Article Published: June 11, 2014
Article Published: June 11, 2014
Automated tools have become so ubiquitous that attacks against Internet-connected systems are commonplace. Because of this, the number of incidents reported offers little insight into the scope and effects of these attacks. The Computer Emergency Response Team Coordination Center (CERT®/CC) at Carnegie Mellon University’s Software Engineering Institute (SEI) no longer publishes the number of incidents reported. Instead, the CERT/CC is working with others to develop and report more meaningful metrics.
The 2013 CyberSecurity Watch survey, conducted among a sampling of 500 U.S. business and government executives, security experts and others in the public and private sector by CSO magazine in cooperation with the FBI, the CERT/CC and PricewaterhouseCooper, showed that companies are not doing enough to protect themselves against cybercrimes. Fifty-three percent of those responding had acknowledged that more damage was caused insiders rather than outsiders.
The worldwide monetary loss from cybercrime attacks has been extrapolated to be between $70 billion and $400 billion. The reason behind such a wide variance is the imprecise manner in which data is collected. Many companies tend to deal with data breaches quietly. And while respondents continue to be most concerned with intruders from outside their organizations, a considerable number continue to report damage caused from within. Reporting such occurrences does not bode well for a company’s image or public trust.
A recent study showed that 83 percent of adults who use social networking sites expose themselves to hackers and identity thieves. The study by Computer Associates (now CA) and the National Cyber Security Alliance (NCSA) was the first to study the link between specific online behaviors and the potential for becoming a victim of cyber crime. Although social networking sites, such as MySpace and FaceBook, have been examined from the standpoint of physical security issues, including sexual predators, this survey examined users’ online behavior and the possibility of other threats such as fraud, identity theft, computer spyware and viruses. Highlights of the survey reveal:
Contrary to the popular perception that social networking is an activity enjoyed almost exclusively by teens, a Pew Internet and American Life study showed that 65 percent of adult Internet users now use social networking sites. The growing number of adults using social networking sites is an indicator of the increasing popularity and potential security risks of these sites.
On an encouraging note, the survey revealed that adults are taking safety precautions with their children. Of the parents who know their children under 17 use social networking sites, 66 percent monitor their children’s profiles. Previously, the survey has shown that many adults have discussed safety precautions with their children: 94 percent have discussed how to watch for predators, 72 percent have discussed how to watch out for malicious software, and 64 percent have discussed how to watch out for individuals fraudulently trying to steal money.
A recent FBI report on cybersecurity details a wide range of known criminal cyber activities. Viruses, worms, Trojans, computer intrusions, Web site attacks and defacements, denial-of-service attacks, identity theft, privacy breaches and child pornography are included as just some of the better known examples.
Attackers fall into a range of categories, including disgruntled and dismissed employees, domestic and overseas competitors and even foreign governments and terrorists. Scores of Web sites are now readily vulnerable to international hackers and virus writers in numerous languages and cultures.
Types of attacks have a spectrum of their own, ranging from the $45 million stolen from ATMs worldwide by hacking into consumer prepaid credit card accounts, to the cyber Pearl Harbor warned of by outgoing Defense Secretary Leon Panetta. The former secretary singled out the country’s utility grids, financial networks and transportation systems as being particularly vulnerable.
As government, global e-commerce and mass computer use continue to grow, cybersecurity initiatives become all the more pressing. Simultaneously, progressive changes in intruder techniques increase the difficulties of predicting or detecting attacks or of limiting their potential damages. In short, such sophisticated threats demand truly sophisticated responses. As a result, President Obama signed an executive order in February of 2012 directing federal agencies to develop standards for improving cybersecurity in the private sector.
Amid such a backdrop, southwestern Pennsylvania has become the premier center of excellence in cybersecurity.
CERT® Coordination Center
The Computer Emergency Response Team Coordination Center (CERT/CC), part of Carnegie Mellon University’s Software Engineering Institute, is a nationally recognized cybersecurity center that has been leading the way in computer security response and research since 1988.
