Tuesday, 31 May 2016
ICIT Forum 2016: Security in a Connected World: SmartCities, Transportation & IoT
While Smart City technologies have the potential to improve the quality of life for our citizens, they are creating new vulnerabilities which can be exploited by our enemies to disrupt critical services and cause physical harm. During this panel discussion, we hear from federal and technology experts on the risks posed by smart city technologies and what must be done to improve resiliency. Panelists include Arlette Hart (CISO, FBI), Jerry Davis (CIO, NASA, Ames Research Center & ICIT Fellow), Biff Lyons (ICIT Fellow, Parsons), Steve Stratton (ICIT Fellow, ForcePoint) and Kevin Chalker (ICIT Fellow, GRA Quantum).
ICIT Critical Infrastructure Forum
April 25, 2016
Ritz-Carlton Pentagen City, Arlington VA
Additional Videos from the 2016 ICIT Forum:
Keynote: Critical Infrastructure Security (Richard Ledgett, Deputy Director, NSA) – https://www.youtube.com/watch?v=SA63U…
Keynote: IT Modernization & Cybersecurity (Tony Scott, CIO, Federal Government) – https://youtu.be/WBu_jzApmgk
DevOps (CIO, U.S. Citizenship & Immigration Services) – https://www.youtube.com/watch?v=oG4xo…
Threat Intelligence: https://www.youtube.com/watch?v=yPeD2…
Energy Sector Security- https://youtu.be/0sJ91XWURgo
from cyber security caucus http://ift.tt/1Pfzb7F
via IFTTT
Knowledge of attack patterns key to protecting digital operations
Companies and organizations must be able to first identify all cyberattack patterns in an attempt to develop a reliable protection system for their internet-based operations, an executive from a leading cybersecurity systems company suggested.
Speaking to reporters in Jakarta on Monday, Palo Alto Networks’ senior manager for the marketing of Supervisory Control and Data Acquisition ( SCADA ) system and Industrial Control System ( ICS ) products, Delfin Rodillas, said that “security alone is not enough” as something grander is needed to protect users from harmful emails and URLs.
Most data security servers in Indonesia, however, are not yet able to identify threats at the level they should, Rodillas said.
“If we are able to identify the core of these methods, then we are able to prevent attacks and block harmful users straight from the core before they even achieve the impact that they want,” said the executive of the California-based company. For the full article click here
from cyber security caucus http://ift.tt/1XLQCy3
via IFTTT
Five of the most outdated IT system in the government
Parts of the federal government’s $80 billion information technology budget are used to run 1970s-era computers, maintain outdated code and rehire former employees who are the only ones with the knowledge to operate them.
The government’s aging IT infrastructure has been understood for years and has received increased attention amid cyber security concerns. The White House has pushed lawmakers toadopt a $3.1 billion modernization fund that would update some of the oldest systems. And the Government Accountability Office (GAO) just came out with a report detailing some of the most outdated technologies still used today.
“If we continue to do the same thing that we’ve been doing before, we’re just making the situation worse,” Federal Chief Information Officer Tony Scott told lawmakers this week.
The GAO report found that more than $61 billion is going toward operation and maintenance, leaving less for upgrades and modernization. GAO said that number should be in the $20 billions instead.
Some point out that old IT does not necessarily mean it is outdated.
“Just because something has a particular age, doesn’t necessarily mean that it is end of life,” said Beth Killoran, the chief information officer at the Department of Health and Human Services.
Below are five of the starkest examples of outdated government IT For the full article click here
from cyber security caucus http://ift.tt/1XLQEpI
via IFTTT
Explore the upgradation in cyber security technologies to protect SCADA systems
Around 225,000 connections were unplugged from electricity grid in Ukraine by hackers. This gained attention of cybersecurity experts all over the globe and marked as the first cyber-takedown of a power system.
Experts commented that this was not any other attack and active preventive measures need to be taken to avoid these attacks & thwarts in future. They also emphasized on taking security measures rather than only providing firewalls to control systems.
Eric Byres, a security consultant and major contributor in commercialization of firewalls for industrial control system said, “It’s really brought the whole thing to a head and made people aware that this isn’t just chatter about the sky falling.”
Analysts studying the industry have revealed a comprehensive information about changing industry trends and precise statistics in research reports. Recently, Big Market Research has added a report titled, “Global Cyber Security Industry 2016 Deep Market Research Report.”
North American Electric Reliability Corp. (NERC), who has an authority to set standards for power grid, is trying to stop these attacks by upgrading cybersecurity codes. For the full article click here
from cyber security caucus http://ift.tt/1Zadnuk
via IFTTT
SWIFT Examines New Cyberattack Prevention Tech
In an effort to improve security, the global interbank messaging system said it would begin discussions with its users about new measures and tools that will assist the detection of fraudulent payment instructions, Reutersreported late last week.
The Belgium-based Society for Worldwide Interbank Financial Telecommunication, better known as SWIFT, said it may also make security practices that are optional in its system — such as two-factor authentication of payment instructions — a requirement for all customers.
Though the co-operative has kept a sole focus on passing authenticated messages between banks for some time, in the wake of recent cybersecurity threats and breaches, it may soon expand its role.
According to Reuters, SWIFT may soon start looking directly into the messages it facilitates to confirm that payment instructions are both accurate and consistent. This may help to quickly identify any anomalies or red flags in a customer’s account patterns.
SWIFT CEO Gottfried Leibbrandt recently confirmed the messaging service will introduce a new five-point security plan. During a financial services conference in Brussels, Leibbrandt also noted that the Bangladesh Bank heist was a “watershed event for the banking industry.” For the full article click here
from cyber security caucus http://ift.tt/1ZadfLz
via IFTTT
Cybersecurity firm raises $4M, adds U.K. office
After acquiring a United Kingdom-based competitor in October, a Denver cybersecurity company has raised $4 million as it expands overseas and keeps developing its software.
InteliSecure, which flags suspicious-looking uploads and downloads on its clients’ computer systems, disclosed its raise to the SEC on May 25. Overall, it has raised $12.1 million.
InteliSecure CFO Gary Schlisner said the company is “topping off” a previous capital raise from the fall.
“We were considering taking more money out at the time (of the acquisition),” Schlisner said. “Now we’re looking for a chief marketing officer – and we’re always looking for security talent to work in our operations here.”
And in the U.K., Schlisner said the company plans to double its footprint to a 9,000-square-foot office in Reading, England, by August or September.
InteliSecure is seeking a total of $5.5 million, the SEC filing said. For the full article click here
from cyber security caucus http://ift.tt/1Pfnf5V
via IFTTT
Monday, 30 May 2016
Threats to China’s Cybersecurity Sector Seen to Increase This Year
China’s cybersecurity sector is facing a host of challenges, as it must now focus on increasing the public’s awareness on cybersecurity issues, while strengthening its research and development components.
