Breaking Bad: The Malware Episode

“Malicious software steals millions. We may call it malware, but it’s frequently well-written.”

So says Stephen Cobb, anitvirus maker ESET’s resident cyber security evangelist. Cobb will explore these themes in a session called “Breaking Bad: The Malware Episode,” scheduled to take place at 10:30 am PT on Oct. 12, 2012, during the Securing Our eCity (SOeC) Cyber security Symposium in San Diego.

Attendees at the session will learn how anti-malware experts detect, decode, and destroy increasingly sophisticated viruses, worms, Trojans, and botnets.

SOeC Cyber security Symposium & Awards – 2012

Join San Diego’s Securing Our eCity® Foundation on October 11th and 12th for an exciting journey into the life of cyber investigators. The best intrusion detection systems are your people – security awareness education is your company’s first line of defense. This is an event that you won’t want to miss!

Dates & Times:

Thursday, October 11, 2012
7:30 am – 10:00 pm

Friday, October 12, 2012
7:30 am – 12:00 pm


SDG&E Energy Innovation Center 4760 Clairemont Mesa Boulevard, San Diego, CA 92117
(Click for map)

Registration $45:

Seating is limited; registration is required. Click here to register now!

SOeC Puts DHS Chief’s Private-Public Partnership Plans Into Action

In her public remarks last week, Homeland Defense Secretary Janet Napolitano called for public institutions and private business to form partnerships to more effectively combat cybercrime, which she characterized as one of the most dangerous and disruptive threats facing the United States today. It is no coincidence that Napolitano’s call to action described almost to a tee the regionally based mission and model of San Diego’s Securing Our eCity and other like-minded efforts that have taken root recently across the country.

“It was truly gratifying to hear Secretary Napolitano’s remarks, which compare so favorably with our efforts here in San Diego,” said Liz Fraumann, Executive Director of the ESET Foundation Inc., dba Securing Our eCity Foundation (SOeC). “We were deeply honored when she presented us with a White House award for achieving the best community-based cyber security awareness program in the nation in 2010, and we have fully embraced the private-public partnership model just as she described it in her keynote speech in Philadelphia last week.”

Fraumann and SOeC are also in lockstep with the DHS chief on her sobering view of the extremely serious and delicate nature of the nation’s ability to defend itself against cyber-attacks and internet-borne crime. “Data security represents an important safety chain for the nation, and we are truly only as strong as our weakest link,” Fraumann said. “That’s exactly why, in addition to rallying together military and law enforcement agencies, local governments, schools and private businesses of all sizes, our major goal is to go out into the community and raise awareness about cyber threats — particularly among those groups that are the most vulnerable to these attacks: children, seniors, and small businesses.”

Fraumann also concurred with Napolitano’s assessments that government alone cannot provide an adequate defense of our nation without aid from trained and vigilant private citizens and businesses, but also that the problem is extremely grave, and getting worse by the moment. “Unfortunately, the majority of Americans are still blissfully unaware of the true nature of the threat,” she said. As Secretary Napolitano said last week, cybercrime now accounts for billions in annual profits to cybercriminals, which directly translates to losses from legitimate businesses and individuals. “We have to act now, and we have to do it as a united front, out in the community, educating our citizens. SOeC’s early and energetic adoption of Homeland Defense’s ‘Stop. Think. Connect.’ awareness campaign is yet another example of how organizations are taking a leadership position at the forefront of cyber security education measures,” Fraumann added.

Members of the public, as well as public servants, business people and indivduals from throughout the Southern California area are encouraged to attend this year’s Annual Securing Our eCity Cyber security Symposium and Awards ceremony, taking place Oct. 10-11 at the Center for Sustainable Energy facility in San Diego. Programs led by speakers and experts from around the country and around the world will present a variety of programs on developments in the global cyber security landscape, and how it impacts local communities and citizens , as well as measures that each of us can take to combat cybercrime in both our homes and businesses. For more information, please click on SOeC’s event page.

SOeC TV: Cyber Cup Award Ceremony Interview with Troy High School NJROTC Cmdr. Allen Stubblefied

Troy High School’s Navy Junior ROTC cadets took home the gold at the 2012 San Diego Mayor’s Cyber Cup Competition at UCSD. In this interview conducted at Troy’s NJROTC unit headquarters in Fullerton, Calif., Commander Allen Stubblefield shares his views on the victory.


