According to Computerworld, among those expected at the meeting are Homeland Security Secretary Janet Napolitano, and Gary Locke, Secretary of Commerce and several industry representatives, including some from electric utility companies and the vendor community. President Obama is expected to “briefly” attend the meeting.

Well, it seems that the timing is right for such a meeting. They should have had this meeting several months ago? Why? The GAO recently slammed the White House Office of Science and Technology Policy for failing to live up to its responsibility to coordinate a national cybersecurity R&D agenda. As a result (according to the GAO Report), the U.S risks falling behind other countries on cybersecurity matters, and being unable to adequately protect its interests in cyberspace.

FTC Delay of Identity Theft Rules A Reprieve For Businesses
The Federal Trade Commission has once again delayed enforcing new regulations that would require lawyers, accountants, and a sweeping number of other businesses to have procedures for detecting possible identity theft. The agency said it will not begin enforcing its so-called “red-flag rules” until December 31, six months after they were supposed to go into effect. The delay gives business owners and others some breathing room while the FTC sorts out exactly who would be covered by the rules. Read the full Portfolio article here.

Data Breaches Persist in Healthcare
In September 2009, the Obama administration’s Health Information Technology for Economic and Clinical Health (HITECH) Act went into effect, requiring hospitals and other health care organization to beef up client data protections. Despite this, a recent study found that health care data is still hemorrhaging from peer to peer networks. A peer-to-peer, commonly abbreviated to P2P, is any distributed network architecture composed of participants that make a portion of their resources (such as processing power, disk storage or network bandwidth) directly available to other network participants, without the need for central coordination instances (such as servers or stable hosts). Read the full CIO post here.

Community Hospital of San Bernardino Fined for Data Breach
For violations of patient confidentiality, the state Department of Public Health fined Community Hospital of San Bernardino $325,000. The hospital was assessed a $250,000 fine for unauthorized access of 204 patients’ medical information by one employee. A fine of $75,000 was added after the facility failed to prevent the unauthorized access of three patients’ medical information in a separate case. Diane E. Nitta, the hospital’s administrator, said the hospital has “enhanced staff education efforts around patient privacy (and) put in place expensive security measures that guard against inappropriate access to our patients’ records. Read the full article from The Sun here.

Government Pushing to Control Internet
For the past decade, the federal government has been moving to gain effective control over the internet. Now, thanks to legislation just crafted by Sen. Joseph Lieberman of Connecticut, the government may finally realize its goal of being able to control virtually all aspects of the vast internet, including private internet systems. The decade-long process began in earnest in 2001, when the Bush Administration secured passage of legislation giving it jurisdiction to prosecute computer hackers anywhere in the world if the packets of information traveled through a U.S. computer or router and affected a “federal interest computer.” Read the full AJC post here.

U.S. Hampered in Fighting Cyber Attacks, Report Says
The U.S. government’s ability to counter cyber attacks against its nonmilitary computer systems is largely ineffective, according to a report from an internal watchdog released last week. The Homeland Security Department branch that monitors cyber attacks can’t force other agencies to protect their systems, is woefully understaffed and its ability to manage responses to cyber attacks has been hindered by constant turnover, said the department’s inspector general. The department’s U.S. Computer Emergency Readiness Team, known as US-CERT, also withheld data from other federal agencies that could have helped them address security breaches, the report found. Read the full WSJ post here.

Wanted: Young Cyber Experts to Defend Internet
Nationwide campaigns to steer youthful techies into careers defending the Internet are gaining steam. The federal government, education officials and giant military contractors are collaborating to recruit a new class of tech professional specifically trained to battle data thieves, online scammers and cyberspies. The recruitment tool of choice: competitions that pit tech-savvy youths in mock warfare against professional hackers. This year, the Collegiate Cyber Defense Competition drew teams from 83 colleges and universities, up from five schools in 2005. Boeing hired seven contestants to help defend its internal networks, which are prime targets for corporate and military spies. Read the full USA Today post here.

The Unreadiness Team
THE REPORT is chilling. Optimistically titled “U.S. Computer Emergency Readiness Team Makes Progress in Securing Cyberspace, but Challenges Remain,” it paints a disturbing picture of a national security disaster waiting to happen. The U.S. Computer Emergency Readiness Team, or CERT, established in 2003 to coordinate national cyber-defense efforts, is an arm of the Department of Homeland Security (DHS) tasked with “analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating cyber incident response activities.” But this vast responsibility has come with little and confusing authority. Read the full Washington Post Op-Ed here.

Karen Evans, the former Administrator for IT and E-Government at OMB, and Cybersecurity Commission Member for the Center for Strategic and International Studies, is playing a major role in making this contest happen. Be sure to check out our exclusive podcast with Karen about the upcoming Cyber Security Conference & Expo here.

