Solutions for Cybersecurity Gaps and Challenges — S&T Has Tech for That!

Newswise — Earlier this month, the Department of Homeland Security Science and Technology Directorate(S&T) Cyber Security Division (CSD) hosted the Transition to Practice (TTP) Investors, Integrators and IT Company (I3) East Technology Demonstration Day, to showcase technologies to private industry cybersecurity investor, integrators and IT professionals. The event included presentations from Department of Energy (DOE) and Department of Defense (DOD) national laboratory researchers, as well as live in-depth demonstrations of the technologies.

“These TTP Technology Demonstration Day events allow us to connect with people in the private sector to build relationships that promote pilots and licensing for promising technologies,” said CSD TTP Program Manager Michael Pozmantier. “During these events, we have the ability to demonstrate technologies directly to the stakeholders who could potentially use the technologies once they become products.”

The TTP program, established in 2012 to support the Department’s mission of improving the nation’s cybersecurity capabilities, builds on CSD’s process of funding projects through the full research and development life cycle: research, development, test and evaluation, pilots, and transition. The TTP program showcases how cybersecurity research can be turned into useful products in order to get into the hands of businesses and communities. For the full article click here 

from cyber security caucus http://ift.tt/1nE8htT
via IFTTT

JPMorgan Chase Atty: Bank Will Spend $500M on Cyber Security

It turns that even the largest organizations harbor reservations about the strength of their cyber defense.

“JP Morgan is going to spend a half-billion dollars on security this year, and we still feel challenged,” Andy Cadel, general counsel, IP and data protection for JP Morgan Chase told a crowd of IT professionals assembled at conference earlier this week.

The estimate can be found in the bank’s quarterly statement filed this past August — although it did not disclose the dollar value of its spend, only that the bank expects in each of 2015 and 2016 to double the amount spent on cyber security in 2014. In its 2014 annual report, the company disclosed it spent $250 million to strengthen its cyber capabilities.

The comments came during the conference titled, “Future Ready: The Business of Tomorrow-Today,” and took place at Bloomberg LP headquarters in Manhattan. [Full disclosure: Bloomberg LP owns Bloomberg BNA, the parent company of Big Law Business; and BNA hosted the conference.] For the full article click here 

from cyber security caucus http://ift.tt/1nugU9I
via IFTTT

TEDx conference tackles topics from cybersecurity to Harrisburg

AUGUSTA, Ga. (WRDW) — The TEDx conference is back in town spreading ideas of innovation in the hopes of making Augusta better.

There were 14 total speakers. Many were local, but some came from as far as Los Angeles.

The topics varied from Cybersecurity threats to inspiring kids in a tough neighborhood.

Today you’ll meet two of those speakers: Mark Baggett and Christopher Shelley.

Mark Baggett says when it comes to a cybersecurity threat, most of us are defenseless.

“If an attacker tries to break into an average person’s computer, they are going to be successful,” Baggett said.

Baggett is a professional penetration tester. He breaks into companies’ sites to expose their weaknesses. For the full article click here 

from cyber security caucus http://ift.tt/1nE8hdw
via IFTTT

Consider potential cybersecurity risks when developing smart devices, says MD&M West speaker

Have you considered cybersecurity risk? FDA has just released the new draft guidance, “Postmarket Management of Cybersecurity in Medical Devices.”

“A growing number of medical devices are designed to be networked to facilitate patient care,” the agency writes in the draft. “Networked medical devices, like other networked computer systems, incorporate software that may be vulnerable to cybersecurity threats.”

Should cybersecurity be considered during the development of smart drug-delivery devices? We asked Ali Youssef, PMP CPHIMS CWNE, Senior Clinical Mobile Solutions Architect, Henry Ford Health, this question and more. He intends to cover traditional medical devices as well as smart drug-delivery devices on Wednesday, February 10 at the upcoming MD&M West 2016 conference in Anaheim, CA.

PMP: Medical device cybersecurity has been identified as a potential concern by FDA. When it comes to developing smart drug-delivery devices (such as devices that may interact with a digital device for tracking dosing or other patient activities), what cybersecurity risks are there, and how can drug and device companies minimize those risks to protect patients? For the full article click here 

from cyber security caucus http://ift.tt/1nE8hds
via IFTTT

Data Breach & Incident Response: Assess the cybersecurity priorities keeping you up at night

Businesses are generating and storing great volumes of data using numerous platforms: desktops, laptops, servers, cloud servers, archiving appliances, external storage devices, websites and more. Charlie Plattexplains how
iDiscovery Solutions advises clients from both the prevent and protect side as well as incident response. His remarks have been edited for length and style.

MCC: Tremendous amounts of data are produced by businesses today, in a variety of forms from multiple sources. Employees are using personal devices and email, as well as other digital accounts, to communicate and store information. How can businesses assess their vulnerabilities and protect their data, whether at rest or in motion? How can they ensure that they can identify a data breach or network incident and do so quickly?

Platt: It’s important to keep in mind that there is no one-size-fits-all solution to cybersecurity and that no solution can guarantee 100 percent effectiveness. With that in mind, some of the best ways to address the issue are non-technical in nature. For example, education, policies and culture can have a more significant impact on the security of your organization than a large purchase of software or hardware. For the full article click here 

from cyber security caucus http://ift.tt/20cUziI
via IFTTT

Sen. Johnson: Congress ‘way behind’ on cyber knowhow

Congress is way behind on cybersecurity knowhow, the chairman of the Senate Committee on Homeland Security and Governmental Affairs said Thursday, adding that ignorance — and the difficulty of shaping meaningful legislation — often paralyzes lawmakers on the issue.

Sen. Ron Johnson, R-Wis., pressed experts Thursday to raise the public profile of America’s cyber vulnerabilities to help create more pressure on lawmakers to fill that knowledge gap when it comes to future cybersecurity legislation.

“We have to make sure the American public is fully aware of the threat and the risk, so [they] can put pressure on the political process to start responding and pass common sense legislation that’s sorely needed,” Johnson said Thursday during remarks at the American Enterprise Institute. For the full article click here 

from cyber security caucus http://ift.tt/1nSIZbl
via IFTTT

Gro-Biz tackling contracting, cybersecurity and more

GILLETTE – The Gro-Biz Conference and Idea Expo for 2016 will be in Gillette this year, and as usual will break out into tracks for those trying to land more government contracts and for those who simply want great ideas to move their business forward.

The Gro-Biz side deals with government contracting, according to a release, and brings in agency representatives who screen potential candidates.

“It’s a wonderful forum for small businesses to meet and mingle with contracting specialists from all over the federal government,” said Martin Hauch, a contracting officer with the National Park Service. “Through this conference, businesses can obtain forecasts of potential projects that could lead to future government contracts.” For the full article click here 

from cyber security caucus http://ift.tt/1nSIZbi
via IFTTT

GAO Says DHS Cybersecurity Protection Program Lacking

Law360, Washington (January 28, 2016, 7:00 PM ET) — A U.S. Department of Homeland Security cybersecurity system is protecting the civilian federal government from a number of computer-based threats, but officials must take further steps to meet their goals for intrusion detection and prevention, the Government Accountability Office reported Thursday.

The National Cybersecurity Protection System has helped protect government information from email-based intrusions but needs further expansion to address a wide range of potential threats to information security, according to the report from the GAO. For the full article click here 

from cyber security caucus http://ift.tt/1PXsIbu
via IFTTT

How GCs Can Get CEOs To Fund Cybersecurity

Law360, Chicago (January 28, 2016, 7:46 PM ET) — Some general counsels still face an uphill battle in getting the money to counter hackers and other data privacy breaches, but a few new studies can help them make the business case for funding the fight. Here, we take a look at the numbers that can ease the budgetary resistance for in-house counsel.

While the legal ramifications of data loss incidents are often clear, the ongoing effect on business puts cybersecurity firmly in the domain of the full C-suite. Public consciousness For the full article click here 

from cyber security caucus http://ift.tt/1nSJ1Qs
via IFTTT

KU to train next-gen cybersecurity experts for US gov

LAWRENCE (KSNT) – The University of Kansas School of Engineering will receive nearly $5 million dollars to educate cyberdefense experts “dedicated to public service” according to the school.

The school claims the new, $4.7 million, five-year grant from the National Science Foundation will make America “stronger in an era of rising cyberattacks.” CyberCorps: New Scholarship for Service Program at the University of Kansas (Jayhawk SFS) will help train “dozens” of undergraduate, master’s and doctoral students. The 36 security-experts-in-training will commit to work at government cybersecurity jobs following graduation. It will be their responsibility to safeguard critical infrastructure.

The KU trained experts could potentially work at the Central Intelligence Agency, National Security Agency, Department of Defense and the National Laboratories, as well as state and local departments. For the full article click here 

from cyber security caucus http://ift.tt/1PXsHV7
via IFTTT

Why Industrial Control Systems are the most Important – and Complex – to Secure

Our Nation’s energy, water, transportation and other physical critical infrastructures are woefully unprepared for cyber attacks due to archaic infrastructures, frankenstiened networks and complex ecosystems with multiple disparate – yet interdependent – stakeholders. During this ICIT Fellow Insight interview, ICIT Fellow Eric Cornelius (Managing Director, ICS Security, Cylance) speak with ICIT Sr. Fellow Parham Eftekhari on the biggest risks facing ICS owner / operators and what can be done to improve resiliency.

