Cyberterrorism & Computer Technology

2005 FBI Computer Crime Survey (PDF)
Federal Bureau of Investigation, January 18, 2006
This survey sought to gain an accurate understanding of what computer security incidents organizations are experiencing within the United States. It addresses a variety of issues, including computer security technologies used, security incident types, actions taken, and emerging technologies, such as wireless technology and biometrics. Responses were anonymous and encompassed a cross-section of more than 2,000 public and private organizations in Iowa, Nebraska, New York, and Texas.

Applying Security Practices to Justice Information Sharing (PDF)
Global Justice Information Sharing Initiative Security Working Group, March 2004
An environment of electronic trust is a minimum requirement to fulfill the national priority of sharing information and improving the safety of the country. This report educates justice executives and managers on information sharing security practices that they can deploy within their enterprise and between multiple enterprises.

Audit Report: Safeguards Over Sensitive Technology (11.6 MB PDF)
Office of the Inspector General, U.S. Department of Energy (DOE), January 2004
This report makes security recommendations for researchers and scientists who work collaboratively on sensitive technologies at non-DOE facilities in foreign countries.

Biometrics: A Look at Facial Recognition (PDF)
Rand Corporation, 2003
Presented as a briefing to the Virginia State Crime Commission Facial Recognition Subcommittee in September 2002, this document defines biometrics and discusses examples of the technology, explaining how biometrics may be used for authentication and surveillance purposes. Facial recognition is examined in depth.

Biometrics: Facing Up to Terrorism (PDF)
RAND Arroyo Center, October 2001
With biometric technology, facilities can use a person's physical characteristics or personal traits to identify, or verify the claimed identity of, an individual. This issue paper examines emerging biometric technologies that can help improve public safety. Specifically, the paper discusses how biometric systems could be used to control access to sensitive facilities at airports, prevent identity theft and fraud in the use of travel documents, and identify known or suspected terrorists.

Border Security: Opportunities to Increase Coordination of Air and Marine Assets (PDF)
U.S. Government Accountability Office, September 2005
This report discusses the U.S. Department of Homeland Security's efforts to facilitate coordination of the air and marine assets of the U.S. Coast Guard, Customs and Border Protection, and Immigration and Customs Enforcement.

Computer Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress (PDF)
Congressional Research Service, The Library of Congress, April 2005
This report provides background information on three types of attacks against computers—cyber, physical, and electromagnetic—and discusses related vulnerabilities for each type of attack. The report also describes the effects of a coordinated cyber attack against U.S. infrastructure computers.

Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology (PDF)
National Institute of Standards and Technology, January 2004
This publication provides guidelines for handling computer security-related incidents and determining appropriate responses. The guidelines focus on detecting, analyzing, prioritizing, and handling incidents and can be followed independent of hardware platforms, operating systems, protocols, or applications.

Counterfeit Documents Used To Enter the United States From Certain Western Hemisphere Countries Not Detected (PDF)
U.S. General Accounting Office, May 2003
This report summarizes GAO security tests in which undercover Office of Special Investigations agents entered the United States from various countries in the Western Hemisphere using counterfeit documents crafted by computer software available through retail vendors.

Creating a Computer Security Incident Response Team: A Process for Getting Started
CERT Coordination Center, Carnegie Mellon University, August 2002
This document provides an overview of the growing necessity for organizations to establish a Computer Security Incident Response Team, as well as how to design, plan, and implement such a team.

Creating a Trusted Network for Homeland Security (PDF)
Markle Foundation, December 2003
This report reaffirms, with greater detail, the principles in the first report for creating a network for homeland security consisting of (1) a technological architecture for information collection, sharing, analysis, and use among federal, state, and local agencies; (2) people, processes, and information working in concert with the technology; and (3) rules that govern how these elements interact.

Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems (PDF)
U.S. General Accounting Office, March 30, 2004
Computer systems that monitor and control everything from the flow of electricity to the transmission of gas through pipelines are increasingly vulnerable to attack and difficult to defend. This report reviews factors that have contributed to increased risks of such critical infrastructure elements and examines the challenges in applying technologies that can help alleviate vulnerabilities.

Critical Infrastructure Protection: Challenges for Selected Agencies and Industry Sectors (PDF)
U.S. General Accounting Office, February 2003
This report examines how well agencies under the Committee on Energy and Commerce’s jurisdiction and other organizations are conducting critical infrastructure protection activities. One of the recommendations made in the report advises these agencies to take steps to completely identify and analyze their critical assets (e.g., by setting milestones and developing plans to address vulnerabilities).

Critical Infrastructure Protection: Challenges in Addressing Cybersecurity (PDF)
U.S. Government Accountability Office, July 2005
This report addresses the cyber security responsibilities of the U.S. Department of Homeland Security and evaluates the department's efforts to secure the nation's critical infrastructure.

