Cybersecurity Wednesdays is written by Van Ristau, DLT Solutions’ Chief Technology Officer. Throughout the month, he’ll explore the world of public sector cybersecurity; introducing concepts, offering opinions, providing resources, and identifying ways to protect your agency. You may also follow Van on Twitter at @VanRistau.

TechnTechnically News is a new feature on Technically Speaking that scans thousands of industry articles to present you with a weekly source of IT news, information, and ideas that impact the public sector.ically News is a new feature on Technically Speaking that scans thousands of industry articles to present you with a weekly source of IT news, information, and ideas that impact the public sector.

Technically News is a new feature on Technically Speaking that scans thousands of industry articles to present you with a weekly source of IT news, information and ideas that impact the public sector.

Children won’t be the only ones trick-or-treating this month. Last year, federal agencies reported an estimated 3,574 incidents every month in 2011 according to the Government Accountability Office. The same office also said incidents reported have increased nearly 680% in the last six years. Due to rising cyber terrorism and the need for increased cyber security, President Obama has designated October “National Cyber Security Awareness Month”.

The DLT Cloud Advisory Group is focused on the emerging cloud landscape and proactively engages with the public sector community interested in cloud computing. We also actively contribute to establish standards through our participation in various Standards Development Organizations. Along with IEEE, NIST, and the CSA, we are active contributors to the Cloud Standards Customer Council (CSCC). Most recently, we have been assisting the CSCC Security Working Group’s research efforts for their recent whitepaper, “Security for Cloud Computing: 10 Steps to Ensure Success.”

The following noteworthy identity management statement comes from the Cyberspace Policy Review issued last year by President Obama: “Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.” To be clear, I am an avid opponent of “anonymity for all” on the web. I do not think it is in our common interest to have anonymous communication in the public sector. I know that I will draw the ire of many who view the Internet as a constitutional right, but I persist with this view because the very nature of our constitution provides for the free and open exchange of ideas in the public forum. With this protection in place why would we need anonymity given the extreme handicap that it places on us in processing information?

Privacy vs. Security The AFCEA Global Intelligence Forum was scheduled for this June but given the ongoing debate in Congress on the conference topic and the FY13 budget uncertainties, the event has been postponed. Nevertheless, they have proposed some interesting questions: • What does it mean to be a citizen of the information nation? • Who are the protectors of that nation and what is the appropriate balance between personal privacy and public security? • Is the choice between security and privacy a false one? Can technology itself enable safe and secure citizenship? • Who and how should the ethics of information technology be determined? How does the next generation – the generation of cyber “citizens” – view the issue of privacy and security? It is easy to believe that there are more questions than answers but that is not a particularly useful ground to stand on for analysis. Let’s explore these questions.

This year’s RSA conference was a deluge of technology centered on the usual security suspects with an addition of recent year themes surrounding the challenges of cloud computing. Two years ago the conference was all about cloud, last year it was “Bob and Alice” (the challenges of compliance vs. defection surrounding lack of trust in cyberspace).This year’s “Mightier than the Sword” theme was the next logical step towards cyber warfare. After all, regardless of the strength of security controls, the presence of global information availability coupled with the absence of trust inevitably tends toward war. Perhaps it is time to work on this “trust” problem. After all, it’s all about risk… right?

An agency’s computer system is under constant cybersecurity threats from several factors. While many of them are intentional, such as fraud and theft, there are also the unintentional errors and omissions that threaten a systems security. Let’s take a closer look at some examples. The Intentionally Malicious Information technology is increasingly used to commit fraud and theft. Computer systems are exploited in numerous ways, both by automating traditional methods of fraud and by using new methods. Unfortunately, insiders who are authorized users of a system perpetrate the majority of the fraud uncovered on computer systems. Since insiders not only have access to, but are also familiar with the victim computer system (including what resources it controls and where the flaws are), authorized system users are in a better position to commit crimes. Former employees may also pose threats, particularly if their access is not terminated promptly.