Cybersecurity: Data, Statistics, and Glossaries
Rita Tehan
Information Research Specialist
September 8, 2015
Congressional Research Service
7-5700
www.crs.gov
R43310
Cybersecurity: Data, Statistics, and Glossaries
Summary
This report describes data and statistics from government, industry, and information technology
(IT) security firms regarding the current state of cybersecurity threats in the United States and
internationally. These include incident estimates, costs, and annual reports on data security
breaches, identity thefts, cybercrimes, malwares, and network securities.
For information on cybersecurity-related issues, including authoritative reports by topic, see CRS
Report R42507, Cybersecurity: Authoritative Reports and Resources, by Topic, by Rita Tehan.
For information on legislation, hearings, and executive orders, see CRS Report R43317,
Cybersecurity: Legislation, Hearings, and Executive Branch Documents, by Rita Tehan.
Congressional Research Service
Cybersecurity: Data, Statistics, and Glossaries
Contents
Data and Statistics ........................................................................................................................... 1
Cybersecurity: Glossaries, Lexicons, and Guidance ..................................................................... 16
Tables
Table 1. Data and Statistics: Cyber Incidents, Data Breaches, Cybercrime .................................... 2
Table 2. Glossaries, Lexicons, and Guidance Pertaining to Cybersecurity Concepts ................... 17
Contacts
Author Contact Information ............................................................................................................ 1
Key Policy Staff .............................................................................................................................. 1
Congressional Research Service
Cybersecurity: Data, Statistics, and Glossaries
Data and Statistics1
This section describes data and statistics from government, industry, and information technology
(IT) security firms regarding the current state of cybersecurity threats in the United States and
internationally. These include incident estimates, costs, and annual reports on data security
breaches, identity thefts, cybercrimes, malwares, and network securities.
1 For information on selected authoritative reports and resources on cybersecurity, see CRS Report R42507,
Cybersecurity: Authoritative Reports and Resources, by Topic, by Rita Tehan. For lists of legislation and hearings in
the 112th-114th Congresses, executive orders, and presidential directives, see CRS Report R43317, Cybersecurity:
Legislation, Hearings, and Executive Branch Documents, by Rita Tehan.
Congressional Research Service
1
Table 1. Data and Statistics: Cyber Incidents, Data Breaches, Cybercrime
Title
Date
Source
Pages
Notes
Web Hacking Incidents Database
Ongoing
Breach Security,
N/A
The web hacking incident database (WHID) is a project
Inc.
dedicated to maintaining a list of web application-related
security incidents. The WHID’s purpose is to serve as a tool
for raising awareness of the web application security problem
and provide information for statistical analysis of web
application security incidents. Unlike other resources
covering website security, which focus on the technical
aspect of the incident, the WHID focuses on the impact of
the attack. To be included in WHID an incident must be
publicly reported, be associated with web application security
vulnerabilities and have an identified outcome.
Significant Cyber Incidents Since 2006
Ongoing
Center for
15
This timeline records significant cyber events since 2006. It
Strategic and
focuses on successful attacks on government agencies,
International
defense and high tech companies, or economic crimes with
Studies (CSIS)
losses of more than $1 mil ion.
Overview of Current Cyber Attacks
Ongoing
Deutsche
N/A
Provides a real-time visualization and map of cyberattacks
(logged by 180 Sensors)
Telekom
detected by a network of 180 sensors placed around the
world.
Digital Attack Map
Ongoing
Arbor Networks
N/A
The map is powered by data fed from 270+ ISP customers
worldwide who have agreed to share network traffic and
attack statistics. The map displays global activity levels in
observed attack traffic, which it is col ected anonymously, and
does not include any identifying information about the
attackers or victims involved in any particular attack.
Real-Time Web Monitor
Ongoing
Akamai
N/A
Akamai monitors global Internet conditions around the clock.
The map identifies the global regions with the greatest attack
traffic.
Regional Threat Assessment: Infection Rates and
Ongoing
Microsoft Security
N/A
Data on infection rates, malicious websites, and threat trends
Threat Trends by Location Regional Threat
Intelligence
by regional location, worldwide.