Critical Infrastructure Protection: Challenges in Securing Control Systems (PDF)
U.S. General Accounting Office, October 2003
Computerized control systems perform vital functions across our nation's critical infrastructures. This report discusses risks associated with control systems (e.g., using standardized technologies with known vulnerabilities), potential and reported attacks against the systems, challenges to securing the systems, and steps that can be taken to secure the systems.

Critical Infrastructure Protection: Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities (PDF)
U.S. Government Accountability Office, May 2005
This report addresses the cyber security responsibilities of the U.S. Department of Homeland Security's National Cyber Security Division and the implementation challenges it faces. Key cyber security responsibilities include identifying and assessing cyber threats and vulnerabilities, government partnerships and coordination, public outreach, and warning capabilities.

Critical Infrastructure Protection: Efforts of the Financial Services Sector to Address Cyber Threats (PDF)
U.S. General Accounting Office, January 2003
This report identifies recommendations made by the U.S. General Accounting Office (GAO) regarding cyber threats facing the financial services industry. GAO recommends that the U.S. Department of the Treasury (1) coordinate efforts with the financial industry to update the sector's strategy and establish detailed plans for implementing it and (2) assess the need for public policy tools to assist the financial industry.

Critical Infrastructure Protection: Establishing Effective Information Sharing with Infrastructure Sectors (PDF)
U.S. General Accounting Office, April 2004
This report evaluates the role of Information Sharing and Analysis Centers (ISACs) in critical infrastructure protection. It discusses the management and operational structures used by ISACs, federal efforts to interact with and support ISACs, and challenges to and successful practices for ISACs’ establishment, operation, and partnerships with the federal government.

Critical Infrastructure Protection: Federal Efforts Require a More Coordinated and Comprehensive Approach for Protecting Information Systems (PDF)
U.S. General Accounting Office, January 2003
This report to the Committee on Governmental Affairs, U.S. Senate, identifies the federal organizations that have national or multiagency responsibilities related to protecting critical cyber infrastructure. The report describes strategies designed to coordinate federal efforts and programs that protect critical infrastructures.

Critical Infrastructure Protection: Improving Information Sharing with Infrastructure Sectors (PDF)
U.S. General Accounting Office, July 2004
This report presents recommendations for actions that the U.S. Department of Homeland Security can take to improve the effectiveness of information-sharing efforts related to critical infrastructure protection.

Critical Infrastructure Protection: Significant Challenges in Safeguarding Government and Privately Controlled Systems From Computer-Based Attacks (PDF)
U.S. General Accounting Office, September 2001
The report presents testimony before the House Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations on efforts to protect federal agency information systems and our nation's critical computer-dependent infrastructures.

Cyber Attacks During the War on Terrorism: A Predictive Analysis
Institute for Security Technology Studies at Dartmouth College, 2001
This report analyzes the possibility of cyber attacks against U.S. and allied information infrastructures. It examines recent trends and precedents, sets out in detail the potential types and targets of cyber attacks that we should be prepared for, and makes concrete recommendations for protective actions.

Cybercrime: Public and Private Entities Face Challenges in Addressing Cyber Threats (PDF)
U.S. Government Accountability Office, June 22, 2007
Computer interconnectivity has produced enormous benefits but has also enabled criminal activity that exploits this interconnectivity for financial gain and other malicious purposes, such as Internet fraud, child exploitation, identity theft, and terrorism. Efforts to address cybercrime include protecting networks and information, detecting criminal activity, investigating crime, and prosecuting criminals. This report discusses the impact of cybercrime on our nation's economy and security; key federal, nonfederal, and private sector entities responsible for addressing cybercrime; and challenges faced in addressing cybercrime. 

Cyber Security for the Homeland (PDF)
U.S. House of Representatives Select Committee on Homeland Security, December 2004
This report highlights the need for improved cyber security for the nation and enhanced partnerships with the private sector while emphasizing continued oversight by Congress.

Cybersecurity of Freight Information Systems: A Scoping Study
The National Academies Press, June 10, 2003
At the request of the U.S. Department of Transportation, the National Research Council's Transportation Research Board prepared this report, which reviews trends in the use of information technology in the freight transportation industry and assesses potential vulnerabilities to cyber attack.

Cybersecurity Today and Tomorrow: Pay Now or Pay Later
Computer Science and Telecommunications Board, National Research Council, 2002
This report presents findings and recommendations collected from more than 10 years' worth of studies and evaluations of computer and network security and vulnerability.

Cyberterrorism: The Shape of Future Conflict?
Royal United Service Institute Journal, October 1997
This article discusses the Internet and its exponential growth in the context of cyberterrorism. The author defines categories of information warfare, discusses how each may be or is being used, and describes a doomsday scenario.

Cyber Threats and Information Security: Meeting the 21st Century Challenge
Center for Strategic and International Studies, 2000
This report discusses the steps government officials must take toward developing a comprehensive response to any and all cyber threats made against national infrastructures and assets.

