<br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Cutter IT Journal</b> <span dir="ltr"><<a href="mailto:cgenerali@cutter.com">cgenerali@cutter.com</a>></span><br>
Date: Thu, Feb 24, 2011 at 11:12 PM<br>Subject: Call for Papers: Surviving a Cyberattack -- From Phishing to Cyberwar<br>To: "<a href="mailto:michelsub2004@gmail.com">michelsub2004@gmail.com</a>" <<a href="mailto:michelsub2004@gmail.com">michelsub2004@gmail.com</a>><br>
<br><br>Call for Papers<br>
Cutter IT Journal<br>
Robert N. Charette, Guest Editor<br>
Abstract Submission Date: 2 March 2011<br>
Articles Due: 8 April 2011<br>
<br>
Surviving a Cyberattack: From Phishing to Cyberwar<br>
<br>
Some argue that a cyber-Armageddon -- or a "digital Pearl Harbor" -- may be just around the corner, while others counter that while cybersecurity needs to be taken seriously, the overall cyberthreat and its consequences are vastly overblown and are merely a convenient excuse to sell over-priced security software and consulting. The quotes below represent just a small range of views regarding cyber-related threats and their potential impacts on society.<br>
<br>
"America's economic prosperity in the 21st century will depend on cybersecurity -- it's now clear this cyberthreat is one of the most serious economic and national security challenges we face as a nation. It's also clear that we're not as prepared as we should be, as a government or as a country."<br>
<br>
� � President Barack Obama, May 2009<br>
� � Securing Our Nation's Cyberinfrastructure<br>
<br>
"The threat [of cyberwar] is increasing in scope and scale, and its impact is difficult to overstate. Industry estimates the production of malicious software has reached its highest level yet, with an average of 60,000 new programs or variations identified each day. Some of these are what we define as advanced persistent threats, which are difficult to detect and counter."<br>
<br>
� � James Clapper, Director of National Intelligence<br>
� � Testimony in front of the House Select Committee on Intelligence, February 2011<br>
<br>
"We may already have seen early versions of cyberwars in Estonia and Georgia, possibly perpetrated by Russia. It's hard to know for certain, not only because such attacks are often impossible to trace, but because we have no clear definitions of what a cyberwar actually is."<br>
<br>
"Do the 2007 attacks against Estonia, traced to a young Russian man living in Tallinn and no one else, count? What about a virus from an unknown origin, possibly targeted at an Iranian nuclear complex? Or espionage from within China, but not specifically directed by its government? To such questions one must add even more basic issues, like when a cyberwar is understood to have begun, and how it ends. When even cybersecurity experts can't answer these questions, it's hard to expect much from policymakers."<br>
<br>
� � Bruce Schneier, Author<br>
� � *It Will Soon be Too Late to Stop the Cyberwars *, Financial Times of London<br>
� � December 2010<br>
<br>
"It is unlikely that there will ever be a true cyberwar. The reasons are: many critical computer systems are protected against known exploits and malware so that designers of new cyberweapons have to identify new weaknesses and exploits; the effects of cyberattacks are difficult to predict -- on the one hand they may be less powerful than hoped but may also have more extensive outcomes arising from the interconnectedness of systems, resulting in unwanted damage to perpetrators and their allies. More importantly, there is no strategic reason why any aggressor would limit themselves to only one class of weaponry."<br>
<br>
� � *Reducing Systemic Cybersecurity Risk*<br>
� � �OECD/IFP Project, January 2011<br>
<br>
So what are the valid cybersecurity threats posed to individuals, businesses and governments and what strategies and approaches can be taken to mitigate these threats? The May 2011 issue of Cutter IT Journal will explore this topic and try to separate some of the wheat from the chaff as pertains to security threats from current and potential cyberweapons -- ranging from email phishing, PC viruses and botnets to targeted attacks such as that highlighted by the recent Stuxnet episode to a full-scale cyberwar -- the OECD report cited above not withstanding.<br>
<br>
Cutter IT Journal invites useful, well-reasoned debate and analysis on the risks posed by cyberweapons and how such risks can or should be identified, categorized, assessed, mitigated or "survived." We are very interested in international perspectives on this issue and we encourage those from around the globe to tell us their perspectives.<br>
<br>
As an example, the Australian government in October of 2010 warned businesses and individuals that they were going to be on their own in case of a major cyberattack; the government was going to be too busy trying to defend its own systems to help anyone else. If a cyberattack does hit Australia, what can businesses and individuals do to protect themselves?<br>
<br>
TOPICS OF INTEREST MAY INCLUDE (but are certainly NOT limited to) one of more of the following topics, which are NOT ranked in any particular order:<br>
<br>
*What are the risks from cyberweapons, and how should they be compared against other types of risks such as hurricanes, floods, blizzards or terrorist attacks?<br>
<br>
*What can or should individuals and or corporations do to protect themselves from cyberweapons, now and in the future? How does a technology like cloud computing increase or decrease the threat?<br>
<br>
* What should governments do to protect themselves from cyberweapons? Do they have an obligation to protect more than government systems? If so, where should the boundaries be drawn?<br>
<br>
*What exactly is a cyberwar? Why is cyberwar so difficult to define? What are its distinguishing characteristics? Is one likely, and if so, will its impact be devastating? Will cyberwar only occur in conjunction with "traditional" war, as the OECD report argues?<br>