Assessment: Infection Rates and Threat Trends by
Report (SIR)
Location (Note: Select “All Regions” or a specific
country or region to view threat assessment
reports)
CRS-2
Title
Date
Source
Pages
Notes
ThreatWatch
Ongoing
NextGov
N/A
ThreatWatch is a snapshot of the data breach intrusions
against organizations and individuals, globally, on a daily basis.
It is not an authoritative list, because many compromises are
never reported or even discovered. The information is based
on accounts published by outside news organizations and
researchers.
McAfee Research & Reports (multiple)
Ongoing
McAfee
N/A
Links to reports by the company on cybersecurity threats,
malware, cybercrime, and spam.
Cyber Power Index
Ongoing
Booz Al en
N/A
The index of developing countries' ability to withstand cyber
Hamilton and the
attacks and build strong digital economies, rates the countries
Economist
on their legal and regulatory frameworks, economic and
Intelligence Unit
social issues, technology infrastructure, and industry. The
index puts the United States in the no. 2 spot, and the United
Kingdom in no. 1.
Data Breaches
Ongoing
Identity Theft
N/A
The ITRC breach list is a compilation of data breaches
Resource Center
confirmed by various media sources and notification lists
(ITRC)
from state governmental agencies. This list is updated daily
and published each Tuesday. To qualify, breaches must
include personally identifiable information that could lead to
identity theft, especially Social Security numbers. ITRC
fol ows U.S. federal guidelines about what combination of
personal information comprises a unique individual. The
exposure of this information constitutes a data breach.
Cytherthreat: Real-Time Map
Ongoing
Kaspersky Labs
N/A
Kaspersky Labs has launched an interactive cyberthreat map
that lets viewers see cybersecurity incidents as they occur
around the world in real time. The interactive map includes
malicious objects detected during on-access and on-demand
scans, e-mail and web antivirus detections, and objects
identified by vulnerability and intrusion detection sub-
systems.
CRS-3
Title
Date
Source
Pages
Notes
Global Botnet Map
Ongoing
Trend Micro
N/A
Trend Micro continuously monitors malicious network
activities to identify command-and-control (C&C) servers and
help increase protection against botnet attacks. The real-time
map indicates the locations of C&C servers and victimized
computers they control that have been discovered in the
previous six hours.
HoneyMap
Ongoing
Honeynet Project
N/A
The HoneyMap displays malicious attacks as they happen.
Each red dot on the map represents an attack on a computer.
Yellow dots represent honeypots, or systems set up to
record incoming attacks. The black box on the bottom gives
the location of each attack. The Honeynet Project is an
international 501c3 non-profit security research organization,
dedicated to investigating the latest attacks and developing
open source security tools to improve Internet security.
The Cyberfeed
Ongoing
Anubis Networks
N/A
Provides real-time threat intelligence data worldwide.
DataLossDB
Ongoing
Open Security
N/A
The Open Security Foundation's DataLossDB gathers
Foundation
information about events involving the loss, theft, or
exposure of personally identifiable information (PII).
DataLossDB's dataset, in current and previous forms, has
been used in research by numerous educational,
governmental, and commercial entities, which often have
been able to provide statistical analysis with graphical
presentations.
Breaches Affecting 500 or More Individuals
Ongoing
U.S. Department
N/A
As required by Section 13402(e)(4) of the HITECH Act, the
of Health and
Secretary must list breaches of unsecured protected health
Human Services
information affecting 500 or more individuals. These breaches
are now posted in a new, more accessible format that allows
users to search and sort the breaches. Additionally, this new
format includes brief summaries of breach cases that OCR
has investigated and closed, as well as the names of private
practice providers who have reported breaches of unsecured
protected health information to the Secretary.