These were among the recommendations made by top cybersecurity experts during the recent 13th China Cyberspace Security Annual Conference, in Chengdu, Sichuan province, China Daily reported.
Hosted by the National Computer Network Emergency Response Technical Coordination Center of China, the conference was attended by around 900 participants coming from various Chinese institutes, as well as government and domestic and foreign enterprises,
The three-day cybersecurity event in China covered a range of cyberspace topics, including security threat intelligence, cybersecurity talent development, security vulnerabilities and mobile internet and data security. For the full article click here
from cyber security caucus http://ift.tt/1WUFFLq
via IFTTT
The week in security: Banks investigating breaches as AusCERT experts warn on the security of everything
There were growing concerns about privacy as the New Zealand government confirmed that its Customs officers will be able to inspect electronic devices coming into the country.
No wonder organisations like the ACLU continue to fight government surveillance. Yet surveillance isn’t the government’s only problem: US officials confess that they might not be able to respond to cyberattacks on critical infrastructure.
This, as financial-services regulators warn that cybersecurity is the biggest risk to the global financial system – and news emerges that up to a dozen banks are investigating potential security breaches on their networks.
NBN Co was also reeling from a cybersecurity issue in the aftermath of damaging leaks and a subsequent, politically-charged AFP raid on Labor staffers that document-management specialists say could have been avoided altogether if NBN Co were protecting its documents correctly.
Despite growing awareness of the importance of security, research suggested that many organisations are still failing to prioritise it as they need to. For the full article click here
from cyber security caucus http://ift.tt/1WUFf80
via IFTTT
Cybersecurity a platform for business growth, expert says
The establishment of a national Computer Emergency Response Team (CERT) announced by the Government as part of Budget 16 is a ‘major development’ for New Zealand, according to Deloitte.
It was revealed last week $22.2 million of the budget will be allocated to help businesses understand and respond to cyber threats.
Deloitte partner and national cybersecurity leader Anu Nayar says cybersecurity should be seen as a platform for business growth and innovation in New Zealand.
He says the funding to establish the CERT is a major development for New Zealand because it delivers a strong message by government on the importance of cyber resilience for our country.
“We welcome this commitment as it provides the much needed investment to build a platform for collaboration, intelligence sharing and effective response to the cyber-attacks that affect our nation – all of which are crucial to helping Kiwis and our businesses be secure, vigilant and resilient,” says Nayar. For the full article click here
from cyber security caucus http://ift.tt/1RFr8vm
via IFTTT
Optus to support cybersecurity courses at Macquarie Uni
Optus Business and Macquarie University have joined forces to establish a multi-disciplinary Cyber Security Hub to support businesses and government. The new ‘Optus Macquarie University Cyber Security Hub’ will provide research, short professional courses and consultancy services to the private sector and government agencies. It represents an AUD 10 million investment by Optus Business and Macquarie University that will draw on the expertise of Optus and Macquarie University academics from various disciplines and industry experts to cover three academic areas: Computing & IT, Business & Economics and Security Studies & Criminology. It will focus on providing a holistic approach to cybercrime, how it is perpetrated, how it affects the economy and how it impacts policy, Optus said. For the full article click here
from cyber security caucus http://ift.tt/1RFrbqR
via IFTTT
UK Businesses Could Front The Bill For Bank Fraud
As the fallout over SWIFT’s cyber breaches continues, the U.K. has put forth proposals that would require the customers of banks – not the banks themselves – to cover the cost of fraud.
Reports last week in the Financial Times said U.K. lenders and government officials are looking at rule changes that would mean online banking customers with insufficient online security could face getting removed from the banking system altogether should a security breach occur.
It’s a major turnaround from an industry that routinely covers the cost of fraud whether the customer or the bank is at fault.
Reports said consumer advocacy groups have decried the proposed rule changes, arguing they would unfairly target, in the words of Money Fight Club co-founder Lindsay Cook, “the less sophisticated, the old and the frail.” For the full article click here
from cyber security caucus http://ift.tt/1RFrP7R
via IFTTT
Saturday, 28 May 2016
Why you can’t decide (And what to do about it)
There it sits on your desk, awaiting your decision. As a key executive, you have difficult news to deliver to the board, and a recommendation to make. But how will you advocate for a solution when you can’t decide which to choose?
Of the alternatives before you, several would almost certainly be effective, but also expensive. On the other hand, doing less, while easier on the budget, could cost even more in the long run.
What are you going to do? You’ve been asking yourself this question for too long. Everyone is waiting for your decision, but you feel stuck.
Who among us hasn’t struggled with indecisiveness from time to time? In the rapidly changing world of technology, however, delay can be disastrous. No one knows this better than the executive — so why the paralysis? For the full article click here
from cyber security caucus http://ift.tt/1qRiVhB
via IFTTT
Army readies new cyber directorate
The Army is setting up a new directorate in its G-3/5/7 office to oversee cybersecurity and electronic warfare, a move that officials say signals a renewed seriousness in the service toward those disciplines. Army leadership expects the directorate to have initial operating capability next month and full operational capability later in the summer.
“The Army senior leaders have recognized this is important and we need to put a more focused attention on this field,” Col. Jeffrey Church, the Army’s senior electronic warfare officer, told FCW.
Brig. Gen. Patricia Frost, the former deputy commanding general for operations at Army Cyber Command, will lead the new directorate. That experience could come in handy as the new organization claims its stake in a bureaucracy with multiple organizations covering cybersecurity. For the full article click here
from cyber security caucus http://ift.tt/1qRidRE
via IFTTT
North Korea suspected in fed probe of ‘Lazarus’ bank hacks
Federal officials have opened a national security investigation into the recent $101 million hack of Bangladesh’s central bank amid suspicions that North Korea was involved, law enforcement officials tell CNN.
The probe, launched by the FBI and federal prosecutors in Los Angeles, echoes the suspicions of private cybersecurity firms that spoke with CNN in recent days.
The massive digital heist of Bangladesh Bank and at least three other banks could pose a serious threat to the global banking system.
U.S. investigators “aren’t ready to attribute this to North Korea,” one law enforcement official said. “There’s a lot we don’t know yet.” For the full article click here
from cyber security caucus http://ift.tt/1sU7fwq
via IFTTT
Palo Alto Networks Shares Dive on Q4 Forecast
Palo Alto Networks’ third-quarter sales beat analysts’ estimates but the cybersecurity firm’s shares took a big hit Friday on a weaker-than-expected forecast for the current quarter.
For the quarter ended April 30, Palo Alto reported $345.8 million in sales and 42 cents earnings per share excluding items, up 48% and 83%, respectively, from a year earlier. Sales topped the consensus analysts’ estimates $339.5 million, while earnings were in line with expectations.
