SECRECY NEWS
from the FAS Project on Government Secrecy
Volume 2011, Issue No. 36
April 18, 2011

Secrecy News Blog: http://www.fas.org/blog/secrecy/

SECRECY OF CYBER THREATS SAID TO CAUSE COMPLACENCY

The American public does not have an accurate sense of the threat posed by attacks in cyberspace because most of the relevant threat information is classified, according to Sen. Sheldon Whitehouse (D-RI), who introduced legislation last week to raise public awareness of cyber security hazards.

"The damage caused by malicious activity in cyberspace is enormous and unrelenting," Sen. Whitehouse said on April 14. "Every year, cyber attacks inflict vast damage on our Nation's consumers, businesses, and government agencies. This constant cyber assault has resulted in the theft of millions of Americans' identities; exfiltration of billions of dollars of intellectual property; loss of countless American jobs; vulnerability of critical infrastructure to sabotage; and intrusions into sensitive government networks."

"These massive attacks have not received the attention they deserve. Instead, we as a nation remain woefully unaware of the risks that cyber attacks pose to our economy, our national security, and our privacy," he said.

"This problem is caused in large part by the fact that cyber threat information ordinarily is classified when it is gathered by the government or held as proprietary when collected by a company that has been attacked. As a result, Americans do not have an appropriate sense of the threats that they face as individual Internet users, the damage inflicted on our businesses and the jobs they create, or the scale of the attacks undertaken by foreign agents against American interests."

With Sen. Jon Kyl (R-AZ), Sen. Whitehouse introduced the "Cyber Security Public Awareness Act" to require government agencies to provide increased public reporting of cyber threat information.

"As of 2011, the level of public awareness of cyber security threats is unacceptably low. Only a tiny portion of relevant cyber security information is released to the public. Information about attacks on Federal Government systems is usually classified. Information about attacks on private systems is ordinarily kept confidential. Sufficient mechanisms do not exist to provide meaningful threat reports to the public in unclassified and anonymized form," the bill stated.

Last year, Sen. Whitehouse chaired a bipartisan Senate Intelligence Committee task force on cyber security.

"The government keeps the damage we are sustaining from cyber attacks secret because it is classified," he said last November. "The private sector keeps the damage they are sustaining from cyber attacks secret so as not to look bad to customers, to regulators, and to investors. The net result of that is that the American public gets left in the dark."

ONLINE SECURITY TIPS FROM THE NATIONAL SECURITY AGENCY

The National Security Agency published a brochure this month on "Best Practices for Keeping Your Home Network Secure." Among other online security measures, the NSA suggested providing false answers to password recovery challenge questions.

"The cyber threat is no longer limited to your office network and work persona," the NSA said. "Adversaries realize that targets are typically more vulnerable when operating from their home network since there is less rigor associated with the protection, monitoring, and maintenance of most home networks. Home users need to maintain a basic level of network defense anygiene for both themselves and their family members when accessing the Internet."

******************************

Secrecy News is written by Steven Aftergood and published by the Federation of American Scientists.

The Secrecy News blog is at:
      http://www.fas.org/blog/secrecy/

To SUBSCRIBE to Secrecy News, go to:
     http://www.fas.org/sgp/news/secrecy/subscribe.html

To UNSUBSCRIBE, go to:
      http://www.fas.org/sgp/news/secrecy/unsubscribe.html

OR email your request to saftergood@fas.org

Secrecy News is archived at:
      http://www.fas.org/sgp/news/secrecy/index.html

SUPPORT the FAS Project on Government Secrecy with a donation here:
      http://www.fas.org/member/donate_today.html