DoD Cyber Strategy - 2018

DoD Cyber Strategy – 2018

Cyber Strategy: Summary, 2018
U.S. Department of Defense

“American prosperity, liberty, and security depend upon open and reliable access to information.  The Internet empowers us and enriches our lives by providing ever-greater access to new knowledge, businesses, and services.  Computers and network technologies underpin U.S. military warfighting superiority by enabling the Joint Force to gain the information advantage, strike at long distance, and exercise global command and control.”

DoD Cyber Strategy – 2018 Read More
Security Engineering, 2nd Ed.

Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Ed.

“The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here’s straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.”

Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Ed. Read More
William Hugh Murray

An Interview with William Hugh Murray – A discussion of the rapidly evolving realm of practical cyber security

Communications of the ACM, March 2019
By Peter J. Denning

“What has changed over those years is not the need for security, but the risks and costs of insecurity. It should be clear to a casual reader of the news, let alone those with access to intelligence sources, that what we are doing is not working. It is both costly and dangerous… Most of the resistance to using these practices comes from loss of convenience. Good security is not convenient. But it is absolutely necessary for the security of our assets and the reliability of the many critical systems on which we all depend.”

An Interview with William Hugh Murray – A discussion of the rapidly evolving realm of practical cyber security Read More

New Girl Scout badges focus on cyber crime, not cookie sales

Reuters, June 21, 2017
Reporting by Barbara Goldberg

“Palo Alto Networks and Girl Scouts of the USA Announce Collaboration for First-Ever National Cybersecurity Badges: With the introduction of 18 new Cybersecurity badges, Girls Scouts of all ages will be able to explore opportunities in STEM while developing problem-solving and leadership skills.”

New Girl Scout badges focus on cyber crime, not cookie sales Read More

The Big Picture

Communications of the ACM, November 2018
By Steven M. Bellovin, Peter G. Neumann

“Cryptography is an enormously useful concept for achieving trustworthy systems and networks; unfortunately, its effectiveness can be severely limited if it is not implemented in systems with sufficient trustworthiness.

It is time to get serious about the dearth of trustworthy systems and the lack of deeper understanding of the risks that result from continuing on a business-as-usual course.”

The Big Picture Read More

Deception, Identity, and Security: The Game Theory of Sybil Attacks

Communications of the ACM, January 2019
By William Casey, Ansgar Kellner, et al.

“Along with the low cost of minting and maintaining identities, a lack of constraints on using identities is a primary factor that facilitates adversarial innovations that rely on deception. With these factors in mind, we study the following problem: Will it be possible to engineer a decentralized system that can enforce honest usage of identity via mutual challenges and costly consequences when challenges fail?”

Deception, Identity, and Security: The Game Theory of Sybil Attacks Read More

The End of Encryption? NSA & FBI Seek New Backdoors Against Advice from Leading Security Experts

Democracy Now!, July 8, 2015
By Juan González & Amy Goodman
Guest: Bruce Schneier

“FBI Director James Comey is set to testify against encryption before the Senate Intelligence Committee today, as the United States and Britain push for “exceptional access” to encrypted communications. Encryption refers to the scrambling of communications so they cannot be read without the correct key or password. The FBI and GCHQ have said they need access to encrypted communications to track criminals and terrorists. Fourteen of the world’s pre-eminent cryptographers, computer scientists and security specialists have issued a paper arguing there is no way to allow the government such access without endangering all confidential data, as well as the broader communications infrastructure. We speak with one of the authors of the paper, leading security technologist Bruce Schneier..”

The End of Encryption? NSA & FBI Seek New Backdoors Against Advice from Leading Security Experts Read More
The Perfect Weapon

The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age

Published by Penguin Random House, June 19, 2018
By David E. Sanger

“The Perfect Weapon is the startling inside story of how the rise of cyberweapons transformed geopolitics like nothing since the invention of the atomic bomb. Cheap to acquire, easy to deny, and usable for a variety of malicious purposes—from crippling infrastructure to sowing discord and doubt—cyber is now the weapon of choice for democracies, dictators, and terrorists.”

The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age Read More

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Communications of the ACM, January 2019, Vol. 62 No. 1, Pages 106-114
Research Highlights: “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice”
By David Adrian, Karthikeyan Bhargavan, et al.

“We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed.”

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice Read More
Book Cover - Zucked

Zucked: Waking Up to the Facebook Catastrophe

“The New York Times bestseller about a noted tech venture capitalist, early mentor to Mark Zuckerberg, and Facebook investor, who wakes up to the serious damage Facebook is doing to our society – and sets out to try to stop it. “

Roger McNamee has been a Silicon Valley investor for 35 years. He co-founded successful funds in venture, crossover and private equity. His most recent fund, Elevation, included U2’s Bono as a co-founder. He holds a B.A. from Yale University and…

Zucked: Waking Up to the Facebook Catastrophe Read More
Data & Goliath

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

You are under surveillance right now.

Your cell phone provider tracks your location and knows who’s with you. Your online and in-store purchasing patterns are recorded, and reveal if you’re unemployed, sick, or pregnant. Your e-mails and texts expose your intimate and casual friends. Google knows what you’re thinking because it saves your private searches. Facebook can determine your sexual orientation without you ever mentioning it.

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World Read More
Secrets & Lies

Secrets & Lies: Digital Security in a Networked World

Welcome to the businessworld.com. It’s digital: Information is more readily accessible than ever. It’s inescapably connected: businesses are increasingly–if not totally–dependent on digital communications. But our passion for technology has a price: increased exposure to security threats. Companies around the world need to understand the risks associated with doing business electronically. The answer starts here.

Secrets & Lies: Digital Security in a Networked World Read More
Applied Cryptography

Applied Cryptography: Protocols, Algorithms, and Source Code in C

This second edition of the cryptography classic provides you with a comprehensive survey of modern cryptography. The book details how programmers and electronic communications professionals can use cryptography — the technique of enciphering and deciphering messages — to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them in cryptographic software, and shows how they can be used to solve security problems. Covering the latest developments in practical cryptographic techniques, this new edition shows programmers who design computer applications, networks, and storage systems how they can build security into their software and systems.

Applied Cryptography: Protocols, Algorithms, and Source Code in C Read More