Data Mining and Data Analysis for Counterterrorism
Mary DeRosa, Center for Strategic and International Studies, March 2004
Data mining and automated data analysis are powerful tools that can be used by intelligence and law enforcement officials in the fight against terrorism. This report recommends guidelines and controls so that policies can be crafted that encourage responsible use of and set parameters for data mining and automated data analysis.

Data Mining and Homeland Security: An Overview (PDF)
Congressional Research Service, January 2006
Data mining has become a key feature of many homeland security initiatives. Often used to detect fraud, assess risk, and plan product retailing, data mining uses data analysis tools to discover previously unknown, valid patterns and relationships in large datasets. For homeland security, data mining can help to identify terrorist activities, such as money transfers and communications, and to identify and track individual terrorists themselves, such as through travel and immigration records.

Developing a Distributed System for Infrastructure Protection
Institute for Security Technology Studies, August 2000
How can organizations protect themselves against infoterrorism? This bulletin proposes a six-stage protection process that includes intelligence gathering, analysis, interdiction, detection, response, and recovery. System architecture is also discussed.

DOT Information Security Program
Office of the Inspector General, U.S. Department of Transportation, October 1, 2004
In this report, the Inspector General of the Department of Transportation makes several recommendations to the department to improve Internet technology management controls, network and Internet security, system security certification reviews, air traffic control system security, and system contingency planning.

Electronic Government: Challenges to the Adoption of Smart Card Technology (PDF)
U.S. General Accounting Office, September 9, 2003
This report addresses the challenges and use of smart cards as a way of improving the physical and informational security throughout the federal government. It stresses the need for current, consistent standards and policies that can employed to implement common credentialing systems governmentwide.

Engineering Principles for Information Technology Security (A Baseline for Achieving Security) (Revision A) (PDF)
National Institute of Standards and Technology, June 2004
Structured around a systems-based engineering approach, this report presents a list of security principles to be considered during the design, development, and operation stages of an information system. The principles are short and concise and can be used by organizations to develop their system life-cycle policies and are also helpful in affirming and confirming the security posture of already deployed information systems.

Evaluating Your Web Browser's Security Settings
US-CERT ( United States Computer Emergency Readiness Team), January 9, 2008
Check the security settings in your web browser to make sure they are at an appropriate level. While increasing your security may affect the functionality of some web sites, it could prevent you from acts of cyberterrorism.

Examining the Cyber Capabilities of Islamic Terrorist Groups
Technical Analysis Group, Institute for Security Technology Studies at Dartmouth College, March 2004
Using such open source materials as court testimony, indictments, academic and government reports, and information from web sites associated with terrorist groups, this report details how cyber technologies are exploited by hostile groups. It presents a clear picture for those who require awareness-level training on cyberterrorism.

Face Recognition at a Chokepoint: Scenario Evaluation Results (PDF)
Department of Defense Counterdrug Technology Development Program, November 2002
This report describes an evaluation of three face recognition systems. The evaluation assesses the overall capabilities of entire systems for two chokepoint scenarios: verification and watchlist.

Findings from NASCIO's Strategic Cyber Security Survey (PDF)
National Association of Chief Information Officers, January 2006
The National Association of Chief Information Officers' Information Security Committee recently concluded a survey of strategic cyber security issues that was intended to identify the condition of the states on cyber security and assess the nature of their relationship with the U.S. Department of Homeland Security's cyber security programs and resources.

Fingerprint Vendor Technology Evaluation (FpVTE) Preliminary Announcement
National Institute of Standards and Technology, June 2003
FpVTE is an independently administered evaluation of fingerprint matching systems. FpVTE will serve as part of the National Institute of Standards and Technology's statutory requirement under section 403c of the USA PATRIOT Act to certify those biometric technologies that may be used in the U.S. entry-exit system (U.S. VISIT). Additional information about FpVTE will be posted soon. More information is available by contacting FpVTE@nist.gov.

The Global Technology Revolution 2020, In-Depth Analyses: Bio/Nano/Materials/Information Trends, Drivers, Barriers, and Social Implications (PDF)
RAND Corporation, June 2006
This examination of 29 countries' science and technology capacity indicates that the global technology revolution will continue unabated over the next 15 years, but some countries will be in a better position than others to take full advantage of it.

Guide for Mapping Types of Information and Information Systems to Security Categories (Volumes 1 and 2)
National Institute of Standards and Technology, March 2004
This draft guideline is designed to help federal government agencies identify information types and information systems and assign impact levels for confidentiality, integrity, and availability. Volume I (in PDF format) provides guidelines for identifying impact levels by type and suggests management and support information types common to multiple agencies. Volume II (also in PDF format) includes examples of mission-based information types and suggests provisional impact levels for both management and support and mission-based information types.

