[P2P-F] Fwd: Call for Papers: Surviving a Cyberattack -- From Phishing to Cyberwar

• Previous message: [P2P-F] Fwd: Infecting Organizations with Clear Thinking
• Next message: [P2P-F] Fwd: <nettime> The Art of the Undercommons
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
From: Cutter IT Journal <cgenerali at cutter.com>
Date: Thu, Feb 24, 2011 at 11:12 PM
Subject: Call for Papers: Surviving a Cyberattack -- From Phishing to
Cyberwar
To: "michelsub2004 at gmail.com" <michelsub2004 at gmail.com>


Call for Papers
Cutter IT Journal
Robert N. Charette, Guest Editor
Abstract Submission Date: 2 March 2011
Articles Due: 8 April 2011

Surviving a Cyberattack: From Phishing to Cyberwar

Some argue that a cyber-Armageddon -- or a "digital Pearl Harbor" -- may be
just around the corner, while others counter that while cybersecurity needs
to be taken seriously, the overall cyberthreat and its consequences are
vastly overblown and are merely a convenient excuse to sell over-priced
security software and consulting. The quotes below represent just a small
range of views regarding cyber-related threats and their potential impacts
on society.

"America's economic prosperity in the 21st century will depend on
cybersecurity -- it's now clear this cyberthreat is one of the most serious
economic and national security challenges we face as a nation. It's also
clear that we're not as prepared as we should be, as a government or as a
country."

    President Barack Obama, May 2009
    Securing Our Nation's Cyberinfrastructure

"The threat [of cyberwar] is increasing in scope and scale, and its impact
is difficult to overstate. Industry estimates the production of malicious
software has reached its highest level yet, with an average of 60,000 new
programs or variations identified each day. Some of these are what we define
as advanced persistent threats, which are difficult to detect and counter."

    James Clapper, Director of National Intelligence
    Testimony in front of the House Select Committee on Intelligence,
February 2011

"We may already have seen early versions of cyberwars in Estonia and
Georgia, possibly perpetrated by Russia. It's hard to know for certain, not
only because such attacks are often impossible to trace, but because we have
no clear definitions of what a cyberwar actually is."

"Do the 2007 attacks against Estonia, traced to a young Russian man living
in Tallinn and no one else, count? What about a virus from an unknown
origin, possibly targeted at an Iranian nuclear complex? Or espionage from
within China, but not specifically directed by its government? To such
questions one must add even more basic issues, like when a cyberwar is
understood to have begun, and how it ends. When even cybersecurity experts
can't answer these questions, it's hard to expect much from policymakers."

    Bruce Schneier, Author
    *It Will Soon be Too Late to Stop the Cyberwars *, Financial Times of
London
    December 2010

"It is unlikely that there will ever be a true cyberwar. The reasons are:
many critical computer systems are protected against known exploits and
malware so that designers of new cyberweapons have to identify new
weaknesses and exploits; the effects of cyberattacks are difficult to
predict -- on the one hand they may be less powerful than hoped but may also
have more extensive outcomes arising from the interconnectedness of systems,
resulting in unwanted damage to perpetrators and their allies. More
importantly, there is no strategic reason why any aggressor would limit
themselves to only one class of weaponry."

    *Reducing Systemic Cybersecurity Risk*
     OECD/IFP Project, January 2011

So what are the valid cybersecurity threats posed to individuals, businesses
and governments and what strategies and approaches can be taken to mitigate
these threats? The May 2011 issue of Cutter IT Journal will explore this
topic and try to separate some of the wheat from the chaff as pertains to
security threats from current and potential cyberweapons -- ranging from
email phishing, PC viruses and botnets to targeted attacks such as that
highlighted by the recent Stuxnet episode to a full-scale cyberwar -- the
OECD report cited above not withstanding.

Cutter IT Journal invites useful, well-reasoned debate and analysis on the
risks posed by cyberweapons and how such risks can or should be identified,
categorized, assessed, mitigated or "survived." We are very interested in
international perspectives on this issue and we encourage those from around
the globe to tell us their perspectives.

As an example, the Australian government in October of 2010 warned
businesses and individuals that they were going to be on their own in case
of a major cyberattack; the government was going to be too busy trying to
defend its own systems to help anyone else. If a cyberattack does hit
Australia, what can businesses and individuals do to protect themselves?

TOPICS OF INTEREST MAY INCLUDE (but are certainly NOT limited to) one of
more of the following topics, which are NOT ranked in any particular order:

*What are the risks from cyberweapons, and how should they be compared
against other types of risks such as hurricanes, floods, blizzards or
terrorist attacks?

*What can or should individuals and or corporations do to protect themselves
from cyberweapons, now and in the future? How does a technology like cloud
computing increase or decrease the threat?

* What should governments do to protect themselves from cyberweapons? Do
they have an obligation to protect more than government systems? If so,
where should the boundaries be drawn?

