Volume 10, Issue 27 July 22, 2011 Department of Defense Announces First Strategy for Operating in Cyberspace The Department of Defense released today the DoD Strategy for Operating in Cyberspace (DSOC). By Aliya Sternstein, nextgov It is the first DoD unified strategy for cyberspace and officially encapsulates a new way forward for DoD‘s military, intelligence and business operations. ―It is critical to strengthen our cyber capabilities to address the cyber threats we‘re facing,‖ said Secretary of Defense Leon E. Panetta. ―I view this as an area in which we‘re going to confront increasing threats in the future and think we have to be better prepared to deal with the growing cyber challenges that will face the nation.‖ Reliable access to cyberspace is critical to U.S. national security, public safety and economic well-being. Cyber threats continue to grow in scope and severity on a daily basis. More than 60,000 new malicious software programs or variations are identified every day threatening our security, our economy and our citizens. ―The cyber threats we face are urgent, sometimes uncertain and potentially devastating as adversaries constantly search for vulnerabilities,‖ said Deputy Secretary of Defense William J. Lynn III. ―Our infrastructure, logistics network and business systems are heavily computerized. With 15,000 networks and more than seven million computing devices, DoD continues to be a target in cyberspace for malicious activity.‖ The DoD and other governmental agencies have taken steps to anticipate, mitigate and deter these threats. Last year, DoD established U.S. Cyber Command to direct the day-to-day activities that operate and defend DoD information networks. DoD Figure of the week also deepened and strengthened coordination with the Department of Homeland Security to secure critical networks as evidenced by the recent DoD-DHS Memorandum of Agreement. 2 x ―Strong partnerships with other U.S. government departments and agencies, the A KLAS report finds that the number private sector and foreign nations are crucial,‖ said Lynn. ―Our success in cyberspace of functioning health information depends on a robust public/private partnership. The defense of the military will exchanges in the US has more than matter little unless our civilian critical infrastructure is also able to withstand doubled since last year, with the attacks.‖ growth in private-sector exchanges surpassing the increase in public More at http://www.defense.gov/releases/release.aspx?releaseid=14651 exchanges. Volume 10, Issue 27 July 22, 2011 Page 2 Privacy and Security U.S. and Russia: Expanding the ―Reset‖ to Cyberspace reduce the risk of misperception and inadvertent crisis. It‘s a prime example of the ―Reset‖ in U.S.-Russia relations taking By Howard A. Schmidt, The White House on a new and important dimension. Many are familiar with our work on behalf of the President to reduce cybersecurity vulnerabilities, such as hardening Both the U.S. and Russia are committed to tackling common government systems and building public awareness about cybersecurity threats while at the same time reducing the cybersecurity for end-users. chances a misunderstood incident could negatively affect our relationship. But what you don‘t always hear about are our efforts to reduce the overall risk to our national networks through active We‘re actively working on doing so in numerous diplomacy and international technical collaboration. Both are key efforts for realizing the President‘s International Strategy ways: through regular exchanges of information on technical for Cyberspace (pdf) released in May. threats to both sides like botnets; by better understanding each other‘s military views on operating in cyberspace; and by Risk reduction is crucially important to our relationship with establishing 24/7 systems allowing us to communicate about Russia, where we continue regular policy coordination at the cybersecurity issues via our existing and highly successful highest levels, including on issues related to cybersecurity. crisis prevention communications links between our two capitals. We plan to have all three mechanisms established by Just last month we hosted a Russian delegation, led by my year‘s end. counterpart, Russian National Security Council Deputy Secretary Nikolay Klimashin, for another round of in-depth Through progress like this, our countries are leading the way in discussions here in Washington. developing pro-active bi-lateral measures that use cyberspace to more broadly enhance our national, and international Joined by senior officials from across the U.S. and Russian security. governments, our goal was to continue building mutual confidence in our two governments‘ activities in cyberspace to More at http://1.usa.gov/pLe4uo Tech IPOs Grapple with Privacy ―These companies realize that they need to be really upfront with what they are doing with data.‖ By Cecilia Kang, Reuters Daily deals site Groupon recently changed its privacy policies For social media start-ups, going public these days involves to collect more subscriber information and share that data more than sprucing up business and financial models. with partners. Ahead of its stock listing, it told its 83 million Also showing up in the blogs and securities filings of users about the changes in a recent e-mail. companies such as Groupon, LinkedIn, Pandora and Zynga is a Gamemaker Zynga, creator of Farmville, recently made a game new consideration: privacy. out of its privacy policy to lure users to understand how their These social networking firms after all are in the business of data is being used. The company learned first-hand about the data — collecting, sharing and sometime selling user importance of privacy policy disclosures after it was sued for information for targeted ads. They want to signal to investors allegedly sharing information about Facebook users. that they have a plan to make money from the trove of Right after it went public, professional social network LinkedIn information they have on users. announced in its blog that it would allow advertisers to publish So as federal lawmakers contemplate new online privacy laws when its users recommend products. Nearly all the firms that and regulators take up investigations of consumer protection have gone public so far or are gearing up for their IPOs have violations, this year‘s flood of social networking IPOs are listed online privacy enforcement and laws as a potential risk looking anew at how those activities in Washington, D.C., to future business. could affect their stock market prospects. Online real estate service Zillow, which will list its shares on ―Privacy is now finally and appropriately being seen as a the Nasdaq this Wednesday, listed potential Internet privacy compliance risk that is real and needs attention,‖ said Lisa laws as a risk factor to its business. Sotto, head of the privacy practice of law firm Hunton& Williams. More at http://wapo.st/nbamrJ Volume 10, Issue 27 July 22, 2011 Page 3 Information Sharing PM-ISE Releases the 2011 ISE Annual Report to the Congress By Vince Beiser, Miller-McCune The PM-ISE has officially released its 2011 ISE Annual Report to the Congress and we are proud of the information sharing success stories featured in the Report – stories that describe the outstanding accomplishments of our mission partners across the federal, state, local, and tribal governments, the private sector, and foreign allies. The Annual Report is required by law to provide the Congress ―a progress report on the extent to which the ISE has been implemented.‖ The Report highlights major ISE activities since July 2010 and is organized around five themes: Strengthening Management and Oversight - The Annual Report describes the work of the Information Sharing and Access Interagency Policy Committee (ISA IPC) and its sub- committees and working groups; of particular note, the Report highlights how these bodies expanded to include representatives of non-federal organizations and are reaching out to engage the private sector in developing the ISE, as well. Improving Information Sharing Activities - Among the state, local, and tribal law enforcement officers and analysts to many activities presented, the Report describes how the more easily access a rich variety of data services provided by Nationwide Suspicious Activity Reporting Initiative has made Assured Sensitive but Unclassified (SBU) networks. substantial progress toward streamlining reporting and analysis within fusion centers by implementing new standards, The Report also describes similar efforts for classified policies, and processes. information sharing. Another notable interagency effort involved the Baseline Enhancing Privacy, Civil Rights, and Civil Liberties Capabilities Assessment, during which federal, state, and local Protections - Balancing the need for national security with officials completed the first nationwide, in-depth assessment the need to protect privacy and civil liberties, the Report of fusion centers to baseline their capabilities. provides information on policies and training activities designed to enhance these protections. Establishing Standards for Responsible Information Sharing and Protection - Standards are critical to powering These are only a few of the activities that are helping the nation the ISE, and so the Report describes the efforts by the PM-ISE, build a robust information sharing environment. its mission partners, and standards organizations to identify And, while the Annual Report is primarily focused on