BBC reports that there has been a 48-hour denial of service (DoS) attack against the Ukranian mail service.



http://www.bbc.com/news/technology-40886418

There are further details on a Ukranian Facebook page.

https://www.facebook.com/ukrposhta/

Russian cyberattack disrupted N.C. election results

In a critical voting district, Russian cyber attacks caused great confusion at several polling places delaying and interfering with some voters.

The attack was on the voting rolls rather than the voting machines, making it appear that some people weren't qualified to vote.

Voters were going in and being told that they had already voted — and they hadn't," recalls Allison Riggs, an attorney with the Southern Coalition for Social Justice. (NPR report)

NSA report: http://www.npr.org/2017/06/06/531701318/intercept-article-reveals-nsa-report-on-russian-cyberattack

http://www.npr.org/2017/06/20/533637643/despite-nsa-claim-election-vendor-denies-system-was-compromised-in-hack-attempt

http://www.npr.org/2017/08/10/542634370/russian-cyberattack-targeted-elections-vendor-tied-to-voting-day-disruptions

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions (2017)

The National Academy of Science has published a new report on cybersecurity. It is sold in print for $47 but can be downloaded by anyone for free in pdf format.

https://www.nap.edu/login.php?record_id=24676&page=https%3A%2F%2Fwww.nap.edu%2Fdownload%2F24676

You have to register but that is simple, fast, and FREE.

OVERVIEW

Contributors

National Academies of Sciences, Engineering, and Medicine; Division on Engineering and Physical Sciences; Computer Science and Telecommunications Board; Lynette I. Millett, Baruch Fischhoff, and Peter J. Weinberger, Editors

Description

Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic process involving human attackers who continue to adapt. Despite considerable investments of resources and intellect, cybersecurity continues to poses serious challenges to national security, business performance, and public well-being. Modern developments in computation, storage and connectivity to the Internet have brought into even sharper focus the need for a better understanding of the overall security of the systems we depend on.

[read full description]

Topics

• Computers and Information Technology — Information Security and Privacy
• Computers and Information Technology — Policy, Reviews and Evaluations
• Conflict and Security Issues — Prevention, Security and Response

Suggested Citation

National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. https://doi.org/10.17226/24676.

From the summary

Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic process involving human attackers who continue to adapt. Despite considerable investments of resources and intellect, cybersecurity continues to pose serious challenges to national security, business performance, and public well-being. Modern developments in computation, storage, and connectivity to the Internet have brought into even sharper focus the need for a better understanding of the overall security of the systems we depend on.

The research cultures that have developed in the security community and in affiliated disciplines will increasingly need to incorporate lessons not just from a wider variety of disciplines, but also from practitioners, developers, and system administrators responsible for securing real-world operational systems. This report is aimed primarily at the cybersecurity research community, but takes a broad view that efforts to improve foundational cybersecurity research will need to include many disciplines working together to achieve common goals.

There have been many reports on cybersecurity research offering many recommendations. Rather than echo these reports and expand their lists of proposed projects, the committee has focused on foundational research strategies for organizing people, technologies, and governance. These strategies seek to ensure the sustained support needed to create an agile, effective research community, with collaborative links across disciplines and between research and practice.

Suggested Citation:"Summary." National Academies of Sciences, Engineering, and Medicine. 2017. Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington, DC: The National Academies Press. doi: 10.17226/24676.

×

Save

Cancel

Part of the task of the Committee on Future Research Goals and Directions for Foundational Science in Cybersecurity was to consider gaps in the federal research program. In the committee’s view, the security community and funders understand the breadth of the challenge and the importance of emphasizing progress on all fronts—a diversity evident in the diverse approaches taken by the federal agencies supporting cybersecurity research. Instead of focusing on gaps, this report offers a framework that links research efforts. The strategy advocated below requires unusual collaborations among disciplines focused on technologies and those focused on the individuals and organizations that try to attack and protect them. Achieving those collaborations will require creating incentives that run counter to academic pressure for publications and user pressures for short-term results.

To this end, the committee’s analysis is organized under the four following broad aims for cybersecurity research:

• Support, develop, and improve security science—a long-term, inclusive, multidisciplinary approach to security science.
• Integrate the social, behavioral, and decision sciences into the security science research effort, since all cybersecurity challenges and mitigations involve people and organizations.
• Integrate engineering and operations for a life-cycle understanding of systems.
• Sustain long-term support for security science research providing institutional and community opportunities to support these approaches.

Not every research effort will or needs to address all four aims. However, articulating where each sits with respect to them is important to the coherence of the research program. These four aims are discussed below.