*What exactly is a cyberwar? Why is cyberwar so difficult to define? What
are its distinguishing characteristics? Is one likely, and if so, will its
impact be devastating? Will cyberwar only occur in conjunction with
"traditional" war, as the OECD report argues?

*Is the cyberthreat, especially that at the "top-end," over-hyped? Why or
why not?

*What will the cyberweapon landscape of the future, say in 2025, look like?
What types of defenses will be used against such cyberweapons and the vast
increase in the number of individuals, businesses and governments capable of
wielding them? What will cyberweapon targets look like (i.e., a digital
system environment with the increased use of smart grids)?

*How much should cybersecurity be focused on finding technology solutions
vs. understanding the human side of the cyberthreat?

*Is governmental focus on cyberwar distracting from what some argue are more
important and realistic cyberthreats -- like the theft of corporate or
governmental intellectual property or disinformation campaigns against
corporate competitors?

*Should software vendors be liable for the security quality of their
software? Should the software be required to meet certain security standards
prior to its availability?

*What are the five biggest myths about cybersecurity -- e.g., the five
biggest myths of the cyberthreat?

*Should governments have the right to "switch-off" the Internet as a means
to combat a cyberattack? How can these rights be protected from abuse?
Should governments be able to "retaliate" in the event of a cyberattack?
Should there be treaties defining cyberwarfare?

*How does protection against cyberweapons affect civil liberties and
innovation? What, if anything, should be done to ensure nothing will impinge
upon civil liberties and innovation in the name of security?

*How are individuals at risk in terms of cyberweapons being used against
them? How much should individuals worry about phishing or virus attacks
directed toward them say by cybercriminals vs. a planned attack on their
country's infrastructure?

Again, we are encouraging reasoned debate on these topics, and others that
may not be in the above list in the cybersecurity domain.

TO SUBMIT AN ARTICLE IDEA
Please respond to the Guest Editor, Robert Charette at
charette[at]itabhi[dot]com with a copy to itjournal[at]cutter[dot]com by 2
March 2011. Please include an extended abstract and short outline showing
the major discussion points.

ARTICLE DEADLINE
Accepted articles are due by 8 April 2011.

EDITORIAL GUIDELINES
Most Cutter IT Journal articles are approximately 2,500-3,500 words long,
plus whatever graphics are appropriate. If you have any other questions,
please do not hesitate to contact CITJ's Group Publisher, Christine Generali
at cgenerali[at]cutter[dot]com or the Guest Editor, Robert Charette at
charette[at]itabhi[dot]com. Editorial guidelines are available at <<
http://www.cutter.com/content-and-analysis/journals-and-reports/cutter-it-journal/edguide.html
>>

AUDIENCE
Typical readers of Cutter IT Journal range from CIOs and vice presidents of
software organizations to IT managers, directors, project leaders, and very
senior technical staff. Most work in fairly large organizations: Fortune 500
IT shops, large computer vendors (IBM, HP, etc.), and government agencies.
48% of our readership is outside of the US (15% from Canada, 14% Europe, 5%
Australia/NZ, 14% elsewhere). Please avoid introductory-level, tutorial
coverage of a topic. Assume you're writing for someone who has been in the
industry for 10 to 20 years, is very busy, and very impatient. Assume he or
she will be asking, "What's the point? What do I do with this information?"
Apply the "So what?" test to everything you write.

PROMOTIONAL OPPORTUNITIES
We are pleased to offer Journal authors a year's complimentary subscription
and five copies of the issue in which they are published. In addition, we
occasionally pull excerpts, along with the author's bio, to include in our
weekly Cutter Edge e-mail bulletin, which reaches another 8,000 readers.
We'd also be pleased to quote you, or passages from your article, in Cutter
press releases. If you plan to be speaking at industry conferences, we can
arrange to make copies of your article or the entire issue available for
attendees of those speaking engagements -- furthering your own promotional
efforts.

ABOUT CUTTER IT JOURNAL
No other journal brings together so many cutting-edge thinkers, and lets
them speak so bluntly and frankly. We strive to maintain the Journal's
reputation as the "Harvard Business Review of IT." Our goal is to present
well-grounded opinion (based on real, accountable experiences), research,
and animated debate about each topic the Journal explores.

PLEASE FORWARD THIS CALL FOR PAPERS TO ANYONE WHO MIGHT HAVE AN APPROPRIATE
SUBMISSION.















-- 
P2P Foundation: http://p2pfoundation.net  - http://blog.p2pfoundation.net

Connect: http://p2pfoundation.ning.com; Discuss:
http://lists.ourproject.org/cgi-bin/mailman/listinfo/p2p-foundation

Updates: http://del.icio.us/mbauwens; http://friendfeed.com/mbauwens;
http://twitter.com/mbauwens; http://www.facebook.com/mbauwens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ourproject.org/pipermail/p2p-foundation/attachments/20110225/2f858505/attachment.htm 

• Previous message: [P2P-F] Fwd: Infecting Organizations with Clear Thinking
• Next message: [P2P-F] Fwd: <nettime> The Art of the Undercommons
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]