ICIT Chastises OPM’s Lack of Modern Cybersecurity in an Official Analysis

The Institute for Critical Infrastructure Technology (ICIT) describes itself as a “nonprofit (status pending), non-partisan group of the world’s most innovative experts and companies that provide technologies and solutions to support and protect our nation’s critical infrastructures.” ICIT serves as a go-between for the private sector, federal agencies, and the legislative community in key areas such as Cybersecurity, Big Data, and Health IT. It is in the scope of Cybersecurity that ICIT performed a recent analysis on the OPM (Office of Personnel Management) Breach which began in March 2014 and was publicly announced in June of 2015.

This official analysis, “Handing Over the Keys to the Castle: OPM Demonstrates that Antiquated Security Practices Harm National Security,” details the most important aspects of the breach. Some of these aspects have not been discussed in the mainstream media including:

• The connection between the VAE, Anthem and OPM breaches
• The legitimacy and confidence we can put in claims attributing the breach to Dark Panda or another Chinese state sponsored group
• Detailed cybersecurity recommendations which would have prevented the outcomes of the attack including analysis around User Behavior Analytics, Governance, Centralized IT Models, Standardization of IT Best Practices, and Continuous Monitoring and Risk Assessment
• The impact of the breach of victims, actions they should be taking, and how their risk level changes based on who is ultimately determined to be the perpetrator of the attack (nation state vs. organized crime syndicate)

For the full article click here

from cyber security caucus http://ift.tt/1jZqWP9
via IFTTT

IEEE’s Shannon Appointed White House Cybersecurity AD

Greg Shannon, an IEEE senior member and cybersecurity expert from Carnegie Mellon University (CMU), recently began an assignment in the White House Office of Science and Technology Policy (OSTP) as assistant director for cybersecurity strategy in the National Security and International Affairs Division.

IEEE-USA provided a fellowship to CMU to partially support faculty or staff who have the opportunity to serve temporarily in the Executive Office of the President.

Since 2010, Shannon has been chief scientist for the CERT Division at CMU’s Software Engineering Institute (SEI). The division is dedicated to improving the security and resilience of computer systems and networks, especially for national security, homeland defense and critical infrastructure.

As chief scientist, Shannon led the division to advance the science of cybersecurity with new research capabilities for the Defense Advanced Research Projects Agency (DARPA), the Intelligence Advanced Research Projects Agency (IARPA) and the Department of Homeland Security. For the full article click here

from cyber security caucus http://ift.tt/1LIdDLT
via IFTTT

Cyber security stocks get boost from Talk hack attack

The hacking scandal at broadband provider TalkTalk has heightened interest in stocks and companies dealing in cyber security, with some fund managers betting on more growth in the sector. British police said on Friday that they had arrested a second teenager in connection with the breach at TalkTalk, which may have led to the theft of personal data from among the company’s more than 4 million customers.

TalkTalk was not the first such incident, but traders and investors said it should re-ignite interest in companies offering protection against hack attacks. Market research firm Gartner has estimated that global spending on IT security is set to increase 8.2 percent in 2015 to $77 billion. Corporations around the world will spend $101 billion on information security in 2018, Gartner says.

That has caught the attention of financial markets. The ISPY exchange-traded-fund, which lets investors hold a basket of cyber security stocks – such as Cisco Systems and Sophos Group – has risen around 3 percent. “As cyber crime continues to grow, governments and companies are prioritising cyber security as an essential investment. For the full article click here

from cyber security caucus http://ift.tt/1LIdBn4
via IFTTT

AT&T Releases First Cybersecurity Insights Report About Hacking

The report is their first ever Cybersecurity Insights Report, and it explains new information about the threats that AT&T has faced through the years and gives the benefit of their unique vantage point.

In these fast changing times, every business is at risk of being hacked and the need for a cyber security is on the minds of all companies. From large corporations to small local shops, any business is vulnerable to these threats especially with the evolution of technologies and the maturing force of hackers. Often, business boards and executives don’t have the necessary information and resources they need to protect their interests, so companies need to grow broader in their technical understanding of how cyber security measures are used in daily routines of business. For the full article click here

 

from cyber security caucus http://ift.tt/1HioHLq
via IFTTT

Cybersecurity Bill Amendment Would Allow U.S. Courts To Track And Convict Foreign Nationals For Crimes Committed Abroad

An amendment for the recently passed Cybersecurity Information Sharing Act (CISA) bill would permit the US courts to chase and jail foreign nationals for crimes committed overseas.

According to a report by The Guardian on Oct.22, the objective of the amendment of the controversial bill is to lower the difficulty for indicting crimes committed outside the United States.

The amendment of the cybersecurity bill was initiated by Senator Sheldon Whitehouse. Reports have revealed that the amendment of CISA bill passed in the Senate on Thursday.

Sputnik News reported on the same day that the amendment would make stealing of data from any American company a crime punished by imprisonment in the US even if the crime was committed abroad.

The US Senate passed the cybersecurity bill on Tuesday after a 74-to-21 vote. Meanwhile, a co-author of the bill says they tried to make the bill clear and understandable.

“For me this has been a six year effort … and it hasn’t been easy because what we tried to do was strike a balance and make the bill understandable so that there would be a cooperative effort to share between companies and with the government,” says Senator Dianne Feinstein, as noted by The Washington Post on Tuesday. For the full article click here

from cyber security caucus http://ift.tt/1HioFDh
via IFTTT

Moving beyond ‘medieval’ cybersecurity

The U.S. Office of Personnel Management’s recent announcement that 5.6 million fingerprint records were stolen is the latest in a rash of break-ins that raise concerns about how to make our online lives more secure. From the U.S. government to the adult online dating site Ashley Madison, it seems no system is safe from a potential cyberattack.

As we finish National Cyber Security Awareness Month (observed every October), our nation continues to face threats to our cyber infrastructure that could cripple national security. Despite tremendous advances in technology, our approach to protecting information stored online still has more in common with medieval defense tactics than with the integrated and smart approach we need.

A firewall is much like a castle moat or wall designed to keep the “bad guys” out. But history shows that this approach does not work. The Great Wall of China, for instance, was a defense fortification that was breached simply by going around it. In modern times, attackers use breaks in the (fire)wall and phishing attacks to steal passwords to launch their assaults. For the full article click here 

from cyber security caucus http://ift.tt/1ioXK2c
via IFTTT

Cybersecurity – Hackers: Coming soon to a building near you – by Jonathan Avery

Cybersecurity is all over the news today as a major concern with significant impacts to our economy. Attending a program at the recently concluded Counselors of Real Estate (CRE) Conference is Charlotte, NC, the local and immediate impact of cyber threats came through clearly. As we are increasingly becoming aware, building management, maintenance and control systems are increasingly online. Everything from HVAC systems, security access, environmental controls/energy management, garage access systems and wireless networks are potential entry points for hackers to attack. The impact of these threats on real estate can be disastrous. For example, few realize that installation procedures developed by building equipment manufacturers, in more than 50% of the cases, include use of generic passcodes and logins for security access. These generic passwords are available easily through an Internet search identifying the equipment and manufacturer. So, if you do not change the access procedures and passcodes at the time of installation, these systems may provide an open backdoor for a cyber-attack. Cyber-attacks can come in many variations. A frequently described method of attack is called “theft of buildings.” In this type of attack, a hacker will gain access to building management systems such as lighting or HVAC and shut down the entire building. An email will arrive detailing the ransom to be paid in order to return control of the building. However, this is the point at which building owners and managers should immediately contact law enforcement officials since continued blackmail is often the pattern. For the full article click here 