CRS-4
Title
Date
Source
Pages
Notes
E-mail Account Compromise (EAC)
August 27, 2015
FBI Internet
N/A
The FBI warned about a significant spike in victims and dol ar
Crime Complaint
losses stemming from an increasingly common scam in which
Center (IC3)
crooks spoof communications from executives at the victim
firm in a bid to initiate unauthorized international wire
transfers. According to the FBI, thieves stole nearly $750
mil ion in such scams from more than 7,000 victim companies
in the United States between October 2013 and August
2015.
Criminals Continue to Defraud and Extort Funds
June 23, 2015
FBI Internet
N/A
Between April 2014 and June 2015, the CryptoWall
from Victims Using CryptoWall Ransomware
Crime Complaint
ransomware cost Americans more than $18 mil ion. The
Schemes
Center (IC3)
money was spent not only on ransoms, which range from
$200 to $10,000 apiece, but also on "network mitigation,
network countermeasures, loss of productivity, legal fees, IT
services, or the purchase of credit monitoring services for
employees or customers."
2015 Data Breach Investigations Report (DBIR)
April 14, 2015
Verizon
70
A ful three-quarters of attacks spread from the first victim to
the second in 24 hours or less, and more than 40% spread
from the first victim to the second in under an hour. On top
of the speed with which attackers compromise multiple
victims, the useful lifespan of shared information can
sometimes be measured in hours. Researchers also found
that of the IP addresses observed in current information
sharing feeds, only 2.7% were valid for more than a day, and
the number dwindles from there. Data show that information
sharing has to be good to be effective.
HIPAA breaches: The list keeps growing
March 12, 2015
Healthcare IT
N/A
More than 41 mil ion people have had their protected health
News
information compromised in Health Insurance Portability and
Accountability Act (HIPAA) privacy and security breaches.
Using data from the Department of Health and Human
Services, which includes HIPAA breaches involving more than
500 individuals, reported by 1,149 covered entities and
business associates, the website compiled a sortable,
searchable list.
CRS-5
Title
Date
Source
Pages
Notes
Federal Information Management Security Act
February 27, 2015
Office of
100
The number of actual cybersecurity incidents reported by
(Annual Report to Congress)
Management and
federal agencies to the DHS decreased last year. Data show
Budget (OMB)
the total bulk number of incident reports sent by the largest
24 agencies to US-CERT going up by about 16% during
FY2014 from the year before. But when two significant
categories from that data set are removed— non-
cybersecurity incidents” and “other”— the number actually
shows a decrease of about 6%. Non-cybersecurity incidents
involve the mishandling of personality identifiable information,
but without a cybersecurity component, meaning the data
breach likely occurred through a misplaced paper document.
Incidents classified as “other” are things such as scans,
blocked attempts at access and miscellaneous events.
Reported incidents of actual serious cybersecurity issues,
such as malware, suspicious network activity and improper
usage, declined last year. Real threats that did increase in
recorded number include social engineering, unauthorized
access, and denial-of-service attacks.
2014 Global Threat Intel Report
February 6, 2015
CrowdStrike
77
This report summarizes CrowdStrike’s year-long daily
scrutiny of more than 50 groups of cyber threat actors,
including 29 different state-sponsored and nationalist
adversaries. Key findings explain how financial malware
changed the threat landscape and point of sale malware
became increasingly prevalent. The report also profiles a
number of new and sophisticated adversaries from China and
Russia, including Hurricane Panda, Fancy Bear, and Berserk
Bear.
Incident Response/Vulnerability Coordination in
February 2015
ICS/CERT
15
In FY2014, the Industrial Control Systems Cyber Emergency
2014
Monitor
Response Team (ICS-CERT) received and responded to 245
incidents reported by asset owners and industry partners.
The Energy sector led all others again in 2014 with the most
reported incidents. ICS-CERT’s continuing partnership with
the Energy sector provides many opportunities to share
information and col aborate on incident response efforts.
Also noteworthy in 2014 were the incidents reported by the
Critical Manufacturing sector, some of which were from
control systems equipment manufacturers.