The company exceeded its guidance for the eighth consecutive quarter. “We continue to balance growth and profitability and once again delivered record revenue, billings and cash flow,” CFO Steffan Tomlinson said in a news release.
But Palo Alto’s forward guidance gave Wall Street cause for concern. Its shares fell 18.3% on Friday, closing at $129.86.
For the fourth quarter, Palo Alto forecast $386 million to $390 million in sales and 48 to 50 cents in earnings per share. At the midpoints, the outlook missed the consensus model for $389.3 million and 50 cents. For the full article click here
from cyber security caucus http://ift.tt/1sU6Bzg
via IFTTT
Defense bill would aid Augusta University cybersecurity program
Augusta University administrators are waiting for Congress to pass the defense authorization bill because it contains an amendment that lets the school extend its cybersecurity program to ROTC.
Rep. Rick Allen, R-Ga., sponsored the amendment at the school’s request. The House passed it, but the amendment wasn’t in the Senate version of the National Defense Authorization Act and will have to survive a conference committee.
“The passage of my amendment will help bring cyber ROTC programs to universities across the country looking to train our future military leaders, including Augusta University,” Allen said. “Cyber is the future of modern warfare, and these projects are vital to establishing a 21st century military.”
AU had 75 students participate in the Reserve Officer Training Corps in the academic year that just ended. The goal is to have 90 in the next five years and to commission 15 of the graduates as Army officers per year, according to Lt. Col. Jessica Williss, who is over the university’s program. For the full article click here
from cyber security caucus http://ift.tt/1qRjk3H
via IFTTT
Friday, 27 May 2016
InsurTech Futures: Mind the gap — cyber security
Alexandra Foster, head of insurance and strategy, global banking and financial markets, BT, explains why cyber is a huge opportunity.
The problem of cyber crime is ubiquitous and the need to build resilient defences is common to every organisation in any industry. Insurance brokers are no more or less vulnerable than any other sector. However, what differentiates the insurance industry as a whole is that the growth of cyber crime is a commercial opportunity.
It’s fair to say that cyber attacks are growing in intensity, frequency and scale. And thanks to a stream of high profile stories about hacking and data loss at some of the world’s biggest organisations, business leaders increasingly understand that the threat of cyber crime is real and here to stay.
No surprise then that cyber security insurance is one of today’s fastest growing product lines for the industry. PwC says that the global cyber insurance market could grow to $5bn in annual premiums by 2018 and at least $7.5bn (£5.1bn) by the end of the decade. For the full article click here
from cyber security caucus http://ift.tt/20KPo5A
via IFTTT
PricewaterhouseCoopers sprouts national cybersecurity division in San Antonio
PricewaterhouseCoopers LLP, which re-established a physical presence in San Antonio last year with a new office, is digging deeper into the local market to plant a new set of roots in cybersecurity.
PwC, which opened its office at U.S. Highway 281 and Jones Maltsberger Road in 2015, chose San Antonio for its national cybersecurity headquarters.
PwC, one of the so-called big four accounting companies, confirmed to the San Antonio Business Journal that it doesn’t just want to be a global accounting practice, but a trusted adviser. And it sees cybersecurity as opportunity to foster such expertise-based relationships.
“We all know that the hackers are turning our businesses into a battlefield,” saidSusan Hough, director and client relationship executive with PwC.
As part of an effort to establish its cyber credentials, PwC hosted an interactive video game for clients Thursday afternoon at Hotel Emma, where it enabled C-level executives to go through a real-time, simulated cyberattack on both the offensive and defensive sides of the scenario. The goal was to generate the heart-pumping experience that executives may feel in the board room when a cyberattack strikes a business. For the full article click here
from cyber security caucus http://ift.tt/1NSclCL
via IFTTT
Payne, Jr. leads joint hearing on cybersecurity
U.S. Rep. Donald Payne, Jr. (D-NJ) led a joint hearing of the Subcommittee on Emergency Preparedness, Response and Communications and the Subcommittee on Cybersecurity Infrastructure Protection and Security on Tuesday regarding potential cyber threats.
“Our legacy response doctrine – from the National Response Framework to the Stafford Act – are rooted in an era that predates reliance on cyber networks and growing threats posed by sophisticated hackers,” Payne said. “Despite our best efforts to ensure that our national preparedness doctrine is responsive to evolving threats, it has not kept pace with cyber threats. My district is rich with critical infrastructure, all of which rely on cyber networks. Within two miles, we have major transit systems, chemical facilities, and refineries mixed among homes, schools, and hospitals. A hack of any one of these targets could have devastating cascading effects and could risk overwhelming our brave first responders.” For the full article click here
from cyber security caucus http://ift.tt/20KP4DO
via IFTTT
Cyber firm links North Korea to online bank hacks
A cybersecurity firm said that North Korea could be behind a string of attacks on banks in Asia in what may be the first known case of a country using cyber attacks for financial gain. Symantec Corp said in a blog post Thursdaythat the same group that stole millions from Bangladesh’s central bank in February and tried to steal from a bank in Vietnam in December was responsible for another cybersecurity attack on a bank in the Philippines last October.
The firm said an online global banking system has been under sustained cyber attack and that the malware used in the bank attacks was similar to that used on the hacking attack on Sony Pictures in December 2014, which the U.S. blamed on North Korea and the hacking group “Lazarus.”
“If you believe North Korea was behind those attacks, then the bank attacks were also the work of North Korea,” Symantec security researcher For the full article click here
from cyber security caucus http://ift.tt/1NSc3f3
via IFTTT
Electric Grid Cybersecurity Focus of Upcoming Conference in Newport, RI
Two of the best-known publishers of energy newsletters, Sam Spencer, who publishes Smart Grid Today and Power Markets Today and Llewellyn King, who founded The Energy Daily and produces and hosts “White House Chronicle” on PBS, are teaming up with the Pell Center at Salve Regina University on a comprehensive conference on cybersecurity in the utility industry.
”Grid cybersecurity is one of the critical frontiers in the security of U.S. infrastructure system,” King said.
The conference will be held Sept. 26-29, 2016 at Salve Regina University in Newport, RI. ”In this scholarly setting the industry can learn best practices, and cybersecurity vendors and others can get down to granular issues that aren’t easily discussed in the office setting,” Spencer said. For the full article click here
from cyber security caucus http://ift.tt/1NRZwbr
via IFTTT
Thursday, 26 May 2016
PEOPLE POWER IS THE LOST KEY TO CYBER RESILIENCE
by Nick Wilding, Head of Cyber Resilience, AXELOS
Corporate and personal reputations are hard-won but they can be ruined in an instant. As countless examples have shown, businesses large and small are being successfully attacked by cyber criminals with often catastrophic impacts. The fact that so many organisations, of all sizes and in all sectors, have had their most valuable and commercially sensitive information compromised reflects the scale of the problem. It also highlights that no one is safe. All organisations are at risk and you can never be ‘bullet-proof’. But organisations can manage their cyber risks more effectively by adopting an organisation-wide response, led from the top that effectively balances business opportunities and risks as well as the processes, technologies and critically the people that make the organisation tick.