Following the Morris worm incident, which brought 10 percent of Internet systems to a halt in November 1988, the Defense Advanced Research Projects Agency (DARPA) charged the SEI with establishing a center to coordinate communication among experts during security emergencies and to help prevent future incidents on a national basis.
Today, working with the Department of Homeland Security, CERT/CC alerts U.S. industry, defense contractors and computer users worldwide to potential threats to the security of their systems and provides information about how to avoid, minimize or recover from the damage. The center has played a key role in coordinating responses to major security events, such as the Code Red worm, Melissa virus and, most recently, the DNS Changer, the Rootkit viruses and the Flame and Olympic Games Trojans.
The CERT/CC’s primary charge is to preempt or respond to any threats to the security of the Internet, and the millions of computers connected to it, and to analyze product vulnerabilities that place organizations and individuals at risk. The CERT/CC is part of the SEI’s CERT program, which ensures that appropriate technology and systems management practices are used to resist attacks on networked systems, to limit damages and to ensure continuity of critical services in spite of successful attacks ("survivability"). Numerous alerts, vulnerability reports, educational guides and other statistics are published by CERT each year.
To accomplish its mission, CERT/CC specializes in survivable enterprise management, survivable systems engineering and vulnerability analysis. The organization also is committed to increasing awareness of security issues and helping organizations improve the security of their systems by disseminating information through many channels. Although the CERT/CC has not published annual vulnerability report totals since 2008, its archive catalogs approximately 41,000 vulnerability reports from other sources worldwide.
While there is only one CERT Coordination Center, the staff of more than 150 has helped foster 67 computer security incident response teams (CSIRTs) around the world, providing them with guidance and training. The CERT/CC coordinates with these teams to respond to computer security issues. Many of the teams are members of the Forum of Incident Response and Security Teams, of which the CERT/CC is a founding member.
The CERT’s Virtual Training Environment (VTE) meets the needs of training Department of Defense and others in information assurance. The VTE has been well received by the DoD and its use is growing. In any given year, the VTE delivers approximately 120,000 hours in training.
The first U.S. Secretary of Homeland Security Tom Ridge recognized the CERT/CC as “a key element to our national strategy to combat terrorism and protect our critical infrastructure.” Accordingly, the Department of Homeland Security announced a partnership with the CERT/CC to create US-CERT, a coordination point for reducing the frequency and impact of cyber attacks. US-CERT, which monitors all federal networks, includes other partnerships with private-sector security vendors and international organizations. These groups work together to coordinate national and international efforts to prevent cyber attacks, protect systems and issue responses to cyber attacks.
In 2008, CERT/CC Computer Forensics team was recognized by U.S. House of Representatives Murtha, Doyle, and Altmire for their role in the indictment of 11 individuals by the U.S. Department of Justice for the largest identity theft case in history.
The CERT/CC also has received national recognition by trade and newspaper outlets for their efforts in developing best practices to prevent insider threat attacks. CERT/CC researchers are consistently top presenters at RSA, the largest security conference in the U.S., and they are routinely asked to testify before Congress and advise at numerous federal agencies. Including the FBI, the Secret Service and the U.S. Postal Service.
CERT/CC’s private sector activities account for between 10 and 15 percent of its revenues, and they generated approximately $80 million in 2013, which represents annual growth in that sector of up to 10 percent.
FBI/Pittsburgh – Computer Crimes Task Force
The Pittsburgh office of the FBI has been a leading cyber crime-fighting unit since 2000, when it became the first branch to hire an official computer science agent. During the same year, FBI/Pittsburgh and the CERT/CC joined forces in the formation of the Pittsburgh High-Tech Computer Crimes Task Force, a first of its kind in the nation.