SOeC TV: SAIC’s Duke Ayers Discusses San Diego Mayor’s Cyber Cup Competition

In this interview with SAIC Vice President Duke Ayers at the UCSD Supercomputer Center, he discusses his role as Program Manager for the CyberNEXS system that powers the Mayor’s Cyber Cup, and how the competition benefits San Diego and beyond by helping encourage the next generation of “cyber warriors.”



High School ROTC Teams from Fullerton, Scripps Ranch and Ramona Stage Unexpected Upset in San Diego Mayor Jerry Sanders’ 3rd Annual Cyber Cup Competition

SAN DIEGO – March 14, 2012 – “In first place….Troy!”  The announcement by Securing Our eCity’s Liz Fraumann Saturday at the San Diego Mayor’s Cyber Cup Finals on the UCSD campus drew no immediate reaction from the seven-member team from Fullerton’s Troy High School.  The students looked at each other and whispered, “Did they say Troy?”  Only when Fraumann repeated, “Troy High School – first place,” did the team slowly stand up in their ROTC uniforms, registering shock and disbelief as competing teams from Southern California rained down on them with congratulatory handshakes.

It was a surprise ending to an event where teenagers were called upon to thwart hackers intent on stealing their secrets.  Eight teams from San Diego and Orange County competed in the final round for this year’s San Diego Mayor’s Cyber Cup competition. The third annual event was hosted by the San Diego Supercomputer Center on the University of California, San Diego campus in La Jolla.

San Diego City Councilwoman Sherri Lightner, a strong supporter of Science Technology Engineering and Math (STEM) education, represented Mayor Jerry Sanders’ office at the event, and presented the Mayor’s Cup to the students from Troy. Lightner congratulated both the student participants and the organizers and sponsors of the event, who she commended for creating a program that was both educational and potentially life-changing. In addition, Lightner noted that the true success of the Mayor’s Cyber Cup Challenge was evident from a comment made earlier in the competition by one of the students from Westview High School,  who summed up the experience by saying simply, “It’s fun!” Lightner went on to state that the youths who participated in the Mayor’s Cyber Cup are among an elite group that we as a community, state and nation, are counting on to help protect us in the digital world.

Troy High’s team from Fullerton became as the unexpected victors, with a winning score of 323 points, far outpacing second-place Scripps Ranch High School (231 points) and Ramona High School (190 points).  Albert Song, a junior and the team captain for Troy, said, “We were stunned when they said that Troy was the winner.  We came here as the underdog and were just trying to enjoy the experience.”  When asked how they managed to win, Albert summed up the team’s effort: “We had a plan and we stuck to it.  We had five computers to work eight simulated computer systems.  We divided up the simulated computers among our team, and we stayed to our game plan using a security checklist for each system.  We kept each other going and offered help throughout the day.”

The competition measured each team’s ability to secure eight simulated computer systems, while still maintaining their connections with the outside world.  Troy’s team included juniors Albert Song and Noah Nam, sophomores Ben Dillon, Michael Park, Matthew Sprengel, and freshmen John-Michael Linares and Michael Chu.  All are cadets in Troy High’s Navy Junior ROTC program.  Interestingly, all of the top three teams were all JROTC participants, while the other five were from technology schools.  Other finalist teams included Westview High School of Rancho Bernardo, La Jolla High School, Canyon Crest Academy of San Diego, Pacific Technology School of Santa Ana, and Poway High School.

In addition to Securing Our eCity, an ESET Foundation signature program, sponsors and organizers for this year’s Cyber Cup competition included SAIC, The Ranger Group, the AFCEA San Diego Chapter, Identity Theft Resource Center, TE Connectivity, Chocheles Consulting Group, NH-ISAC, TechFlow, Cubic, Vector Resources Inc., Innovative Employee Solutions, Volt Work Force Solutions, The San Diego Futures Foundation, NDIA, the ESET Foundation and UCSD.

In addition to taking home a trophy to showcase their win, Troy High School’s Warriors team received a $2,500 check and an invitation to attend a week-long computer security camp hosted by San Diego’s ESET Foundation this summer.  Commander John Sicklick, the team’s mentor and a Navy Reservist, stated, “The scores are so incredibly impressive.  We had the highest score on seven of eight systems, and were second in the other system.”