“It’s a well-known fact that the great majority of cyber-attacks succeed because of human error – an unwitting mistake made by anyone. “
Until this happens they will remain as vulnerable as anyone else. Cyber resilience can be described as the ability of any organisation to prevent, detect, respond and recover from the impacts of an attack with minimal damage to their reputation, market value or competitive advantage. In a resilient organisation protecting your business and most precious information is as much about preparing for an attack and setting up structures and processes to deal with one as and when it happens.
It’s a well-known fact that the great majority of cyber-attacks succeed because of human error – an unwitting mistake made by anyone. Anyone from the boardroom to the frontline. Cyber-criminals, like those in the real world, are opportunists and they are adept and persistent at exploiting these ‘unlocked doors’ into any organisation.
To read the full article, click here : http://ift.tt/1UfNI1S
from cyber security caucus http://ift.tt/1THoDwP
via IFTTT
The booming business of cyber security
PwC estimates there are about 100 million cyberattacks every year, including data theft, leakage of intellectual property, corporate sabotage and denial-of-service attacks. That’s 200 new cyberthreats every minute. The US-based Center for Strategic and International Studies estimates the annual impact of cyber-attacks on the global economy at a staggering US$600 billion ($826 billion).
Little wonder, then, that in the wake of cyberattacks, the protection of information systems from theft or damage to the hardware, the software and the data available is a burgeoning business.
Bank of America Merrill Lynch estimates that the global cybersecurity solutions market is likely to grow to US$170 billion by 2020 from US $75 billion last year. Because of high-profile attacks over the past three years, cybersecurity is among the biggest recipients of venture-capital investments in the tech sector today, and new companies are often the biggest beneficiaries. For the full article click here
from cyber security caucus http://ift.tt/20FqX9J
via IFTTT
UK companies have a high cyber-security rating
The UK is among the countries with the highest business cyber-security rating among several other high-profile players, according to a new report by BitSight Technologies.
BitSitght took a random sample of 250 companies per country, from the United States, the UK, Singapore, Germany, China and Brazil, looking at Security Ratings, with the goal of informing risk managers and security professionals of any potential cyber-risks in these countries.
The UK, together with Germany and the United States, has the highest aggregate Security Rating, meaning the risk in these countries is at the lowest. Companies in Brazil have the lowest aggregate Security Rating.
When it comes to preventing and mitigating machine compromises stemming from botnet infections, the UK and Germany perform the best, while the US and Brazil have the poorest performance. For the full article click here
from cyber security caucus http://ift.tt/20Fql3Y
via IFTTT
Senators Introduce NDAA Amendment to Strengthen Cybersecurity
(Washington, DC) U.S. Senators Steve Daines (R-MT), Mark Warner (D-VA), Ben Cardin (D-MD), Barbara Mikulski (D-MD), Joni Ernst (R-IA), Richard Blumenthal (D-CT) and Michael Bennet (D-CO) today introduced an amendment to the National Defense Authorization Act (NDAA) that directs the president to elevate Cyber Command to a Combatant Command. U.S. Cyber Command is currently a subordinate unit to Strategic Command.
Congress established US Special Operations Command to address a rapidly growing need, strengthen the warfighter, and to unify forces. Today, with cyber threats being one of the fastest growing national security threats we face, the need for another Combatant Command is no different.
The amendment will elevate the command so it can respond to one of the fastest growing threats facing our nation and ensures that Cyber Command is a national commitment receiving sufficient support to complete the ever expanding cyber missions our warfighters face. For the full article click here
from cyber security caucus http://ift.tt/20Fqcxb
via IFTTT
Communications Minister Bostan: I hope cybersecurity law gets final approval from Justice Ministry
A cybersecurity law is being considered for approval by the Justice Ministry, a last stage before it is approved by the Supreme Council for National Defence (CSAT) and then the Government, so it can be sent to Parliament for final approval, Communications and Information Society Minister Marius Bostan said on Wednesday.
“We are nearing the end of the approval procedure for the cybersecurity law. Today [Wednesday] I hope we get the final approval needed, from the Justice Ministry, so it can then be approved by the CSAT and by the Government. Afterwards, this very-much needed law will clear Parliament,” Bostan told a conference where an activity report of the CERT-RO National Computer Security Incident Response Team was presented.
According to the minister, the law is absolutely necessary, taking into account that the Internet has no frontiers, and cyberattacks have become increasingly more sophisticated. In this context, the agreements and international cooperation are very important, and such cooperation requires very much knowledge. For the full article click here
from cyber security caucus http://ift.tt/20FqSTi
via IFTTT
Blighty’s National Cyber Security Centre cyber-reveals cyber-blueprints
The UK government has released the prospectus for its National Cyber Security Centre (NCSC), ahead of the launch of the facility this Autumn.
The blueprint [PDF] outlines that the NCSC will act as a hub for sharing best practices in security between public and private sectors, and will tackle cyber incident response.
As previously reported, the NCSC is being set up to aggregate the UK’s cyber expertise. Working with the Bank of England on new cyber security guidance for financial firms is also due to be among its initial objectives.
In the prospectus, Cabinet Office minister Matt Hancock explained: “The Centre will be the bridge between industry and government, simplifying the current complex structures, providing a unified source of advice and support, including on managing incidents. It will be a single point of contact for the private and public sectors alike.”
Ciaran Martin, former director general of cyber-security at GCHQ, has been appointed chief exec of the NCSC leading the new centre, which will report into GCHQ. For the full article click here
from cyber security caucus http://ift.tt/20Fr454
via IFTTT
Wednesday, 25 May 2016
Telstra sharpens its cybersecurity claws
Telstra’s venture capital arm has put some capital on the table to seal a partnership with US cybersecurity start-up, vArmour, which will see the telco boost its managed services portfolio.
The start-up, which offers cloud security solutions to enterprises, has raised $US41 million in a Series D round, with Telstra coming on board as a significant investor.
vArmour’s distributed security software provides organisations a way to protect their infrastructure by insulating the affected area of a network in case of an attack.
By shifting the focus from patrolling the network to isolating the problem internally within the network, the solution allows organisations to stop the spread of threats.