For More , VIsit http://ift.tt/1SlJ4iR

from cyber security caucus http://ift.tt/1SMzl6G
via IFTTT

State of Cybersecurity: “High Priority” in U.S.

United States coordinator for cyber issues Chris Painter discusses the challenges of cybersecurity with Elliott Gotkine on “Bloomberg West.” (Source: Bloomberg) For the full article click here 

 

from cyber security caucus http://ift.tt/1nQH471
via IFTTT

Cornell Tech adds four of the world’s leading cybersecurity experts to faculty

January 27, 2016 –

Cornell’s Department of Computer Science has added four faculty members at Cornell Tech who are among the world’s elite for cybersecurity, privacy and cryptography research, according to a report by the Cornell Chronicle.

The scientists are best known for their highly cited research and their influence on industry, nonprofit and government practice with work spanning the fields of data encryption, cryptography, cryptocurrency, machine-learning and Internet of Things privacy and security.

The Cornell Tech Security Group consults regularly with industry practitioners to drive and inform best practices and the group’s research.

“Cybersecurity touches nearly every aspect of our daily lives, from consumer privacy to the security of corporations and governments and, increasingly, to criminal investigations,” said Cornell Tech Dean Dan Huttenlocher. “Cornell Tech brings together four of the world’s leading cybersecurity experts as they identify new vulnerabilities and advance the state of the art in modern security.” For the full article click here 

from cyber security caucus http://ift.tt/20ukE9F
via IFTTT

FDA Issues Draft Guidance Governing Postmarket Cybersecurity Risk Management Standards

On January 15, 2016, the U.S. Food and Drug Administration (FDA) announced in a Press Release that it would issue draft guidance on January 22 outlining “steps medical device manufacturers should take to continually address cybersecurity risks” to confront “vulnevrabilities in medical devices once they have entered the market.” FDA published a Notice in the Federal Register on January 22 and has requested public comments within 90 days, by April 20, 2016. FDA issued this guidance in advance of a public workshop, entitled “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity” that was webcast and archived on FDA’s website.

This new postmarket draft guidance builds on FDA’s October 2014 “nonbinding” cybersecurity guidance that encouraged medical device manufacturers to develop and incorporate cybersecurity controls into medical devices at the premarket design stage. As was the case in October 2014, FDA bills this new postmarket cybersecurity draft guidance as “not binding on FDA or the public” and states that regulated entities may use “an alternative approach [to cybersecurity risk management] if it satisfies the requirements of the applicable statutes and regulations. For the full article click here 

from cyber security caucus http://ift.tt/1nQH5Id
via IFTTT

Cybersecurity 101 comes to Hudson Valley CC

TROY, N.Y. (NEWS10) – A new course at Hudson Valley Community College is honing the skills to fight one of the most persistent and damaging of newer crimes – cyber attacks.

The course is called Cybersecurity 101, and the college launched the class last week. The school teamed up with GreyCastle Security in Troy.

GreyCastle said there are one million new open positions in the field because everyone is looking to hire in cybersecurity.

“Forbes estimated that the damages directly related to cybercrime will reach $2 trillion in 2016,” GreyCastle CEO REg Harnish said. For the full article click here 

from cyber security caucus http://ift.tt/20ukcbH
via IFTTT

TechNation: Stealth Startup Fireglass Raises $20 Million for Cyber Security

Stealth startup Fireglass raises $20 million for cyber security
Fireglass, a U.S.-Israeli cyber security startup still in stealth mode, said Tuesday it had raised a $20 million in a funding round led by a group of venture capital funds and veterans of Israelis cyber scene.
The group, the company said, was led by Norwest Venture Partners, Lightspeed Venture Partners and Singtel Innov8 as well as the serial cyber entrepreneurs Mickey Boodaei and Rakesh Loonkar, who co-founded Trusteer, among other companies. For the full article click here 

from cyber security caucus http://ift.tt/1nQGF4E
via IFTTT

CTOs to know: Larry Podmolik on Trustwave, cybersecurity, and software developers in Chicago

In 2015, Trustwave was one of the top digital tech employers in Chicago, clocking in a headcount of 350 at the time. It’s an impressive milestone, and one you can’t reach without a cream-of-the-crop leadership team.

Enter Trustwave’s CTO Larry Podmolik, whose tenure at the cybersecurity giant began over eight years ago. Since then, he’s led a rockstar tech team who have built products and services that millions of businesses the world over depend on to secure their information and assets.

In total, he has racked up over 20 years of experience in building businesses across a number of industries. Here’s what he had to say when we caught up with him to talk tech For the full article click here 

from cyber security caucus http://ift.tt/1KEvG35
via IFTTT

Morpho and Orange Cyberdefense form cybersecurity partnership

January 26, 2016 – Morpho (Safran) and Orange Cyberdefense have signed a partnership agreement regarding the development of a complete range of cybersecurity products and services.

Orange Cyberdefense will draw on Morpho’s expertise in biometrics and market Morpho’s security and digital trust solutions. Morpho will promote Orange Cyberdefense’s portfolio of cybersecurity solutions.

Morpho has end-to-end expertise in digital identity to help prevent cyberattacks. Using its biometrics expertise in identity, access control management, secure transactions and long-term data storage, the company works with both private and public entities to protect sensitive data.

Orange Cyberdefense is a leader in the French digital security market, and aims to further extend its international reach with this partnership. Morpho will benefit from its expertise in cyber-surveillance, ensured through its worldwide network comprised of six Security Operations Centers (SOC), which monitors customers’ infrastructures 24/7. For the full article click here 

from cyber security caucus http://ift.tt/23syax5
via IFTTT

Japan boasts booth at Israel cybersecurity event

TEL AVIV – Japan opened a booth for the first time at a large-scale trade exhibition for cybersecurity technologies that kicked off in Tel Aviv on Tuesday for a two-day run.

Japanese companies are aiming to cooperate with Israeli firms with cutting-edge cybersecurity technologies ahead of the 2020 Tokyo Olympics and Paralympics.

An increasing number of Japanese companies are interested in Israel as the two countries have been strengthening their cooperation in the field of cybersecurity since Israeli Prime Minister Benjamin Netanyahu visited Japan in May 2014.

Six Japanese companies, including Dai Nippon Printing Co. and Murata Manufacturing Co., are taking part in the Cybertech 2016 exhibition.

The Japanese companies are promoting their products and explaining what kinds of technologies they are seeking from Israel. For the full article click here 

from cyber security caucus http://ift.tt/1NzNrk4
via IFTTT

Four cybersecurity mistakes health plans make

It’s no secret that healthcare organizations are the most vulnerable and valuable when it comes to hackers. In the last five years, healthcare organization have seen a 125% increase in healthcare data breaches, according to a study released by the Ponemon Institute in May 2015.  The study also revealed that 91% of healthcare organizations and 59% of business associates that work with healthcare organizations have experienced a data breach in the past two years. In total, more than 7 million patient records were impacted by data breaches in 2013, according to Caradigm, which estimates that data breaches cost the healthcare system more than $5 billion a year. For the full article click here 

from cyber security caucus http://ift.tt/1PD7DsE
via IFTTT

FDA Releases Draft Guidance For Medical Device Cybersecurity

The new guidelines address post-market management of cybersecurity vulnerabilities.

New draft guidance from the Food and Drug Administration addresses steps manufacturers must follow to ensure their medical devices are protected against cyberattacks. According to the guidelines, device makers must not only establish design inputs related to cybersecurity, they must also address post-market threats that could emerge after the product has been marketed.

“All medical devices that use software and are connected to hospital and health care organizations’ networks have vulnerabilities — some we can proactively protect against, while others require vigilant monitoring and timely remediation,” Suzanne Schwartz, M.D., M.B.A., associate director for science and strategic partnerships and acting director of emergency preparedness/operations and medical countermeasures in the FDA’s Center for Devices and Radiological Health, explained in a statement. For the full article click here 

from cyber security caucus http://ift.tt/1NzNrk0
via IFTTT

Cyber security training for rural folk

JENGKA: Cyber security is being taught to rural folks as a means to make a living under a programme by the Ministry of Science, Technology and Innovation.

Mosti secretary-general Datuk Seri Dr Noorul Ainur Mohd Nur said participants in the Ops Jelajah Cyber 2.0 training will become aware and self-reliant in dealing with cyber security.

A group of 40 trainees, including students from the nearby Mara college, were selected for the two-day course.

Dr Noorul Ainur said slow or limited internet connectivity in rural communities would not affect the programme: “As the training is just a matter of getting to know how to use the hardware.” For the full article click here 

from cyber security caucus http://ift.tt/1nMgdZL
via IFTTT

Cybersecurity and Accessible Storage Trends

We now live in a world where organizations are more aware of cyberthreats than ever before. Cybercrime has now surpassed the profitability of illegal drug trafficking. Many organizations that interchange information are looking at myriad defensive measures to help keep business, industry and personal data secure. This elevated focus now includes storage systems as well as networks and other computer resources.

