TECHNOLOGY AND THE BUSINESS OF GOVERNMENT

Part of the government's push to tighten cybersecurity is to educate the public and to increase awareness - like federal agencies did to boost the use of seat belts and the "Only You Can Prevent Forest Fires" campaign.

Purdue University seems to have received the memo. It's organizing a panel discussion on "Our Shared Responsibility" for cybersecurity. The discussion is scheduled for Oct. 20.

From the announcement of the panel:

According to Purdue Calumet Assistant Director for Information Security and Assurance James Pardonek, better understanding is necessary of how individual actions can collectively affect cyber security and internet protection.

Canada released its Cybersecurity Strategy plan this month, calling the protection of government and corporate computer systems "a daunting challenge."

There is no simple way to detect, identify and recover from attackers who cannot be seen or heard, who leave no physical evidence behind them, and who hide their tracks through a complex web of compromised computers.

The $90 million (Canadian) strategy lays out three broad areas to build on:

1. Secure government systems. The government will put in place the necessary structures, tools and personnel to meet its obligations for cyber security.

2. Create partnerships to secure nongovernmental systems. In cooperation with provincial and territorial governments and the private sector, the government will support initiatives and take steps to strengthen Canada's cyber resiliency, including that of its critical infrastructure sectors.

3. Help Canadians be secure online. The Government will assist Canadians in getting the information they need to protect themselves and their families online, and strengthen the ability of law enforcement agencies to combat cybercrime.

If this sounds familiar, it is. As the authors of the strategy, Canada's Public Safety Ministry, say,

Three of our closest security and intelligence partners, the United States, the United Kingdom and Australia, recently released their own plans to secure cyberspace. Many of the guiding principles and operational priorities set out in those reports resemble our own. This complementarity reflects our shared experiences in dealing with cyber security, and demonstrates our determination to enhance our collective security by leveraging each ally's domestic cyber regimes.

It also shares the lack of details on how it will defend networks past what we already know, just as the White House's Cyberspace Policy Review released in 2009 did -- including, by the way, lack of a defined and detailed strategy.

The Stuxnet computer worm - described as possibly the most dangerous malware because it can target and control specified industrial machinery - is thought to have been created in Israel to specifically target a nuclear power plant in Iran, reports the Guardian in London.

[The worm] has been most active in Iran, says the security company Symantec -- leading some experts to conjecture that the likely target of the virus is the controversial Bushehr nuclear power plant, and that it was created by Israeli hackers.

Speaking to the Guardian, security experts confirmed that Stuxnet is a targeted attack on industrial locations in specific countries, the sophistication of which takes it above and beyond previous attacks of a similar nature.

CNN explains Stuxnet this way:

It's an attack that goes straight after the PLC (programmable logic control) software of an industrial machine, which is effectively the brain of the unit. It uses four zero-day exploits in one package, with a zero-day exploit being an undiscovered flaw in a piece of software; it's the time between the hackers finding a hole in the system and when the developers patch it. And in this case there are four of these exploits, meaning that they've already exponentially increased the chances of finding a way into the system in case any of the holes happened to already be plugged.

The debate about what constitutes a cyberwar still rages on. The latest installment comes from a conference put on by cybersecurity vendor ArcSight on Monday in National Harbor, Md., where Eneken Tikk, head of the legal and policy branch of the Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia, discussed the 2007 attacks on that country's networks.

Shortly after Estonia officials removed a Russian statue from a square in the capital, several Estonian ministries came under denial-of-service attacks, in which computers worldwide sent huge amounts of data into the ministries' networks, overloading the systems. Other systems supporting Estonian banks and media companies also were attacked. But Tikk said the hits didn't constitute a legal definition of cyberwar, IDG News reported.

She defined cyberwar as an attack that would cause the same type of destruction as the traditional military, with military force as an appropriate response. "That means a smoking hole in the ground," said Tikk.

Canada's privacy commissioner took a swipe at her U.S. counterparts on Monday.

Jennifer Stoddart, speaking to members of the Canadian Bar Association, discussed efforts to investigate Google's allegedly inadvertent collection of private data and Facebook's noncompliance with Canada's private-sector privacy law, The Vancouver Sun reported.

"Why is Canada paying for the cost of this enforcement for this technology that's coming to us out of Mountain View (Calif.), so we're looking for the U.S. federal government to step up there," she said.

Facebook had a year -- until July -- to follow "the commissioner's directives to provide users more detailed control over their personal information and to curtail the access of outside software and website developers to their data," or face court proceedings, the newspaper reported.