from cyber security caucus http://ift.tt/1ioXIaI
via IFTTT

CISA cybersecurity bill passes US Senate Steelers Lounge

The bill’s co-sponsors, Sens. Dianne Feinstein (D-Calif.), sent the same grave message hours earlier, in an attempt to build momentum to oppose Cotton’s efforts. “Our ability to defend our nation against cyber-attacks requires a comprehensive approach that involves not only the federal government, but also industry”. We can not sit idle while foreign agents and criminal gangs continue to steal Americans’ personal information as we saw in the Office of Personnel Management, Target, and Sony hacks. “From the beginning we committed to make this bill voluntary, meaning that any company in America, if they, their systems are breached, could choose voluntarily to create the partnership with the federal government”. The Senate’s Cybersecurity Information Sharing Act (CISA) is important to help detect and minimize cyber intrusions, according to the bill’s bipartisan backers. Critics have voiced strong concerns over the privacy issues contained within the bill and the vague wording that would give any government agency (including the CIA, FBI, and the NSA) access to a person’s online data. Steelers Lounge  For the full article click here 

from cyber security caucus http://ift.tt/1M4DaAf
via IFTTT

Cybersecurity 2.0: what’s expected of federally regulated financial institutions

As federally regulated financial institutions (FRFIs) expand their reliance on technology, employ progressively complicated and interconnected networks and systems, increase their electronic service offerings and collaborate with technology service providers, cybersecurity has become a constant source of concern for FRFIs, as well as their regulators. To safeguard against the potentially far-reaching damage a breach of cybersecurity could inflict upon Canada’s financial sector, the Office of the Superintendent of Financial Institutions (OSFI) has gradually incorporated cybersecurity into its ongoing supervision of risk, often by relying on FRFIs to take the initiative with limited regulator guidance.

2012: OVERSIGHT OF TECHNOLOGY-BASED OUTSOURCING SERVICES

In February 2012, OSFI released a memorandum (2012 Memorandum) reminding FRFIs that the expectations contained in OSFI Guideline B-10: Outsourcing of Business Activities, Functions and Processes (Guideline B-10) “remain current and continue to apply” in respect of technology-based outsourcing services such as cloud computing. The 2012 Memorandum also emphasizes the importance of FRFIs considering their ability to meet the expectations of Guideline B-10 in respect of material technology-based outsourcing arrangements, with an emphasis on: confidentiality, security and separation of property; contingency planning; location of records; access and audit rights; subcontracting; and monitoring. For the full article click here 

from cyber security caucus http://ift.tt/1XDy9Tg
via IFTTT

Cisco To Acquire Cybersecurity Firm Lancope For $452 Million In Cash

Cisco (NASDAQ: CSCO) announced yesterday that they are plunking down $452.5 million in cash to acquire privately held cybersecurity firm Lancope, Inc. who is based in Alpharetta, Ga.
Lancope is a venture funded company which provides network visibility and security intelligence to protect enterprises from cyber threats. They were founded in 2000 and their backers include Canaan Partners, Council Capital, and H.I.G. Partners.
According to a Cisco press release, the Lancope team will join the Cisco Security Business Group organization led by David Goeckeler, senior vice president and general manager.
Lancope is Cisco’s third cybersecurity acquisition this year. Last month Cisco announced their intent to acquire Portcullis Computer Security, Ltd., a privately held UK based consultancy. In June of this year, Cisco acquired cyber threat protection vendor OpenDNS in a deal worth $635 million.
Last year, Cisco snapped up Neohapsis, a well known cybersecurity advisory firm, and ThreatGRID, a malware analysis and threat intelligence vendor. For the full article click here 

from cyber security caucus http://ift.tt/1KHk7Xh
via IFTTT

How to fill the massive cybersecurity workforce shortage

As many as a million jobs in cybersecurity remain unfilled around the world – but somehow, the massive shortfall in skilled talent hasn’t made it any easier to break into the field, especially for women, millennials, and people of color.

That challenge has led the government, schools, and companies to think outside the box in efforts to bring on new talent. Top officials from the Department of Homeland Security have traveledto  hacker conferences such as Black Hat and DEF CON to recruit talent. In January, Vice President Joe Biden and Energy Secretary announced a that the federal government would budget $25 million to train students at historically black colleges for cyber jobs. There are also a slew of degree and certificate programs available for people hoping to jump into this often high-paying field. For the full article click here 

from cyber security caucus http://ift.tt/1PSlv1c
via IFTTT

Healthcare Industry Faces Shortage in Experienced Cybersecurity Experts

Given the increase in cyber attacks against healthcare organizations, cybersecurity is a top priority for many hospitals and health systems, yet there is currently a shortage in experienced cybersecurity professionals, according to a research report from Burning Glass Technologies.

While cybersecurity positions have historically been prevalent among defense contractors and government agencies, there is has been a hiring boom in industries like finance, healthcare and retail, the report says. Burning Glass Technologies is a Boston-based job market analytics provider and the report provides a cybersecurity job market analysis.

The healthcare industry has seen a 121 percent increase in the demand for cybersecurity workers in the past five years, and the authors of the Burning Glass Technologies report credit this increase to the fact that healthcare organizations manage increasing volumes of consumer data. Yet, the healthcare industry is competing with other industries for experienced cybersecurity professionals.

Job postings for cybersecurity positions have grown 91 percent from 2010 to 2014, across all industries. And, due to the gap between demand and supply, cybersecurity professionals can command salaries that are 9 percent higher, on average, than other IT professionals. Cybersecurity jobs took 8 percent longer to fill than IT job postings overall in 2014, the report found. For the full article click here 

from cyber security caucus http://ift.tt/1PSlv18
via IFTTT

Cybersecurity bill draws praise, concern

After years of political wrangling, the US Senate on Tuesday passed a cybersecurity bill that has drawn praise from business groups and criticism from privacy advocates.

In a 74-to-21 vote, the Cybersecurity Information Sharing Act moved closer to becoming law, a measure proponents say will spur private business and government agencies to share information in a quest to ebb the assault of hackers — an increasingly common occurrence for both business and government alike.

Critics counter that the bill would allow the government to violate privacy boundaries, and that it would not in practice prevent security breaches from hackers at all. For the full article click here 

from cyber security caucus http://ift.tt/1PSlv15
via IFTTT

NIST awards three-year grant for cybersecurity jobs ‘heat map’

The National Institute of Standards and Technology announced Tuesday it awarded a three-year grant to the IT trade group CompTIA to create a “heat map” of cybersecurity jobs.

Under the grant, CompTIA will work with job market analytics and research firm Burning Glass Technologies to conduct research and develop a way to illustrate the supply and demand of cybersecurity workers across the country. CompTIA will receive $249,000 in the first year for the effort through NIST’s National Initiative for Cybersecurity Education. Subsequent funding is based on the availability of appropriated funds but is expected to be $469,000, according to a NIST spokeswoman.

The map, expected to come out by the end of 2016, will be updated every 90 days and will show postings linked to cybersecurity job categories laid out in the National Cybersecurity Workforce Framework, according to a release. For the full article click here

from cyber security caucus http://ift.tt/1O7iObH
via IFTTT

At debate, CNBC should question GOP hopefuls on cybersecurity

On Wednesday, the Republican presidential candidates will take the stage in Boulder, Colo., for CNBC’s “Your Money, Your Vote” debate on the economy. CNBC will “focus on the key issues that matter to all voters — jobs, taxes, the deficit and the health of our national economy.” This debate has the potential to give cybersecurity a chance to shine.

While cybersecurity may not readily come to mind as an economic issue, it should. Cyberattacks impose a variety of direct and indirect costs — from the loss of financial assets, trade secrets and intellectual property to wrecked credit scores after identity theft and damage to a company’s reputation. Putting a dollar amount on cyberattacks’ costs is a difficult proposition because they often go undetected or unreported. Even when an attack is identified, quantifying its costs proves challenging, especially when hackers have stolen intangibles such as intellectual property and trade secrets. Symantec’s 2013 Norton Report on cyber crime estimated the total cost of cyber crime to consumers is $113 billion annually. In 2014, a study conducted by McAfee and the Center for Strategic and International Studies estimated cyber crime costs the global economy — including consumers and the private sector — a staggering $445 billion every year. As the report explained, these costs impact the GDP and ultimately lead to lost jobs. For the full article click here

from cyber security caucus http://ift.tt/1S9dUcM
via IFTTT

Are You Overcomplicating Your Cybersecurity Processes?