“There is no such thing as perfect security,” said cybersecurity firm FireEye in its most recent annual Mandiant Threat Report.

Threat actors have evolved to encompass a larger scope of targets and are using a broader skill set to achieve their goals. Determined threat actors are always finding a way through a gap in security; thus bringing the media and entertainment industry into sharper focus.

VULNERABILITY TO ATTACKS
As storage systems have become more entangled in network-based communications, they have become equally vulnerable to similar kinds of threats and attacks. System designers and network administrators who focus on managing storage must now consider advanced approaches to security aimed at protecting their most valued resource — their digital files as media assets. For the full article click here 

from cyber security caucus http://ift.tt/1OULlwQ
via IFTTT

UW Included In Cybersecurity Grant To Protect Scientific Data

Computer scientists at the University of Wisconsin-Madison are tasked with protecting data from some of the nation’s most prolific science research programs, and they’ve just gotten a financial boost to bolster their efforts.

The National Science Foundation funds more than $7 billion worth of research and their data is stored in powerful supercomputers. UW computer scientists are part of collaboration called the Center for Trustworthy Scientific Cyberinfrastructure that just received $5 million from the NSF to protect those computers from hackers and spies.

“The bad guys vary from people who are doing it for money or all your favorite terrorist groups,” said Bart Miller, a UW computer science professor who works for the CTSC. For the full article click here 

from cyber security caucus http://ift.tt/1OULmB5
via IFTTT

Feds Create New Agency for Background Checks, Relieve OPM of Security Duties

The federal government is establishing a new agency to handle background checks and investigations, and responsibility for protecting those records is being shifted from the Office of Personnel Management (OPM) to the Defense Department. The decision to change gears follows last year’s revelations of cybersecurity breaches of OPM’s systems, in which the personal information of 22.1 million current, former and potential federal employees was stolen.

Although the new agency, the National Background Investigations Bureau (NBIB), will be housed inside OPM, the DOD will be in charge of the IT systems and security for the bureau. The changes, which the Obama administration announced Jan. 22, come after a 90-day reviewof the federal background-investigation process, during which ways to enhance security for IT systems and networks were evaluated, according to a White House blog post. For the full article click here 

from cyber security caucus http://ift.tt/1OULmAZ
via IFTTT

Evident.io Director of Corporate Communications Selected for U.S. Cybersecurity Leadership Delegation to Israel

DUBLIN, CA–(Marketwired – January 26, 2016) – Evident.io, the leading provider of cloud security solutions, today announced that its Director of Corporate Communications Anthony M. Freed, has been selected by the Israeli government to participate in a ten-member delegation representing prominent cybersecurity writers, journalists, practitioners, and researchers. The delegation will visit Israel to facilitate a mutual exchange of information security expertise and to learn more about the latest trends driving the security industry in Israel.

The delegation is hosted by the government of Israel and is specifically being coordinated by the America-Israel Friendship League and the Israeli Ministry of Foreign Affairs. Freed is part of an invitation-only program where Israel assembles groups of leaders from various U.S. private industry and government sectors to tour Israel to see the latest Israeli technological innovations, conducting a mutually collaborative exchange of ideas and best practices to promote citizen diplomacy for enhanced cultural understanding and appreciation of shared values between the U.S. and Israel.

The visit will coincide with the Cybertech 2016 Conference in Tel Aviv, and as such, the leadership delegation program will focus on Israel’s cybersecurity eco-system, which will include meetings with Israeli security company CEOs, and senior Israeli leaders in academia, industry, and defense. For the full article click here 

from cyber security caucus http://ift.tt/1Pyxs72
via IFTTT

A Closer Look at Cyber Survival

“Avoiding the Top Ten Software Security Design Flaws”
By Iván Arce et al.
The IEEE Center for Secure Design, August 2014

Part of the IEEE’s Cybersecurity Initiative, this handbook features some of the leaders in academia and industry identifying the most common areas of vulnerability for software in an effort to promote stronger, more resilient systems.

The authors point out that a great deal of effort in information security is devoted to finding implementation bugs, rather than recognizing and correcting fundamental flaws in design. The 10 sections address topics such as user authentication, the separation between code and data, comprehensive data validation, and the proper use of cryptography, providing tips and describing best practices. For the full article click here 

from cyber security caucus http://ift.tt/1KzdCay
via IFTTT

How an Overreaction to Terrorism Can Hurt Cybersecurity

Encryption could have prevented some of the worst cyberattacks. Giving back doors to law enforcement will make matters worse, argues Bruce Schneier.

Many technological security failures of today can be traced to failures of encryption. In 2014 and 2015, unnamed hackers—probably the Chinese government—stole 21.5 million personal files of U.S. government employees and others. They wouldn’t have obtained this data if it had been encrypted.

Many large-scale criminal data thefts were made either easier or more damaging because data wasn’t encrypted: Target, T.J. Maxx, Heartland Payment Systems, and so on. Many countries are eavesdropping on the unencrypted communications of their own citizens, looking for dissidents and other voices they want to silence. For the full article click here 

from cyber security caucus http://ift.tt/1Pfkqjb
via IFTTT

IoT Cyber Security Startup mPREST Raises $20M

Jan. 25, 2016 | Israeli IoT cybersecurity startup mPrest announced today that it has raised a $20 million Series A round of funding, led by GE Ventures, the venture arm of GE, andOurCrowd, one of the leading equity crowdfunding platforms. mPrest will use the investment to expand its international presence in the industrial and commercial markets and rapidly scale up to meet the needs of the IoT world. Founded in 2003 and led by CEO Natan Barak, mPrest has developed software for “connecting the dots” across multiple systems, providing mission-critical monitoring and control software for the Internet of Things (IoT) in critical infrastructure sectors, including defense and security bodies, electric and water utilities, smart cities and buildings, fleet management companies and other large For the full article click here 

from cyber security caucus http://ift.tt/1Vk1jV7
via IFTTT

US government hands cyber-security to military

The US government has handed over the its sensitive cybersecurity role to the military.

The move is seen as a snub to the Office of Personnel Management, the agency at the center of last year’s scandal over one of the worst government data breaches known to the public.

US officials believe a Chinese espionage operation infiltrated OPM’s records accessing information on 21.5 million current and former employment or job applicants. Fingerprint images belonging to some 5.6 million people were stolen.

The Pentagon has been called in to overhaul the federal security clearance system. A new government office, called the National Background Investigations Bureau, will take over the job of running background checks on all federal employees, contractors and others. For the full article click here 

from cyber security caucus http://ift.tt/23ngz9D
via IFTTT

Nuclear Cybersecurity: Why We Should Worry

Re “Nuclear Facilities in 20 Countries May Be Easy Targets for Cyberattacks” (news article, Jan. 15):

The Nuclear Threat Initiative’s security index rightly criticizes other countries for failing to address the threat of cyberattack against their nuclear facilities but overlooks the failings of our own country.

The report assigns the United States a perfect cybersecurity score, although the Nuclear Regulatory Commission does not require nuclear fuel production facilities, some possessing bomb-usable materials, to have comprehensive programs to protect against cyberattack. The N.R.C. is working on such a rule, but it may not be in place for years.

The Nuclear Energy Institute, the United States nuclear industry’s chief trade association, questions the need for such a requirement, maintaining that voluntary industry efforts will suffice. The institute has also petitioned the N.R.C. to weaken cybersecurity rules already on the books for nuclear power plants. For the full article click here 

from cyber security caucus http://ift.tt/1Vk1j7F
via IFTTT

Institute for Critical Infrastructure Technology report outlines healthcare’s cybersecurity boogeymen

Script kiddies, hacktivists, cybercriminals, nation-state actors and cyberterrorists — these are the adversaries to healthcare cybersecurity laid out in the Institute for Critical Infrastructure Technology’sHacking Healthcare IT In 2016 report.

The healthcare industry faces an unfortunate pair of truths when it comes to security and protection: It simultaneously is the most consistently targeted for its troves of valuable data and operates with some of the most outdated technology. The information those adversaries get hold of can be used for identity theft, insurance fraud and financial gain, among other things, according to the report.

The report concludes the single weakest link of the healthcare cybersecurity infrastructure, which is slowly improving, is the human element. For the full article click here 

from cyber security caucus http://ift.tt/1RF2xMS
via IFTTT

Loss of life, liability top cybersecurity fears for health IT leaders

Losing patients due to malicious actors gaining access to systems or hacking medical devices is the top fear for healthcare leaders when it comes to cybersecurity, according to the results of a new survey.

For the survey, conducted by HIMSS on behalf of application security company Veracode, executives also cite damage to their brand, enforcement by government agencies and post-breach costs as major concerns in an environment where breaches are growing in frequency and breadth.

Of more than 200 hospital and health system IT leader participants, 28 percent said their top threat concern is the ability of hackers to take advantage of vulnerabilities in Web- and cloud-based tools such as electronic health record systems and clinical applications. For the full article click here 

from cyber security caucus http://ift.tt/1RF2wbG
via IFTTT

Health Care Sector Most Targeted, Least Prepared for Cyberattacks

The health care industry is the most targeted and least prepared for cyberattacks of any sector in the U.S., according to a report from the Institute for Critical Infrastructure Technology, FierceHealthITreports (Hall, FierceHealthIT, 1/20).

