Cybercrime: A Virtual Epidemic

(The following are notes from an NCSL session about CYBERCRIME: A VIRTUAL EPIDEMIC. These are my notes, as presented in the session, without my bias or input unless noted. I may or may not agree with what is said, but wanted you to know what lawmakers are discussing as they deal with CYBERCRIME).

Moderator, Senator Thomas Wyss, Indiana

Sen. Wyss says that in Indiana…….

  • What a difference 10 years make
  • Terrorism and cyber terrorism in the states is a real concern
  • Comprehensive body of security
  • Electronic acceptable use policy (expectations of use of information resources)
  • Disaster recovery capabilities (25 agencies recoverable data in 6 hours)
  • Information systems inventory
  • Penetration testing and assessments (we talked about “white hat hackers” earlier)
  • Two factor authentication for remote access to the state’s network; c via cell phone to connect to the network; must confirm a connection
  • State asset tracking (hardware monitored by software for theft/loss)
  • Monitor threat notifications

“Safety Net” Technology

  • Laptop and flash drive encryption (protects citizen data)
  • Automated account disables (after a change of employment status)
  • Data loss prevention (monitors email for SSN and credit card numbers not authorized)
  • Second accounts (for those with elevated privileges, very sensitive info)

Malware protections

  • McAfee
  • Internet filtering
  • 95% of emails to the state are proven SPAM
  • IOT identifies people getting infected a much higher rate than acceptable

Security Program Tools

  • Vulnerability scans
  • Mobile device protections (allows personal cell phones access to email; saves state money from having to provide state cell phones)

John W. Lainhart, IV – CyberSecurity & Privacy

* This crime goes back to the 70’s

Security is no longer an IT issue; it’s an ongoing business concern

Internal abuse of key sensitive information

  • WikiLeaks
    • Snowden
    • Close to $100 million for US Army alone; damage foreign relations
  • Stuxnet
    • Targeted changes to process and controllers refining uranium
  • Epsilon
    • Theft of consumer data

External threats

  • Sharp rise from non-traditional sources
  • Organized crime
  • Attacks by foreign govt’s
  • Cyber attacks
  • Social engineering
  • Chinese have four colleges where they are training hackers to attack our US systems

Internal threats

  • Ongoing risks of CARELESS and malicious insider behavior
  • Administrative mistakes
  • Careless inside behavior
  • User breaches
  • Disgruntled employees


  • Growing need to address a steadily increasing number of mandates
  • National regulations
  • Industry standards
  • Local mandates


Peter G. Allor – Security Strategist

Think of him as the “Special Forces” of the IT community

Attackers have more resources

Off-the-shelf tools are available for sale

Hackers will keep trying to get in until they finally do it


2011 “The Year of the Targeted Attack”

  • Many attacks
  • Varied attacks
  • But we did not learn from it
  • 2012 was even worse
  • ** this massive amount of attacks show how vulnerable we really are

We need a threat operational sophistication, NOT technology sophistication

Does your state use a main frame? Is your cloud protected? Are mobile devices protected?


  • China
  • Korea
  • Russia
  • US
  • Israel
  • Iran
  • Brazil

** U.S. is spying on everyone, but guess what? Everyone is spying on us!! ***

So much data being collected on you to deliver services, but that data must be protected.


  • Disclosures up in 2012
  • 8,168 publicly disclosed vulnerabilities
  • An increase of over 14% from 811

Once again, .PDF, JAVA, are culprits of cyber security breaches

  • Cross platform can exploit everyone
  • Adobe has made changes lately; need to have 4 or 5 different exploits to penetrate
Share this post:

Leave a Reply

You must be logged in to post a comment.

Subscribe to our campaign e-mail updates!