Yes. I just asked that.  For many, the response is likely “Yes!  Of course we are!  It’s *&^%$% cybersecurity – it’s complicated!”  To which I would respond “Touché.  It is…but it needn’t be overly complicated.”  So, of course, I set out to find a complicated way to simplify it.  And, in the spirit of National Cyber Security Awareness Month, I thought I would share two complicated ways to simplify your cybersecurity processes.

The Two-Track Process

It goes without saying that lawyers need to be involved in breach remediation.  Best practices also suggest that lawyers need to be involved in cyber-security plan preparedness.  That is a concept that is starting to take root in savvy companies proactively addressing cybersecurity.  However, there is a new push suggesting that lawyers should be involved during the “continuous monitoring” phase, i.e., that “meat in the sandwich” portion of cybersecurity where day-to-day operations are ongoing and systems are being examined to ensure their integrity.  That’s where I’d like to pause the conversation for a minute and focus our collective attention. For the full article click here

from cyber security caucus http://ift.tt/1S9dRho
via IFTTT

Indiana Senator Dan Coats supports cybersecurity legislation

WASHINGTON, DC –

WASHINGTON, DC — Senator Dan Coats, R-Ind., voted for the Cybersecurity Information Sharing Act Tuesday. The bill, intended to revamp cybersecurity by promoting better collaboration between businesses and the government, was passed.

“In recent years, cyber intrusions have grown in scope and scale, and the damage is alarming,” said Coats. “If there is one issue a divided Congress can agree on, it is the need to improve the security of our networks by encouraging information sharing between and among the private sector and the government. Cyberattacks against private companies and the federal government are increasing, both in sophistication and frequency.”

The bill will implement steps to help prevent cyberattacks and create a cybersecurity information sharing network that encourages members to actively get a better understanding of present and direct threats.

“After September 11, 2001, we broke down barriers to information sharing between our intelligence and law enforcement professionals to give them the tools they need to ‘connect the dots’ and keep us safe,” said Coats. “Today, we must break down similar barriers that exist in cybersecurity.”
The approval of the program comes after six years of waiting by a vote of 74 to 21.

Rejected provisions included how companies used personal information of customers. Under the new legislation the government can’t require companies to disclose information, but does require companies to anticipate steps in removing extraneous privacy information before sharing with other companies or the government.  For the full article click here

from cyber security caucus http://ift.tt/1N7rxJB
via IFTTT

Australia drops down cyber security rankings

Falls behind Japan, Singapore, South Korea.

Australia has slipped down a list of the top 20 nations ranked by cyber maturity in 2015, falling two spots to fifth place despite a slightly higher score than last year.

The Australian Strategic Policy Institute (ASPI) yesterday released its second annual report into the cyber maturity of 20 nations in the Asia Pacific, including the US and UK. The report analyses a whole-of-nation approach to cyber policy, crime, and security issues to give each country a maturity score.

Last year Australia came in just behind the US and UK in third place with a cyber security maturity ranking of 75.8 [pdf]. For the full article click here 

from cyber security caucus http://ift.tt/1WfdCSo
via IFTTT

Telecoms boss warns firms of ‘cyber-security arms race’

The chief executive of TalkTalk has warned of a “cyber security arms race” threatening all companies as she revealed that she called in defence experts over the hack of its website.

Dido Harding said she contacted BAE Systems, which supplies cyber security to government agencies, following the attack, which saw swathes of customers’ data stolen.

She also warned that any company could be vulnerable and said she still was unsure of how many customers had been affected.

Police are investigating Wednesday’s attack, which TalkTalk said had affected its website rather than its “core systems”.

Ms Harding said: “This is a sort of cyber-security arms race. Criminals are learning how to do things. One of the first calls I made was to BAE.” For the full article click here 

from cyber security caucus http://ift.tt/1O4tx6X
via IFTTT

Cybersecurity careers suffering brand-recognition problems amongst young Australians

Young Australians learned about safe online behaviour earlier than their international peers and are more likely to consider a career in IT security, but few students have actually met an IT-security professional half are unaware of what the career actually involves, security-industry giant Raytheon has reported after conducting global research into the next generation of workers’ readiness to fill the yawning IT-security skills gap.

The company’s Securing Our Future: Closing the Cybersecurity Talent Gap report, conducted by Zogby Analytics and involving the US National Cyber Security Alliance (NCSA), surveyed 3871 young adults in 12 countries, all aged 18 to 26, about their experiences with cybersecurity and their interest in pursuing a career in the area.

Some 29.1 percent of the Australian respondents said they would consider a career to make the Internet safer and more secure – ahead of the 27.8 percent who answered in the affirmative globally. These figures, however, represented a slide of 7.4 percent from last year’s levels – less of a decline than the 16.2 percent observed internationally.

Only 13.3 percent of surveyed Australians had ever met or spoken with a practicing cybersecurity professional (compared to 21.2 percent globally) and only 33.5 percent of Australian respondents were aware of the responsibilities and job tasks the position involved, compared with 39.2 percent globally. For the full article click here 

from cyber security caucus http://ift.tt/1WfdCSa
via IFTTT

Cybersecurity Information-Sharing Bill Heading for Approval in Senate

NEWS ANALYSIS: Despite opposition by Silicon Valley and tech industry advocates, security sharing legislation will probably pass the Senate this week.

Barring some potential, but unlikely, parliamentary maneuvers, the U.S. Senate will probably pass theCybersecurity Information Sharing Act the week of Oct. 26.The bill survived the procedural process last week, and if it’s approved by the full Senate, then Congress may consider a number of amendments intended to answer some of the most significant objections. The vote on the full bill is scheduled for Oct. 27, assuming that nothing interrupts the vote, which is always possible.Senate rules allow members great latitude in how bills progress to an eventual vote. For example, a senator can put a hold on a bill for any number of reasons and while such a hold can be overcome by a 60-vote supermajority, that takes time and could result in the bill eventually becoming superseded by other legislation, such as approving the rise in the debt limit.In addition, proposed amendments to the bill could be approved or they could be dismissed in their entirety in parliamentary wrangling. Because most of those amendments address concerns in the privacy aspects of the bill, such a change could also delay passage. For the full article click here 

from cyber security caucus http://ift.tt/1O4tw2U
via IFTTT

Fortinet’s New Solution To Thwart Cloud-Security Breaches

After posting a strong financial third quarter, Fortinet has strengthened focus on cybersecurity to remain profitable. The tech firm has announced the launch of its new Secure Access Architecture. This new framework expands Fortinet’s innovative Internal Segmentation cybersecurity strategy, enabling organizations to seamlessly segment devices and the access layers across wired and wireless networks. The Secure Access Architecture provides a broad platform of integrated, high-performance cybersecurity solutions that span from the client to the cloud and everything in between.

Gartner predicts that there will be 33 billion connected endpoints by the year 2020 with a majority comprised of new “headless” device types driven by the Internet of Things (IoT). The proliferation of devices and applications is posing serious challenges for organizations that need to ensure the protection of their entire network and guard against advanced cybersecurity threats. The alarming gap between the expanding access layer and adequate cybersecurity protections have been highlighted in a recent Fortinet research. For the full article click here 

from cyber security caucus http://ift.tt/1PNQD1X
via IFTTT

State-led summit focuses on range of cybersecurity issues

DETROIT (AP) – Cybersecurity issues affecting business, education, information technology, economic development, law enforcement and individuals are the topic of a gathering in Detroit.

The Michigan Department of Technology, Management and Budget says Gov. Rick Snyder is hosting the fourth North American International Cyber Summit on Monday at downtown’s Cobo Center.Experts on hand come from the public safety, government and business sectors. U.S. Attorney Barbara McQuade of the Eastern District of Michigan is among the speakers. For the full article click here 

from cyber security caucus http://ift.tt/1LQQTHg
via IFTTT

More than 30 Malaysians fall prey to cyber crime daily

SERDANG: As many as 30 Malaysians fall victim to cyber crime daily, with fraud and intrusion cases being the most common.

And the worst part is that Malaysia’s national cyber security specialist agency believes those numbers are just scratching the surface, as many more cases may have gone unreported or unnoticed by victims.