Details of Report

The report examined research from various sources, including experts with:

• Carnegie Mellon University;
• HHS;
• The Institute for Critical Infrastructure Technology;
• NASA; and
• The National Institute of Standards and Technology (ICIT report, January 2016).

In the report, the authors attributed health care cyberattacks to:

• Complex infrastructures that allow hackers access to data;
• Manufacturers no longer supporting certain technology; and
• The Internet of Things creating a large attack surface (FierceHealthIT, 1/20).

It found that the health care sector’s “adversaries” for cyberattacks are:

• “Script Kiddies,” which purchase and use hacking tools and malware developed by others;
• Hacktivists, which are politically motivated;
• Cyber criminals, which generally aim to make money through the extortion or disclosure of stolen data;
• Cyberterrorists, which aim to disrupt or destroy services that are critical to a nation, sector or organization’s activities; and
• Nation state actors, which are sponsored by a nation state to target foreign governments and organizations (ICIT report, January 2016). For the full article click here 

from cyber security caucus http://ift.tt/1nfFvin
via IFTTT

Report: Healthcare the least prepared sector against cyberattacks

Healthcare is the most targeted yet least prepared sector in the U.S. when it comes to cyberattacks, according to areport from the Institute for Critical Infrastructure Technology.

“Both providers and payers devote the majority of their resources to fulfilling their mission,” the report’s authors say. “Sadly, attackers have seen this selfless dedication to human life as sign of weakness.”

Government and healthcare organizations manage complex infrastructure that has many layers that leave gaps, which allows hackers access to sensitive data, according to the authors. What’s more, many times, manufacturers no longer support their technology, which creates even more vulnerability. One example of how malicious actors took advantage of this is the Office of Personnel Management hack, which put information of about 4 million federal employees at risk. For the full article click here

from cyber security caucus http://ift.tt/1nfFvik
via IFTTT

Health info is a giant target for hackers

By Zach Noble

What: “Hacking Healthcare IT in 2016,” a report from the Institute for Critical Infrastructure Technology

Why: ICIT’s study seeks to apply lessons from the Office of Personnel Management breach to the health care sector. Like OPM, Anthem and Premera Blue Cross were hacked in 2015 via a third-party vendor connected to internal systems, the report states. Researchers also point a finger at a possible source for both intrusions: Deep Panda.

The report advises the health care sector to carefully vet third-party service providers and limit their access to critical systems. As the industry continues to expand into telemedicine and medical devices connected to the Internet of Things, providers must use layered cybersecurity approaches to protect their vulnerable — and valuable — digital assets, the report states.

Read full article here : http://ift.tt/1ZEXwTy

from cyber security caucus http://ift.tt/1PboGA5
via IFTTT

Hacktivist vs. cyberterrorist: Understanding the 5 enemies of healthcare IT security

According to Critical Infrastructure Technology report, cyber attackers can be categorized according to their target, tactics, techniques, malware and procedures.

By Jessica Davis

From “script kiddies” to sophisticated nation states, healthcare organizations have to be on the lookout for a variety of dangerous bad actors looking to crack its cybersecurity defenses, according to a recent Institute for Critical Infrastructure Technology report.

The possible impacts from a healthcare security breach are vast. Data from administrative or electronic health record systems can be used to steal the identity of patients and employees, which creates a financial burden and can even lead to legal ramifications.

Furthermore, false information provided by the hacker can also increase the risk of medical complications, according to the report.”Healthcare providers, the largest target, are focused on their mission: saving lives,” according to the ICIT report. “Meanwhile, healthcare payers focus on processing the transactions necessary to keep patients healthy and healthcare providers operational.

“Both providers and payers devote the majority of their resources to fulfilling their mission,” the authors continued. “Sadly, attackers have seen this selfless dedication to human life as sign of weakness.”  Information stolen via healthcare breaches can be used for insurance fraud, identity theft, financial gain or targeted attacks, which can be sold online or used by the attackers for personal gain.

According to the report, cyber attackers can be categorized according to their target, tactics, techniques, malware and procedures:

1. Cybercriminals are stereotypical attackers, targeting organizations to make money through extortion or the disclosure of compromised data. Ransomware, malware that holds data hostage until the owner pays the monetary award, will be the primary threat to organizations in 2016, especially to mHealth devices and mission critical assets.

Read Full Artticle Here :  http://ift.tt/1Uh4M6F

from cyber security caucus http://ift.tt/1RZSqT7
via IFTTT

Cybersecurity moves beyond an issue just for tech world

Affinity Gaming Sues Cybersecurity Firm Over Data Breach

Las Vegas-based Affinity Gaming is suing a cybersecurity company, which it claims failed to deal adequately with a breach to its system, in what may come to be regarded as a landmark case.

The casino operator, formerly Herbst Gaming of Terrible Herbst Oil Company fame, owns off-Strip and stateline casino properties in Nevada, as well as several throughout Colorado, Missouri, and Iowa.

Affinity accuses Chicago-based IT firm Trustwave of making “representations [that] were untrue,” and of carrying out work that was “woefully inadequate” in its investigation of a suspected hack For the full article click here 

from cyber security caucus http://ift.tt/1PItF7y
via IFTTT

UCCS to house cybersecurity intelligence center

UCCS will house and support a new National Cybersecurity Intelligence Center under a plan unveiled last week by Colorado Gov. John Hickenlooper.

“As we see it, this center can be the country’s foremost authority on cybersecurity research and development, training and education,” Hickenlooper said in his Jan. 14 State of the State address at the Capitol. “It will provide real time response capability for businesses to detect, prevent, remediate and recover from threats and hacks.”

The center will be a collaboration among UCCS, the regional technology community and federal, state and city  governments, according to a city of Colorado Springs press release. For the full article click here 

from cyber security caucus http://ift.tt/1P9Stcz
via IFTTT

Nuclear Power Plants Could Benefit from Better Cybersecurity

In the fast-growing world of digital connectedness, those in the financial, digital information andhealthcare sectors know they need to protect against cyber attacks. But what about the nuclear industry? Is there a reason to ramp up cybersecurity around nuclear plants?

The short answer: yes.

Following a December cyber attack that caused a power outage in Ukraine, concerns have mounted regarding cybersecurity in the nuclear sector. In fact, The Washington Post recently reported that “the stakes are even higher in the nuclear space because of the potentially devastating results of a malfunction — or the possibility someone could create an opportunity to steal nuclear materials.” For the full article click here 

from cyber security caucus http://ift.tt/1P9Stcv
via IFTTT

Law enforcement agencies attend cyber security training

Members of local, state, and federal agencies gathered Thursday in Robstown to learn about cyber security during a training symposium.

About 230 people attended the Maritime Awareness Security Terrorism Training Cyber security symposium at the Richard M. Borchard Regional Fairgrounds that focused on IT security and critical infrastructure protection.

“New technology continues to evolve and we want to show the agencies which issues are out there and what the best practices are to prevent these issues,” symposium organizer and U.S. Coast Guard Lt. Brent Kenny said. “Any cyber hacks and cyber intrusions we want the agencies to be aware of and to know what to look for,” he said. For the full article click here 

from cyber security caucus http://ift.tt/1P9Stcr
via IFTTT

FireEye Just Acquired a Va.-based Cybersecurity Firm

FireEye (FEYE), the Milpitas, Calif.-based cybersecurity firm led by former McAfee CEO Dave DeWalt, has acquired Dallas, Tx.-based iSight Partners for $200 million. iSight Partners operates locally through a large analysis center in Chantilly, Va. The company specializes in threat intelligence collection and information organization.

iSight Partners is able to collect this cyberthreat data by leveraging a 250-person network of intelligence agents, who are able to spot cyberattacks when they first appear credible. These agents are spread throughout the world, in countries like Brazil, India and Ukraine, and typically boast prior experience work for government and/or security forces, iSight CEO John Watters told the Wall Street Journal.

This intelligence gathering approach, which includes agents monitoring hacker forums and forming relationships with local sources, is largely a departure from most cybersecurity threat intelligence services that rely upon automation and complex data streams. For the full article click here 

from cyber security caucus http://ift.tt/1ZDpbV9
via IFTTT

Mead requests $1.2M for cybersecurity

CHEYENNE – Leading into the budget session with an energy-related cash shortfall, Gov. Matt Mead still thought cybersecurity important enough to request about $600,000 per year to help create cyber defense education programs in Wyoming.

In a letter to the purse-holding Joint Appropriations Committee, Mead asked for $1.2 million over the next two years to address a national and local shortfall of quality, formal training programs for cybersecurity. The money would allow the University of Wyoming and the Laramie County Community College to work together to certify as centers of “academic excellence in information assurance and cyber defense.”

“There is a shortage of cybersecurity experts in Wyoming with the knowledge, skills and abilities to address the needs of government and private business,” Mead wrote.

Mead noted that cybersecurity acts as an increasingly complex shield to essential technology used in government and business. For the full article click here 

from cyber security caucus http://ift.tt/1JjFq7V
via IFTTT

Cybersecurity Lawsuit Poses Vendor Liability Question

In October 2013, Affinity Gaming, a casino operator based in Nevada, heard from customers that their credit cards had been hacked. Before too long, the company’s IT department concluded it likely suffered a data breach.