It’s the 30th investment made by Telstra Ventures and the unit’s managing director Mark Sherman said that he was impressed by how effective vArmour’s technology is in helping enterprises secure their data on the cloud. For the full article click here
from cyber security caucus http://ift.tt/1WidsOF
via IFTTT
Kaine Discusses Formulating Cybersecurity Doctrine And Investments In Cyber Workforce
WASHINGTON, D.C. – U.S. Senator Tim Kaine delivered the keynote address at the Center for Strategic and International Studies’ event, “Cybersecurity After Information Sharing,” in which he argued that unanswered doctrinal questions and the effects of budget uncertainty have undermined the United States’ cybersecurity posture. Kaine supported the creation of a commission that would offer lawmakers policy recommendations on how best to strike a balance between strengthening national security and protecting individual privacy. Citing Virginia’s large cyber footprint, Kaine also called for greater investments to create a workforce ready to tackle the cyber challenges of the future.
“We’re at the epicenter of a changing digital landscape. Obviously many of the key federal agencies that work on cyber policy are headquartered or have a significant presence in Virginia, as do their employees. We have a private sector in the cyber space that is second to none, it’s a great hub for IT and cyber innovation. Virginia is second in the nation in the percentage of the workforce that is in technology jobs,” Kaine said. “We’re the hub of internet traffic in the world. Seventy percent of the world’s internet traffic passes through Loudoun County, which has the highest concentration of data centers in the world. For the full article click here
from cyber security caucus http://ift.tt/1WidmXw
via IFTTT
Proactive Cybersecurity: Defending Industrial Control Systems From Attacks
Cyberattacks on industrial control systems (ICS) are on the increase due to the Internet of Things (IoT) revolution. With more and more connected endpoints, the increased volume of sensitive data only serves to increase the viable attack surface.
Unexplained code (presumably malware) has been found in numbers of critical national infrastructure (CNI) systems, and some has been lying dormant, undetected, for years. Evidence also suggests sophisticated intelligence gathering and infrastructure reconnaissance efforts, often carried out by nation-state actors, mercenaries and criminal gangs for financial gain.
Such infiltration is no longer restricted to the CNI community, where the safety of the public and the continuity of essential services are paramount: Manufacturing enterprises, smart buildings, automobiles — anyone or anything using industrial control systems is potentially at risk for this kind of cyberattack. For the full article click here
from cyber security caucus http://ift.tt/1WidFkQ
via IFTTT
SAIC sees opportunity in feds’ ‘offensive cyber’ efforts
Science Applications International Corp. (NYSE: SAIC) sees the White House’s increased willingness to embrace “offensive cyber” tactics as good for business.
While it was just this past February that U.S. Secretary of Defense Ashton Carter acknowledged for the first time that the U.S. Cyber Command was fighting the Islamic State in cyberspace— disrupting communications and overloading the terrorist group’s networks — Charles Onstott, SAIC’s senior vice president of cloud, cyber and data science, said the company wants to play a role on this new battlefield. McLean-based SAIC will help the Pentagon with this fight on two fronts. The first of those will be planning which, according to Onstott, are “all the functions around helping the [Department of Defense] plan what the operation is trying to accomplish, who they’re trying to accomplish it with — that sort of thing.” For the full article click here
from cyber security caucus http://ift.tt/1WOailG
via IFTTT
CALLS FOR SA BANKS TO UP CYBERSECURITY
JOHANNESBURG – The Reserve Bank has called on the country’s banks to step up their cybersecurity after a global syndicate managed to withdraw R300 million through fraudulent ATM transactions in Japan.
Standard Bank has confirmed it fell victim to this scam but stressed that its clients are not affected.
At least 100 people or more are suspected of having been involved in as many as 14,000 transactions, carried out earlier this month. For the full article click here
from cyber security caucus http://ift.tt/1Rq1YR9
via IFTTT
Tuesday, 24 May 2016
When Is NSA Hacking OK?
The National Security Agency attempts to stay a step ahead of threats by occasionally using a software flaw to hack computers and online networks, but both privacy advocates and one of the agency’s top officials acknowledge the potential risks of keeping these security gaps secret.
NSA Deputy Director Rick Ledgett tells U.S. News the agency alerts tech companies about discovered gaps in their cybersecurity “more than 90 percent of the time,” while government officials at several agencies vet the merits of disclosure in the remaining instances.
This process involves questioning how many people would be affected should criminals or other adversaries learn how to exploit the weakness, he says.
“How difficult is it to use – is it something that requires a bank of supercomputers to use? Is it something anybody can use with a home computer?” he explains. “Is it a vulnerability that’s linked with critical infrastructure in the U.S. – things like hospitals and things like the government?” For the full article click here
from cyber security caucus http://ift.tt/1OKOY98
via IFTTT
The week in security: Governments back cybersecurity; new hope in ransomware flood
Government bodies were getting serious about cybersecurity, with the state of Victoria launching an ICT strategy that included a cybersecurity commitment and the federal Budget reaffirming support for the cybersecurity sector.
This kind of support will be crucial, since many say the CISO role is the hardest ICT role to fill. Little wonder that the US government is designing a bug-bounty program to help engage as many minds as possible around the security challenges that government organisations face.
With 60 percent of enterprise mobiles still vulnerable to the QSEE exploit within the Android operating system, Google is developing a stronger security core for its upcoming Android N operating system. This, as the company moved to block the vulnerability-prone Adobe Flash for Chrome users at the same time as Adobe moved to patch the latest Flash zero-day. For the full article click here
from cyber security caucus http://ift.tt/1s6UspU
via IFTTT
Cybersecurity risk-management vital, says expert
Businesses need to assess their cyber security risk management and ensure it’s being done right, according to security professionals Peerlyst.
The company says risk management and cybersecurity shouldn’t clash – they should align.
Gary Hayslip, the CISO for the city of San Diego, says that is easier said than done.
“Cybersecurity risk-management is not only vitally important to individuals, businesses, and governments around the globe – it’s very tough to get right.”
Peerlyst has published Hayslip’s six-part plan, in a piece entitled “Resource: Cybersecurity and Risk Management”, aimed to help organisations get cyber security risk management right. For the full article click here
from cyber security caucus http://ift.tt/1s6UYnM
via IFTTT
Metcalf & Associates’ VoiceAmerica Interview Highlights “Cybersecurity: Thriving in a High Threat Environment”
Metcalf & Associates, Inc., recommends Maureen Metcalf’s upcoming VoiceAmerica interview with Dr. Dale Meyerrose, “Cybersecurity: Thriving in a High Threat Environment” airing on May 24.
Columbus, Ohio (PRWEB) May 24, 2016
Metcalf & Associates’ Maureen Metcalf interviews prominent thought leader Meyerrose, president of The Meyerrose Group and retired Major General US Air Force, for her VoiceAmerica radio show, Innovative Leaders Driving Thriving Organizations. This interview focuses on helping leaders better understand the nature of the threats they currently face and how to take proactive steps to optimize organizational success by taking advantage of the cloud and, at the same time, protect organization’s critical assets and information to position to run efficient and effective organizations.