Viruses could be laying dormant in smartphones or computers waiting to copy banking passwords, social media accounts connected to public WiFi maybe vulnerable to hacking, while others are still falling for old tricks in the cyber-scamming book.

“The weakest link in cyber security is people,” said CyberSecurity Malaysia chief executive officer Dr Amirudin Abdul Wahab.

He said that Malaysians have become relatively tech-savvy, but their understanding on how to protect themselves online was still lacking. For the full article click here 

from cyber security caucus http://ift.tt/1LQQSDk
via IFTTT

TalkTalk head defends cybersecurity strategy in wake of hack

TalkTalk head Dido Harding has defended her company’s cyb ersecurity strategy in the wake of a devastating hack on its website which saw the loss of reams of personal data of its customers, insisting that it was ‘head and shoulders’ above its rivals.

Speaking to the guardian Harding conceded that it would be ‘naïve’ not to expect further attacks but claimed that security had ‘improved dramatically’ over the past 12 months in an effort to meet the threat.

Harding remarked: “We are understandably the punchball for everybody wanting to make a point at the moment. Nobody is perfect. God knows, we’ve just demonstrated that our website security wasn’t perfect – I’m not going to pretend it is – but we take it incredibly seriously. For the full article click here 

from cyber security caucus http://ift.tt/1LQQSDi
via IFTTT

SIA Names Members of Cybersecurity Advisory Board

SILVER SPRING, Md. — Security Industry Association announced the members of its newly created SIA Cybersecurity Advisory Board to “enhance its cybersecurity posture going forward from National Cybersecurity Awareness Month.”

The SIA Board of Directors voted to establish the Cybersecurity Advisory Board in July.

“In our increasingly networked world, SIA requires its Cybersecurity Advisory Board to guide it ahead of potential cybersecurity issues related to electronic physical security measures,” says SIA Chairman V. John Stroia. “To that end, we have recruited the best and the brightest to serve as advisors on the Cybersecurity Advisory Board and to prescribe and to advocate for cybersecurity strategies and solutions.” For the full article click here 

from cyber security caucus http://ift.tt/204eyh3
via IFTTT

5 Popular Cybersecurity Writers to Follow Right Now

For your convenience, here’s a short list of JD Supra writers covering the myriad issues surrounding cybersecurity, data privacy and protection, and related matters. The writers included here are featured for a number of reasons, including that they recently authored some of the most well-read cybersecurity posts on JD Supra. Follow:

1. Will Daugherty at BakerHostetler

Will Daugherty is a member of BakerHostetler’s Privacy and Data Protection team. He works with clients to develop and implement information security compliance programs and incident response plans, and to respond to data breaches and other security incidents. Will also advises clients on a range of data privacy issues spanning GLBA, HIPAA, COPPA, CAN-SPAM, FCRA, and global data protection laws. Recently: The SEC OCIE Announces Increased Scrutiny of Broker-Dealers’ and Investment Advisers’ Cybersecurity Programs.

2. Lin Freedman at Robinson & Cole

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of Robinson & Cole’s Business Litigation group and chairs the firm’s Data Privacy and Security team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. Recently: EU Safe Harbor Update. For the full article click here 

from cyber security caucus http://ift.tt/1H0A9LL
via IFTTT

Ben Sasse’s cybersecurity amendment is part of bill Obama signed

WASHINGTON — Sen. Ben Sasse describes it as a “small but encouraging sign” when it comes to the need for Congress to focus on U.S. cyber vulnerabilities.

President Obama this week signed the Quarterly Financial Report Reauthorization Act, which included a Sasse amendment requiring a cybersecurity report from the Commerce Department.

The report would include identifying sensitive census information, steps taken to protect it, any known breaches and information that could be used by enemies to attack damage national security.

Hackers have breached U.S. government databases at the Office of Personnel Management and the Census Bureau.

“We still need to go big,” Sasse said in a press release. “This is an important defensive action for one agency that should set the table for a serious conversation.” For the full article click here 

from cyber security caucus http://ift.tt/204ezl7
via IFTTT

Take 1st step on cybersecurity

After years of failure to find a consensus on cybersecurity, the Senate is expected to vote early next week on a bill that would enable the government and the private sector to share information about malicious threats and respond to them more quickly.

The legislation is not going to completely end the tidal wave of cyberattacks against the government and corporations, but passing it is better than doing nothing – and that is where Congress has left the matter in recent years.

The legislation, approved by the Senate Select Committee on Intelligence on a bipartisan 14-to-1 vote in March, is intended to iron out legal and procedural hurdles to sharing information on cyberthreats between companies and the government.

Private-sector networks have been extremely vulnerable, while the government possesses sophisticated tools that might be valuable in defending those networks. If threats are shared in real time, they could be blunted. The legislation is not a magic wand. Hackers innovate destructive and intrusive attacks even faster than they can be detected.

The information sharing would be voluntary. But the bill is at least a first step for Congress after several years of inconclusive debate over how to respond to attacks that have infiltrated networks ranging from those of Home Depot to the Joint Chiefs of Staff For the full article click here 

from cyber security caucus http://ift.tt/1NZ7MW8
via IFTTT

Breaking Down the Evolution of Healthcare Cybersecurity

October is National Cybersecurity Awareness Month, but healthcare cybersecurity should be a top priority for covered entities year-round. However, the evolution of healthcare cybersecurity has been interesting, and data security experts state that the industry has come a long way. Even so, healthcare still has a long way to go when it comes to data privacy and security issues.

The Institute for Critical Infrastructure Technology (ICIT) Co-founder and Senior Fellow Parham Eftekhari talked to HealthITSecurity.com about Cybersecurity Awareness Month, and what essential areas organizations across all sectors should understand in terms of data security.

It’s currently imperative for organizations to understand that they’ll never be able to prevent breaches from happening, according to Eftekhari.

“The best way to protect their organization is to focus on detect and response strategies, and create as many roadblocks and obstacles as possible so network administrators can quickly identify unauthorized access or suspicious activity on the network,” he explained. “[It will] slow down the attacker’s ability to successfully exfiltrate data and really give the network administrator time to stop the attack.”  . . .

For the full article click here

from cyber security caucus http://ift.tt/1NXQjNH
via IFTTT

Cybersecurity conference headliner emphasizes staying updated, getting educated

While technology users are enjoying the latest iOS software or figuring out the new Windows 10, cyber professionals say one place where many seem to lack on staying updated and educated is in cybersecurity.

In the ever changing technology world, cybersecurity threats evolve just as rapidly as the software it targets, keeping things like cyber laws and regulations useless in keeping technology users safe, according to Jim Stickley, a cybersecurity professional.”What really bothers me is that people get messages that pop up on their screen that says there is an update for a security software and will usually click ‘remind me later’ instead of ‘install now'” he said. “What that’s really saying is there is a new vulnerability and if they don’t click right now, they’re screwed.” For the full article click here 

from cyber security caucus http://ift.tt/1PFskDg
via IFTTT

Fortinet delivers advanced cybersecurity to software-defined data centres

AUCKLAND / SYDNEY, 23 October, 2015 – Fortinet® (NASDAQ: FTNT) – a global leader in high-performance cybersecurity solutions, has announced the release of their FortiGate VMX next-generation and internal segmentation firewall (NGFW/ISFW). FortiGate VMX, deployed in conjunction with the VMware NSX® network virtualisation platform, enables organisations to automate advanced cybersecurity within the Software-Defined Data Centre (SDDC).

Advanced security for dynamic data centres Working in collaboration with VMware, Fortinet has developed FortiGate VMX to fully leverage the capabilities of VMware’s NSX network virtualisation platform, enabling customers to automate the insertion, deployment and orchestration of FortiGate VMX for threat protection inside their data centre environments.

“Software-defined networks and data centres are poised to be the ‘technology de jour’ for larger enterprises and service providers,” says Jon McGettigan, Fortinet’s Senior Director Australia, NZ & South Pacific Islands. “As such, IT managers will be looking for agile security solutions that can provide scalable protection regardless of physical location. Additionally, as virtualised networks and data centres become more complex, management becomes more of an issue. Fortinet’s tight integration with NSX means that IT managers can now have ‘single pane of glass’ visibility into the distributed networks that provides even more control over network operations.”