CRS-6
Title
Date
Source
Pages
Notes
CISCO 2015 Annual Security Report
January 20, 2015
Cisco
53
Government agencies worldwide, compared with banks and
(free registration required)
many other companies, are better able to cope when the
inevitable data breach occurs, according to the study on
advances in cybersecurity. About 43% of the public sector
falls into the "highly sophisticated" security posture segment.
The best security stances can be found within the
telecommunications and energy sectors, tied at 47%.
The Cost of Malware Containment
January 20, 2015
Ponemon Institute
According to the study, organizations typically received nearly
17,000 malware alerts weekly, which pose a taxing and costly
endeavor. Of those alerts, only 3,218 were considered to be
actionable and only 705 (or 4%) were investigated. An
average of 395 hours is wasted weekly investigating and
containing malware due to false positives or false negatives,
costing participating organizations an estimated $1.27 mil ion
yearly in average value of lost time.
2014 Global Report on the Cost of Cybercrime
October 8, 2014
HP Enterprise
31
The 2014 global study of U.S.-based companies, spanning
Security and
seven nations, found that over the course of a year, the
Ponemon Institute
average cost of cybercrime for companies in the United
States climbed by more than 9% to $12.7 mil ion up from
$11.6 mil ion in the 2013 study. The average time to resolve a
cyberattack is also rising, climbing to 45 days from 32 days in
2013.
Managing Cyber Risks in an Interconnected World:
September 30, 2014
Pricewaterhouse
31
The Global State of Information Security Survey (GSISS), on
Key Findings from the Global State of Information
Coopers (PwC)
which the report is based, surveyed more than 9,700
Security Survey 2015
respondents worldwide and detected that the number of
cyber incidents increased at a compound annual rate of 66%
since 2009. As the frequency of cyber incidents have risen so
too has the reported costs of managing and mitigating them.
Globally, the estimated average financial loss from cyber
incidents was $2.7 mil ion, a 34% increase over 2013. Big
losses have also been more common, with the proportion of
organizations reporting financial hits in excess of $20 mil ion,
nearly doubling. Despite greater awareness of cybersecurity
incidents, the study found that global information security
budgets actually decreased 4% compared with 2013.
CRS-7
Title
Date
Source
Pages
Notes
How Consumers Foot the Bil for Data Breaches
August 7, 2014
NextGov.com
N/A
In 2013, there were more than 600 data breaches, with an
(infographic)
average organization cost of more than $5 mil ion. But in the
end, it is the customers who are picking up the tab, from
higher retail costs to credit card reissue fees.
Is Ransomware Poised for Growth?
July 14, 2014
Symantec
N/A
Ransomware usually masquerades as a virtual “wheel clamp”
for the victim’s computer. For example, pretending to be
from the local law enforcement, it might suggest the victim
had been using the computer for il icit purposes and to
unlock it the victim would have to pay a fine—often between
$100 and $500. Ransomware escalated in 2013, with a 500%
(six-fold) increase in attack numbers between the start and
end of the year.
Critical Infrastructure: Security Preparedness and
July 2014
Unisys and
34
Unisys and Ponemon Institute surveyed nearly 600 IT security
Maturity
Ponemon Institute
executives of utility, energy, and manufacturing organizations.
Overall, the report finds organizations are simply not
prepared to deal with advanced cyber threats. Only half of
companies have actually deployed IT security programs and,
according to the survey, the top threat actually stems from
negligent insiders.
The Value of a Hacked Email Account
June 13, 2013
Krebs on Security
N/A
One prominent credential seller in the underground peddles
iTunes accounts for $8, and Fedex.com, Continental.com, and
United.com accounts for USD $6. Groupon.com accounts
fetch $5, while $4 buys hacked credentials at registrar and
hosting provider Godaddy.com, as well as wireless providers
Att.com, Sprint.com, Verizonwireless.com, and Tmobile.com.
Active accounts at Facebook and Twitter retail for just $2.50
apiece.. [S]ome crime shops go even lower with their prices
for hacked accounts, charging between $1 and $3 for active
accounts at dell.com, overstock.com, walmart.com,
tesco.com, bestbuy.com and target.com, etc.