Within days, professional forensic data security investigators from Chicago-based Trustwave Holdings Inc. were analyzing the company’s system, and suggesting remedial measures.

That account is taken from a federal lawsuit that Affinity filed in Las Vegas. It accuses the IT security company Trustwave it hired to conduct a forensic investigation of failing to proscribe appropriate remedial measures and not removing the malicious malware. The suit states that within three months, a second data breach occurred. Affinity is suing Trustwave for fraud, fraudulent inducement, constructive fraud, gross negligence, negligent misrepresentation, breach of contract and declaratory judgment. For the full article click here 

from cyber security caucus http://ift.tt/1ZDoivD
via IFTTT

Cybersecurity Company Comes to S.A.

A cybersecurity company opens its doors in San Antonio’s Tower Life Building.

The company is Colorado Springs based Root9B.

“Root9B is a global cybersecurity company,” CEO Eric Hipkins said. That focuses “on development of our capabilities that we utilize during our cybersecurity services.”

The new Adversary Pursuit Center in the Tower Life Building will also house the company’s network defense operations center.

“I think they’re on the cutting edge, they’ve been recognized on being on the cutting edge,” Bexar County Judge Nelson Wolff said.

Root9B is ranked number one on the Cybersecurity 500, it’s a directory of the hottest and most innovative cybersecurity companies. For the full article click here 

from cyber security caucus http://ift.tt/1JjFq7R
via IFTTT

UW Could Become Cyber Security Hub

January 20, 2016 — To battle one of the most dangerous issues facing the nation today, Wyoming Gov. Matt Mead has requested state funding to develop a program at the University of Wyoming to become a center of excellence in cyber defense.

Corporations such as Home Depot, eBay, Sony, Target and even the United States government have been compromised through data breaches caused by hackers. Without trained individuals who continually learn and hone dynamic methods, Wyoming’s infrastructure, agencies, businesses and citizens are at risk. The cost of even a basic attack can be thousands of dollars, and any ensuing data losses or damages to infrastructure can cost millions and damage business reputations.

According to the Wyoming Cybersecurity Education Initiative, proposed curriculum in the College of Engineering and Applied Science’s Department of Computer Science would educate students to defend against such attacks and “provide meaningful and sustainable impact to Wyoming’s technology sector through cybersecurity and information assurance higher-education programs.” For the full article click here 

from cyber security caucus http://ift.tt/1ZDoivC
via IFTTT

Onapsis Shows Global 2000 Organizations How to Operationalize SAP Cybersecurity

BOSTON, Mass., Jan. 20, 2016 (GLOBE NEWSWIRE) — via PRWEB – Onapsis, the global experts in business-critical application security, today announced a live webcast to help chief information security officers (CISOs) at Global 2000 companies better align SAP cybersecurity with broader information security processes. SAP applications are targets of a new breed of breaches that are stealthy and easy to execute. The impact on an organization can result in financial fraud, sabotage or economic espionage. As threats will undeniably continue to become more widespread, it is critical that SAP cybersecurity processes become operationalized throughout an organization.

Scott Crawford, Research Director, Information Security of 451 Research will discuss key trends driving information security teams to change their approach to business-critical application security.

Troy Grubb, Manager, Information Security, Governance Risk and Compliance – CISSP, The Hershey’s Company will share how he has implemented an SAP Security Strategy with KPIs that drives cross-functional collaboration. For the full article click here

from cyber security caucus http://ift.tt/1SwRsNU
via IFTTT

Take cybersecurity seriously: specialist

SplashData Inc., one of the leading providers of password management applications, just came out with its list of the worst passwords of the year.

Not surprisingly, the worst ones are the easy numeric progressions such as 123456 and the word “password.”

That sort of careless online presence is keeping cyber-security specialists such as Jay Smith busy.

Smith, an information security consultant with Winnipeg-based Online Business Systems, says even if someone’s online activity does not include anything that’s deemed valuable enough to steal, there is still a responsibility to avoid being used as a patsy or middleman from which nefarious cyberactivity could be launched. For the full article click here

from cyber security caucus http://ift.tt/1OFQxoo
via IFTTT

Pentagon Delays Cybersecurity Requirement for 10,000 Contractors

The Pentagon has delayed for almost two years a requirement that as many as 10,000 companies show that they have systems to protect sensitive but unclassified information from cyber-attacks before signing new defense contracts.

“We got feedback from industry that they did not think they could fully comply Day One” with the demand that contractors document a fully operating access-authentication system down to the subcontractor level, Claire Grady, director of defense procurement and acquisition policy, said in an interview. “We want people headed in the right direction,” but “we probably overestimated what the state of the industry was.” For the full article click here

from cyber security caucus http://ift.tt/1Qea9mg
via IFTTT

How far are we willing to go to achieve cyber security?

With every high-profile data breach and emerging global terrorist threat, public discourse on cyber security becomes increasingly polarized and unproductive. At a time of understandably heightened concerns over potential terrorist attacks, many governments view control of and visibility into citizens’ communications as a key prerequisite to preventing extremism, domestically and internationally. The only publicly discussed means to achieving that, though, is a backdoor into encryption technology, designed to protect digital communications. While having access on the backend of countless networks will enable mostly unobstructed data access, the question is to what extent would this capability compromise the government’s own ability to secure its citizens?

As the Web continues to grow, it is adding an unprecedented number of devices constantly engaged in information sharing – some more sensitive than the rest, with most data still transmitted in the clear. Increased connectivity has facilitated the rapid growth of attacks aimed to steal valuable personal, business and government data. The only defense for data in transit is encryption, properly implemented to ensure information is only accessible by the intended recipient. Often unnoticed, encryption secures countless core applications – from satellite and power control systems to air traffic communications and stock exchange transactions. It literally is the first line of defense for information we deem sensitive or proprietary. For the full article click here

from cyber security caucus http://ift.tt/1SwQa5z
via IFTTT

WISeKey and CenturyLink Sign Collaboration Agreement to Explore Analytics Cybersecurity Solutions for Internet of Things Providers

GENEVA–(BUSINESS WIRE)–WISeKey, a leading cybersecurity company, and CenturyLink, Inc. (NYSE: CTL), a global communications, hosting, cloud and IT services company, today announced the signing, at the World Economic Forum in Davos, of a collaboration agreement to explore a future relationship to jointly offer a managed digital identity solution for Internet of Things (IoT) providers.

“This collaboration agreement with WISeKey is a first step toward a relationship that we hope will instill confidence in companies that manage and secure connected devices, and we look forward to collaborating to jointly serve this growing market.”

Through this collaboration agreement, WISeKey and CenturyLink plan to work toward a relationship where they may collaborate on joint solutions that enable global corporations to secure their IoT infrastructure and ensure the privacy of their data. WISeKey would like to leverage CenturyLink’s data center presence in the United States to establish a Root of Trust (RoT), which provides the foundation behind trusted computing and allows IoT device verification at the hardware level, in order to support the needs of U.S.-based corporations and government establishments.  For the full article click here

from cyber security caucus http://ift.tt/1QeabdT
via IFTTT

My Top Security Data Science Predictions for 2016

Posted by Derek Lin

Security remains a top news item this year.  We see increased activities to address security in enterprises and the product marketplace in 2015.  I offer my predictions on the top trends in security analytics for 2016.  They are:

#1 Data science as a de-facto tool for cyber security

Cyber security traditionally has been relying on signature-based and rule-based approaches to detect bad activities.  The use of data science has emerged only in recent years.  This technology trend parallels that of fraud detection in credit or banking industry.  Starting from rule- and signature-based systems, the financial industry moved to risk-based systems using analytics to catch evermore sophisticated fraud activities.  The cyber security domain is no different.  In 2015 we’ve seen increased activities in data scientist hiring and a broader interest in the use of machine learning and data analytics among enterprises security offices.

#2 Increased Marketing Noise in Security Analytics

In 2015, new and old security product vendors are marketing data analytics.  But this also creates confusion in the market as there is neither a standard for data analytics tools, nor benchmark data sets to compare analytics procedures.  If you are in the marketplace, do your due diligence in understanding the security products under the hood.

#3 Spark!

In its very short history, the open-source Apache Spark has become mainstream, especially with Databricks, IBM, and Cloudera supporting it in 2015.  Its ability to stream and analyze data in close to real time will drive adoption in many verticals and applications.  Security analytics will be no exception.  However, Spark is not a panacea to all security data analytics, as not all problems can be addressed by data parallelization.  Security systems that are designed to leverage stateless data parallelization and to accommodate stateful event tracking will enjoy an advantage.

To read the full article click here : http://ift.tt/1TZW78T

from cyber security caucus http://ift.tt/1niTSmM
via IFTTT

Centrify Becomes a Member of the Institute for Critical Infrastructure Technology (ICIT)

Centrify expands the ICIT’s growing expertise in securing enterprise identities against cyberthreats

SANTA CLARA, Calif.–(BUSINESS WIRE)–Centrify, the leader in securing enterprise identities against cyberthreats, today announced that it has become a member of the Institute for Critical Infrastructure Technology (ICIT) Fellows Program. Centrify Senior Director of Federal Greg Cranley has been named an ICIT fellow, adding to the Institute’s growing expertise in securing enterprise identities against cyberthreats. By joining ICIT as a fellow, Centrify has a leadership role in advising the nation’s lawmakers, federal agency decision makers and critical infrastructure sector stakeholders.