“Fortinet has been working closely with VMware to arm customers with the same level of cybersecurity inside the data centre as they do at the perimeter,” continues McGettigan. “FortiGate VMX demonstrates our commitment to the VMware partnership and ecosystem as well as our customer’s security requirements.”

Policy driven network segmentation Recent high-profile security breaches have highlighted the need for security solutions that expand beyond the traditional edge defense strategies and segment networks internally, avoiding the rapid spread of threats once inside the data centre. VMware brings an SDDC approach to network security with micro-segmentation, isolating communications across unrelated networks, controlling the communications within a network and integrating with advanced security services like Fortinet’s Internal Segmentation Firewalls (ISFW). For the full article click here 

from cyber security caucus http://ift.tt/1QZVf2v
via IFTTT

The Senate should take a crucial first step on cybersecurity

AFTER YEARS of failure to find a consensus on cybersecurity, the Senate is expected to vote early next week on a bill that would enable the government and the private sector to share information about malicious threats and respond to them more quickly. The legislation is not going to completely end the tidal wave of cyberattacks against the government and corporations, but passing it is better than doing nothing — and that is where Congress has left the matter in recent years.

The legislation, approved by the Senate Select Committee on Intelligence on a bipartisan 14-to-1 vote in March, is intended to iron out legal and procedural hurdles to sharing information on cyberthreats between companies and the government. Private-sector networks have been extremely vulnerable, while the government possesses sophisticated tools that might be valuable in defending those networks. If threats are shared in real time, they could be blunted. The legislation is not a magic wand. Hackers innovate destructive and intrusive attacks even faster than they can be detected. The information sharing would be voluntary. But the bill is at least a first step for Congress after several years of inconclusive debate over how to respond to attacks that have infiltrated networks ranging from those of Home Depot to the Joint Chiefs of Staff. For the full article click here 

from cyber security caucus http://ift.tt/1QZVdr9
via IFTTT

Snyder talks cyber security during Rackham address

Gov. Rick Snyder, the self-proclaimed “one tough nerd,” came to the University on Thursday to speak on a topic he says nerds know best: cyber security.

“First of all, I am proud to say I am a nerd,” Snyder said. “One subset of that is being a techie. Technology is something that’s critically important, that’s transforming our lives, and it’s not going to go back, it’s only going to continue to advance.”

Snyder spoke at the 11th annual Security at the University of Michigan IT conference at the University, hosted by University Information and Technology Services. The conference focused on cyber security this year in honor of October’s status as National Cyber Security Awareness Month. For the full article click here 

from cyber security caucus http://ift.tt/1QZVf2n
via IFTTT

Three Things You Need to Know to Ace Your Cybersecurity Report Card

Avoid the compliance “gotchas.” With the NERC CIP Version 5 deadline quickly approaching, many organizations are laser-focused on meeting V5 requirements. We’ll discuss some of the gotchas that remain in NERC CIP V5 compliance efforts and examine upcoming requirements for V6.

Build the right inventory. Inventory is the foundation for industry control systems (ICS) cybersecurity – if you don’t get inventory right, your cybersecurity initiative won’t make the grade. We’ll discuss the differences between a compliance-enabled inventory and security-enabled “Inventory in Depth.” Learn how to gather and contextualize data to provide secure industrial control systems against threats from both inside and outside the organization.

Require compliance, choose security. You may be compliant, but are you secure? While our industry may earn passing grades for individual compliance efforts, our cybersecurity grades are not as good. We’ll discuss where compliance initiatives fall short as well as approaches that simultaneously meet the goals of strong compliance and cybersecurity. For the full article click here 

from cyber security caucus http://ift.tt/1QWcLo3
via IFTTT

Details trickle out on OMB’s Cybersecurity Implementation Plan

Some details about the White House’s governmentwide Cybersecurity Implementation Plan dribbled out Wednesday ahead of the strategy’s official release, expected any day now.

An official with the White House’s Office of Management and Budget gave some details on the forthcoming plan, which will look to extend the Cybersecurity Sprint called for by federal CIO Tony Scott in the wake of the massive OPM hack and other data breaches across the federal government.

Chris DeRusha, a senior analyst with OMB’s Cyber and National Security Unit, called the plan a “broad, comprehensive document” that will give agencies an idea of what they can do to immediately improve their cybersecurity stance as well as what needs to implemented over the next six to 12 months.

“There is some strategic overlay of the direction we are headed, and some discussion on why we are headed that way, but this is an action plan,” DeRusha said during a meeting of the National Institute of Standards and Technology’s Information Security and Privacy Advisory Board. For the full article click here 

from cyber security caucus http://ift.tt/1QWcJfY
via IFTTT

Cybersecurity: Protecting your data

October is Cybersecurity Awareness Month and experts believe there’s a growing black market, which gathers personal data to sell to the highest bidder.

A number of people around Springfield said they have been hacked or scammed online, or know someone who has fell victim to identity theft.

“I try and lock my phone with a code that only I know, and I’m sure people could discover it if they really wanted to,” said Jennifer Harrington.

“I just try to beef up my security like passwords and try not to use the same passwords on all my accounts. I think we have a tendency to do that,” said Susan Lamy.

Jeremy Hill works with JMARK Business Solutions in Springfield, a company which provides IT services to companies. They work to keep data safe, data that is always at risk. For the full article click here 

from cyber security caucus http://ift.tt/1PIlThR
via IFTTT

Cyber security bill debate revived

KIMT News 3 – A bill on cyber security is once again surfacing in the Senate and it’s getting support from our local representatives.

The Cybersecurity Information Sharing Act or (CISA) would make it easier for the corporations to share information about cyber attacks with each other as well as the government officials without having to worry about potential lawsuits.

While some senators have backed the proposed legislation, others say it does not do enough to protect the privacy of Americans. Sen. Rand Paul (R)-PA and Sen. Ron Wyden (D)- KS, have both spoken out against the bill saying it does not do an efficient job of fighting against cyber attacks. For the full article click here 

from cyber security caucus http://ift.tt/1GVJGnc
via IFTTT

A flaw in cybersecurity law

Like millions of other federal retirees, I recently received a letter from the Office of Personnel Management (OPM) telling me that a “cybersecurity incident” may have compromised my “personal information, including name, Social Security number, date and place of birth and current or former address.” In plainspeak, the OPM computer system had been hacked.

This “incident,” as OPM bureaucratically phrases it, is only one of the more recent in a long string of such cyber-attacks that have affected government and private organizations alike. Responses are almost always the same: Government officials and other “experts” speculate that the attack came from Russia, China, North Korea or some country in the Middle East. They promise to tighten up security. (And sometimes a resignation is required to mollify Capitol Hill.) For the full article click here 

from cyber security caucus http://ift.tt/1GhIrEg
via IFTTT

Cybersecurity steps into the spotlight

Last month in the White House Rose Garden, President Barack Obama and Chinese President Xi Jinping stood side-by-side and hosted a news conference on the topic of corporate cyber attacks. In the news conference, President Obama stated that both China and the United States would refrain from cyber attacks aimed at pilfering company intellectual or trade secrets for commercial advantage. However, events following the news conference are raising questions on whether this agreement is going to be upheld.

The first of such events came the day following the announcement of the two-nation agreement. While President Xi was meeting with the executives of several American technology companies in Seattle, a hacking group who is believed to have links to the Chinese government attacked one such company looking for trade secrets. In a blog post on Monday, security services provider CrowdStrike said that it had tracked a number of attacks on American technology and pharmaceutical companies leading up to and closely following President Xi’s visit to the U.S. For the full article click here 

from cyber security caucus http://ift.tt/1MDC6j4
via IFTTT

5 essential cyber security events for your diary

News: Public policy makers and law enforcement come together at a variety of events to discuss key issues in cyber security. Here are some events not to miss.

Public and policy makers often tell firms how much they care about cyber security, and how much they want to work with them on it, but what are they actually doing? How do these policy makers think about cyber security, and how are the laws enforced?

To find out, here are some cyber security events bringing together law enforcement, public policy makers, and the private sector.