Guide for the Security Certification and Accreditation of Federal Information Systems (Updated Version) (PDF)
National Institute of Standards and Technology (NIST), May 2004
This publication—one of a series of security standards and guidelines being developed by NIST's Computer Security Division—provides guidelines for certifying and accrediting information systems that support the executive agencies of the federal government. These guidelines are presented in lieu of Guidelines for Computer Security Certification and Accreditation (September 1983), which has been rescinded. For additional information, please visit NIST's Security Certification and Accreditation Project.

Guide to Secure Web Services: Recommendations of the National Institute of Standards and Technology (PDF)
Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, August 2007
Web services based on the eXtensible Markup Language (XML), Simple Object Access Protocol, and related open standards, and deployed in Service Oriented Architectures, allow data and applications to interact without human intervention through dynamic and ad hoc connections. Web services technology can be implemented in a wide variety of architectures, coexist with other technologies and software design approaches, and be adopted in an evolutionary manner without requiring major transformations to legacy applications and databases.

High Altitude Electromagnetic Pulse (HEMP) and High Power Microwave(HPM) Devices: Threat Assessments (PDF)
Congressional Research Service, Updated April 14, 2006
Electromagnetic pulse (EMP) is an instantaneous, intense energy field that can overload or remotely disrupt electrical systems and high technology microcircuits, which are particularly sensitive to power surges. A large scale EMP effect can be produced by a single nuclear explosion detonated high in the atmosphere. This is referred to as high altitude electromagnetic pulse (HEMP). A similar, smaller scale EMP effect called high power microwave (HPM) can be created using non-nuclear devices with powerful batteries or reactive chemicals. Several nations, including sponsors of terrorism, may be able to use EMP as a weapon for cyber warfare or cyberterrorism to disrupt communications and other parts of critical U.S. infrastructure. Some U.S. military equipment may also be vulnerable. This report updates threats posed by these devices.

Homeland Security Centers of Excellence: Partnering with the Nation's Universities
U.S. Department of Homeland Security, January 2005
Through the Homeland Security Centers of Excellence program, the Department of Homeland Security is investing in university-based partnerships to develop centers of multidisciplinary research that will analyze important fields of inquiry and develop, debate, and share best practices. The centers bring together the nation's best experts and focus its most talented researchers on various topics, including explosives, cyberterrorism, the behavioral aspects of terrorism, and agricultural, chemical, biological, nuclear, and radiological threats.

Hostage Negotiation Study Guide
International Association of Chiefs of Police and Federal Law Enforcement Training Center, 2003
This basic guide should allow agencies "to successfully handle various law enforcement training activities safely and professionally.” Sections of this study guide include hostage negotiation training key; negotiator situation board checklist; data collection of subject in a hostage situation; negotiator coach situation board—stage, disposition, and methods; instrumental or expressive demand, deadline, and outcome; conversation or content showing signs of progress; stress reactions of subject; negotiator supervisor situation board; and negotiator rating assessment.

Improved Network Security Through a Combined Ethernet Bridge, Firewall and IDS: A Design and Implementation
Institute for Security Technology Studies, August 2001
This technical report introduces an invisible network security system that searches network traffic for attack signatures or preattack probes, without the assistance of a network administrator.

Improving Business Continuity in the Financial Services Sector: A Model for Starting Regional Coalitions (PDF)
U.S. Department of Treasury, December 2004
This report provides a model for the nation's regional financial centers to use to protect and strengthen their critical financial services infrastructure at the local level. The report is based on the experiences of ChicagoFIRST, a regional coalition of financial institutions and local government organizations working to strengthen the Chicago financial services industry.

Information Security: Agencies Need to Implement Consistent Processes in Authorizing Systems for Operation (PDF)
U.S. General Accounting Office, June 2004
This report reviews existing governmentwide requirements and guidelines for certifying and accrediting information systems, determines the extent to which agencies have reported their systems as certified and accredited, and assesses whether their processes provide consistent, comparable results and adequate information for authorizing officials.

Information Security: Challenges in Using Biometrics (PDF)
U.S. General Accounting Office, September 2003
Effective security cannot be achieved by relying on technology alone. The security process needs to account for limitations in biometric technology. This report addresses three key considerations that need to be addressed before a decision is made to design, develop, and implement biometrics into a security system.

Information Security: Effective Patch Management is Critical to Mitigating Software Vulnerabilities (PDF)
U.S. General Accounting Office, September 10, 2003
This report describes results of a study of federal efforts to implement patch management practices as a way of mitigating risks associated with software vulnerabilities. Results are based on a review of two recent software vulnerabilities and related responses and effective patch management practices and other available tools.

Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems (PDF)
U.S. Government Accountability Office, May 2005
This report evaluates the potential risks of emerging cybersecurity threats (such as spam, phishing, and spyware) to federal information systems; federal agencies' perceptions of risk; and federal- and private-sector actions to address these threats. It includes the U.S. Government's Accountability Office (GAO) recommendation that the Department of Justice establish guidance for agencies on how to appropriately address and report incidents of emerging threats.

