by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : January 2013
6 GCN JANUARY 2013 • GCN.COM [BrieFing] NEWS ANALYSIS The year just ending was much like any other: The bad guys attacked, the de- fenders parried. What is changing are the stakes. More data and more applications are going online, and as targets become more valu- able they will attract more attacks. Highly motivated criminals, industrial spies, hacktivists or nation states will continue to use every trick they can to gain a marginal advantage, and when a breach or other security incident does occur the results are likely to be serious. The pain points that observers are wor- rying about for the coming year are not new --- except for the release of a new version of the Windows operating system --- but they represent areas where the good guys and bad guys are likely to be going head-to-head over those high-val- ue targets. Here are thumbnail sketches of some of these pain points. CLOUD COMPUTING It turns out that the cloud is a pretty secure place. "There is no doubt that there are risks in the cloud," said Richard Moulds, vice president of product man- agement and strategy for Thales eSecu- rity. "But depending on the abilities of the agency, the cloud might actually do some things better." Patch and system management can be more ef cient because a cloud provider can justify acquiring the needed tools. But good security is not perfect security. "Most of the time, we are not going to see many security issues because the large cloud services do a good job, but once they fail, the impact will be much, much higher, and that is the problem," Engin Kirda, associate professor in com- puter science at Northeastern University, said in a presentation at Georgia Tech's 2012 cybersecurity summit. Agencies will have to determine to what degree they can trust a cloud pro- vider to protect their data, and the degree to which they take responsibility for security. Encryption is a valuable tool for protecting data, but at the moment cloud users have to decide between letting the provider encrypt the data and control the encryption keys, or encrypt the data themselves and retain control of the keys, which limits the functionality of the cloud. SUPPLY CHAIN SECURITY The issue is not a new one, but it takes on special signi cance in IT, where many components of critical systems are manufactured abroad and accidental or malicious aws that are dif cult to detect could create back doors for remote exploits. This subject has been bubbling toward the top of consciousness for the past few years. Microsoft made news earlier in 2012 with the discovery of malware running on pirated copies of its operating systems purchased in China, and in October the House Select Committee on Intelligence warned companies of the security risks of products from Chinese companies ZTE and Huawei, saying that "U.S. net- work providers and systems developers are strongly encouraged to seek other vendors for their projects." The supply chain issue is closely re- lated to the broader issue of secure soft- ware development. Although adoption of secure development practices does not address the issue of intentional creation Cyber forecast for 2013: 4 areas where the stakes are raised [datapoint] Here s what a Lockheed Martin Cyber Security Alliance survey of 203 federal, state and local government o cials found. What are your agency's top IT priorities? 85% Cybersecurity Mobile Devices Big Data Cloud Computing 39% 27% 26% Source: Cyber Security and Transformational Technologies, Lockheed Martin Cybersecurity Alliance