Allen Stubblefield, the team’s coach, commented, “Our cadets are very focused and eager to do well.  We gave them the tools for success, but they made it happen.  We have competed in the Air Force Association’s Cyber Patriot competition and the San Diego Mayor’s Cyber Cup for the past two years and our cadets worked hard to improve every round of every competition.  The cadets really teach themselves and see each challenge as something to overcome.”

About The ESET Foundation

Founded in late 2011, the ESET Foundation’s mission is to foster community collaboration to create educational awareness for cyber and societal challenges. Headquarted in San Diego, the ESET Foundation’s signature program is the award-winning Securing Our eCity®, recognized in 2010 by the White House and the Department of Homeland Security (DHS) for the best local and community program. The ESET Foundation brings together like-minded organizations whose primary goal is to encourage cyber security for business, families, youth and seniors. For more information visit www.esetfoundation.org or, please email Steve.Kovsky@esetfoundation.org.

About Securing Our eCity

Securing Our eCity (SOeC) is an initiative created and led by ESET North America, a San Diego based software security company. SOeC is focused on fostering public/private partnerships at local, state, national and international levels while helping counter cyber threats and creating more cyber secure communities across the globe. Stakeholders from coast to coast including consumer advocates, business owners, and governmental agencies (law enforcement and legislative bodies) have come together to raise awareness, education and help individuals and businesses prepare for cyber security challenges now and in the future. The founding stakeholders include ESET North America, San Diego Business Journal, San Diego Gas & Electric (SDG&E), San Diego Regional Chamber of Commerce, UCSD and SDSU. To learn more, visit: www.securingourecity.org

For the latest cyber threat and education information, follow Securing Our eCity on Twitter, become a fan on Facebookor follow our blog at http://www.securingourecity.org/blog.


ESET Foundation
Steve Kovsky
(760) 297-4004

SOeC on TV: Observe National Data Privacy Day by Keeping Yourself “Cyber Safe”

SOeC's Steve Kovsky shares cyber safety awareness tips with San Diego 6 TV's Marc Bailey. CLICK HERE TO WATCH.

Securing Our eCity took the National Data Privacy Day message to the local airwaves last week, appearing on San Diego 6 TV’s News in the Morning Show with Anchor Marc Bailey to discuss why there’s a need for such an observance, and how San Diegans should mark the day.

SOeC’s Director of Community Outreach Steve Kovsky shared his tips for cyber safety, which included joining up with “cyber-minded” organizations such as Securing Our eCity, and participating in activities such as San Diego Mayor Jerry Sanders’ Cyber Cup Challenge, a city-wide competition open to all middle and high school students in the greater San Diego Area.

To view the video interview, please click here.


2012 San Diego Mayor’s Cyber Cup Challenge: The Gauntlet Has Been Thrown

Calling All Southern California Middle & High School Students: Accept the Mayor’s Challenge to Become a Cyber Warrior

San Diego – The San Diego Mayor Jerry Sanders’ Office has again partnered with Securing Our eCity, the ESET Foundation, SAIC, NDIA and UCSD to host the San Diego Mayor’s Cyber Cup Challenge, to take place at UCSD in late March 2012.  This event is a part of their STEM (Science, Technology, Engineering & Mathematics) outreach programs, and seeks to encourage middle and high school students to consider majors and careers in STEM disciplines.

The San Diego Mayor’s Cyber Cup invites all San Diego high schools to participate in a three-phase cyber defense competition. The first two rounds (qualification and preliminary) will use the distributed game mode, where they can train and then compete simultaneously via the Internet. The eight winners of the qualification round will then participate in a head-to-head comprehensive final round, where each team will have its own CyberNEXS environment.  (CyberNEXS provides a live exercise environment consisting of Windows and UNIX operating systems, network and security devices, as well as other information resources.)

During the final competition, teams will be scored on their ability to administer the following four essential skills:

  1. maintenance of critical services;
  2. removing vulnerabilities and hardening systems;
  3. communicating status and resource requirements; and
  4. thwarting and removing hacker activities.

Following the final round, the participating teams will be hosted to an awards banquet at UCSD.

When:  Kick-off on Jan. 30, 2012. Practice rounds to be conducted during a 48-hour window in Mid-February.  [The purpose of the practice round is to familiarize students with the competition environment and verify that their computer(s) are able to access the competition software and images.]  Qualification round will be held in early March.  [The purpose of the qualification round is to select the top 8 teams to compete in the final round.]  Final round will be held on March 10, 2012.

