Posts belonging to Category Government



Court orders LimeWire to cease file-sharing business

P2P software maker had been accused by music industry of enabling massive piracy

by Jaikumar Vijayan

Oct 26, 2010 07:15 pm | Computerworld

In a major victory for the music industry, a New York federal judge has ordered embattled P2P software maker LimeWire to immediately and permanently stop distributing and supporting its file-sharing software.

In a 17-page injunction (PDF document) issued on Tuesday, Judge Kimba Wood of the U.S. District Court for the Southern District of New York ordered LimeWire to cease the searching, downloading, uploading, file trading and file distribution functionality of LimeWire’s P2P file-sharing software.

The injunction instructed LimeWire to immediately communicate the court’s decision to all users of the software and to all of the company’s employees, principals and other stakeholders. It gave the company 14 days to report back to the court on the steps LimeWire has taken to comply with the order.

A spokeswoman for the company today stressed that the court’s order does not mean that LimeWire is shutting down and said that it only prevents LimeWire from distributing or supporting its P2P software.

It does not prohibit the company from going ahead with its previously announced plans to launch a subscription based music service and neither does it prohibit the company from operating its online store, the LimeWire spokeswoman said.

“While this is not our ideal path, we hope to work with the music industry in moving forward,” the spokeswoman said by e-mail. “We look forward to embracing necessary changes and collaborating with the entire music industry in the future.”

The court injunction is a huge victory for the Recording Industry Association of America (RIAA), which has been trying to get the court to shut down LimeWire for quite some time.

The RIAA and the music labels it represents have accused LimeWire and its chief executive, Mark Gorton, of willfully enabling widespread copyright infringement.

For more, visit Computerworld.com

Half of critical private networks hit by political cyber attacks

By Gautham Nagesh – 10/06/10 09:47 AM ET

Half of the companies that provide critical infrastructure such as utilities or communication services have experienced politically motivated cyber attacks, according to a new report from Symantec.

survey of critical infrastructure providers found 53 percent suspected they had experienced an attack with a specific political goal in mind. The companies affected reported being attacked an average of 10 times over the past five years. Half said they expect another attack in the next year and 80 percent believe the attacks are becoming more frequent. The respondents said the majority of the attacks were somewhat to extremely effective and cost firms an average of $850,000 each.

“Critical infrastructure protection is not just a government issue. In countries where the majority of a nation’s critical infrastructure is owned by private corporations, in addition to large enterprises, there is also the presence of small and medium-sized businesses,” said Symantec chief information security officer Justin Somaini.

Somaini cited the Stuxnet virus, which has disabled physical security features at factories around the globe in recent months, as evidence that the threat to private networks is evolving. The survey also showed the energy industry is most ready for an attack, while the communications industry was least prepared.

“Security alone is not enough for critical infrastructure providers of all sizes to withstand today’s cyber attacks,” Somaini said. “The Stuxnet worm that is targeting energy companies around the world represents the advanced kind of threats that require security, storage and backup solutions, along with authentication and access-control processes to be in place for true network resiliency.”

Protecting the nation’s critical infrastructure from cyber attacks is an increasing priority for the Obama administration, which asserts it already has the right to act to protect private-sector networks in the event of a catastrophic cyber attack that could cost significant loss of life or financial damage under a little-used clause in the Communications Act passed in the wake of the Japanese bombing of Pearl Harbor in December 1941.

For more, visit TheHill.com

HIPAA encryption: meeting today’s regulations

Sang Lee, senior security analyst, AlertBootJune 30, 2010

If you work with an organization that must adhere to the Health Insurance Portability and Accountability (HIPAA), you know by now that encryption is now a de facto primary aspect of HIPAA compliance after the passing of the HITECH Act.

There are a couple of reasons for this increased focus on encryption.

Sang Lee

First, the U.S. Department of the Health and Human Services (HHS) issued guidance wherein “unsecure protected health information (PHI)” is essentially any PHI that is not encrypted or destroyed. Under this definition, it doesn’t matter how many chains, walls, doors, biometric gizmos and guards with lethal weapons you have at your service. As long as PHI is not encrypted, it is considered unsecured.

A second and more compelling reason why encryption is now a requirement is the introduction of HITECH‘s breach notification initiative, which requires HIPAA-covered entities to send notification letters if there is a breach of unsecured PHI. However, as HHS pointed out, the use of encryption grants safe harbor in the event of a breach because encrypted PHI is not unsecured PHI.

Oddly enough, in the same breath, HHS also notes that “covered entities and business associates are not required to follow the guidance.” However, cleaning up the mess behind a breach notification can cost millions of dollars, so one would have to be supremely confident — or reckless — in not taking advantage of the encryption safe harbor. With such mixed signals, though, it is not hard to see why encryption is called ade facto requirement.

For more information, read Sang Lee’s full post at SC Magazine

U.S. Spends $8.8 Billion to Secure Classified Data

More Than Half Goes Toward Safeguarding IT Systems

June 28, 2010

More than half the money the government earmarked to safeguard state secrets last year went for information security, with nearly 90 percent of that was spent to protect IT systems against unauthorized access to or modification of information and the denial of service to authorized users, according to a report issued Friday by the Information Security Oversight Office.

Part of the National Archives and Records Administration, the Information Security Oversight Office receives policy and program guidance from the National Security Council and is responsible to the president for policy and oversight of the governmentwide security classification system.

“A responsible and efficient security classification program requires commitment, diligence and integrity.” Information Security Oversight Office Director William Bosanko wrote in a letter accompanying the report. “It is of particular importance that the classification system be implemented in a manner that makes for the most efficient and effective use of the finite resources available to departments and agencies.”

New spending on personnel, security management and classification management nudged expenditures upward for the classified information system by 1.3 percent. In its report, the office said that the government spent more than $8.8 billion on security classification and declassification costs in fiscal 2009, including nearly $4.8 billion on information security.

Visit Govinfosecurity.com for more information.