Online Trust Honor Rol 2014
June 11, 2014
Online Trust
N/A
Out of nearly 800 top consumer websites evaluated, 30.2%
Alliance
made the Honor Rol , which distinguishes them in best
practices for safeguarding data in three categories:
domain/brand protection, privacy, and security. Conversely,
nearly 70% did not qualify for the Honor Rol , with 52.7%
failing in at least one of the three categories.
CRS-8
Title
Date
Source
Pages
Notes
Net Losses: Estimating the Global Cost of
June 2014
CSIS and McAfee
24
This report explores the economic impact of cybercrime,
Cybercrime
including estimation, regional variances, IP theft, opportunity
and recovery costs, and the future of cybercrime.
Cybercrime costs the global economy up to $575 bil ion
annually, with the United States taking a $100 bil ion hit, the
largest of any country. That total is up to 0.8% of the global
economy. For the United States, the estimated $100 mil ion
cost means 200,000 lost jobs, and is almost half of the total
loss for the G-8 group of Western countries.
2014 U.S. State of Cybercrime Survey
May 29, 2014
PwC, CSO
21
The cybersecurity programs of U.S. organizations do not rival
Magazine, the U.S.
the persistence, tactical skil s, and technological prowess of
Computer
their potential cyber adversaries. This year, three in four
Emergency
(77%) respondents to the survey detected a security event in
Readiness Team
the past 12 months, and more than a third (34%) said the
(CERT) Division
number of security incidents detected increased over the
of the Software
previous year.
Engineering
Institute at
Carnegie Mellon
University, and
the U.S. Secret
Service
The Target Breach, by the Numbers
May 6, 2014
Krebs on Security
N/A
A synthesis of numbers associated with the Target data
breach of December 19, 2013 (e.g., number of records
stolen, estimated dol ar cost to credit unions and community
banks, amount of money Target estimates it wil spend
upgrading payment terminals to support Chip-and-PIN
enabled cards).
CRS-9
Title
Date
Source
Pages
Notes
2014 Cost of Data Breach: Global Analysis
May 5, 2014
Ponemon
28
The average cost of a breach is up worldwide in 2014, with
Institute/IBM
U.S. firms paying almost $1.5 mil ion more than the global
average. In the United States, a data breach costs
organizations on average $5.85 mil ion, the highest of the 10
nations analyzed, up from $5.4 mil ion in 2013. Globally, the
cost of a breach is up 15% this year to $3.5 mil ion. The
United States likewise had the highest cost per record stolen,
at $201, up from $188 last year. The country also led in
terms of size of breaches recorded: U.S. companies averaged
29,087 records compromised in 2014.
Website Security Statistics Report
April 15, 2014
WhiteHat
22
WhiteHat researchers examined the vulnerability assessment
Security
results of the more than 30,000 websites under WhiteHat
Security management to measure how the underlying
programming languages and frameworks perform in the field.
The report yields findings to specific languages that are most
prone to specific classes of attacks, for how often and how
long, as well as a determination as to whether popular
modern languages and frameworks yield similar results in
production websites. The popularity and complexity of .Net,
Java, and ASP mean that the potential attack surface for each
language is larger; as such, 31% of vulnerabilities were
observed in .Net, 28% were found in Java, and 15% were
found in ASP.
More online Americans say they’ve experienced a
April 14, 2014
Pew Research
N/A
Findings from a January 2014 survey show that 18% of online
personal data breach
Center
adults have had important personal information—such as
Social Security numbers, credit cards, or bank accounts—
stolen. That is an increase from the 11% of online adults who
reported personal information theft in July 2013 and 21%
who said they had an email or social networking account
compromised or taken over without their permission. The
same number reported this experience in a July 2013 survey.
CRS-10
Title
Date
Source
Pages
Notes
2014 Internet Security Threat Report
April 8, 2014
Symantec
98
In 2013, there were 253 data breaches that exposed more
than 552 mil ion sets of personal data, according to the annual
report. The number of data breaches was up 62% from the
previous year and nearly 50 more than in 2011, previously
dubbed by Symantec “year of the breach." In addition, eight
mega-breaches exposed more than 10 mil ion identities each,
an eightfold increase from one the year before and nearly
double the five in 2011.
