I’m pleased to announce that I will be serving in a leadership capacity in the American Society of International Law’s new interest group, the International Law and Technology Interest Group (ILTechIG), which will focus on the implications of technological advances across a range of international law disciplines. The group is co-chaired by Molly Land and Anupam Chander, with (me) Greg McNeal serving as the Secretary/Treasurer. To join this interest group, log in at asil.org, click on “Interest Groups” (left navigation bar), select the “All Interest Groups” tab, go to page 3, and click on “Join Group” next to ILTechIG. If you have any questions about the group or need your login information, please contact ASIL Services here or by calling +1.202.939.6001.
A company that provides computer security to the private sector and the U.S. government — RSA, the security division of EMC Corporation based in Hopkinton, Mass. — announced tonight it was hit by “an extremely sophisticated cyber attack”. Senator Susan Collins, Ranking Member of the Homeland Security and Governmental Affairs Committee, released the following statement.
“The cyber attack revealed by RSA today underscores the serious and sophisticated cyber threat we face. The threat of a catastrophic cyber attack is real. Attacks are happening now. The Senate’s Sergeant at Arms has reported that the computer systems of the Executive Branch agencies and the Congress are probed or attacked an average of 1.8 billion times per month. Cyber crime costs our national economy $8 billion annually. Congress needs to fundamentally reshape how the federal government works collaboratively with the private sector to address all cyber threats, from espionage and cyber crime to attacks on the most critical infrastructure. The need to pass comprehensive cyber security legislation is more urgent than ever.”
Senator Collins, along with Senators Joe Lieberman and Tom Carper, recently introduced a bill that would secure the nation’s most sensitive and critical cyber infrastructure and protect Internet freedom.
WIRED Magazine Reports Efforts to Secure Nation’s Power Grid Ineffective:
The official government cybersecurity standards for the electric power grid fall far short of even the most basic security standards observed by noncritical industries, according to a new audit.
The standards have also been implemented spottily and in illogical ways, concludes a Jan. 26 report from the Department of Energy’s inspector general (.pdf). And even if the standards had been implemented properly, they ‘were not adequate to ensure that systems-related risks to the nation’s power grid were mitigated or addressed in a timely manner.’
At issue is how well the Federal Energy Regulatory Commission, or FERC, has performed in developing standards for securing the power grid, and ensuring that the industry complies with those standards. Congress gave FERC jurisdiction in 2005 over the security of producers of bulk electricity — that is, the approximately 1,600 entities across the country that operate at 100 kilovolts or higher. In 2006, FERC then assigned the North American Electric Reliability Corporation (NERC), an industry group, the job of developing the standards.
The result, according to the report, is deeply flawed.
Continue reading the rest of the post at Wired: Threat Level.