CSPRI Newsletter - February 16, 2016
Cyber Security and Privacy Research Institute
The Weekly Newsletter of The George Washington University Cyber Security Policy and Research Institute
Quick Links
Contact Us
Crypto Genie Out of the Box -- New Study Updates 17-year old landmark CSPRI work
"The more things change, the more they are the same."  In work released last week, noted cryptography expert Bruce Schneier and a team from Harvard's Berkman Center for the Internet and Society replicated and updated landmark work done in 1999 by CSPRI co-director Lance Hoffman and a similar team.  They found 865 cryptography products from 55 countries (to date).   Find links to their entire report and our original work at    this CSPRI webpage

Follow Us
Follow us on Twitter:
Follow CSPRI co-Director, Lance Hoffman:

Follow CSPRI co-Director, Costis Toregas:
              February 16, 2016
11 Cybersecurity and privacy events scheduled in the Greater Washington Area in the next few weeks. 
A New Look for CSPRI
...  but the acronym stays!
In order to more sharply focus on the key strengths of our Institute, the word Policy has been replaced with the word Privacy in our name- so CSPRI now stands for the Cyber Security and Privacy Research Institute.  We hope that the upcoming months will provide evidence of the increasing relevance of CSPRI to the changing landscape of threats and challenges in security and privacy, and that you will continue to look to us for new ideas and breakthroughs that can strengthen your own efforts.
In future issues, we will highlight research opportunities and accomplishments in wearables security and privacy, in cyber insurance, in malware, and in efforts to relate educational programs to the workforce.  We look forward to hearing from you regarding areas of interest to that we might explore within the CSPRI space.
Dr. Lance Hoffman and Dr. Costis Toregas, Co-Directors, CSPRI

CSPRI Staff Changes
Formalizing what has been an evolving distribution of duties, Dr. Costis Toregas and Dr. Lance Hoffman will now be co-directors of CSPRI.  You will notice changes in our web page, newsletter, and other materials as we evolve. 
CSPRI has said goodbye to Katelyn Anders, our coordinator who has left GW for another career opportunity; we miss her greatly but also wish her well.
Legislative Lowdown
-The House last week approved the North Korea Sanctions Policy and Enhancement Act, which would mandate penalties on those caught aiding the country's nefarious cyber campaigns, The Hill reports. "The measure would also sanction individuals involved in Pyongyang's nuclear program or in the censorship of the regime's well-documented human rights abuses," Cory Bennett writes. "The legislation comes amid a new round of belligerent behavior from Pyongyang that has returned the spotlight to the once tech-averse state. In recent weeks, the reclusive East Asian nation has fired a long-range rocket, restarted a nuclear reactor and claimed to have tested a hydrogen bomb."
Cyber Security and Privacy News
- The Department of Homeland Security plans to augment its biometric data collection and social media screening to prevent terrorists from entering the country, DHS chief Jeh Johnson said during his annual "State of Homeland Security" address. Johnson has also directed Customs and Border Protection to deploy "biometric exit" systems -- which would collect data points such as fingerprints from people leaving the country -- at airports by 2018, NextGov reports.
- FBI Director James Comey told a Senate panel last week that investigators still have not been able to unlock the encrypted cellphone of one of the terrorists who shot and killed 14 people and wounded more than 20 others in San Bernardino, Calif. in December. "Comey made the comments in response to questions from senators about how encrypted cellphones and other electronic devices can hinder investigations because they cannot be unlocked, even by the companies that made them," writes Erin Kelly for USA Today. "The encryption debate, which often pits security hawks against privacy advocates, has intensified in the wake of the terrorist attacks in San Bernardino and Paris."
-NPR's Marketplace carried a piece this past week on using hacking competitions to burnish one's resume in the IT field. "Demand is growing for cybersecurity employees, but companies are picky about who they hire," reports Sam Harnett. "Having a computer science degree is helpful, and there are cybersecurity certifications that are supposed to prove your skill. But there's another big resume item out there: winning competitions." Listen to the whole segment here.
-The Federal Communications Commission is gearing up to take a more active role in consumer privacy, according to The Hill. "The FCC is expected to craft regulations in the coming months on how broadband providers handle sensitive customer data - and advocates on both sides of the issue are gearing up to make their case," writes David McCabe. Read more here.
-The Internal Revenue Service has been battling automated attacks designed to help crooks conduct tax refund fraud, eWeek reports. "On Feb. 9, the IRS confirmed that it was the victim of an automated attack in January that targeted the electronic filing PIN application form on the IRS.gov Website," writes Sean Michael Kerner. "According to the IRS, attackers made use of personal information, including Social Security numbers, that was stolen from other non-IRS Websites. The attackers then used that information in an attempt to generate fraudulent E-File PIN numbers on IRS.gov. With a PIN number, an attacker could have potentially been able to file a tax return or gain access to other taxpayer information. The IRS investigation has found that 464,000 unique Social Security numbers (SSNs) were used in the attack, with 101,000 being successfully able to access the E-File PIN. The IRS is emphasizing that it has halted the attack and is contacting those who are affected."

-Feb. 16 ISSA DC Meetup: Safeguarding Our Data
-Feb. 17 NovaInfosec Meetup
-Feb. 17-19, DHS Cyber Security R&D Showcase and Technical Workshop
-Feb. 18, National Insider Threat Special Interest Group  
-Feb. 18,
ISSA NoVA Meetup: When Tools Lie
-Feb. 18,
OWASP NoVA Meetup: Building Modern Identity Systems
-Feb. 18,
CharmSec Meetup, Baltimore
-Feb. 23-25,
Insider Threat Development Training
-Feb. 24,
IT Trends and Standards 

-Feb. 24, ISSA Baltimore:  Vendor Risk Assurance, Data Breach and Business Impact 

-Feb. 25, Hearing on DHS HR IT program

Click here for detailed descriptions
About this Newsletter
This newsletter is a weekly summary of events related to cyber security policy and research, with a special focus on developments and events in the Washington, DC area. It is published by the Cyber Security and Privacy Research Institute (CSPRI) of the George Washington University. CSPRI is a center for GW and the Washington area that promotes technical research and policy analysis of topics in or related to cybersecurity and privacy. More information is available at our website, http://www.cspri.seas.gwu.edu
202 994 5613. cspri@gwu.edu
Tompkins Hall,  Suite 106
725 23rd Street NW
Washington DC, DC 20052