Advanced Threat Report 2013
February 27, 2014
FireEye
22
The report analyzes more than 40,000 advanced attacks
across the globe to map out the latest trends in advanced
persistent threat (APT) attacks. The United States topped the
list of countries targeted by APT activity, which FireEye
defines as online attacks that were “likely directly or
indirectly supported by a nation state.” American institutions
were also targeted by many more APT malware families
(col ections of malware that share significant amounts of code
with each other) than anywhere else.
Cisco 2014 Annual Security Report
January 16, 2014
Cisco
81
The report offers data on and insights into top security
concerns, such as shifts in malware, trends in vulnerabilities,
and the resurgence of distributed denial-of-service (DDoS)
attacks. The report also looks at campaigns that target
specific organizations, groups, and industries, and the growing
sophistication of those who attempt to steal sensitive
information. The report concludes with recommendations for
examining security models holistically and gaining visibility
across the entire attack continuum—before, during, and after
an attack. (Free registration required.)
McAfee Labs 2014 Threats Predictions
January 7, 2014
McAfee
6
In 2013, the rate of growth in the appearance of new mobile
malware, which almost exclusively targets the Android
platform, was far greater than the growth rate of new
malware targeting PCs. In the last two quarters reported,
new PC malware growth was nearly flat, while appearances of
new Android samples grew by 33%.
CRS-11
Title
Date
Source
Pages
Notes
ENISA Threat Landscape 2013 – Overview of
December 11, 2013
European Union
70
The report is a col ection of top cyber threats that have been
Current and Emerging Cyber-Threats
Agency for
assessed in the reporting period (i.e., within 2013). ENISA has
Network and
col ected over 250 reports regarding cyber threats, risks, and
Information
threat agents. ETL 2013 is a comprehensive compilation of
Security
the top 15 cyber threats assessed.
Emerging Cyber Threats Report 2014
November 14, 2013
Georgia Institute
16
The report highlights cloud security and security issues
of Technology
involving the ‘Internet of Things,’ referring to the notion that
the increase of Internet-capable devices could create
opportunities for remote hacking and data leakage. With
everything from home automation to smartphones and other
personal devices becoming connected to the Internet, these
devices wil capture more real-world information and could
permit outside parties, companies, and governments to
misuse that information. (From the annual Georgia Tech
Cyber Security Summit 2013.)
2013/2014 Global Fraud Report
October 23, 2013
Krol /Economist
N/A
The Annual Global Fraud Survey, commissioned by Krol and
Intelligence Unit
carried out by the Economist Intelligence Unit, pol ed 901
senior executives worldwide from a broad range of industries
and functions in July and August 2013. The number of
companies suffering external cyberattacks designed to steal
commercial secrets doubled in 2012-2013 compared with the
previous financial year.
2013 Cost of Cyber Crime Study
October 8, 2013
HP and the
28
The study found the average company in the U.S. experiences
Ponemon Institute
more than 100 successful cyberattacks each year at a cost of
$11.6 mil ion. That is an increase of 26% from last year.
Companies in other regions fared better, but stil
experienced significant losses. This year’s annual study was
conducted in the United States, United Kingdom, Germany,
Australia, Japan, and France and surveyed over 230
organizations.
CRS-12
Title
Date
Source
Pages
Notes
Il icit Cyber Activity Involving Fraud
August 8, 2013
Carnegie Mellon
28
Technical and behavioral patterns were extracted from 80
University
fraud cases—67 insider and 13 external—that occurred
Software
between 2005 and the present. These cases were used to
Engineering
develop insights and risk indicators to help private industry,
Institute
government, and law enforcement more effectively prevent,
deter, detect, investigate, and manage malicious insider
activity within the banking and finance sector.
