U.S. Cybersecurity Czar Says “There is No Cyberwar”
Obama’s new cybersecurity czar doesn’t much like the term “cyberwar,” calling it a “terrible metaphor” and a “terrible concept.” But just in case his dislike of the term didn’t get through, Howard Schmidt flat-out stated that “there is no cyberwar” during a Wired interview at the RSA Security Conference in San Francisco. Schmidt noted that the real cybersecurity threats are online crime and espionage. His words seem to stand in contradiction to a statement last week by Michael McConnell, former director of national intelligence, who told Congress that the U.S. was already in the midst of losing a cyberwar. Schmidt seemed more than willing to downplay McConnell’s Cold War mentality. Read the full Popular Science article here.

Homeland Security Chief Napolitano Seeks Citizen Cybercrime Fighters
Uncle Sam wants to recruit you to help fight cybercrime. Department of Homeland Security Secretary Janet Napolitano is calling on anyone with good ideas for boosting public awareness about the importance of making the Internet safer to step forward. “We are challenging our nation’s best and brightest to utilize their expertise and creativity to devise new ways to engage the public in the shared responsibility of safeguarding our cyber resources and information,” she said. Read the full USA Today article here.

Heartland Breach Still Hitting Banks
Around 5000 First National Bank of Durango customers have been unable to use their cards in stores, although they can still withdraw cash at ATMs. In a notice on its Web site, the bank says: “Please be aware that as a result of a security breach at Heartland Payment Systems that occurred over a year ago, debit cards issued by the First National Bank of Durango may have been compromised.” The warning continues: “It is important to note that there was not a security breach at First National Bank of Durango, our systems remain secure. The breach occurred at a 3rd party processor. Read the full Finextra article here.

Westin Hotel in LA Reports Possible Data Breach
People who stayed at the Westin Bonaventure Hotel & Suites in Los Angeles last year and used their credit or debit card to eat there should keep a close eye on their bank statements. Hotel officials disclosed Friday that the hotel’s four restaurants, along with its valet parking operation, may have been hacked at some time between April and December, disclosing names, credit card numbers and expiration dates printed on customers’ debit and credit cards. The Westin Bonaventure is in L.A.’s downtown financial district, near the Los Angeles Convention Center and the Staples Center. Read the full Computerworld article here.

Are You Sure You’re Prepared for a Data Breach?
We’ve all seen the sobering stats: Nearly 500 major data breaches have been reported in the United States since the beginning of 2009, impacting more than 220 million records. And that doesn’t even account for the many breaches that weren’t publicly reported. So chances are that your company will be hit by a breach, if it hasn’t already. In fact, some would say it is almost as inevitable as the finger of blame being pointed squarely at you, the company’s senior security professional and chief scapegoat, when a breach strikes. Read the full SC Magazine article here.

BBB Small Business Advice: Reduce the Damage Done by a Data Breach
While the volume of data breaches declined in 2009, data breaches at businesses—as opposed to the government or non-profit sector—are on the rise. Better Business Bureau recommends that small business owners take steps to protect their data and also develop a plan of action in order to react quickly and reduce the damage if a data breach does occur. There were more than 498 reported data breaches in 2009, according to the Identity Theft Resource Center. While this is an improvement from the 657 breaches in 2008, unfortunately, the share of data breaches occurring in the business sector, specifically, increased to 41 percent. Read the full Better Business Bureau post here.

Happy Monday!

Leigh Williams, President, BITS

Anne Wallace, President, ITAC

Of course, we need a cyber security czar. How quickly we forget the news of our air traffic systems being compromised, the Pentagon experiencing 360 million attempts to breach its networks– the list goes on and on. So, what’s going on?

According to Jon Oltsik is a senior analyst at Enterprise Strategy Group, the president is likely to find and appoint a qualified person – probably sooner, rather than later. When person finally arrives, there will be little time for on-the-job training. Unlike politics, cyber criminals aren’t waiting for the next election before they take action.

Perhaps this could have been mitigated if the administration appointed a person to this position back in May? We welcome all thoughts, comments and feedback.

Perhaps it is bureaucratic hurdles are getting in the way? Last week, Mischel Kwon, the Director of the Department of Homeland Security’s U.S. Computer Emergency Readiness Team, submitted her resignation letter. A top operational official in charge of protecting civilian government computer networks, Kwon as frustrated by bureaucratic obstacles and a lack of authority to fulfill her mission, according to colleagues who spoke on the condition of anonymity with the Washington Post.

So, has cybersecurity taken a back seat to the health care reform circus that is happening today? Something needs to be done because these efforts are stalling and the bad guys are moving and innovating very quickly.

So, who do you think the winner will be? We are betting on Hathaway, since she has already been playing the interim role. Also, big reminder that we are soliciting Three Recommendations from our readers as to how this person can best serve in this position. Don’t be shy! And remember, we will be taking these recommendations and formally presenting them to the new cyber czar.

While there has been some positive movement by the current administration to address the cybercrime issues plaguing our nation, there is much more work to be done. From new legislation aimed at appointing a national cyber security czar to bringing the cyber initiatives under the NSA, these all show that the U.S. government is starting to address this problem – at least on the surface.

The challenge is that we need to dive deeper and reach wider to address this problem. For example, President Obama is at the G20 meeting this week mainly to address the global financial crises. Are the leaders discussing how to stop the global hacking rings – especially the ones coming out of Russia and the Ukraine?

Speaking of Russian hacker rings, we urge you to check out the 60 Minutes clip below. What is most disturbing about this segment is that these hackers are actually celebrated figures in their country. They are perceived as being heroes because they rob from the “greedy westerners.” These are obviously deep cultural issues that need to be addressed.

Watch CBS Videos Online

Industry should not have to shoulder the burden alone. No matter how much time and investment is put into developing virus-protection technologies and fraud prevention programs at banks and financial institutions, the bad guys always seem to be one-step ahead.

This week, the House Homeland Security Committee held a hearing on the impact of the PCI standards on reducing compromises of sensitive personal information — so the issue is being addressed — and the news was not good. According to a Justice Department official who testified, a new breed of international cybercriminals are developing sophisticated techniques for stealing personal data – a major threat to millions of Americans. Read more here (link).

The bottom line is that we need broader support from the U.S. government, which needs to address this on a global political and diplomatic scale. Seriously, what do you all think about this? Do you think the U.S. government can do more to bring down these hackers? If so, what more can be done??

We want to hear from you!