We applaud any efforts to draw talented young individuals in the cyber security profession. We imagine that the US Cyber Challenge will be a resounding success. With such a vast need for cyber security expertise, and a talent gap, right now there is a mini “gold rush” happening in the cyber security profession. But unlike the gold rush, there is no sign of running out of gold when it comes to cyber security.

Don’t Be Surprised If More Businesses Start Asking You For Identification
Be prepared to pull out your driver’s license on your next visit to the dentist. And don’t be surprised if a retailer asks for a birth date or mother’s maiden name if it’s giving you credit for your big-ticket purchase. They’re just following federal rules to protect consumers from identity theft. Beginning next month, a wide range of businesses — auto dealers, cell phone companies, real estate agents, mortgage brokers, utilities and health care providers — must start complying with “Red Flag Rules.” The rules are meant to stop fraud before it happens by requiring certain businesses to look for signs that customers might be imposters and, if there are signs that they are, to take action. Read the full Baltimore Sun article here.

VA Reports New Data Breaches
The Veterans Affairs Department has notified lawmakers of two recent data breach incidents, according to a House committee aide. One breach was a contractor’s laptop that was stolen on April 22 and contained unencrypted personal information on 616 veterans. The second breach occurred this month and involved “thousands” of veterans’ personal information at a VA facility, according to the congressional source familiar with the breach, who spoke on the condition of anonymity. Both incidents occurred in Texas. VA chief information officer Roger Baker, however, said in a May 14 interview he was aware of only one breach involving the 616 veterans. He said Congress has not provided the VA with any information on a second incident. Read more from the Federal Times here.

New Mexico Medicaid Security Breach Puts Members’ Data at Risk
The New Mexico Human Services Department is informing about 9,600 members of its Medicaid fee-for-service and Medicaid Salud health plans that their personal information, including Social Security numbers, might have been compromised because of a computer data breach, Modern Healthcare reports. According to a news release, the department was notified of the breach on April 9 by DentaQuest, a dental health plan that provides benefits to New Mexico’s Medicaid beneficiaries. Read the full iHealthBeat article here.

Pentagon Works to Define Rules of Cyber Warfare
The U.S. military may never have a direct answer on when to fire back against a computer-based attack, a top Pentagon leader said Wednesday, reflecting the complex world of cyber warfare. James Miller, the principal deputy undersecretary of defense, said the Pentagon has been working through a range of scenarios, in an effort to come up with rules of war that will work in an attack that can be launched from continents away in milliseconds, and routed through innocent civilians’ computers by unknown assailants. “I do not think we’re going to have a single answer,” Miller said during a speech at Ogilvy Public Relations. He said officials may just have to use their judgment because there are “a lot of gray areas in this field.” Read the full AP story here.

White House Asks Public for Game Changing Cybersecurity Ideas
The Obama administration will open next week a web-based forum to discuss a cybersecurity research and development agenda, according to a notice published in the Federal Register on Thursday. The White House Office of Science and Technology Policy and the National Coordination Office for Networking and Information Technology Research and Development asked the public to submit comments for a “game change” initiative to boost the safety and security of the Internet, telecommunications and computer systems, according to the notice. The administration wants to focus on three areas: to build targeted areas within cyberspace to meet a range of security needs; to increase the cost of a cyberattack to the attacker and enable systems to operate in spite of threats; and to develop appropriate metrics and economic policies to encourage good security practices. Check out the full NextGov article here.

Cybersecurity Gets New Attention from the Hill
It was a year ago this month — May 29 to be exact — that President Barack Obama welcomed a standing-room only crowd to the East Room of the White House to announce his administration’s commitment to a comprehensive new approach to cybersecurity. Declaring that the status quo “no longer is acceptable,” Obama placed a cybersecurity stake in the ground by announcing a number of initiatives, perhaps the most visible of which was creating a new cybersecurity coordinator position to direct national cybersecurity policy from the White House. The new policy and the ceremony itself were greeted by many as an important victory — a sign that a serious and escalating concern had at last won the attention of the nation’s president. Read the full GSN article here.

Court Gives Preliminary OK to $4M Consumer Settlement in Heartland Case
A federal court in Texas has given preliminary approval to a $4 million settlement of a consumer class-action lawsuit against Heartland Payment Systems Inc. over the massive data breach the payment processor disclosed in January 2009. Under the proposed settlement, Heartland will pay up to $175 to individuals for out-of-pocket expenses stemming from telephone usage or postage costs tied to card cancellations and replacement, or for any unreimbursed charges resulting from unauthorized use of their cards. Read the full BusinessWeek article here.