FY2012 Report to Congress on the Implementation
March 7, 2013
White
63
More government programs violated data security law
of the Federal Information Security Management Act
House/OMB
standards in 2012 than in the previous year, and at the same
of 2002 (FISMA)
time, computer security costs have increased by more than
$1 bil ion. Inadequate training was a large part of the reason
all-around FISMA adherence scores slipped from 75% in 2011
to 74% in 2012. Agencies reported that about 88% of
personnel with system access privileges received annual
security awareness instruction, down from 99% in 2011.
Meanwhile, personnel expenses accounted for the vast
majority—90%—of the $14.6 bil ion departments spent on
information technology security in 2012.
Linking Cybersecurity Policy and Performance:
February 6, 2013
Microsoft
27
Introduces a new methodology for examining how
Microsoft Releases Special Edition Security
Trustworthy
socioeconomic factors in a country or region impact
Intelligence Report
Computing
cybersecurity performance, examining measures such as use
of modern technology, mature processes, user education, law
enforcement and public policies related to cyberspace. This
methodology can build a model that wil help predict the
expected cybersecurity performance of a given country or
region.
Improving the Evidence Base for Information
December 20, 2012
Organisation for
94
This report provides an overview of existing data and
Security and Privacy Policies: Understanding the
Economic
statistics in fields of information security, privacy, and the
Opportunities and Challenges related to Measuring
Cooperation and
protection of children online. It highlights the potential for
Information Security, Privacy and the Protection of
Development
the development of better indicators in these respective
Children Online
(OECD)
fields showing in particular that there is an underexploited
wealth of empirical data that, if mined and made comparable,
wil enrich the current evidence base for policymaking.
CRS-13
Title
Date
Source
Pages
Notes
State Governments at Risk: a Call for Col aboration
October 23, 2012
National
40
Assesses the state of cybersecurity across the nation and
and Compliance
Association of
found that only 24% of chief information security officers
State Chief
(CISOs) are very confident in their states’ ability to guard
Information
data against external threats.
Officers and
Deloitte
McAfee Explains The Dubious Math Behind Its
August 3, 2012
Forbes.com
N/A
In August 2012, NSA director Keith Alexander quoted a
‘Unscientific' $1 Tril ion Data Loss Claim
statistic from antivirus firm McAfee that the cost of
worldwide cybercrime amounted to $1 tril ion a year. “No,
the statistic was not simply made up. Yes, it’s just a ‘ballpark
figure’ and an ‘unscientific’ one, the company admits. But
despite Pro Publica’s criticisms and its own rather fuzzy math,
the company stands by its tril ion-dol ar conclusion as a (very)
rough estimate.”
Does Cybercrime Really Cost $1 Tril ion?
August 1, 2012
ProPublica
N/A
In a news release from computer security firm McAfee
announcing its 2009 report, “Unsecured Economies:
Protecting Vital Information,” the company estimated a
tril ion dol ar global cost for cybercrime. That number does
not appear in the report itself. McAfee’s tril ion-dol ar
estimate is questioned by the three independent researchers
from Purdue University whom McAfee credits with analyzing
the raw data from which the estimate was derived. An
examination of their origins by ProPublica has found new
grounds to question the data and methods used to generate
these numbers, which McAfee and Symantec say they stand
behind.
Measuring the Cost of Cybercrime
June 25, 2012
11th Annual
N/A
This report states that in total, cyber-crooks' earnings might
Workshop on the
amount to a couple of dol ars per citizen per year. But the
Economics of
indirect costs and defense costs are very substantial (at least
Information
10 times that). The authors conclude that “on the basis of the
Security
comparative figures col ected in this study, we should perhaps
spend less in anticipation of computer crime (on antivirus,
firewalls etc.) but we should certainly spend an awful lot
more on catching and punishing the perpetrators.”
CRS-14
Title
Date
Source
Pages
Notes
Revealed: Operation Shady RAT: an Investigation of
August 2, 2011
McAfee Research
14
A comprehensive analysis of victim profiles from a five-year
Targeted Intrusions into 70+ Global Companies,
Labs
targeted operation that penetrated 72 government and other
Governments, and Non-Profit Organizations During
organizations, most of them in the United States, and copied
the Last 5 Years
everything from military secrets to industrial designs.