1. The Cyber Security Summit

This will take place on the 18th November, at the QEII centre in London. The keynote discussion will feature Robin Wainwright of Europol, Deputy Chief Constable Peter Goodman, and a senior National Crime Agency figure.

Other topics discussed will include Enhancing Private Sector Cyber Security in the UK, and working with partners across Industry, Government and Academia to Enhance the UK’s Cyber Resilience.

As well as public sector speakers, the event has major corporate backing, with EY the strategic headline sponser.

2. European cyber security month

Events are taking place across the EU for European cyber security month. It is run by The European Union Agency for Network and Information Security (ENISA), the European Commission DG Connect, in association with other partners.

The campaign aims to promote cyber security among citizens, and change perception of cyber-threats by promoting data and information security, education, sharing of good practices and competitions.

3. National Cyber Security Awareness Month

This US campaign was co-founded and is led by the National Cyber Security Alliance and the Department of Homeland Security, and features a variety of events during August. This year’s theme is Our Shared Responsibility.

Lots of firms and public sectors bodies are associated with the campaign, signing up as ‘champions’. They include Blackberry, Dell, Juniper and Tripwire. Even Nasa are running events! For the full article click here 

from cyber security caucus http://ift.tt/1PG2nT6
via IFTTT

Apple, Dropbox, Google and Facebook oppose CISA cybersecurity bill

Tech giants Apple, Dropbox, Twitter, Google, Wikimedia Foundation and Facebook have all opposed a controversial cybersecurity bill known as the Cybersecurity Information Sharing Act (CISA) which they say will give the US government sweeping new powers to spy on Americans.

The US Senate is due to vote on CISA this week, which purports to protect Americans from hackers and aims to use the companies to gather the data.

According to the Electronic Frontier Foundation (EFF) the bill will grant companies more power to obtain threat information and disclose that data to the government without a warrant.

‘The trust of our customers means everything to us and we don’t believe security should come at the expense of their privacy’
^{– APPLE}

This includes sending data to the National Security Agency.

“It also gives companies broad immunity to spy on—and potentially even launch countermeasures against—innocent users,” the EFFsaid.

It is clear that the companies themselves from Apple to Reddit and Twitter don’t want this responsibility.

For the full article click here

from cyber security caucus http://ift.tt/1LDpOY1
via IFTTT

Automated Real Time Threat Detection with Behavioral Analytics

Automated Real Time Threat Detection with Behavioral Analytics Cybersecurity experts all agree, that in most cases, the data necessary to detect an insider or cyber attack is already being captured by the organization. After virtually every breach and compromise, digital forensics are able to reconstruct the actions of the persons or entities involved based on exisiting logs and data. Forensics by definition is too late! Automated Behavioral Analytics and machine learning can detect threats as they are unfolding in real time, leveraging those same logs and data. Finding threats before the damage is done is critical, and only through the use of signatureless and automated analysis can this be accomplished consistently. Join Securonix and Carahsoft for a User and Entity Behavioral Analytics (UEBA) webcast. Principal Architect and Industry expert, David Swift, will discuss key use cases and capabilities.   Attendees of this webcast will learn about: Advanced techniques to automate discovery of Insider Threat Machine learning of normal behavior and detection of changes in order to reveal compromised accounts and systems User and Entity Behavioral Analytics (UEBA) Interested but cannot attend? Sign up to receive the archived recording of the presentation. Questions? Contact me. Ryon Williams Securonix Government at Carahsoft Technology Corp. 703-871-7472 (Direct) 888-554-7468 (Toll-Free) securonix@carahsoft.com http://ift.tt/1ZUhE7e Webcast Details   Thursday, November 5, 2015 2:00pm ET; 11:00am PT Duration: 1 Hour Featured Speaker   David Swift Principal Architect Securonix

 

 

from cyber security caucus http://ift.tt/1LBk40V
via IFTTT

BlackBerry CSO David Kleidermacher talks IoT and raising the bar on cybersecurity

As part of National Cyber Security Awareness Month, NASDAQ recently hosted a closing bell ceremony and luncheon with the focus being placed on ‘Your Evolving Digital Life’ that covered the smart world we live in and the importance of educating everyone on cyber security as we become increasingly connected. Joining in on the discussions was BlackBerry Chief Security Officer David Kleidermacher, who also sat down with CNN to discuss IoT, cybersecurity and BlackBerry’s role in it all.

As can be expected from a two-minute video, the conversation was brief but certainly kept in line with the topics with Kleidermacher noting that everything involved needs to be end to end as far as security is concerned, and BlackBerry has the tools in order to be successful in that space between QNX, Certicom as well the BlackBerry global network infrastructure and back-end services. For the full article click here

from cyber security caucus http://ift.tt/1MRemfT
via IFTTT

Improving cybersecurity is focus of three upcoming conferences

Ask FBI special agent Byron Franz how to fight job loss and lack of competitiveness, and he’s got an immediate answer: improve cybersecurity.

Wisconsin has a rich landscape of targets for cyber criminals, including defense contractors, makers of high-tech industrial equipment and others, said Franz, who is strategic partnership coordinator for the FBI’s Milwaukee division.

“There’s a huge amount of industrial might here, and cyber eyes are looking at us,” Franz said.

Franz will be speaking this month at two cybersecurity conferences: Cosentry’s Security Summit Wisconsin 2015 on Wednesday at the Wisconsin Center in downtown Milwaukee, and the state’s Cyber Security Summiton Oct. 28 at Marquette University.

A third event, the WTN Media Fusion Executive Summit on Nov. 9 in Madison, will focus on the cyber-risk landscape.

Cybersecurity is becoming a huge topic, driven by observations like those of Ted Koppel, whose book called”Lights Out” details the vulnerability of America’s power grid to a major cyber attack, said David Cagigal, chief information officer for the State of Wisconsin and an organizer of the state cybersecurity conference.

“It’s transcending a lot of other things we’re normally concerned about,” Cagigal said.

Cagigal said there are four general types of cyber attacks: Participants in social actions like Ferguson, Mo., attack government websites; criminals “phish” for email passwords, credit card numbers and other information; bad actors or nation states steal trade secrets, patents and other information; and, as Koppel portrays, attackers target power grids, railroads, water systems and other infrastructure areas.

The goal of all three conferences is to increase understanding of the threat and bring more people into the conversation about defending against it. For the full article click here

from cyber security caucus http://ift.tt/1W28mkK
via IFTTT

Clinton’s State Dept. cybersecurity suffered; Ohio delays executions until 2017 (10 Things to Know for Tuesday)

Your daily look at late-breaking news, upcoming events and the stories that will be talked about Tuesday:

1. WHERE THE DEATH OF A MIGRANT HAS TRIGGERED NATIONAL SOUL-SEARCHING

After an Eritrean was killed after being mistaken for an attacker, Israelis reflect on how they are reacting to recent Palestinian violence.

2. OSCAR PISTORIUS PUT UNDER HOUSE ARREST

The double-amputee Olympic runner, who fatally shot his girlfriend on Valentine’s Day 2013, had been in a prison in Pretoria, the South African capital.

3. WHO COULD BECOME CANADA’S NEXT PRIME MINISTER

Justin Trudeau, the son of a man who championed liberal politics and brought glamor and excitement to Canadian politics in the late 1960s, is favored to win the elections.

4. MIGRANTS NO LONGER STUCK IN SERBIA, MOVE INTO CROATIA

They leave behind a field scattered with soaked blankets, mud-caked clothing and water-logged tents after authorities eased restrictions.

5. AGING MOBSTER ON TRIAL FOR HEIST DRAMATIZED IN MOVIE ‘GOODFELLAS’

Vincent Asaro is accused of being involved in the $6 million Lufthansa holdup in 1978, a legendary theft dramatized in the hit film.

6. POPE’S SUMMIT ON FAMILY ISSUES NOT LIKELY TO CHANGE DOCTRINE ON HOMOSEXUALITY OR DIVORCE

However, things have definitely evolved: African bishops play a bigger role and calls have surfaced to stop calling gays “intrinsically disordered”.