As a unit of consolidated federal, state and local law enforcement, the task force was created with the purpose of pooling technical and investigative resources trained in computer technology and cyber crime in order to advance the mission of all enforcement agencies. The Pittsburgh High-Tech Computer Crimes Task Force provided forensic examination, intelligence and technical assistance to all agencies encountering computers during the course of their investigations.
Unlike traditional types of crimes, technology has made it more difficult to answer the who, what, where, when and how of both traditional and non-traditional criminal activity; as a result, evidence in the digital space must be handled differently. The task force meets these evolving challenges as part of its mission. A regional forensic and training center allows businesses to run test hack scenarios to measure how well security initiatives perform.
Since 2000, similar task forces have been deployed in every FBI field office. And in 2002, the FBI reorganized to create its own cyber division. This division simultaneously supports FBI priorities across program lines, assisting counterterrorism, counterintelligence and other criminal investigations when aggressive technological investigative assistance is required.
The National Cyber Forensics & Training Alliance (NCFTA) is the first partnership of its kind in the nation, and it grew out of the work performed by the Pittsburgh High-Tech Computer Crimes Task Force.
The NCFTA provides a neutral collaborative venue where critical confidential information about cyber incidents can be shared discreetly, and where resources can be shared among industry, academia and law enforcement. The Alliance facilitates advanced training, promotes security awareness to reduce cyber-vulnerability and conducts forensic and predictive analysis and lab simulations. These activities are intended to educate organizations and enhance their abilities to manage risk, develop security strategies, collaborate on best practices, detect and combat cybercrime and illicit activities.
President Barak Obama in a White House 2009 Cyberspace Policy Review had named NCFTA as one of three international organizations that stand out as an “effective model” in national cyber security. Members of the NCFTA jointly developed and staffed facilities, where program participants benefit from cyber-forensic analysis, tactical response development, technological simulation/modeling analysis and the development of advanced training.
The NCFTA is comprised of experts from industry, academia and government, including:
Future partnerships will be established in regions where interest exists to combine resources, intelligence, and expertise more effectively. These additional partnerships will be linked together, enhancing the resources fundamental to this project. This coordinated and decentralized approach will empower regional teams with vital information and expertise in a timely and efficient manner
Pittsburgh is home to a number of other cybersecurity assets. In 2004, Carnegie Mellon University became one of only two institutions in the U.S. to receive National Science Foundation (NSF) funding for the study of a branch of cybersecurity, called Security Through Interaction Modeling Carnegie Mellon received $6.4 million, just eclipsing the University of California at San Diego, which received $6.2 million.
Its large faculty in cybersecurity-related fields and significant levels of funding at its Software Engineering Institute are important assets in the development of a larger cybersecurity market.
Since education is a necessary component of safeguarding the computer network, Carnegie Mellon also initially invested $6 million in 2003 to institute CyLab, one of the largest university-based cybersecurity education and research centers in the U.S. CyLab is multi-disciplinary and university-wide, involving six different departments and schools from Carnegie Mellon, more than 20 staff and faculty, along with more than 120 students. CyLab currently is supported almost exclusively by private funding, such as competitive contracts, grants and up to 14 industry partnerships. Current partners include, but are not limited to:
CyLab’s mission is to design, develop and create new secure, trustworthy and sustainable computing devices, hardware and communications systems for advancing and improving the nation’s capabilities in response and prediction to attacks. CyLab seeks to educate individuals at all levels in addressing the threats to the country’s cyber infrastructure by providing technology, resources and expertise in four areas:
With a budget of about $10 million, CyLab is an NSF CyberTrust Center, and it is a key partner in NSF-funded Center for Team Research in Ubiquitous Secure Technology. CyLab also is a National Security Agency (NSA) Center of Academic Excellence in Information Assurance Education, as well as a Center for Academic Excellence in Research, also designated by the Department of Homeland Security.