HHS to Publish Online Listing of Health Care Data Breaches
The Health and Human Services Department has started publishing an online list of more than 60 recent breaches of private patient health care data and intends to share the data for research and investigation. Under the economic stimulus law, HHS got authority to publish breach incidents that affect 500 or more persons. Covered entities, including physicians, hospitals and other health care providers, are required to report breaches of unsecured protected health information to the department in 60 days. Read the full Examiner article here.

New State Privacy Laws Clamp Down on Data
Companies that do business in the states of Nevada, Massachusetts, and Washington are some of the first to come under the jurisdiction of new data security laws that require the use of encryption. Backup data that leaves the data center for the purpose of disaster recovery is a big concern for these companies, and SafeData, which provides options for on-site and cloud-based back up, says it can provide the necessary level of encryption for System i shops. Washington is the latest state to enact a data security and payment card law covering companies that do business with citizens in the state. The law, which was signed into law in early April and goes into effect July 1, requires companies that originate or process debit or credit card transactions to take “reasonable steps” to prevent a data breach. Experts say this requires the use of encryption technology. Read the full IT Jungle article here.

Is The DC Region Ready for a Cybersecurity Corridor?
Telecommunications companies and government contractors dominate the Dulles Toll Road corridor in Virginia, and biotechnology firms line the corridor along Interstate 270 in Maryland. What’s next? Walter P. Havenstein, chief executive of SAIC, predicts it could be a cybersecurity corridor along the Interstate 95 corridor between Washington and Baltimore. The government is doing its part by relocating the Defense Information Systems Agency from Falls Church to Fort Meade, Md. and establishing U.S. Cyber Command and the Navy’s U.S. Fleet Cyber Command at Fort Meade. The base, just south of Baltimore-Washington International Marshall Airport, is already home to the National Security Agency. Read the full Washington Post story here.

White House Sees No Cyber Attack on Wall Street
The White House’s homeland security and counterterrorism adviser says there is no evidence that a cyber attack was behind the chaos that shook Wall Street last Thursday. John Brennan told “Fox News Sunday” that officials have uncovered no links suggesting that cyber attacks caused turbulence that sent the Dow Jones industrials plunging almost 1,000 points before staging a partial recovery at the end of the day. The market already was weak because of the spreading European debt crisis. Some have speculated that a typographical error might have triggered the massive computerized sell-off. Read the full AP story here.

Happy Monday!

The 2010 Summit’s focus is on “Building a Layered and Integrated Defense Strategy.” During breakout sessions that followed, attendees exchanged information with industry experts, regulators and service providers on topics including encryption, mobile device security, malware, phishing, web browsing, vendor management practices and cloud computing.

FSTC President Paul Smocer served on a phishing prevention panel, telling attendees about BITS’ and FSTC’s joint email security work and answering questions on email authentication: preventing email abuse, protecting

Governments, Businesses to Discuss Cyber Security Threats
Government officials and business leaders from around the world are meeting in Texas this week to discuss what all agree is an area of common and growing concern: cybersecurity. The Worldwide Cybersecurity Summit, hosted by the EastWest Institute (EWI), opens in Dallas on Monday and will feature three days of discussions on ways to protect the world’s digital infrastructure from electronic threats. Among those scheduled to address the gathering, being held in the wake of sophisticated cyberattacks on Google which the Internet giant said originated in China, are President Barack Obama’s National Security Advisor James Jones and White House cybersecurity coordinator Howard Schmidt. Read the full AFP article here.

Rockefeller Calls for Public-Private Action on Cybersecurity
Cyberattacks aren’t confined by governmental or national boundaries, and neither should cybersecurity programs, Sen. Jay Rockefeller (D-W. Va.), said recently in calling on government and industry to work together to meet the rapidly rising tide of attacks on U.S. information systems. “National borders and traditional notions of security do not always apply to 21st–century threats, especially in the cybersecurity arena,” he said April 29 at the Business Software Alliance’s Cybersecurity Forum 2010 in Washington. “The idea that government alone can protect our citizens’ security within clear national borders is outdated. Therefore, to secure our country from cyberattacks we must have shared responsibility — public sector and private sector.” Read the full GCN story here.

Battling Cyber Threats Requires a Global Security Framework, Experts Say
Government and industry experts say that an international cybersecurity framework that reflects the borderless nature of the Internet is needed to combat cybercrime. “Every government must ensure that its national security policies align with global approaches and global practices,” said Robert Holleyman, president and chief executive officer of the Business Software Alliance, who spoke Thursday at the BSA Cybersecurity Forum 2010 in Washington. Read the full GCN story here.

NIST Will Coordinate National Cybersecurity Education Program
The National Institute of Standards and Technology will coordinate a nationwide cybersecurity education program recently started by the Obama administration. Commerce Secretary Gary Locke said April 29 that NIST, part of the Commerce Department, would coordinate the administration’s National Initiative for Cybersecurity Education (NICE). In that role, the institute will work with agencies to lead programs to bolster cybersecurity awareness, education and training, Locke said. Read the full FCW story here.