7. WHEN STATE’S CYBERSECURITY SUFFERED

The State Department was among the worst government agencies at protecting its computer networks while Hillary Clinton was secretary from 2009 to 2013, the AP finds.

8. OHIO DELAYS EXECUTIONS UNTIL AT LEAST 2017

The state has run out of supplies of lethal injection drugs and has failed to find new ones, including from overseas. For the full article click here

from cyber security caucus http://ift.tt/1MReo7u
via IFTTT

N.D. Cybersecurity Task Force begins work

BISMARCK – State agency leaders huddled Monday to start brainstorming on how to improve security for North Dakota’s statewide computer network, which one official said was attacked about 68 million times in the past two months.

Gov. Jack Dalrymple, who appointed the Cybersecurity Task Force last month, urged its 15 members during their first meeting to share information about their agencies’ vulnerabilities and put together a number of “what-if” scenarios.

“We do need a first-class cyber-incident response strategy,” he said.

Sensors detected and blocked 46 million attacks in August and 22 million attacks in September against the state’s data center, which serves all of state government, the K-12 school system, North Dakota University System and most political subdivisions, said Dan Sipes, deputy chief information officer for the state Information Technology Department. For the full article click here

from cyber security caucus http://ift.tt/1W28m4u
via IFTTT

The 5 cyber habits you should be following

Cybersecurity issues continue to develop in ever-increasing amounts of sophistication, and it is only by educating ourselves that we will be able to protect Internet users from becoming victims of scammers and hackers. Every October, the Department of Homeland Security designates the entire month as National Cyber Security Awareness Month (NCSAM). “Cyberthreats are increasing in their frequency, scale and sophistication,” deputy secretary of Homeland Security Alejandro Mayorkas said. “Each American is a key part of our nation’s first line of defense and in minimizing the impact of cyber attacks.”

There are multiple ways people can be more secure online without having to become an expert in the field. Below are five suggestions for becoming a safer Internet user: For the full article click here 

from cyber security caucus http://ift.tt/1RjCuGQ
via IFTTT

China tried to hack U.S. firms even after cyber pact, says cybersecurity firm

Hackers associated with the Chinese government have tried to penetrate at least seven US companies in the three weeks since Washington and Beijing agreed not to spy on each other for commercial reasons, according to a prominent US security firm.

CrowdStrike Inc said software it placed at five US technology and two pharmaceutical companies had detected and rebuffed the attacks, which began on Sept 26.

On Sept 25, President Barack Obama said he and Chinese President Xi Jinping agreed that neither government would knowingly support cyber theft of corporate secrets to support domestic businesses. The agreement stopped short of restricting spying to obtain government secrets, including those held by private contractors.

CrowdStrike co-founder Dmitri Alperovitch said in an interview that he believed the hackers who attacked the seven companies were affiliated with the Chinese government based in part on the servers and software they used. For the full article click here 

from cyber security caucus http://ift.tt/1OOaxb8
via IFTTT

Gov. Jack Dalrymple calls cybersecurity task force meeting

BISMARCK, N.D. (AP) – Gov. Jack Dalrymple is holding a meeting at the state Capitol to address the potential impact of cyber threats on state government.

The Cybersecurity Task Force is meeting Monday. The group includes 15 people, including directors and information technology experts from a number of state agencies.

Dalrymple says the team will review current cybersecurity policies and practices and make recommendations on how to better secure state networks and systems. Lt. Gov. Drew Wrigley will oversee the group. For the full article click here 

from cyber security caucus http://ift.tt/1RjCruW
via IFTTT

FEATURED | China and Cybersecurity by Robert Potter

China’s cybersecurity relations have rarely been more complicated than they are today. Beijing is presently subject to a significant level of criticism, with cybersecurity taking a leading role in the attention it receives from the United States (U.S.). For its part, the U.S. is struggling to respond to China for a number of reasons. First, there is a problem of attribution, as linking an attack to an individual or country is often a difficult technical problem^[1]. Secondly, corporate entities are reluctant to disclose attacks. And finally, there is no agreed upon framework as to how an attack fits within a threat matrix^[2]. These factors contribute to an ambiguous cybersecurity environment wherein it becomes difficult to assess a state’s intentions. Thus, with this perspective, a response against Beijing on this subject becomes a difficult task.

In international politics, when one thinks of effective arms control measures they generally stick to identifiable events. It is relatively straightforward to identify a nuclear explosion or a large scale conventional military invasion. It is also usually possible to discover who is responsible for these actions and categorize them within in the understanding of threat. For example, when employing the term ‘invasion’ or ‘declaration of war’, there is an immediate communicated understanding of the context that propels such actions. In contrast, modern international security undermines such classifications. For example, it is known that Russia is operating in Ukraine but the terms we use to describe those activities are greyer than say, identifying the beginning of Operation Barbarossa. This creates the ambiguity in classifying cyber attacks. For the full article click here 

from cyber security caucus http://ift.tt/1MyjgtI
via IFTTT

Ohio AG launches cybersecurity campaign

dangers of Internet crime and identity theft.

Ohio Attorney General Mike Dewine on Friday announced that his office is launching a cybersecurity awareness campaign.

“We want to give people practical tips to stay safe online,” DeWine said. “Cybercrime and identity theft are serious problems in Ohio and across the country, and we want to let people know what they can do to help protect themselves.”

The program includes cybersecurity messages that will be displayed in public transit systems in cities including Dayton, Columbus, Cleveland and Toledo beginning this month. Signs also will be available for display at Ohio libraries and schools, DeWine said.

The program is funded through grants. This year, DeWine’s Consumer Protection Section received a $25,000 grant from the Sears Consumer Protection and Education Fund. For the full article click here

from cyber security caucus http://ift.tt/1OAeYYC
via IFTTT

List Of Classified Reports On Iran, Drones And Cybersecurity Quietly Published

The US Government Accountability Office (GAO) quietly released a list this week with the names of its recently classified reports. But some in Congress aren’t too happy about it. The publication of the list took about a year of negotiations between the GAO and Congress.

As the Federation of American Scientists notes, quoting an anonymous Congressional staffer, the release of this list, “was not necessarily universally desired by everyone in Congress.” But you can bet that this is a rather diplomatic way of putting it.

The list is just names and dates of reports that have been published by the GAO — the agency that’s charged with keeping American government agencies themselves accountable in cases of vulnerability and malfeasance. Like that time in 2010 when they revealed the EPA’s Energy Star program was a scam. The GAO set up a fake company and got Energy Star certification for a gas-powered alarm clock and an “air purifier” that was just a space heater with a feather duster taped to it. Seriously.

The content of this new list covers everything from Iran sanctions to Navy drone systems to fears over the Department of Defence’s access to cutting-edge microelectronics. We can’t read the reports, but the titles themselves give clues to what the GAO has been working on.

Other reports include titles like, “Information Security: FAA Needs to Address Weaknesses in Air Traffic Control Systems,” and “Defence Infrastructure: Improvements in DOD Reporting and Cybersecurity Implementation Needed to Enhance Utility Resilience Planning.” For the full article click here

from cyber security caucus http://ift.tt/1Mvj2TV
via IFTTT

Cybersecurity insurance market still on training wheels

Ever stealthier hacktivists targeting everything from big banks to nonprofits have made cyber liability the hottest new thing in the insurance business, with at least 50 companies in the U.S. alone — including San Antonio-based SWBC — pitching policies.

But financial and cybersecurity advisers caution that the underwriting is for risks that are only beginning to be known, and companies need to be clear on what is and isn’t covered.

“I think the bottom line with insurance coverage is that the company does not take the position that it’s the be-all, end-all,” said Leo Munoz, a financial forensics specialist with Padgett, Stratemann & Co. “They can’t advocate their entire security on just insurance coverage. They need to be proactive in understanding what their risk profile is.”

The growing threat is well-documented: According to the Poneman Institute, the average cost of a large data breach was $3.5 million, 15 percent more than estimated in 2013.

