So much cyber-related news!

Maybe it's just because I follow too many cybersecurity analysts and cyber threat intelligence firms, but seriously: This week has been pure social media cyber-madness. Blogging once a day will never do it justice, but let me try with tonight's update:

• First up, Google finally put out the Digital Attack Map, and it's really neat, though Slate's Will Oremus is skeptical that Google's motives are entirely altruistic. At work, the reaction was a bit different: There was a lot of talk along the lines of, "Google can put this out, but the federal government can't make a function healthcare exchange web site after shelling out hundreds of millions of dollars?"
• Alert Logic just put a new report which found that energy firms are at an all-time high risk of brute force attacks and malware/botnet threats. Big finding: 67% of energy companies experienced brute force attacks, compared to 34% of the entire customer set. And, furthermore, 61% of energy companies experience malware/botnet infiltration attacks, compared to 13% of the entire customer set. So in case anyone doubted that securing our energy infrastructure is now one of the top national security priorities of the decade, this news, combined with ICS-CERT's disclosure that brute force attacks for the first half of FY2013 surpassed the total for 2012, should be the final word that galvanizes action. But...it probably won't be, for reasons that I have discussed elsewhere.
• At work, we are currently delving into research on the economic costs of Intellectual Property Theft through cyber espionage, which makes the timing of this new article rather convenient. One of the things that sucks about figuring out losses from IP theft - which can be quantified as either total monetary losses or job losses - is that there is almost no reliable way to measure it, as a really good CSIS/McAfee study on the topic points out. This article, however, discusses new claims by Black Ops Partners Corporation, a consulting firm that specializes in advising large companies on IP protection. In contrast to the estimates by the Office of the National Counterintelligence Executive that we lose between $2 billion and $400 billion to cyber espionage, Black Ops claims that "$500 billion is covertly stolen from U.S. companies every year", while"[the] economic effect...equates to over $5 trillion in trade secrets, IP, technology, revenue, and jobs removed from the U.S. economy every year." Is Black Ops exaggerated? Maybe, though as the article points out: "BlackOps is in a unique position, however, since working with numerous major companies directly on counterintelligence gives them insider knowledge on corporate losses." I will need to read more about their methods, but it should certainly not be news that cyber theft has serious economic costs.
• The National Institute of Standards & Technology framework, which President Obama called for in an Executive Order this past February, has finally been released. Although the hyperlinked article includes a quote from someone at McAfee praising the framework as being "beyond rhetoric", I'm still skeptical. Developing a "framework for people working together" is not the same thing as spurring them to action, and the private sector has been notoriously reluctant to work with the federal government.
• The Washington Post had an article which pondered whether the NSA and Cyber Command should be split up after Gen. Keith Alexander steps down next year. They quote Alexander's predecessor, Gen. Michael Hayden, who claims that they're now "indistinguishable."
• And, in totally non-cyber related news, I have concluded that Blackmill is five hundred kinds of awesome. Case in point: Blackmill's dubstep remix of Ellie Goulding's "Your Song".