Photocopier Fallout: Company Notifies 409,000 of Data Breach
When Armen Keteyian first reported the story on digital copiers and their hard drives on April 19, there were no known cases of data breaches coming from copy machine hard drives. In an ironic twist, our story became the first publicly known case of a data breach from a copy machine hard drive when we purchased a copier that had once been owned by Affinity Health Plan. Because of medical privacy laws, Affinity was required to then file a breach notification to state and federal regulators and notify all of its clients and everyone who might have ever had information on Affinity copy machines, including current and former employees. Read the full CBS News story here.

High Rate of Fraud and Identity Theft Revealed
Infosecurity Europe researcher’s have conducted a survey revealing that, out of 1,000 London commuters, 44% had been victims of bank/credit card fraud and 42% had had their identity stolen. Those who were victims of such crime lost an average of £1,448, and had a 37% chance of not getting their money back from their bank. The chances of getting the money back is largely dependent upon the sum that has been stolen, with more than nine out of 10 getting it back if the stolen amount exceeded £5,000, but only 41% getting it back if they lost £100 or less. Read the full Banking Times article here.

How Well Do Hospitals Protect Your Data? Abysmally
A just released survey of about 200 compliance executives in hospitals from around the country shows that data breaches and medical identity theft continue to soar. While these survey results are from a vendor that sells identity protection services – and they have a vested interest in painting as bad a picture as possible: if the survey results are halfway on target we’ve witnessed what as a significant problem become an abysmal failure in the past were 0 when it comes to hospitals protecting patient information. Read the full InformationWeek blog post here.

For Cyber Gangs, Fooling Google Isn’t That Hard to Do
Within security circles, they refer to the practice as social engineering, shorthand for a con game where unsuspecting employees get tricked into divulging important corporate information. And it works more times than you might assume. The most recent case: the coordinated January cyber attack against computer networks run by Google and at least 20 other big companies. In what’s since become known as Operation Aurora, corporate computer systems were penetrated after users innocently called up malicious web pages that they believed to be legitimate. Read the full CBS News article here.

Global Cybercrime Treaty Rejected at U.N.
A proposal for a treaty on global cybercrime was rejected last week by the United Nations. The proposal was discussed for 10 days at the 12th pentennial UN Crime Congress in Salvador, Brazil, but ended up a stalemate as Russia, China and a number of developing countries could not reach agreement with the United States, Canada, the U.K. and the European Union. As cybercrime develops into a major international scourge, efforts over the past 10 years among world powers have sought to broaden policing policies to allow law enforcement agencies to reach across national borders in pursuit of criminals. Read the full SC Magazine article here.

70% Of IT Security Pros Favor A Federal Data Breach Law
Seventy percent of IT security professionals believe that the federal government should pass data breach / data privacy legislation that overrides the current patchwork of state legislation, according to a recent survey by nCircle, the leading provider of automated security and compliance auditing solutions. The online survey of 257 security professionals was conducted between February 4 and March 12, 2010, and covered a range of security topics including smartphones, healthcare, cloud computing and social media. Read the full press release here.

These are very reassuring words. And frankly we have needed a leader to take an aggressive approach to dealing with cyber crime. As we all know though, this a very complex issue and many cultural issues are at play. You may recall our post last year about how hackers in Russia are perceived as being heroes because they rob from the “greedy westerners.” And, we definitely urge you to check out the 60 Minutes segment in that post as well.

What do you all think? Alexander had some strong, and much needed words. And, the good news is that there seems to be some action behind this words. Check out this article about the Air Force doing cyber war training.

ITAC supports broadband expansion but insists that fraud protection be an integral part of Internet growth. Consumers who use broadband to transact business, to share and learn, and for entertainment, must have access to accurate and up-to-date information on internet scams and schemes and advice on how to protect themselves and their computers. The FCC National Broadband Plan opens the door to millions of new users. Allowing them to enter without a warning about possible dangers – like phishing – would be irresponsible.

In truth we’re failing to prepare consumers for a safe cyber future, especially our children. A recent poll by the National Cyber Security Alliance, supported by Microsoft, found that America’s young people aren’t receiving adequate instruction to use digital technology and navigate cyber space in a safe, secure and responsible manner and our schools are ill-prepared to address these subjects.

Criminal activity on the Internet has the potential to undermine the great potential of the broadband plan. If you’ve seen the painful outcome of Internet fraud as we have, you know this as to be a priority and we’re ready to work with the FCC and other stakeholders on a national solution.

On a related note, April is financial literacy month. We want to recognize companies like Wells Fargo, VISA, HSBC and others who are making identity theft prevention a key part of their consumer education programs.

- Anne Wallace, President of ITAC, the Identity Theft Assistance Center