A Good Decade for Cybercrime: McAfee’s Look
December 29, 2010
McAfee
11
A review of the most publicized, pervasive, and costly
Back at Ten Years of Cybercrime
cybercrime exploits from 2000 to 2010.
Note: Statistics and other information are from the source publications and have not been independently verified by the Congressional Research Service (CRS).
CRS-15
link to page 20 Cybersecurity: Data, Statistics, and Glossaries
Cybersecurity: Glossaries, Lexicons, and Guidance
Table 2 contains descriptions of and links to glossaries of useful cybersecurity terms, including
those related to cloud computing and cyber warfare.
Congressional Research Service
16
Table 2. Glossaries, Lexicons, and Guidance Pertaining to Cybersecurity Concepts
Title
Source
Date
Pages
Notes
Hacker Lexicon
Wired.com
Ongoing
N/A
Hacker Lexicon is WIRED’s explainer series that seeks to de-
mystify the jargon of information security, surveil ance, and
privacy.
Global Cyber Definitions Database
Organization for
November 2014
N/A
A compilation of definitions of cybersecurity (or information
Security and Co-
security) terms. The website also includes a submission form to
operation in Europe
share new or additional definitions.
(OSCE)
Compilation of Existing Cybersecurity and Information
New America
October 2014
126
“Broadly, the documents analyzed for this report fall into one
Security Related Definitions
of five categories: national strategies and documents by
governments, documents from regional and global
intergovernmental organizations, including member state
submissions to the United Nations General Assembly (UNGA),
and international private and intergovernmental standards
bodies as well as dictionaries.”
Glossary of Key Information Security Terms, Revision 2 National Institute of
May 2013
222
Besides providing some 1,500 definitions, the glossary offers a
Standards and
source for each term from either a NIST or Committee for
Technology (NIST)
National Security Systems (CNSS) publication. The committee
is a forum of government agencies that issues guidance aimed at
protecting national security systems.
NIST Cloud Computing Reference Architecture
NIST
September 2011
35
Provides guidance to specific communities of practitioners and
researchers.
Glossary of Key Information Security Terms
NIST
May 31, 2013
211
The glossary provides a central resource of terms and
definitions most commonly used in NIST information security
publications and in CNSS information assurance publications.
CIS Consensus Security Metrics
Center for Internet
November 1, 2010
175
Provides recommended technical control rules/values for
Security
hardening operating systems, middleware and software
applications, and network devices. The recommendations are
defined via consensus among hundreds of security professionals
worldwide. (Free registration required.)
CRS-17
Title
Source
Date
Pages
Notes
Joint Terminology for Cyberspace Operations
Chairman of the Joint
November 1, 2010
16
This lexicon is the starting point for normalizing terms in all
Chiefs of Staff
DOD cyber-related documents, instructions, CONOPS, and
publications as they come up for review.
Department of Defense Dictionary of Military and
Chairman of the Joint
November 8, 2010
547
Provides joint policy and guidance for Information Assurance
Associated Terms
Chiefs of Staff
(as amended
(IA) and Computer Network Operations (CNO) activities.
through September
15, 2013)
DHS Risk Lexicon
Department of
September 2010
72
The lexicon promulgates a common language, consistency and
Homeland Security
clear understanding with regard to the usage of terms by the
(DHS) Risk Steering
risk community across the DHS.
Committee
Source: Highlights compiled by CRS from the reports.
CRS-18
Cybersecurity: Data, Statistics, and Glossaries
Author Contact Information
Rita Tehan
Information Research Specialist
rtehan@crs.loc.gov, 7-6739
Key Policy Staff
See CRS Report R42619, Cybersecurity: CRS Experts, by Eric A. Fischer for the names and
contact information for CRS experts on policy issues related to cybersecurity bills currently being
debated in the 114th Congress..
Congressional Research Service
1