Information Security: Progress Made, But Challenges Remain to Protect Federal Systems and the Nation’s Critical Infrastructures (PDF)
U.S. General Accounting Office, April 2003
This testimony before the Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, Committee on Government Reform, House of Representatives, offers an update on the status of federal information security and critical infrastructure protection.

Information Security: Radio Frequency Identification Technology in the Federal Government (PDF)
U.S. Government Accountability Office, May 27, 2005
The reduced cost of radio frequency identification (RFID) technology—an electronic data-capture system for identifying, storing, and tracking information—has made widespread use possible in government and industry. This report discusses the current status of RFID standards and interoperability, potential legal issues, and security and privacy considerations surrounding this technology.

Information Security: Status of Federal Public Key Infrastructure Activities at Major Federal Departments and Agencies (PDF)
U.S. General Accounting Office, December 2003
This report assesses the state of and challenges faced by government agencies that are implementing public key infrastructure (PKI) activities, which can provide greater security assurances than simpler means of authenticating identity, such as passwords. It also reports on the mixed progress of two governmentwide programs that promote the implementation of PKI.

Information Security: Technologies to Secure Federal Systems (PDF)
U.S. General Accounting Office (GAO), March 16, 2004
GAO has identified 18 commercially available cybersecurity technologies that federal agencies can use to protect their computer systems from cyberattacks, including smart tokens to monitor user identities and security correlation tools to monitor network devices.

Information Security: TVA Needs to Address Weaknesses in Control Systems and Networks (PDF)
Government Accountability Office, May 21, 2008
The Tennessee Valley Authority, a federal corporation and the nation's largest public power company, generates and distributes power in an area of about 80,000 square miles in the southeastern United States. In preparing this report, the Government Accountability Office examined the security practices in place at several TVA facilities; analyzed the agency's information security policies, plans, and procedures against federal law and guidance; and interviewed agency officials who are responsible for overseeing TVA's control systems and their security.

Information Security: TVA Needs to Enhance Security of Critical Infrastructure Control Systems and Networks [Testimony] (PDF)
Government Accountability Office, May 21, 2008
This testimony summarizes the findings of the report Information Security: TVA Needs to Address Weaknesses in Control Systems and Networks (PDF), which examines the security controls in place over the critical infrastructure control systems of the Tennessee Valley Authority.

Information Technology: Terrorist Watch Lists Should Be Consolidated to Promote Better Integration and Sharing
U.S. General Accounting Office, April 2003
This study examined post-September 11 terrorist and criminal watch list systems in the context of U.S. border security. As a result, the U.S. General Accounting Office recommends that in conjunction with other departments and agencies using such lists, the Department of Homeland Security lead an effort to standardize and merge the Federal Government's watch list structure.

Information Warfare: An Introduction
Reto Haeni, 1997
This article defines information warfare (IW), describes its history, discusses IW weapons, and provides links to supplementary documentation.

Infrastructure Web: Distributed Monitoring and Managing Critical Infrastructures
Institute for Security Technology Studies, (no date listed)
This paper discusses system architecture that may serve as a platform for the decentralized monitoring and management of critical infrastructures in the following areas: telecommunications, electrical power systems, gas and oil, banking and finance, transportation, water supply, and government and emergency services.

Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors (PDF)
National Threat Assessment Center, U.S. Secret Service, May 2005
This document analyzes acts of insider sabotage on computer systems in critical infrastructure sectors. Partially funded by the U.S. Department of Homeland Security's Science and Technology Directorate, the report analyzes both the behavioral and technical aspects of the threats of insider sabotage.

Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector (PDF)
U.S. Secret Service and CERT^® Coordination Center, August 2004
Funded in part by the U.S. Department of Homeland Security, the Secret Service and the CERT Coordination Center of Carnegie Mellon University's Software Engineering Institute joined forces to conduct this study of insider incidents in the banking and finance sector, examining each case from a behavioral and technical perspective.

Interfaces for Personal Identity Verification (PDF) (Part 1, Part 2, Part 3, and Part 4)
National Institute of Science and Technology, April 2005
This document, Special Publication 800-73 (SP 800-73), specifies interface requirements for retrieving and using the identity credentials from the Personal Identity Verification (PIV) Card and is a companion document to the Federal Information Processing Standard (FIPS) 201.

An Introduction to Evaluating Biometric Systems (PDF)
National Institute of Standards and Technology (NIST), February 2000 How and where biometric systems are deployed will depend on their performance. This article helps potential users of biometric technologies evaluate the performance of various systems.

Inventory of State and Local Law Enforcement Technology Needs To Combat Terrorism (ASCII or PDF)
National Institute of Justice, January 1999
This report presents the results of a study to determine what technologies state and local law enforcement agencies need to combat terrorism. The results show that local law enforcement agencies often are not as well equipped as potential terrorists and that the costs of new technologies are a major obstacle to achieving equity.