Centrify has already contributed to several ICIT publications and briefings, including speaking at the ICIT Senate Briefing: Hacking Hospitals, to address the growing threats facing healthcare organizations. Attendees included agencies from the Department of Veterans Affairs, State, Homeland Security, Health and Human Services and the Intelligence Community. Attendees gained clarity on today’s expanding attack surface as well as technologies that can help improve security.

“Health care is complex because there are large numbers of payers, patients and providers that require access to digital data. The system is plagued with too many people having too many passwords and too much privilege to health care and patient records. All of this creates a large risk surface,” said Cranley. “This large risk surface makes data ripe for theft for fraudulent use, including making false benefit claims and selling records of patients so that they could be targeted by unscrupulous drug and or medical device providers.”

As a fellow, Centrify will contribute to the Institute’s upcoming thought leadership initiatives, including speaking at an upcoming ICIT Fellow Meeting in February entitled, “Operational Innovation: A New Approach to the Threat Landscape,” and ICIT’s Critical Infrastructure Forum focused on the resiliency and enablement of the nation’s critical infrastructures in April.

“Organizations are facing an epidemic of poorly managed credentials at a time when users demand anytime, anywhere access to the dozens of systems and applications they use on a daily basis,” said Parham Eftekhari, co-founder and senior fellow of the ICIT. “Leadership is needed on this important aspect of cybersecurity, which is why the ICIT is thrilled to partner with Centrify.”

See the full Press Release here: http://ift.tt/1lqJN5q

from cyber security caucus http://ift.tt/1QlAbWB
via IFTTT

Evohop Enterprise Cyber Security, A Unique Layer of Protection in a Class of its Own

NORCO, Calif., Jan. 19, 2016 /PRNewswire/ — With so many talking about Cyber Security initiatives for 2016 and several choices for Enterprise Security, corporate IT decision makers are faced with the big question of what platform to implement. It can be a daunting task considering the many choices to research and evaluate. By all accounts however, the industry is in agreement that “security in layers” is the best strategy.

From an appliance prospective, many of the options being considered are multipurpose devices that include such features as Routing, VPN, Firewall, UTM, IPS, IDS, AV, Content Filtering and the like. Typically there are one or two onboard processors to push traffic as well as carry out the other functionality. That truly is a lot to ask of one appliance using only local resources. For the full article click here 

from cyber security caucus http://ift.tt/1Ry4CtQ
via IFTTT

RiceHadleyGates LLC to Advise Cylance on Strategic Cybersecurity Issues and Global Deployment of Its Artificial Intelligence Based Cybersecurity Solutions

IRVINE, CA — (Marketwired) — 01/19/16 — Cylance, the company that is revolutionizing cybersecurity through the use of artificial intelligence to proactively prevent advanced persistent threats and malware, today announced that it has retained RiceHadleyGates LLC to advise the company on a range of strategic cybersecurity issues related to global deployment of its highly sophisticated cybersecurity solutions.

“The cyber threat landscape is continually and rapidly evolving, and the volume of threats and attacks is ever increasing,” said Stuart McClure, Cylance CEO and founder. “Using better cybersecurity technology is a key element of reducing the significant risks posed by these threats, but so, too, is the deepest possible understanding of the sources of the threats and their likely targets. Cybersecurity is now in many ways indistinguishable from national security, and having advisors with the security and intelligence experience of RiceHadleyGates is invaluable to the achievement of our mission of protecting every computer on the planet.” For the full article click here 

from cyber security caucus http://ift.tt/1U9wKBv
via IFTTT

Automakers, US DOT agree on cybersecurity

The US Transportation Department and 17 automakers have reached agreement on efforts to enhance safety, including sharing information to thwart cyber-attacks on their increasingly wired vehicles, says Bloomberg.

Companies including General Motors, Ford and Toyota also agreed to reform the way they report fatalities, injuries and warranty claims to the government. The companies are to meet regularly to exchange information and identify emerging safety issues.

“Today DOT and the automakers represented here are taking a strong stance in favour of a new approach, an approach that leans heavily on being proactive and less heavily on being reactive,” US Transportation Secretary Anthony Foxx in Detroit Friday at the North American International Auto Show in Detroit. For the full article click here 

from cyber security caucus http://ift.tt/1ZKhz8B
via IFTTT

FDA Releases Medical Device Cybersecurity Draft Guidance

“Cybersecurity risk management is a shared responsibility among stakeholders…that provide products that are not regulated by the FDA.”

It is important for medical device manufacturers to monitor, identify and address cybersecurity vulnerabilities, according to draft guidance recently released by the Food and Drug Administration (FDA).

The FDA draft guidance is also meant to “inform industry and FDA staff of the Agency’s recommendations for managing postmarket cybersecurity vulnerabilities for marketed medical devices.”  For the full article click here 

from cyber security caucus http://ift.tt/1P35KU2
via IFTTT

Thinking down the line about cyber

A WONK’S WONK — MC visited last week with buzzy Washington think tank New America to hear about its ambitious Cybersecurity Initiative, launched just last year. The idea, according to co-director Ian Wallace is to study “the next issue, the issue down the line.” Fellow Peter Singer (a wonk so wonky he once conducted a study of think tanks themselves) says the initiative will focus on topics that are “pre-partisan” — areas so new that they aren’t yet the object of political combat.

What’s on tap? Cybersecurity’s overlap with poverty; the state and local angle; cyber war; social media; and workforce worries, especially the lack of women in the field (a “generational” problem, according to Ross Schulman, policy counsel for the think tank’s Open Technology Institute).  For the full article click here 

from cyber security caucus http://ift.tt/1lriFTO
via IFTTT

Ukraine says to review cyber defences after airport targeted from Russia

Ukrainian authorities will review the defences of government computer systems, including at airports and railway stations, after a cyber attack on Kiev’s main airport was launched from a server in Russia, officials told Reuters on Monday.

Malware similar to that which attacked three Ukrainian power firms in late December was detected last week in a computer in the IT network of Kiev’s main airport, Boryspil. The network includes the airport’s air traffic control.

Although there is no suggestion at this stage that Russia’s government was involved, the cyber attacks have come at a time of badly strained relations between Ukraine and Russia over a nearly two-year-long separatist conflict in eastern Ukraine.

“In connection with the case in Boryspil, the ministry intends to initiate a review of anti-virus databases in the companies which are under the responsibility of the ministry,” said Irina Kustovska, a spokeswoman for Ukraine’s infrastructure ministry, which oversees airports, railways and ports. For the full article click here 

from cyber security caucus http://ift.tt/1JctOnb
via IFTTT

David Ward – Time for the security industry to up its game

David Ward of Ward Security looks at a growing challenge for the security industry in a world increasingly fixated on online security. He writes: “Traditional security is becoming less visible, but not in a way we should be celebrating. Due to the growth of cybercrime and the media noise that surrounds high profile attacks and hacks, the word ‘security’ is becoming dominated by cybersecurity. You can understand why. A well targeted hack on a large organisation can be phenomenally devastating and is certainly more newsworthy than the average burglary or incidence of vandalism.

“You can see this process by simply running a Google search for ‘security’, especially a news search. As you would expect, the results are dominated by major terrorist incidents around the globe, with cybercrime not far behind. The refocussing of the word ‘security’ can also be gauged by the number of magazines and websites that are dedicated to online crime and preventio For the full article click here 

from cyber security caucus http://ift.tt/1JctOn4
via IFTTT

Indiana University gets $5M to lead cybersecurity center

BLOOMINGTON, Ind. (January 18, 2016) – Indiana University’s Bloomington campus soon will get an opportunity to lead a group of institutions to solve cybersecurity issues after it received a $5 million grant from the National Science Foundation.

The grant designates IU’s Center for Trustworthy Scientific Cyberinfrastructure as a Cybersecurity Center of Excellence that will help solve the computer and software security challenges facing the National Science Foundation. The center is a three-year collaboration between the University of Wisconsin-Madison, the Pittsburgh Supercomputing Center and the National Center for Supercomputing Applications.

Von Welch, director of IU’s Center for Applied Cybersecurity Research, says the science community and researchers face unique computer security issues, which the CTSC will get a chance to help solve. For the full article click here 

from cyber security caucus http://ift.tt/1PBhFEO
via IFTTT

5 most dangerous cyber security vulnerabilities that are exploited by hackers

All the major government organizations and financial firms stress upon the issue of cyber securityin today’s world. Sensitive data of any company, more so of those that keep largely public data, has been the target of some of the most notorious hackers of the world. Illegal access by an unauthorized person is the most devastating thing that could happen to an organization, for its sensitive data would then be at the mercy of the attacker.

Manipulation, data, and theft of data, as well as leaking of company secrets and shutting down services, are just some of the many things that hackers have the license to do once they gain access to a system. The fact that (PDF) over $575 million worth of damage has been done due to cyber crime is indicative of the fact that cyber terrorism and cyber crime is the most dangerous thing in today’s world when everything is computerized.