In the interview, Dr. Meyerrose shares key insights to a series of questions posed by senior leaders. The questions range from asking for a rundown of the cybersecurity landscape, to exploring the biggest security vulnerabilities in the cyber threat arena and counter actions to be taken. This interview is a highly informative one for leaders as well as technology professionals. The interview is accompanied by a blog post summarizing five key tenants of cybersecurity.
One common misperception is that cybersecurity is the job of specialists working in the information technology (IT) services organization, or analysts in the security shop. Yet, cybersecurity is everyone’s responsibility, from senior leaders to administrators. All members of an organization need to be aware that when something goes wrong, it cannot only affect the health and reputation of the entire organization, but possibly its very existence. For the full article click here
from cyber security caucus http://ift.tt/1s6URbO
via IFTTT
Redline Capital and Telstra Invest $41 Million in vArmour
The firm helps business secure their data in the cloud.
vArmour, a data center security startup based in Mountain View, Calif., said it raised $41 million in Series D funding on Tuesday, bringing its total sum raised to $83 million to date.
Investors in the round included Redline Capital, a venture capital firm based in Luxembourg, and Telstra, Australia’s largest telecom operator. The pair join existing investors Highland Capital Partners, Menlo Ventures, Citi Ventures C 0.47% , Columbus Nova Technology Partners, Citi Ventures, Work-Bench Ventures, and Allegis Capital.
Get Data Sheet, Fortune’s technology newsletter.
Tim Eades, chief executive officer at vArmour, dropped byFortune’s office to discuss recent shifts in the funding and exit environments for cybersecurity startups. He noted that firms that are burning through cash are going to have tough time staying afloat as investors’ purse strings tighten. For the full article click here
from cyber security caucus http://ift.tt/1s6UOwI
via IFTTT
Monday, 23 May 2016
Should Companies Be Required to Share Information About Cyberattacks?
Damage from cyberattacks comes in layers. Direct harm, in the form of theft and other losses. Damage to the reputation of the companies affected when news gets out. And the slow erosion of confidence in overall online security—a malaise that grows worse with each new breach.
How do we limit the damage and, more important, restore confidence in online security? That is a question that bedevils policy makers as much as it does network analysts and computer scientists.
Requiring companies to report when they’ve been attacked and to share details about how it was done might help strengthen cyberdefenses for everyone. But it can also complicate the process of trying to keep systems secure, and injure the companies’ reputations in the meantime. Conversely, allowing breached companies to work on solutions in secret may fix problems quickly and prevent reputational harm. But keeping attacks secret may also increase the danger for others.
Making the case for required disclosure is Denise Zheng, deputy director and senior fellow in the Strategic Technologies Program at the Center for Strategic and International Studies. Andrea Castillo, program manager in the Technology Policy Program at George Mason University’s Mercatus Center, argues against such a mandate. For the full article click here
from cyber security caucus http://ift.tt/25bdLfV
via IFTTT
3 Ways Network Complexity Fuels The IT Security Skills Shortage
The workforce shortage in the IT security field is real and shows no immediate signs of improvement. Recent research by global IT and cybersecurity organization ISACA highlights just how big the problem is: Of 461 cybersecurity managers and practitioners surveyed globally, 60 percent said that less than half of their candidates were qualified upon hiring. Additionally, 54 percent responded that it took three months or more to fill IT security posts. One in 10 slots never gets filled.
The inability to staff these open positions with qualified personnel can leave an organization vulnerable to a range of internal and external security threats, including phishing, denial-of-service attacks, ransomware and data theft. But what is causing this apparent shortfall in qualified staff – a problem that affects the channel as well as customers – and how can it be overcome?
The lack of knowledgeable and experienced professionals who can handle IT security is being driven by three factors: too many point solutions, increased network architecture complexity and conflicting priorities. For the full article click here
from cyber security caucus http://ift.tt/25bdkSN
via IFTTT
Is your agency a back door for cyber hackers?
Cloud computing, mobility and the internet of things are megatrends that are reshaping the IT infrastructures of agencies of all sizes.
This is particularly relevant when you consider the fact that agencies frequently store client data from some of the world’s largest brands and corporations.
Many ad agencies seem to think that data protection and cyber security are issues for their clients, but the agency’s systems could actually be a back door for hackers to get access to those very clients. For the full article click here
from cyber security caucus http://ift.tt/25bdcmr
via IFTTT
Hackers are targeting more small businesses in NJ
Not too long ago cyber hackers would focus exclusively on large corporations, but that’s not the case any longer.
A growing number of smaller New Jersey businesses are reporting their online networks have been broken into and compromised.
“We’ve come to understand cybersecurity at the state level is not just about state government, it’s not just about local government, it’s also about industry and critical infrastructure,’ said Dave Weinstein, the director of
cybersecurity for the state Office of Homeland Security and Preparedness.
He pointed out that typically those involved with cyber security breaches these days are not high school nerds and goofballs. For the full article click here
from cyber security caucus http://ift.tt/1XMt50c
via IFTTT
How to Fix the Cybersecurity Blind Spot That Is Shadow IT
Can You Uncover Your Blind Spot?
I don’t know about you, but I love the new blind spot warning system on cars. Originally, it was the tiny convex mirrors that my mom made me install on my side-view mirrors, which sort of helped; now, it’s visual indicators that flash a nifty little light in my mirror if another car is in my blind spot. Wouldn’t it be great to have that everywhere in life?
I thought about that the other day when out shopping and came mere inches from spinning my cart into a small child who had darted out of an aisle behind me. I can only imagine the calamity that would have ensued, from explaining how I didn’t see little Sammy to clarifying how he ended up in a heap on the ground.
Today’s enterprise faces a number of similar blind-spot challenges involving shadow IT and mobile users. Taking advantage of technology that can help protect against the hard-to-see threats makes perfect sense. For the full article click here
from cyber security caucus http://ift.tt/25bdr0z
via IFTTT
Saturday, 21 May 2016
ICIT Forum 2016: Opening Keynote by Richard Ledgett, Deputy Director, NSA
Richard Ledgett, Deputy Director, NSA, delivers the opening keynote at the 2016 ICIT Critical Infrastructure Forum. Mr. Ledgett’s talk included an analysis of the top threats to our Nation’s Critical Infrastructures and how the intelligence community is responding to the threat.
ICIT Critical Infrastructure Forum
April 25, 2016
Ritz-Carlton Pentagen City, Arlington VA
Additional Videos from the 2016 ICIT Forum:
Keynote: IT Modernization & Resiliency (Tony Scott, Fedreal CIO) – https://www.youtube.com/watch?v=WBu_j…
DevOps (CIO, U.S. Citizenship & Immigration Services) – https://www.youtube.com/watch?v=oG4xo…
Threat Intelligence: https://www.youtube.com/watch?v=yPeD2…
from cyber security caucus http://ift.tt/1Rg8Ro1
via IFTTT
Throwing money at the cybersecurity problem?