Investigations Involving the Internet and Computer Networks
National Institute of Justice, January 2007
This special report is a resource for individuals who are responsible for investigations that involve the use of the Internet and other computer networks.

Law Enforcement Tech Guide for Small and Rural Police Agencies
Community Oriented Policing Services, U.S. Department of Justice, November 8, 2005
This practical and user-friendly guidebook provides small and rural police agencies with strategies, best practices, recommendations, and ideas for successfully planning and implementing Internet technology. It will help agencies with minimal personnel and financing learn how to implement Internet technology projects from preliminary project planning and project plan creation to technology acquisition, implementation, and maintenance. This guidebook complements the Law Enforcement Tech Guide: How to Plan, Purchase, and Manage Technology (Successfully!). When used together, these make an impressive toolset for technology implementation.

Law Enforcement Tools and Technologies for Investigating Cyber Attacks: A National Needs Assessment
Institute for Security Technology Studies, June 2002
This report summarizes findings from Phase I of the Institute for Security Technology Studies' assessment of the technological obstacles facing law enforcement during cyber-attack investigations.

Making the Nation Safer: The Role of Science and Technology in Countering Terrorism
National Research Council, 2002
This report describes ways in which science and engineering can contribute to making the Nation safer against the threat of terrorism. All phases of countering terrorism threats are addressed: intelligence and surveillance, prevention, protection, interdiction, response and recovery, and attribution. The report identifies top-priority actions and research objectives that can be undertaken now as well as long-term strategies for reducing risk.

National Computer Security Survey
RAND Corporation
The National Computer Security Survey (NCSS) is designed to produce reliable national and industry-level estimates of the prevalence of computer security incidents against businesses (such as denial of service attacks, fraud, or theft of information), and the resulting losses incurred. Because of its breadth and sample size, NCSS will produce data that is representative of both national and industry structures. Data from NCSS will enable the U.S. Department of Justice, the U.S. Department of Homeland Security, and industry as a whole to make informed decisions and develop policies that effectively target resources in the area of cyber security. Participating businesses will be offered information that will allow them to benchmark themselves against the rest of their industry sector.

National Preparedness: Technologies To Secure Federal Buildings (PDF)
U.S. General Accounting Office, April 2002
This report presents testimony before the House Subcommittee on Technology and Procurement Policy on commercially available security technologies that can be deployed to protect federal facilities, ranging from turnstiles to smart cards to biometric systems.

Networks and Netwars: The Future of Terrorism, Crime, and Militancy
RAND, 2001
Electronic networks have re-enlivened old forms of licit and illicit activity, posing serious challenges to those charged with national security and emergency response. This publication studies major instances of "netwar" that have occurred over the past several years, examining the technological, social, narrative, organizational, and doctrinal dimensions of each and concluding that a globally operational counter-terrorism network is essential.

NSF Announces Intent to Establish Two New Science and Technology Centers
National Science Foundation, April 2005
The National Science Foundation announces that it will establish a cyber security center in fiscal year 2005 to be led by the University of California, Berkeley. The Team for Research in Ubiquitous Secure Technology (or TRUST Center) will investigate key issues of computer trustworthiness in an era of increasing attacks on computer systems and information-based technologies. The center will address the integration of computing and communication across critical infrastructures in areas such as finance, energy distribution, telecommunications, and transportation. (The second center, at the University of Kansas, will study how polar ice sheets may affect sea level.)

Podcasting: Quickstudy
R. Kay, ComputerWorld, October 3, 2005
Podcasting is a method of publishing audio broadcasts via the Internet. Users subscribe to an automatic feed of new files for subsequent downloading to and playback on portable devices or desktop personal computers. Many government agencies are offering free audio publications and informative programs through podcasting. This article explains this new technology.

Policy Issuance Regarding Smart Cards Systems for Identification and Credentialing of Employees
Federal Identity and Credentialing Committee, February 2004
This report provides guidance on the use of smart cards-based systems in badge, identification, and credentialing systems. The intent of the policy is to eliminate inconsistent approaches to physical and computer security.

Protecting America's Freedom in the Information Age (PDF)
Markle Foundation, October 2002
This report proposes a national strategy for using information and information technology in a robust, decentralized network, strengthening data-collection processes, and turning that information into action. The strategy involves developing new networks and relationships among government agencies and officials at all levels and considering how the government can make the most effective use of data in the private sector, while preserving liberties and avoiding undue costs to businesses.