We take a look at the 5 of the most dangerous cyber security vulnerabilities that are exploited by hackers. For the full article click here 

from cyber security caucus http://ift.tt/1JctLrw
via IFTTT

New year, new trends in cybersecurity

From the TalkTalk breach to the Ashley Madison scandal and the VTech attacks, 2015 bore witness to an unprecedented number of cyberattacks. The publicity and customer disappointment that surrounded them certainly brought cybersecurity out from the fore and into the public eye.

With many of these attacks being on a very large scale, and felt by a host of different industries, it would seem that hackers are desperate to get their hands on our data, and are using increasingly sophisticated techniques to get to us through the companies we trust. For the full article click here 

from cyber security caucus http://ift.tt/1JctO6w
via IFTTT

Survey Finds 82% of Oil/Gas IT Professionals Report Increase in Cyberattacks

A survey conducted last November of more than 150 information technology (IT) professionals in the oil and gas industry found that 82% had seen an increase in successful cyberattacks in the preceding 12 months.

According to Tripwire Inc., a cybersecurity firm based in Portland, OR, 2% of respondents also said the number of cyberattacks they witnessed had more than doubled in the preceding month, while 53% said there was a 50-100% increase in attacks. Another 20% had noticed a 20-50% increase in attacks in the preceding month, while 13% said there was a 10-20% increase, and 11% said the increase was less than 10%.

“The increase in successful attacks should be deeply concerning,” Tripwire’s Tim Erlin, director of IT security and risk strategy, said Thursday. “Successful attacks could mean that attackers are able to breach a specific security control or that they have been able to get closer to sensitive data using phishing or malware scams that have been detected. It could also mean that attackers are launching more persistent, targeted attacks.” For the full article click here 

from cyber security caucus http://ift.tt/1NcYQpy
via IFTTT

Casino Sues Cybersecurity Firm in Landmark Case

In one of the first cases of its kind, ever, a cybersecurity firm was sued by its client, a casino operator for it alleged lack of quality in an investigation following a breach of the casino operator’s system.

This case could potentially set a new precedent entirely in the field of cyber law. A Las Vegas-based (where else?) casino operator has sued cybersecurity firm Trustwave for, in essence, allegedly failing to conduct a competent investigation.

A legal complaint was filed by casino operator Affinity Gaming in a Las Vegas federal court against security firm Trustwave in December 2015. For the full article click here 

from cyber security caucus http://ift.tt/1NcYP5f
via IFTTT

CFTC Approves Proposed Cybersecurity Regulations

Recognizing cyber security as one of the most important issues facing financial markets today, and identifying cyber-attacks as a top threat, the U.S. Commodity Futures Trading Commission (CFTC) unanimously approved proposed enhanced rules on cybersecurity for derivatives clearing house organizations, trading platforms, and swap data repositories. For the full article click here 

from cyber security caucus http://ift.tt/1P62glz
via IFTTT

Meet Jeb Bush’s police state: The NSA in charge of civilian data

Given the various recent terrorist attacks, it’s no wonder that hackers, cybersecurity, encryption and surveillance are all major topics of this year’s presidential campaign.Encryption was on the table during the sixth Republican debate on Thursday night, with Jeb Bush proposing a solution for guarding the American people that seems to be taken out of a George Orwell novel.

Bush said he would be willing to put the NSA in charge of civilian data, corporate cybersecurity and the Internet, as The Guardian explains, and that decrypting protected communications would be very much on his agenda.

“We need to put the NSA in charge of the civilian side of this, and we need more cooperation. You have to keep asking to decrypt messages,” Bush said. For the full article click here 

from cyber security caucus http://ift.tt/1WhiwQj
via IFTTT

FDA Details Cybersecurity Steps For Approved Med. Devices

Law360, New York (January 15, 2016, 7:45 PM ET) — The U.S. Food and Drug Administration on Friday published detailed guidance on how medical device makers should ensure the cybersecurity of approved products and report any post-approval fixes, marking the agency’s latest move on digital threats to patients.

The draft document builds on guidance in 2014 about preapproval considerations for cybersecurity, as well as a 10-year-old guidance about medical devices For the full article click here 

from cyber security caucus http://ift.tt/1P62glw
via IFTTT

JEB BUSH PROPOSES PUTTING NSA IN CHARGE OF CIVILIAN DATA, CYBERSECURITY

At the tail end of a sixth Republican presidential debate, dominated by personal feuds and mutual condemnation of the Obama administration and Hillary Clinton, Jeb Bush made a stunning proposal: Put the NSA in charge of civilian data and cybersecurity.

The proposal, which represents a major expansion of the intelligence agency’s role, shocked some observers on Twitter, with some calling it akin to a “police state.” For the full article click here 

from cyber security caucus http://ift.tt/1n0jR1y
via IFTTT

EU close to passing first-ever uniform cyber security rules

Want to compel web giants to share their data breaches.

The European Union is one step closer to introducing uniform cyber security rules, which would require all member states to implement mandatory data breach notifications and establish their own cyber attack response teams.

The EU currently has no common approach to cyber security or incident reporting.

However it has now announced that a new set of rules, known as the network and information systems (NIS) directive, has passed a major final hurdle by winning the endorsement of the vast majority of members of its internal market committee. For the full article click here 

from cyber security caucus http://ift.tt/1n0jR1w
via IFTTT

Israeli Cyber Security Companies To Cover Tokyo 2020 Olympics

Israel’s National Cyber Bureau of the Prime Minister’s Office and the Foreign Trade Administration of the Ministry of Economy and Industry confirmed their support in a new consortium of Israeli companies to provide cyber solutions for the Tokyo 2020 Summer Olympics. Led by Israel Aerospace Industries (IAI), the consortium will also include Check Point, Verint, Bynet, ClearSk, CyberX, and ECI Telecom. As part of its effort to support the initiative, the state will pay half of the conglomerated companies’ financial costs in their attempt to enter the Japanese market a figure estimated at several millions of shekels. The Ministry of Economy said professional cooperation between the 7 firms will allow them to prove their wide-range of capabilities in end-to-end solutions for the cyber threats Japanese authorities will face in the run up the Olympic Games in four years. For the full article click here 

from cyber security caucus http://ift.tt/1n0jPXv
via IFTTT

Cybersecurity Expert on Hacking and Power Grids

Shiyan Hu, a computer engineer at Michigan Technological University, wants to stop making cybersecurity an afterthought. Given the recent blackout in Ukraine, caused by a power grid hack, Hu says now is the time to consider weaknesses in energy infrastructure and to shore up the system’s defenses.

His recent works titled “Preventive Maintenance for Advanced Metering Infrastructure Against Malware Propagation” and “Leveraging Strategic Detection Techniques for Smart Home Pricing Cyberattacks” demonstrated that hacking the power grid was not only possible, but could lead to major blackouts like December’s attacks in Ukraine. And the country is not alone in its vulnerability.

“Even in the US, we have significant risk in our infrastructure,” Hu says. “We lack the defense tech to stop most malware attacks on the power grid.” For the full article click here 

from cyber security caucus http://ift.tt/1n0jPXn
via IFTTT

The First Step Of Cybersecurity Plans: Know Your Data And Its Location

This article in a series on cybersecurity for businesses delves into the first of five main goals of a company’s cybersecurity policy: taking stock of all personal information your business possesses, locating it within your business, and identifying who has access to it. Understanding how personal information moves into, through and out of your business is essential to assessing cybersecurity vulnerabilities.

What is personal information? “Personal information” is statutorily defined in North Carolina to include a person’s first name or initial and last name in combination with any of the following: Social Security numbers, employer taxpayer identification numbers, driver’s license or state identification numbers, passport numbers, checking and saving account numbers, credit and debit card numbers, PINs, digital signatures, biometric data, fingerprints, any number that can be used to access financial resources, or a parent’s legal surname prior to marriage. An individual’s email name or address, Internet account number, Internet username, or password may be considered personal information if it would permit someone to access financial accounts or resources. Information in publicly available directories, such as a phone book, or government records such as a person’s name, address, and phone number, is not “personal information” under North Carolina identity theft laws. For the full article click here 

from cyber security caucus http://ift.tt/1n0jPH8
via IFTTT

RAYTHEON|WEBSENSE IS NOW FORCEPOINT

Forcepoint brings fresh approach to safeguarding users, data and networks from insider and outsider threats 

Austin, Texas – January 14, 2016 – Global cybersecurity leader Raytheon|Websense today unveiled its new company name, Forcepoint™, and multiple new products. Built on the successful integration of Websense®, Raytheon Cyber Products and the recently-acquired Stonesoft next-generation firewall (NGFW) business, Forcepoint brings a fresh approach to address the constantly evolving cybersecurity challenges and regulatory requirements facing businesses and government agencies.

Forcepoint was created to empower organizations to drive their business forward by safely embracing transformative technologies – cloud, mobility, Internet of Things (IoT), and others – through a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies involved in managing a collection of point security products. The Forcepoint platform will protect against threats from insiders and outsiders, rapidly detect breaches, minimize “dwell time” – the period between compromise and remediation – and stop theft.