MarketsandMarkets has forecast cybersecurity growth at $170.21 billion worldwide by 2020, up from $106.32 billion in 2015. This outlook includes both technologies and services, such as those offered by managed security service providers. North America is expected to have the largest cybersecurity spending and adoption, followed by “significant growth” in Latin America and Asia Pacific, according to researchers.
In the United States, President Obama put forth a Cybersecurity National Action Plan in February 2016 that if approved, allots $19 billion to cybersecurity across the federal government (and private sector) as part of the Fiscal Year 2017 budget—that’s a 35% increase over the FY 2016 budget. The Office of Personnel Management breach, discovered in April 2015, which exposed the personally identifiable information of federal employees (and interviewees) may have added to the sense of urgency. A $3.1 billion Information Technology Modernization Fund aimed at updating government technology and cybersecurity efforts is also part of CNAP. For the full article click here
from cyber security caucus http://ift.tt/1TlmtWN
via IFTTT
Bismarck State College to offer cybersecurity program
BISMARCK, N.D. — Starting this fall, Bismarck State College’s Computer Support Specialist Program will focus more on cybersecurity, preparing students for jobs as IT administrators, security administrators, network administrators, security analysts, help desk associates and IT support specialists.
The new program, Cybersecurity & Computer Networks, will include four core classes: Principles of Information Security, Computer and Network Security, Digital Forensics, and Ethical Hacking and Network Defense. Ethical hacking, a concept taught in similar programs at other schools, teaches advanced hacking tools and techniques used by hackers and information security professionals, says Matthew Frohlich, assistant professor of computer information systems (CIS). “We teach this to students so that they will be able to defend against attacks on their IT infrastructure.”
Nick See, CIS instructor, adds, “The Ethical Hacking and Network Defense course shows students the tools and techniques being used by their adversaries. They learn how computer and network compromises occur, as well as learning to protect against them.” For the full article click here
from cyber security caucus http://ift.tt/1Rf1mhf
via IFTTT
Experts: No cybersecurity without collaboration
The fanciest cybersecurity tools in the world are not going to help America keep up with the advanced hacking threats the nation faces unless more emphasis is placed on collaboration between the people using the technology.
That was the message from current and former public- and private-sector cybersecurity professionals Friday during a panel at an International Information Systems Security Certification Consortium event in Washington D.C.
The four panelists all agreed that it’s time to lean on people sharing, disseminating and understanding threat information in order to move from being reactionary to every cyber incident. For the full article click here
from cyber security caucus http://ift.tt/1Rf1qxt
via IFTTT
Navy retools cyber policy
Navy Secretary Ray Mabus has made significant additions to the service’s cybersecurity policy by requiring the implementation of a layered approach to cyber defense and the establishment of a departmentwide program to tackle insider threats.
Navy organizations, including the Marine Corps, “shall implement a defense-in-depth/defense-in-breadth [cybersecurity] strategy to mitigate information security risks throughout the entire life cycle of a system or network,” the memostates. It is dated May 2 but was released publicly this week.
Defense Department officials have long espoused a defense-in-depth approach to cybersecurity that mirrors the multiple barriers an assailant often faces in attacking a government building, for example. Mabus is trying to drive home the point by reminding commanders that they will be accountable for implementing defense-in-depth. For the full article click here
from cyber security caucus http://ift.tt/1Rf10XR
via IFTTT
Cybersecurity firm opens headquarters in Eldersburg
Carroll County officials turned out Friday to welcome the county’s latest entry in the high-tech government contracting arena, with the official ribbon cutting of the new corporate headquarters of Applied Technology Group in Eldersburg.
Applied Technology Group, a software development company supporting the intelligence and defense industries, is poised for growth and is on track to expand from its current 45 employees, to about 75 by the end of the year, according to CEO James Rainey, an Eldersburg resident. Many of the company’s employees work at the locations of its government clients, he said, but as the company looks to grow, he wants to root that growth in the county he calls home.
“Myself and my business partner live here. We wanted to engage the community that we live in,” Rainey said. “If you also look at the tech sector, the customer base in this area, it’s almost a triangle that’s out there. There’s Fort Meade down south, if you go east you have the Social Security Administration and Health and Human Services, and if you go west, you have Fort Detrick out there. It sort of puts us in this centralized hub.” For the full article click here
from cyber security caucus http://ift.tt/1Rf1u02
via IFTTT
Friday, 20 May 2016
Tech expert gives cybersecurity tips to local businesses
Jack Vonder Heide, president of Technology Briefing Centers, Inc. gave a seminar on cybersecurity for small- to medium-sized businesses at the Fisher Community Center Thursday afternoon.
“Jack is one of the leading authorities on technology in America,” said Nancy Harris, Human Resources manager at Farmers Savings Bank.
“Cybercrime is a scary area,” Heide said. “It’s scary to talk about the risks, but it’s important to understand how to avoid problems.”
Small- and medium-sized businesses are targeted by hackers because they often do not have several layers of security, he said.
“These criminals are attacking these businesses to get to valuable information,” Heide said.
Credit card numbers, banking information, corporate funds, employee information, customer data and any information found in software is at danger of being hacked.
“Not everyone who commits these crimes try to take files or information,” Heide said. “Many use ransomware.” For the full article click here
from cyber security caucus http://ift.tt/1U3zml3
via IFTTT
Thales strengthens cyber security team in Mideast
Thales says its strengthening its cybersecurity market in the Middle East with new executive appointments to its e-Security team. Philip Schreiber is appointed regional sales director Middle East, Africa and South Asia (MEASA), previously regional sales manager sub-Saharan Africa at Thales e-Security. Hamid Qureshi is appointed region sales manager Middle East; coming from Hewlett Packard, Maen Ftouni, regional sales manager Saudi Arabia, previously with Symantec and Simon Taylor, channel manager Middle East. They are supported by Neil Ginns, senior solutions consultant who has been with Thales for more than nine years. For the full article click here
from cyber security caucus http://ift.tt/1U3yYmQ
via IFTTT
GENERAL MICHAEL HAYDEN TO DELIVER KEYNOTE ADDRESS AT GIGAMON FEDERAL CYBERSECURITY SUMMIT
SANTA CLARA, Calif., May 20, 2016 /PRNewswire/ — Gigamon Inc. (NYSE: GIMO), the leader in traffic visibility solutions, will be holding its inaugural Gigamon Federal Cybersecurity Summit on Tuesday, May 24th from 7:00 a.m. to 12:00 p.m. at the Ronald Reagan Building & Trade Center in Washington, D.C.The half-day event features a keynote by retired four-star General Michael Hayden, the former director of the CIA and the NSA, and panels featuring cybersecurity leaders from FEMA, DOE, Department of the Navy, Raytheon, FireEye, Fidelis Cybersecurity and ForeScout. Dennis Reilly, Gigamon’s Vice President of Federal, will help to lead the event.