Where:  The practice and qualification rounds will be conducted at the participating teachers’ school sites.  The final round will be held at UCSD’s world-renowned Supercomputer Center.

Contact:  Interested teachers should contact Liz Fraumann at Securing Our eCity. Teams should consist of 6-8 interested middle and/or high school students and their coach.  Students should be enrolled in or have already taken AP Computer Science or Computer Science courses, though this is not a requirement.

Cost to Participate:  Nothing

For further details, download the flyer (PDF) here: SDMCC_Flyer_LF

Could “Hacktivists” Take Down Critical U.S. Infrastructure?

So-called “hacktivist” group Anonymous has  breached organizations from police department to transit systems. It begs the question: Are they capable of taking down the industrial control systems (ICS) that handle things like our nation’s water and electrical supplies?

In a recently released memo, the Department of Homeland Security (DHS) concluded “While Anonymous recently expressed intent to target ICS, they have not demonstrated a capability to inflict damage to these systems, instead choosing to harass and embarrass their targets using rudimentary attack methods, readily available to the research community.”

However, the memo offers this chilling caveat: “Experienced and skilled members of Anonymous . . . could be able to develop capabilities to gain access and trespass on control system networks very quickly.”

The report is available for download here: http://info.publicintelligence.net/NCCIC-AnonymousICS.pdf

Want to learn more about protecting critical infrastructure from cybercriminals? Attend the Securing Our eCity® Cyber security Symposium and Awards next Tuesday, October 25, at the Sheraton Harbor Island Hotel and Marina in San Diego.

New DoD Cyber Plan Calls Up Private Companies to Do Their Part

The Department of Defense today released its first-ever “Strategy for Operating in Cyberspace,” and it calls on the private sector to shoulder part of the burden.

Gen. James Cartwright (left) and Deputy Secretary of Defense William J. Lynn unveil the new DOD cyber security plan. (Photo by Bob Spoerl/Medill News Service)

Being hailed as the first plan of its kind, the strategy integrates efforts by the DOD’s military, intelligence and business operations, and lays out five pillars for defending against cyber attacks — several of which specifically call upon civilians to join the fray.

“Everybody is on the frontline,” Deputy Secretary of Defense William J. Lynn III said at an official announcement detailing the new cyber security plan at the National Defense University, according to MarketWatch.com.

The plan was necessary to address the increasingly hostile online environment facing both military and civilian interests, Lynn said during a press conference earlier today. According to a report by InformationWeek’s J. Nicholas Hoover:

In releasing the strategy, officials pointed to a continuing increase in the number and severity of cyber threats. For example, Lynn detailed a March attack in which 24,000 files related to a weapons system being developed for the DOD were stolen from a defense contractor in an attack that the department suspects was the act of a foreign intelligence service. Lynn said that the attack removed sensitive design files, and that the DOD is currently assessing whether it needs to redesign any part of the system as a result of the attack.

To download a copy of the DOD document, click here: http://www.defense.gov/news/d20110714cyber.pdf

“Cyber ShockWave” Exercise Shakes Up the Capital: How Would Our Leaders Respond to an All-Out Cyber Crisis?

A report was released yesterday detailing the fallout of an extraordinary simulated cyber attack scenario, which was orchestrated in Washington DC on February 16, 2010, by a bipartisan group of former senior administration and national security officials. 

CNN’s Wolf Blitzer moderated and broadcast a special news program on the “Cyber ShockWave” simulation. The purpose of the exercise was to gain insight into how government officials would respond in the event of  a large-scale cyber crisis affecting much of the nation.

The Bipartisan Policy Center sponsored the project, with support and guidance from General Dynamics Advanced Information Systems, Georgetown University, PayPal, SMobile Systems, Southern Company and Symantec. According to the group’s Web site:

Cyber ShockWave had participants play the roles of Cabinet members reacting in real time to an unfolding cyber attack and advising the President on an appropriate response. Cyber ShockWave highlighted how critical an issue cyber security has become for our nation. While protecting sensitive and personal data remains a priority, the proliferation of computers across ever-greater spheres of our personal lives and their growing role in running our critical infrastructure means a serious cyber event could have a debilitating effect on this country.

This report provides a summary of the bipartisan group’s findings and recommendations resulting from the simulation. The full report is available for download.