“With Forcepoint, organizations can protect users, networks and data in the cloud, on the road, and in the office. We simplify compliance, enable better decision-making and streamline security so that our customers can concentrate on what’s important to them,” said Forcepoint CEO, John McCormack. “We will provide a unified cloud-centric platform to defend against attacks, detect suspicious activity sooner, and give the context needed to decide what actions to take to defeat the attack and stop data theft. Defend, detect, decide, defeat – this is our vision for Forcepoint 4D Security. We have the expertise, financial commitment and ongoing access to unique, defense-grade security technology necessary to deliver on this vision.”

“A platform solution that both simplifies and strengthens security as part of a holistic strategy that includes people, process and technology is a far more compelling value proposition than a simple point solution,” said Dan Wilson, Executive Vice President of Partner Solutions for Optiv, a market-leading provider of end-to-end cyber security solutions.

“Forcepoint’s platform focuses on insider threat protection, cloud data protection and network security. We’re seeing clients ask for these capabilities and are excited to see how Forcepoint delivers.”

See the full Press Releases Here : http://ift.tt/1USunmo

from cyber security caucus http://ift.tt/1NaaFwN
via IFTTT

Israel a Top Region for Cybersecurity Investing

Though it has a relatively small population of 8 million, Israel is up there with the US, China, Russia and the UK in terms of cybersecurity sophistication.

The country has 250 cybersecurity companies and holds a 20-percent share of global private cybersecurity investment. Furthermore, it saw cybersecurity sales of over $4 billion last year, up 100 percent from 2014. These stats illustrate one key truth: Israel is currently a strong market for cyber investment and it’s only getting stronger.

One thing driving Israel’s cybersecurity industry is its National Cyber Bureau, an advising body for the prime minister, as well as the government and its committees. The Bureau recommends national cybersecurity policies and promotes their implementation at a national level For the full article click here 

from cyber security caucus http://ift.tt/1l8QFnW
via IFTTT

National cybersecurity R&D laboratory to be ready by end-2016

SINGAPORE: A National Cybersecurity R&D Laboratory at the National University of Singapore (NUS) will be operational by the end of this year, announced Chairman of A*STAR Lim Chuan Poh on Thursday (Jan 14).

Speaking at the inaugural Singapore Cybersecurity R&D conference, Mr Lim said: “The anonymous and inter-connected cyberspace is not just exploited by criminals and terrorists to carry out identity theft, financial fraud, coordinate terrorist activities and steal corporate information, but also by state actors to conduct industrial espionage, disrupt critical infrastructure and plant malicious software which then can be subsequently exploited.”

“We really have to take all these cybersecurity challenges and threats very seriously,” he added. For the full article click here 

from cyber security caucus http://ift.tt/1PZuz2c
via IFTTT

Reps. Introduce Bill To Repeal Cybersecurity Act

Law360, New York (January 13, 2016, 10:35 PM ET) — A Republican lawmaker on Wednesday said he has introduced a bill aimed at repealing the Cybersecurity Act of 2015, signed into law at the end of the year, saying that the legislation makes it possible to unconstitutionally spy on law-abiding Americans.

Rep. Justin Amash, R-Mich., said in a statement that the legislation is the worst anti-privacy law since the Patriot Act and should be repealed as soon as possible. Although the law grants immunity from liability to companies that share the private information of employees For the full article click here 

from cyber security caucus http://ift.tt/1PZuBaf
via IFTTT

New National Cybersecurity Laboratory to open at NUS by end 2016

SINGAPORE – A new National Cybersecurity R&D Laboratory will be set up at the National University of Singapore (NUS) to experiment and research customised tools to enhance cybersecurity.

A*Star chairman Lim Chuan Poh announced on Thursday that the laboratory, which will be housed in the School of Computing at NUS, will be be operational by the end of the year.

It will be a shared national research infrastructure where the local cybersecurity research community and industry can come together to work and research on vulnerability assessment. The laboratory will also curate useful datasets for cybersecurity experimentation. For the full article click here 

from cyber security caucus http://ift.tt/1PZtQxO
via IFTTT

BIS Still Mulling Over Cybersecurity Export Rules

Yesterday Kevin Wolf, the Assistant Secretary of Commerce for Export Administration, testified before the House Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies on the much reviled controls in the Wassenaar Arrangements on exports on certain software and technology. His testimony provides detailed insight into the interaction between the Bureau of Industry and Security, which is charged with implementing the Wassenaar Arrangement controls, and the technology and cybersecurity industry and community which was concerned about the overbreadth of the Wassenaar controls of “intrusion” software. This blog has previously articulated some of these concerns, particularly the extent to which the Wassenaar controls on “intrusion” software could reach auto-updating software, Address Space Layout Randomization (ASLR) security measures, and hot-patch programs. For the full article click here 

from cyber security caucus http://ift.tt/1nksC6Z
via IFTTT

ISACA 2016 Cybersecurity Snapshot

ISACA’s January 2016 Cybersecurity Snapshot looks at cybersecurity issues facing organizations this month and beyond—from reactions to new cybersecurity legislation, to insights on information sharing and top cyber threats.

Among the key findings from nearly 3,000 IT and cybersecurity professionals worldwide:

• The top three cyberthreat concerns for 2016 are social engineering, insider threats and advanced persistent threats (APTs).
• 84 percent of respondents believe there is a medium to high likelihood of a cybersecurity attack disrupting critical infrastructure (e.g., electrical grid, water supply systems) this year.
• 72 percent of respondents say they are in favor of the US Cybersecurity Act, but only 46% say their organizations would voluntarily participate in cyber threat information sharing, as outlined in the Act.

See the full results and related insights from cybersecurity experts here:   http://ift.tt/1mR4QPx

Follow the conversation on Twitter: #CyberSnapshot

from cyber security caucus http://ift.tt/1njfFdO
via IFTTT

ICIT Brief: Hacking Healthcare in 2016: Lessons the Healthcare Industry can Learn from the OPM Breach

Among all of America’s critical infrastructures, the healthcare sector is the most targeted and plagued by perpetual persistent attacks from numerous unknown malicious hackers. The goal of these threat actors is to exploit vulnerabilities in insecure and antiquated networks in order to exfiltrate patient data for financial or geopolitical gain. In order to protect patient privacy, healthcare organizations and their supply chains must better understand the growing attack surface and the technologies and solutions which can improve their ability to respond to unauthorized network access.

In this brief, entitled “Hacking Healthcare in 2016: Lessons the Healthcare Industry can Learn from the OPM Breach”, the Institute for Critical Infrastructure Technology provides a comprehensive assessment of the threats and healthcare trends which have the greatest impact on health sector security, as well as solutions and strategies to improve resiliency. The report draws from the OPM breach, which is a prime example of the enormous consequences an organization can face by not maintaining and protecting integrated systems.  Specifically, this brief details:

•  The Healthcare System’s Adversaries (script kiddies, hacktivists, cyber criminals, cyberterrorists and Nation State Actors)
• A Multi-Pronged Approach to Meaningful Cybersecurity (people, policies & procedures and technical controls)
• Healthcare in a Digital Age (IoT, sensors, telehealth, remote monitoring, behavior modification devices, embedded devices, mobile applications and data sharing in the Cloud)
• Legislation & Collaboration (21st Century Cures Act, telehealth solutions for veterans, telehealth access expansion, prescription drug monitoring, EHR interoperability, mHealth IRB)

The following ICIT Fellows & thought leaders contributed to this brief:

• James Scott (ICIT Senior Fellow – Institute for Critical Infrastructure Technology)
• Drew Spaniel (ICIT Visiting Scholar, Carnegie Mellon University)
• Dan Waddell (ICIT Fellow – Director, Government Affairs, (ISC)2)
• Jon Miller (ICIT Fellow – V.P Strategy, Cylance)
• Rob Bathurst (ICIT Fellow – CISSP, Professional Services Director, Cylance)
• Malcolm Harkins (ICIT Fellow – Global Chief Information Security Officer, Cylance)
• Greg Cranley (ICIT Fellow Sr. Director of Federal, Centrify)
• Seth Nylund (ICIT Fellow – V.P. Federal, Exabeam)
• Michael Seguinot (ICIT Fellow – Regional Sales Director, Exabeam)
• Steve Curren (Acting Director, Division of Resilience, HHS)
• Rob Roy (ICIT Fellow – Public Sector CTO, Hewlett Packard Enterprise)
• Stan Wisseman (ICIT Fellow – Security Strategist, Hewlett Packard Enterprise)
• Montana Williams (ICIT Fellow – Cybersecurity Evangelist, ISACA)
• Jerry Davis (ICIT Fellow & CIO, NASA Ames Research Center)
• Kevin Stine (Manager, Information Technology Laboratory (Security Outreach and Integration, NIST)
•  Elisabeth George (ICIT Fellow – V.P. Global Regulations & Standards, Philips)
• John Menkhart (ICIT Fellow – V.P Federal, Securonix)
• Stacey Winn (ICIT Fellow – Sr. Product Manager, Raytheon / Websense)
• Ashok Sankar (ICIT Fellow – Security Evangelist, Raytheon / Websense)

Download the brief HERE

from cyber security caucus http://ift.tt/1Q5Vjjt
via IFTTT