by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : January 2014
CYBEREYE BY WILLIAM JACKSON PREDICTING IS EASY. When it s made, one prediction is as good as another. Only in hindsight can you pick the win- ners from the losers. Looking back at my 2013 predictions for cybersecurity, it seems I hedged my bets pretty well. The predictions for the most part covered areas that were so basic that they would be important security concerns re- gardless of what happened. But did they deserve to be singled out for 2013? PREDICTION 1: PRETTY GOOD CLOUD SECURITY It turns out that reliability, not security, was the big issue in cloud computing. An inspector general s report found that NASA, a pioneer in cloud computing, su ered from a lack of proper security. "We found that weaknesses in NASA s IT governance and risk management practices have impeded the agency from fully realizing the benefits of cloud computing and potentially put NASA systems and data stored in the cloud at risk." Inspectors went on to say that NASA on occasion moved agency systems and data into public clouds without the knowledge or consent of the agency s chief information o cer and elsewhere acquired cloud services that did not ad- dress "IT security risks unique to the cloud environment." But the report did not cite any serious breaches, and according to data from the Privacy Rights Clearinghouse most data losses still are oc- curring the old-fashioned way: Through lost, stolen or dis- carded devices and documents and from in-house breaches. Not from cloud breaches. What caused problems in the cloud were a string of out- ages plaguing Amazon Web Services, Dropbox, Microsoft O ce 365, Windows Azure cloud storage and CloudFlare. Data wasn t lost, but it was un- available. For the end user, an outage is as good as a denial- of-service attack. PREDICTION 2: RISING COLLATERAL DAMAGE AND UNINTENDED CONSEQUENCES OF CYBERWAR This one was spot-on, especial- ly for the NSA, which su ered from multiple self-inflicted foot wounds in 2013. From June on, the nation s eavesdropper in chief, Gen. Keith Alexander, found himself defending once-secret electron- ic surveillance programs in the wake of a never-ending stream of revelations stemming from Edward Snowden s leaks of classified documents. Repeated lies, half-truths and evasions were exposed with each new release about wholesale collec- tion of digital communications data at home and abroad, the tapping of international fiber- optic cables, cryptographic back doors and abuse of data. NSA sta ers, portrayed by Alexander as heroes, became the bad guys in many eyes. In December, the first of what will likely be multiple court decisions about the programs found wholesale collection of cellphone metadata likely to be unconstitutional. PREDICTION 3: SUPPLY- CHAIN SECURITY HEATING UP This issue failed to rise to the level of a crisis in 2013. Although lengthy and far-flung, supply chains have possible weak links all over the world, and China has been the primary concern for the U.S. government. There are appro- priations laws in place prohibit- ing some agencies from dealing with Chinese contractors, and there have been anecdotal re- ports of NASA contractors with suspect Chinese ties. In November, the Defense Department amended its acquisition rules allowing the DOD "to consider the impact of supply chain risk in specified types of procurements related to national security systems." But 2013 did not produce any serious cybersecurity incidents resulting from weak- nesses or backdoors in IT products that were inserted in the supply chain (if you don t count reports of NSA dabbling in commercial crypto systems). Of course, the beauty of sup- ply-chain tampering is that if it is done right, no one will see it. We might not know for years if we ve already been had. PREDICTION 4: WINDOWS 8 SECURITY CONCERNS With the popular Windows XP approaching end-of-life in April 2014, the security of Windows 8 is a concern. But there has not been much bad news here. The latest Windows OS gener- ally is seen as the most secure version to date. Windows 8 includes its own antivirus features with Win- dows Defender, which starts early in the boot-up process to help protect against rootkits. Downloaded files are scanned for executables, and applica- tions are sandboxed. Version 8.1 includes data classification for remote wiping, improved fingerprint biometrics and better encryption. Overall, this one was a miss. • 20-20 HINDSIGHT: SCORING CYBERSECURITY HITS AND MISSES FOR 2013 12 GCN JANUARY 2014 • GCN.COM It turns out that reliability, not security, was the big issue in cloud computing, [but] for the end users, an outage is as good as a denial-of-service attack.