CERIAS Ph.D. candidate, Kelley Misata, spoke with SecurityIntelligence.com the topics of privacy and risk management communication.
Called ErsatzPasswords, the system is aimed at throwing off hackers who use methods to “crack” passwords, said Mohammed H. Almeshekah, a doctoral student at Purdue University in Indiana.
Unique Indiana state government partnership with Purdue University will also utilize private-sector expertise to defend state networks from next-generation cyberattacks. This breaking news demonstrates that cyberdefense is a top priority for Indiana Gov. Mike Pence.
Eugene Spafford, the executive director of Purdue’s Center for Education and Research in Information Assurance and Security, says in the case of Anthem and others, the costs and dangers are hidden. “The personal information they listed can represent a problem for people for years to come,” he said. “That’s information that can be used for identity theft, extortion and to gain people’s trust. So, it really is a big problem, even if medical or credit card information is not given out. The company providing a year or two of credit monitoring won’t fix that.”
The study shows that when we think we have privacy when our data is collected, it’s really just an “illusion,” said Eugene Spafford, director of Purdue University’s Center for Education and Research in Information Assurance and Security. Spafford, who wasn’t part of the study, said it makes “one wonder what our expectation of privacy should be anymore.”
“If the government wanted to do something about this, I would suspect they would do something more targeted toward the leadership rather than just shutting down the network,” said Eugene Spafford, a professor of information security at Purdue University. “Teenagers with botnets regularly shut down networks.”
Targeting the financial assets of North Korean leaders (rather than the country’s Internet equipment) would be much more closely aligned with President Obama’s warning of a “proportional response” — and something the White House could accomplish that nameless hacktivists probably couldn’t on their own, Spafford added.
Though not schooled in IT and IT security, cyber is an area of interest for Carter in which he has been involved in for many years. “He knows enough about [cyber] that he likely knows when he should call on domain experts for more information, something not all of our national leaders have done,” says Gene Spafford, founder and executive director of the Center for Education and Research in Information Assurance and Security at Purdue University.