Today's Headlines and Commentary

North Korea's social media accounts were hacked yesterday by Anonymous, not that any of that country’s citizens would know about it. Here's the BBC on all of that. Marc Maiffret, Chief Technology Officer at enterprise security management company BeyondTrust, penned this op-ed in the New York Times arguing for a shift in the conversation about cybersecurity threats---a shift from arguing over how to punish perpetrators and educate potential victims to focusing on software vulnerabilities that enable the breaches in the first place. Maiffret says that technology companies lack incentives for building more secure systems:

The unspoken truth is that for the most part, large software companies are not motivated to make software secure. It’s a question of investment priorities: they care more about staying competitive with their products, and that means developing the latest features and functions that consumers and businesses are looking to buy. Security issues are often treated more as a marketing challenge than an engineering one.

A result is an open door to hackers inside some of the world’s most popular software systems. Perhaps most famously, during the early to middle parts of the last decade, hackers discovered a significant number of glaring security weaknesses in Microsoft products (some of which were discovered by my company). Several of these weaknesses were exploited in high-profile computer virus and worm attacks.

Paul brought this issue up yesterday on the blog, and noted this op-ed earlier today. Down in the Commonwealth of Virginia, Governor Bob McDonnell has launched a public-private partnership to focus on building cybersecurity expertise in the state and region. Here's the AP story and Governor McDonnell's press release, in which he explained:

Cyber security is the looming justice and national security concern of the coming decade. Virginia is uniquely positioned to shape the emerging cyber frontier with a leading-edge technology community, a workforce experienced in national security and law enforcement, and an educational system strong in math and science. We must ensure that Virginia remains a leader on issues of security, technology, and innovation.

New York City's police department recently deployed a public-private partnership of its own that leverages  police data and computer algorithms built by Microsoft to make the city safer. And apparently, not only is it working, but the Big Apple might actually make some money off of it. Other jurisdictions want to get their hands on it, too. Sam Roberts of the New York Times provides all the details here. Over at the Christian Science Monitor, Mark Clayton trains readers' attention on cyber criminals' latest target: emergency call centers. Apparently, since January, more than 200 administrative call centers, responsible for answering when someone dials 9-1-1, have been hit with "telephone denial of service" attacks, preventing incoming and outgoing calls as part of a scheme to extort the call center. This story might not necessarily scream, "National security threat! Secure the homeland!" The Washington Post's Anthony Faiola and T.W. Farnam discuss the rise of bitcoin, a cyber currency that hackers and cryptologists use. The value of a single bitcoin, which two years ago was less than $1, was valued yesterday at $130. Could more widespread adoption of the bitcoin as a form of currency disrupt global financial markets? Here's the article's summary of the government's response to the new currency:

Last October, the European Central Bank issued a report on the topic. Last month, a branch of the U.S. Treasury concerned with money laundering issued guidance to online exchanges in the United States, warning that they must report large cash transactions and suspicious activity on their systems. “In a way it is like . . . Monopoly money being used rather than your respective currency, not knowing who owns the bank and who is the dog, the car, the top hat or thimble," said Rusty Payne, a spokesman for the U.S. Drug Enforcement Agency. “Bitcoins are virtually untraceable.”

USA Today's Jim Michaels reports on the DoD's efforts to put together rules of engagement for cyber warfare, drawing on Gen. Keith Alexander's testimony last month on the Hill. The World Health Organization has said that there is no sign that the new strain of bird flu in China is spreading through human-to-human contact, as this story by Reuters explains. But the outbreak does have the U.S. Centers for Disease Control's attention; the CDC is "fairly worried" about the virus, and has begun working on a vaccine. Here's Donald McNeil and Andrew Jacobs in the New York Times; the Economist also discusses the new virus in this report on Analects blog. The hunger strike at GTMO continues. The DoD says that nearly a quarter of those held at the detention center are participating in it. Here's the CBS News story. In Georgia (not the one famous for its peaches), three men have been arrested for illegal possession of Americium-241, a radioactive isotope that could be used in weapons. The AP has the story. Who might succeed Hamid Karzai as President of Afghanistan? The Economist's print edition profiles one of the potential front-runners, Atta Mohammad Noor, more commonly known as Ustad Atta. He is an ethnic Tajik, fought the USSR back in the 1980s, was a member of Ahmad Shah Massoud's mujahideen, and was once one of the most senior commanders of the Northern Alliance. Now he's the governor of the northern province of Balkh, which has been flourishing under his leadership. Bloomberg broke this story yesterday afternoon: Google has filed a rare petition challenging a national security letter (NSL) it received in a federal district court. NSLs are requests by the federal government for a private company to provide private data on at least one of its users. Congressman Adam Schiff of California will be introducing an amendment to the cybersecurity information-sharing bill, CISPA, next week that would require companies to "make reasonable efforts" to remove personal information from data that it shares with others. The amendment is meant to appease the concerns of privacy advocates, writes Jennifer Martinez of The Hill. A Dutch judge has blocked the extradition to the United States of a man suspected of plotting a suicide attack on a U.S. base in Afghanistan. The extradition had initially been approved by a lower court judge, but the man, who holds Dutch and Pakistani citizenship, challenged it. Read the AP story on today's decision. For more interesting law and security-related articles, follow us on Twitter and check out the Lawfare News Feed, visit the Georgetown Center on National Security and the Law’s Security Law Brief, Syracuse’s Institute for National Security & Counterterrorism’s newsroll, and Fordham Law’s Center on National Security’s Morning Brief and Cyber Brief. Email Raffaela Wakeman and Ritika Singh noteworthy articles to include, visit the Lawfare Events Calendar for upcoming national security events, and check out relevant job openings at the Lawfare Job Board.