<br>
*Is the cyberthreat, especially that at the "top-end," over-hyped? Why or why not?<br>
<br>
*What will the cyberweapon landscape of the future, say in 2025, look like? What types of defenses will be used against such cyberweapons and the vast increase in the number of individuals, businesses and governments capable of wielding them? What will cyberweapon targets look like (i.e., a digital system environment with the increased use of smart grids)?<br>
<br>
*How much should cybersecurity be focused on finding technology solutions vs. understanding the human side of the cyberthreat?<br>
<br>
*Is governmental focus on cyberwar distracting from what some argue are more important and realistic cyberthreats -- like the theft of corporate or governmental intellectual property or disinformation campaigns against corporate competitors?<br>
<br>
*Should software vendors be liable for the security quality of their software? Should the software be required to meet certain security standards prior to its availability?<br>
<br>
*What are the five biggest myths about cybersecurity -- e.g., the five biggest myths of the cyberthreat?<br>
<br>
*Should governments have the right to "switch-off" the Internet as a means to combat a cyberattack? How can these rights be protected from abuse? Should governments be able to "retaliate" in the event of a cyberattack? Should there be treaties defining cyberwarfare?<br>
<br>
*How does protection against cyberweapons affect civil liberties and innovation? What, if anything, should be done to ensure nothing will impinge upon civil liberties and innovation in the name of security?<br>
<br>
*How are individuals at risk in terms of cyberweapons being used against them? How much should individuals worry about phishing or virus attacks directed toward them say by cybercriminals vs. a planned attack on their country's infrastructure?<br>
<br>
Again, we are encouraging reasoned debate on these topics, and others that may not be in the above list in the cybersecurity domain.<br>
<br>
TO SUBMIT AN ARTICLE IDEA<br>
Please respond to the Guest Editor, Robert Charette at charette[at]itabhi[dot]com with a copy to itjournal[at]cutter[dot]com by 2 March 2011. Please include an extended abstract and short outline showing the major discussion points.<br>
<br>
ARTICLE DEADLINE<br>
Accepted articles are due by 8 April 2011.<br>
<br>
EDITORIAL GUIDELINES<br>
Most Cutter IT Journal articles are approximately 2,500-3,500 words long, plus whatever graphics are appropriate. If you have any other questions, please do not hesitate to contact CITJ's Group Publisher, Christine Generali at cgenerali[at]cutter[dot]com or the Guest Editor, Robert Charette at charette[at]itabhi[dot]com. Editorial guidelines are available at <<<a href="http://www.cutter.com/content-and-analysis/journals-and-reports/cutter-it-journal/edguide.html" target="_blank">http://www.cutter.com/content-and-analysis/journals-and-reports/cutter-it-journal/edguide.html</a>>><br>
<br>
AUDIENCE<br>
Typical readers of Cutter IT Journal range from CIOs and vice presidents of software organizations to IT managers, directors, project leaders, and very senior technical staff. Most work in fairly large organizations: Fortune 500 IT shops, large computer vendors (IBM, HP, etc.), and government agencies. 48% of our readership is outside of the US (15% from Canada, 14% Europe, 5% Australia/NZ, 14% elsewhere). Please avoid introductory-level, tutorial coverage of a topic. Assume you're writing for someone who has been in the industry for 10 to 20 years, is very busy, and very impatient. Assume he or she will be asking, "What's the point? What do I do with this information?" Apply the "So what?" test to everything you write.<br>
<br>
PROMOTIONAL OPPORTUNITIES<br>
We are pleased to offer Journal authors a year's complimentary subscription and five copies of the issue in which they are published. In addition, we occasionally pull excerpts, along with the author's bio, to include in our weekly Cutter Edge e-mail bulletin, which reaches another 8,000 readers. We'd also be pleased to quote you, or passages from your article, in Cutter press releases. If you plan to be speaking at industry conferences, we can arrange to make copies of your article or the entire issue available for attendees of those speaking engagements -- furthering your own promotional efforts.<br>
<br>
ABOUT CUTTER IT JOURNAL<br>
No other journal brings together so many cutting-edge thinkers, and lets them speak so bluntly and frankly. We strive to maintain the Journal's reputation as the "Harvard Business Review of IT." Our goal is to present well-grounded opinion (based on real, accountable experiences), research, and animated debate about each topic the Journal explores.<br>
<br>
PLEASE FORWARD THIS CALL FOR PAPERS TO ANYONE WHO MIGHT HAVE AN APPROPRIATE SUBMISSION.<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</div><br><br clear="all"><br>-- <br>P2P Foundation: <a href="http://p2pfoundation.net" target="_blank">http://p2pfoundation.net</a>� - <a href="http://blog.p2pfoundation.net" target="_blank">http://blog.p2pfoundation.net</a> <br>
<br>Connect: <a href="http://p2pfoundation.ning.com" target="_blank">http://p2pfoundation.ning.com</a>; Discuss: <a href="http://lists.ourproject.org/cgi-bin/mailman/listinfo/p2p-foundation" target="_blank">http://lists.ourproject.org/cgi-bin/mailman/listinfo/p2p-foundation</a><br>
<br>Updates: <a href="http://del.icio.us/mbauwens" target="_blank">http://del.icio.us/mbauwens</a>; <a href="http://friendfeed.com/mbauwens" target="_blank">http://friendfeed.com/mbauwens</a>; <a href="http://twitter.com/mbauwens" target="_blank">http://twitter.com/mbauwens</a>; <a href="http://www.facebook.com/mbauwens" target="_blank">http://www.facebook.com/mbauwens</a><br>
<br><br><br><br><br>