Carnegie Mellon previously had received three NSF Federal Cyber Service Scholarship for Service Capacity-Building Track awards (from 2002 through 2007.) This funding has been used to develop and offer six editions of an intensive, month-long, in-residence summer program to help develop information assurance (IA) education and research capacity at colleges and universities designated as minority-serving institutions (MSIs), specifically, historically black colleges and universities and Hispanic serving institutions. The program has exceeded the expectations of all participants and has made a measurable impact on the capacity of these MSIs to educate students in IA. With the last two grants, Carnegie Mellon was able to invite 36 faculty, including two department chairs in computer and information sciences and similar departments from 11 MSIs.
The Software Engineering Institute has designed and continuously is developing a curriculum to teach system and network administrators about information assurance, including a way for them to think about information security issues and a set of skills to help them integrate security policy, practices and technologies into their operational infrastructure. This Survivability and Information Assurance curriculum is to be offered at community colleges across the country, making such education affordable and accessible to professionals and employers.
At the University of Pittsburgh, the Department of Information Science and Telecommunications has established the Laboratory of Education and Research on Security Assured Information Systems (LERSAIS). This premier program focuses on the diverse problems related to security and survivable information systems, networks and infrastructures, while developing and supporting high quality education in security and information assurance.
Since the spring of 2004, LERSAIS has hosted numerous seminars on information security presented by leading experts from all over the country. As a result, The University of Pittsburgh has been designated as a National Center of Academic Excellence in Information Assurance Education, and since their inaugural year in 2004, it is one of only 10 Centers in the U.S. that have maintained a commitment to retaining the certification. The designation is awarded jointly by the NSA and the Department of Homeland Security.
It continues to serve as a multidisciplinary forum for the synergistic interaction among researchers within survivable information systems, as well as other experts in information assurance-related areas outside the school.
One example of this academic excellence is the NSA-approved curriculum to train security professionals in three computer security standards. These standards are: training for information systems security professionals; training for designated approving authorities; and training for system administrator professionals.
Curriculum also includes subjects, such as “Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks,” “Privacy Enhancing Techniques for Social Network” and “Combating Cyber Threats with High-Performance Computers.”
Among the university’s corporate partners is Cisco, which initially awarded the LERSAIS program an equipment grant worth $100,000. In addition, LERSAIS was given the Department of Defense (DoD) Information Assurance Scholarship award for partnering with the National Defense University’s Information Resource Management College (NDU/IRMC). Under this program, a student who has been studying under certificate programs at NDU/IRMC can pursue the security assured information systems (SAIS) track in the Department of Information Sciences and Telecommunication with a Department of Defense scholarship.
Although many large corporations and government agencies manage computer security in house by hiring their own staff of experts, the market for cybersecurity services reached nearly $68 billion in 2013, with an average annual increase of $5 billion. While previous projections showed the federal government alone spending $10.5 billion annually by 2015, in 2013, the U.S. Departments of Defense and Homeland Security collectively spent nearly $4.2 billion.
Part of this anticipated growth will be fueled by the financial services industry, where spending on security-related products and services has reached $5.3 billion. Those in the industry surveyed responded that to effectively stop 95 percent of the attacks on the nation’s banks and financial institutions, spending would have to increase to $46.6 billion annually.
More than 40 businesses in southwestern Pennsylvania indicate some level of involvement and expertise in cybersecurity, and all are poised to take advantage of the growth trend. Included in this community are hardware and software designers, cybersecurity consulting services, developers of monitoring software and tracking devices, and manufacturers of technical surveillance and security counter-measures equipment.
ABS Computer Technology, Netronome Systems, Pittsburgh Pattern Recognition (recently acquired by Google) and Wombat Security Technologies are just a few of the organizations driving the region’s progressive cybersecurity efforts.
The Pittsburgh region continues to solidify its claim of a center of excellence in cybersecurity. The private firms that operate within this emerging cluster are only part of the picture. The presence of university-based and government agencies also attract a disproportionate share of federal funding for research, development and national cybersecurity services.