Public Attitudes Toward the Uses of Biometric Identification Technologies by Government and the Private Sector (PDF)
Opinion Research Corporation International for SEARCH, 2001 and 2002
In September 2001 and August 2002, SEARCH, The National Consortium for Justice Information and Statistics, commissioned telephone surveys to assess public opinion regarding biometrics and privacy. The second survey was intended to serve as a litmus test of how the national mood may have shifted following the September 11 attacks. These surveys revealed a decrease (from 65 to 56 percent) in the percentage of respondents who believed that the correct identification of people would outweigh concerns about privacy. In 2002, however, 82 percent of those surveyed believed that every American adult would have at least one biometric identifier on file by 2010.

Recommendation for Electronic Authentication (PDF)
National Institute of Standards and Technology, September 2004
This draft provides technical guidance to federal agencies that are implementing network-based systems that authenticate an individual's identity. It states specific technical requirements for four levels of assurance: identity proofing and registration, tokens, remote authentication mechanisms, and assertion mechanisms.

Recommended Security Controls for Federal Information Systems (PDF)
Ron Ross, Gary Stoneburner, Stuart Katzke, Arnold Johnson, and Marianne Swanson; National Institute of Standards and Technology (NIST); February 2005
One of a series of security standards and guidelines being developed by NIST's Computer Security Division—provides a recommended set of controls for low- and moderate-impact systems based on the security categorization definitions in Standards for Security Categorization of Federal Information and Information Systems. It is intended to provide federal agencies with guidance until Minimum Security Controls for Federal Information Systems is published (projected for publication in fall 2005).

Redacting With Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF
Information Assurance Directorate, National Security Agency, December 13, 2005
There are a number of pitfalls people experience when they attempt to sanitize a Word document for release. This paper describes these issues and gives a step-by-step description of how to sanitize a Word document with confidence that inappropriate material will not be released.

Revitalization of the Department of Energy Cyber Security Program (PDF)
U.S. Department of Energy, February 2006
The Department of Energy faces significant challenges in implementing and maintaining a comprehensive cyber security program that is effective across its diverse missions and large array of interdependent networks and information systems. This revitalization plan lays a course of action to address significant weaknesses in the Department's cyber security program.

Risk Management Guide for Information Technology Systems (PDF)
National Institute of Standards and Technology, July 2002
This guide contains definitions associated with and practical guidance for assessing and mitigating risks identified within information technology (IT) systems. The ultimate goal is to help federal organizations to better manage IT-related mission risks. It also provides information on the selection of cost-effective security controls.

SANS Top-20 Internet Security Attack Targets (2006 Annual Update)
SANS Institute, 2006
This list of vulnerabilities that require immediate action includes instructions and additional information for correcting security flaws. This annual compilation grew from the document Ten Most Critical Internet Security Vulnerabilities, released 6 years ago, that summarized security vulnerabilities as identified by the SANS Institute and the National Infrastructure Protection Center.

Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations
Computer Crime and Intellectual Property Section, U.S. Department of Justice, July 2002
This publication provides a comprehensive guide to the legal issues that arise when federal law enforcement agents search and seize computers and obtain electronic evidence in criminal investigations. Topics covered include the application of the Fourth Amendment to computers and the Internet, the Electronic Communications Privacy Act, workplace privacy, the law of electronic surveillance, and evidentiary issues. The guide also discusses significant changes to relevant federal law resulting from the USA PATRIOT Act of 2001.

Sensitive Security Information (SSI) and Transportation Security: Background and Controversies (PDF)
Mitchel A. Sollenberger, Congressional Research Service, February 2004
This report provides a brief background on the regulation of sensitive security information (e.g., information about security programs, vulnerability assessments, technical specifications of screening equipment, and objects used to test screening equipment), gives an overview of current policy issues, and describes criticism of and support for SSI policy.

Standards for Security Categorization of Federal Information and Information Systems (PDF)
National Institute of Standards and Technology (NIST), February 2004
This publication addresses the development of standards for categorizing information and information systems per the Federal Information Security Management Act of 2002.

Suspicious Indicators and Security Countermeasures for Foreign Collection Activities Directed Against the U.S. Defense Industry
Defense Security Service, May 1997
This brochure describes various methods that foreign entities use to acquire sensitive information and discusses measures that security professionals, counterintelligence personnel, and cleared contractors can use to counter such foreign threats.

Symantec Internet Security Threat Report Identifies Shift Toward Focused Attacks on Desktops (PDF)
Symantec Press Release, September 19, 2005
Symantec's semiannual report, which covers the 6-month period from January 1 to June 30, 2005, identifies new methods of using malicious code for financial gain with increasing frequency to target desktops rather than enterprise perimeters. The report also found a rise in the exposure of confidential information.

Technology Assessment: Cybersecurity for Critical Infrastructure Protection (PDF)
U.S. General Accounting Office, May 28, 2004
This assessment addresses the following questions: What are the key cybersecurity requirements in each of the critical infrastructure protection (CIP) sectors? What cyber security technologies can be applied to CIP? What are the implementation issues associated with using cyber security technologies for CIP, including policy issues such as privacy and information sharing?