There’s no question the cyber insurance sector is booming. For the full article click here

from cyber security caucus http://ift.tt/1OAeYYw
via IFTTT

Schilling: Join conversation about cybersecurity

It seems not a week goes by that another cybersecurity incident doesn’t hit our radar. From our personal lives to our business and employment ones, this new threat is ever growing in scope, intensity, and sophistication. As our world becomes ever more connected, so, too, does the risk of exposure of our most private, important, and sensitive data.

The cyber environment now touches nearly every part of our daily lives: Our critical infrastructure (financial systems, power grids, health systems) runs on networks connected to the internet, which is both empowering and dangerous. Foreign governments and criminals probe these systems every single day. Real-life examples – an air traffic control system going down or blackouts plunging cities into darkness – are hardly the stuff of sci-fi movies. Systematic cybeattacks can paralyze our way of life.

While the Sony, Target, health care giant Anthem and Home Depot corporate attacks have gained media attention, so, too, have attacks on the government, including the White House, Pentagon, State Department, and the Office of Personnel Management (where our military members’ information resides). In Wyoming, a state dominated by mineral and mining activities, attacks against networks that support these industries and infrastructure could be catastrophic to both our citizens and our environment. For the full article click here

from cyber security caucus http://ift.tt/1Py4LLG
via IFTTT

TECH BYTES: Breaches and breakdowns

INSTITUTE FOR POLICY INNOVATION

Cybersecurity and electronic security breaches have routinely been in the headlines this year, even as cybersecurity legislation continues to stall on Capitol Hill. However, there is hope of the issue being seriously addressed this month, which also happens to be Cyber-Security Awareness Month. The leadership of the Senate Intelligence Committee has indicated that the Cybersecurity Information Sharing Act is set to come to the Senate floor for debate next week.

The proposal provides companies protection from anti-trust laws if they share information about cybersecurity threats with each other. The legislation also encourages the sharing of cyber-threat information between companies and government by protecting the companies from lawsuits by stockholders and customers. While this will not stop all attacks, it will provide for alerts to be sent when there is an attack so that others can take steps to protect themselves, hopefully resulting in fewer instances of consumer harm.

As became known earlier this year, a cyberattack against the federal Office of Personnel Management exposed the data of 21.5 million (and the fingerprints of 5.6 million) government workers, their family members and applicants for federal jobs. Hackers have also stolen data from the IRS about taxpayers, viewed sensitive information at the White House, and penetrated the State Department so egregiously that reports claim that federal law enforcement officials familiar with the incident say the State Department email intrusion is the worst cyberattack they’ve seen against a federal agency. For the full article click here 

from cyber security caucus http://ift.tt/1NfHtro
via IFTTT

Addressing the IT security talent gap [Q&A]

October is National Cybersecurity Awareness Month in the US and the Department of Homeland security is calling for more attention to be paid to securing systems.

But whilst cybersecurity is a growing industry we risk a developing skills gap where workers aren’t qualified or prepared for jobs in the field. We spoke to Andrew von Ramin Mapp, CEO ofData Analyzers, a cyber security and digital forensic firm, to get his view on how the industry can address this.

BN: We’re seeing ever more sophisticated cyber-attacks in recent years. Is the security industry struggling to keep up?

AvRM: The industry is definitely struggling to keep up, it has always been a cat and mouse game, but over the past few years the momentum has accelerated drastically and the industry at large was not prepared for it. In the past, a lack of corporate awareness among executives and boards of directors meant the required funding to properly implement and adequately maintain a secure network and cyberinfrastructure was unavailable. Because of recent public scrutiny things have shifted a little and the security industry is trying to catch up. For the full article click here 

from cyber security caucus http://ift.tt/1PwJQbU
via IFTTT

Google, Facebook & Yahoo sound warning over cyber security bill

News: Trade body representing tech giants comes out against proposed laws.

Some of the world’s biggest tech giants have come out against a new cybersecurity bill in the US.

Firms such as Facebook, Google, Yahoo!, e-Bay, RedHat and T-Mobile, have blasted the Cybersecurity Information Sharing Act (Cisa) in an open letter sent via their trade group the Computer and Communications Industry Association (CCIA).

The letter says: “Cisa’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government.”

The US row comes shortly after the European Union’s Court of Justice ruled the Safe Harbour agreement invalid. after a court case brought against Facebook.

The law firm Pinsent Masons also recently revealed that UK users were increasingly concerned about how their personal data is being used.

The US legislatation still needs to be passed by the Senate, but it has support from politicians in both political parties For the full article click here 

from cyber security caucus http://ift.tt/1PwJSAq
via IFTTT

5 cybersecurity suggestions to keep yourself, your business safe

EL PASO, Texas – With an estimated cost of about $100 billion in cyber-crime per year globally, the Better Business Bureau wants to remind people how to protect themselves and the businesses they work for.

They have five suggestions they think can make a big difference:

1.Keep your computers clean.

Businesses should make sure to set clear rules for what programs employees can install since some can be more vulnerable to security hacks.

2. Follow good password habits.
Choose passwords that are both long and strong. Try to mix uppercase and lowercase letters as well as numbers and symbols to help strengthen your passwords.

3. When in doubt, throw it out.
Never open suspicious links on emails, tweets or online ads. This applies even when you know the source. Spam filters can help lower your risk.

4. Backups work.
Set your computer to backup automatically. As an employer, make sure to remind your employees to protect their work.

5. Stay watchful and speak up.
Always watch for strange things on your computer. The more aware you are of cyber scams, the less likely you are to fall into one. Businesses should encourage employees to say something if they think something is wrong. For the full article click here 

from cyber security caucus http://ift.tt/1VVNQ5o
via IFTTT

US sailors learning to steer by stars again

The ancient method of steering ships by the stars is making a comeback at the US Naval Academy, thanks to
cybersecurity fears, according to the Capital Gazette.

‘‘We went away from celestial navigation because computers are great,’’ Lieutenant Commander Ryan Rogers, deputy chairman of the academy’s navigation department, told the Gazette. ‘‘The problem is, there’s no backup.’’

For now, training at the Annapolis academy consists of a three-hour course covering the basics. But as governments grapple with threats in cyberspace, old-fashioned techniques are being dusted off.

A security force for high-ranking Russian officials, for instance, reverted to using typewriters after revelations of US digital spying capabilities, local news outlets reported. For the full article click here 

from cyber security caucus http://ift.tt/1jChSPj
via IFTTT

U.S. senator, FBI official discuss cybersecurity at Augusta University summit

Government, military, education and law enforcement officials gathered to discuss the importance of effective cybersecurity training during Augusta University’s Cyber Education Summit on Wednesday, discussing their views on how Augusta can become a “major player” in the world of digital security.

The Cyber Education Summit, now in its second year, aims to create a “forum” where Augusta community leaders and experts in the field can plan for how the growing cybersecurity field will affect the city’s future.

Augusta University Director of Cybersecurity Education Initiatives Joanne Sexton said the summit was a “necessity” for Augusta, especially considering the ongoing relocation of the U.S. Army Cyber Center of Excellence to Fort Gordon.

“Let’s face it. Augusta is going to become a national leader in the cyber field and that’s going to considerably affect our growth in the years ahead,” Sexton said. “We as a community need to come together to discuss this shift, and together determine how to best move forward.” For the full article click here 

from cyber security caucus http://ift.tt/1jChSPg
via IFTTT

The Defense Question We Should Continue Debating: Cybersecurity

It doesn’t matter if they are state-sponsored or live in their parents’ basement. Hackers thrive in the shadows of our culture. Leaders hesitate to declare supremacy over them lest they get taught a very public lesson in humility. But, if a superpower uses those hackers to access a foreign government’s information, and that’s not an act of war, what next?

Jim Webb, a heavily decorated war veteran, tried to get his fellow presidential hopefuls to address that issue during the first Democratic debate Tuesday night on CNN. Unfortunately, he spent more time kvetching about how little time he was getting than pressing for his chosen topic—cybersecurity— which he correctly pegged as the biggest threat to national security.

In my forthcoming book on identity theft and data security Swiped, I talk about cybersecurity at the enterprise-organization level. Here is an adapted excerpt on why we need political leadership on this issue: For the full article click here 

from cyber security caucus http://ift.tt/1jChSPc
via IFTTT