According to a New York Times article, the attacks against Google’s systems last December resulted in the theft of a password system that controls access to its applications and services for millions of users.
The system intrusion and theft raises concerns over the security of “cloud computing,” or using third party services such as Google to store and manage data from corporate email to spreadsheets and other documents. It also illustrates the growing threat of cyber attacks, which has not gone unnoticed by Congress. According to the Homeland Security Newswire, in the coming weeks Congress is holding a confirmation hearing on Army Lt. Gen. Keith Alexander, the new military cyber commander, and markup sessions on bills to fund cybersecurity research and development.
One of the bills, Homeland Security Science and Technology Authorization Act of 2010 (H.R. 4842), deals with funding research and development projects that address such issues as:
- More secure versions of fundamental Internet protocols and architectures, including domain name systems and routing protocols
- Technologies for detecting attacks or intrusions
- Mitigation and recovery methodologies, including techniques to contain attacks and develop resilient networks and systems that degrade gracefully
- Infrastructure and tools to support cybersecurity R&D efforts, including modeling, testbeds and data sets for assessment of new cybersecurity technologies
- Technologies to reduce vulnerabilities in process control systems
- Test, evaluate and facilitate the transfer of technologies associated with the engineering of less vulnerable software and securing the software development lifecycle
- Liability that subjects software and system vendors and system operators to potential damages for system breaches
- Required reporting of security breaches that could threaten critical societal functions
- Regulation that imposes under threat of civil penalty best practices on system operators of critical infrastructure
- Certification from standards bodies about conformance to relevant cybersecurity standards that can be used as a marketplace differentiation
- Accounting practices that require companies to report their cybersecurity practices and postures and the results of independently conducted red team simulated attacks or exercises
- Cybersecurity risk insurance
The complete bill can be found on the Library of Congress THOMAS website.