Terror on the Internet: The New Arena, the New Challenges
G. Weimann, United States Institute of Peace, April 2006
Using data from an exhaustive 8-year study, this book provides an eye-opening account of the sharp increase in the terrorist presence on the Internet. It explores how terrorists use the Internet on a daily basis to plan and launch attacks, raise funds, recruit members, and publicize their successes. The book also identifies and evaluates counter-terrorism efforts and assesses the actual threat of cyberterrorism, as well as the risks associated with government efforts to constrain cyberterror.

Terrorism Information Awareness (TIA) Program
U.S. Department of Defense, Office of the Inspector General, December 2003
This report addresses concerns of whether developers of the TIA program included safeguards to ensure that technology was properly managed and controlled in an operational environment. TIA is a research and development project that integrates information technologies to assist intelligence analysts in detecting, classifying, and identifying potential terrorist activities.

Tips on Testifying in a Computer Crimes Case
Deb Shinder, ComputerWorld, April 2005
This article examines the basics of testifying as a victim or witness in cases involving computer crime.

Tracking Down Terrorist Financing
Council on Foreign Relations, April 4, 2006
More than $140 million in terrorists' assets have been frozen across some 1,400 bank accounts worldwide, but experts say terrorist groups have become increasingly adept at eluding detection by using cash, sophisticated laundering operations, or legitimate front companies. This article explains the phenomenon of terrorism financing in a question and answer format.

Understanding Denial-of-Service Attacks
United States Computer Emergency Readiness Team
This brief discusses denial-of-service attacks, which can be difficult to distinguish from common network activity, and includes indications that an attack is in progress.

The Twenty Most Critical Internet Securities Vulnerabilities (Updated)—The Experts' Consensus
The SANS Institute, October 2002
The National Infrastructure Protection Center and the SANS Institute have chronicled the most susceptible services in Windows and Unix systems, providing administrators with timely information to plan against attack.

U.S. Port Security Policy after 9/11: Overview and Evaluation
J. Haveman et al., Journal of Homeland Security and Emergency Management, Vol. 2: No. 4, Article 1, 2005
This paper provides an overview of current U.S. port security programs. It discusses efforts to protect ports as targets and how to prevent movement of international goods from being used as a vector for terrorists, their weapons, or their supplies. It makes recommendations for improving the use of available resources, priorities and implementation (particularly, effectiveness/prevention versus recovery planning), and funding. This article is available to subscribers on the publisher's web site, or copies may be ordered at low or no cost through public or academic libraries.

Video Surveillance: Information on Law Enforcement's Use of Closed-Circuit Television to Monitor Selected Federal Property in Washington, D.C. (PDF)
U.S. General Accounting Office, June 27, 2003
This report describes the implementation of closed-circuit television to monitor public spaces in Washington, D.C., by the District of Columbia's Metropolitan Police Department and the U.S. Park Police. The report also discusses the management controls established to address privacy concerns.

Vulnerability of Concentrated Critical Infrastructure: Background and Policy Options
Congressional Research Service, December 21, 2005
Critical infrastructure is often geographically concentrated, so it may be distinctly vulnerable to events such as natural disasters, epidemics, and terrorist attacks. CRS produced this report to help Congress examine federal policies that affect this issue. It discusses the reasons for infrastructure concentration, potential hazards, market influences, existing federal policies, and options for reducing infrastructure vulnerability.

We Need to Talk: Governance Models to Advance Communications Interoperability (PDF)
National Association of State Chief Information Officers (NASCIO), November 2005
The September 11, 2001 terrorist attacks on America and the delayed response to hurricanes in the Gulf region of the United States illustrate the need for interoperable radio communications between first responders, law enforcement, and emergency management officials from every level of government. According to NASCIO, this inability to communicate is a technical, political, and cultural problem and must be addressed at all levels. This report concludes that a well- defined interoperability governance model provides the structure needed to bring players together to promote an environment that helps to bridge the gaps created by existing obstacles. It offers examples of three state interoperability governance models/plans that address communications interoperability.

What the Department of Defense Thinks of Biometrics: Excerpts from Interviews Conducted for the Department of Defense Biometric Management Office, January–June 2003 (PDF)
U.S. Department of Defense Biometrics Management Office, June 2004
This document contains excerpts from interviews conducted with members of the U.S. Department of Defense (DoD) community about biometric technologies and how they can be used by DoD components. Material is divided into four main categories: access control, tactical applications, identity authentication, and general comments.

www.terror.net: How Modern Terrorism Uses the Internet
Gabriel Weimann, U.S. Institute of Peace, March 2004
Terrorist groups have established their presence on the Internet with hundreds of web sites. This report identifies eight ways in which terrorists are using the Internet to advance their causes, including psychological warfare, recruitment, networking, and fundraising. It also analyzes and provides examples of how the Internet can facilitate terrorist operations.