General Michael Hayden will deliver the event keynote “Cyber Security and the Threat of a Cyber Attack.” General Hayden was on the frontline of geopolitical strife and the war on terror when communication methods were being revolutionized, and he recognized that the world of information was changing rapidly. Hayden understands our nation’s need to adapt to our ever-changing informational landscape and the dangers, risks, and potential rewards of our digital security situation. Having served as the number one Military intelligence officer in the country, he will discuss geopolitics, cyber security, our vulnerabilities and challenges, the threat of a real attack and its potential ramifications. For the full article click here
from cyber security caucus http://ift.tt/1U3zhOx
via IFTTT
Council adopts cybersecurity rules
The Council has formally adopted new EU-wide rules to step up the security of network and information systems. The network and information security (NIS) Directive lays down security obligations for operators of essential services in critical sectors and for digital service providers. Each EU country will also be required to designate one or more national authorities and to establish a strategy for dealing with cyber threats. The Council position at first reading adopted confirmed the agreement with EP in December 2015, but EP also now needs to approve it. The NIS Directive is expected to enter into force in August. (Source: Council adopts cybersecurity rules) For the full article click here
from cyber security caucus http://ift.tt/27Hi6d3
via IFTTT
Bank of England urges UK institutions to bulk up cybersecurity after Bangladesh hack
In the wake of an orchestrated cyberattack found to be targeting numerous banks across the globe, the Bank of England issued an urgent call of all UK institutions to check for “indicators of compromise” on any computer connected to the Swift messaging service, it has emerged.
Officials close to the UK central bank, who spoke to Reuters on condition of anonymity, said the warning was issued in mid-to-late April – however is only now being made public. The order marks the earliest known case of a central bank in a major economy ordering a formal security check-up of its member banks in response the cyber-heist at the Bangladesh bank in February. In this case, which is still being investigated, hackers were able to compromise $81 (£56m) in a complex scheme.
The Bank of England reportedly told UK banks to conduct an audit of any system connected to Swift – which is used by 11,000 institutions across the globe to communicate securely and transfer funds.
It also demanded a “compliance check” to ensure that security policies put forward by Swift are being followed, alongside a check of who exactly has access to its sensitive applications and web portals. For the full article click here
from cyber security caucus http://ift.tt/1U3zeC8
via IFTTT
Thursday, 19 May 2016
House passes Castro’s cybersecurity prevention legislation
The U.S. House of Representatives passed the National Cybersecurity Preparedness Consortium Act, H.R. 4743, on Monday in an effort to strengthen the nation’s cyber defenses and keep critical infrastructure intact in the face of cyber threats.
The bill, authored by U.S. Rep. Joaquin Castro (D-TX), authorizes the DHS to work with consortiums to provide training to state and local first responders and officials to respond to cyber risks, conduct cross-sector cybersecurity training and simulation exercises for state and local governments, help states develop cybersecurity information sharing programs, and help states incorporate cybersecurity risk and incident prevention.
“Communities across our nation can benefit from San Antonio’s cutting-edge cybersecurity work,” Castro said. “Every day, our retailers, banks, military installations, government agencies, and everyday American citizens all face a growing number of potentially debilitating cyber threats. This bill allows the Department of Homeland Security (DHS) to collaborate with experts outside of the government to improve state and local cyber preparedness. It’s critical that localities understand the impact cyber attacks could have on their ability to function, and are prepared to prevent, detect, respond to, and recover from harmful cyber incidents.” For the full article click here
from cyber security caucus http://ift.tt/1U2fTi3
via IFTTT
Cybersecurity experts outline challenges associated with FirstNet, other public-safety communications
FirstNet plans to provide state-of-the-art cybersecurity by employing innovative methods that offerors are expected to propose in the request-for-proposals (RFP) process, but the entire public-safety community needs to take action to help ensure that subscriber agencies are not negatively impacted by cyberthreats, according to a panel of cybersecurity experts.
FirstNet’s cybersecurity goal—outlined in the RFP, which calls for proposals to be submitted by May 31—is “ensuring end-to-end security for the FirstNet network,” according to Glenn Zimmerman, senior security architect for FirstNet. There
“Each of the subdomains that comprise the FirstNet network have to stand on their own and be secure,” Zimmerman said during a cybersecurity panel conducted at IWCE2016 in March. “And, when you put it all together, the holistic aggregate of those subdomains needs to be secure, as well. That means what we’re looking for is designing offsets within each of those domains to counter a failure in another aspect of the overall network.
“There is never, from a planning perspective, the assumption that anything is fool-proof. The reason is that fools are actually pretty ingenious. They’ll figure out a way around almost everything. That’s why you have to have means and methods to counteract and mitigate those threats, capabilities and inherent weaknesses.” For the full article click here
from cyber security caucus http://ift.tt/1U2fEn4
via IFTTT
Senator Carper seeks information from SWIFT, NY Fed on cybersecurity
May 19 (Reuters) – U.S. Senator Tom Carper, a Democrat from Delaware, has sought information from the Federal Reserve Bank of New York and Society for Worldwide Interbank Financial Telecommunication (SWIFT) on steps being taken to protect banks against cybersecurity threats following attacks on the network.
Carper requested that both answer questions and brief staff on how they are addressing these recent attacks as well as safeguarding against other potential threats by June 17. (Reporting by Sweta Singh in Bengaluru; Editing by Anil D’Silva) For the full article click here
from cyber security caucus http://ift.tt/1U2fH2f
via IFTTT
Cybersecurity investment to reach $400 million due to IoT threats
The cybersecurity industry could see a boost in venture capital, thanks to new threats the Internet of Things (IoT) provide to smart homes, autonomous cars, and future factories.
Investment in cybersecurity rose by 78 percent in 2015 to $228 million and Lux Research expects it to reach $400 million this year, in part because of the rapid adoption of IoT devices.
See Also: Some Ring owners reconsider their doorbell’s intelligence
“Connected consumer and business products have begun flooding the market, but security has been an afterthought. The world now has to figure out how to secure the multitude of things that have recently become connected,” said Lux Research Vice President, Mark Bünger.
Security for IoT systems is critical, especially in situations where an entire grid of devices could be turned offline. Security services are cropping up all across the globe to tackle the issues raised from IoT and a growing reliance on computers handling product management and logistics. For the full article click here
from cyber security caucus http://ift.tt/1U2fI6b
via IFTTT
INSIDE Secure to Sell Its Semiconductor Business to Swiss Cybersecurity Expert WISeKey
INSIDE Secure (Paris:INSD), a leader in embedded security solutions for mobile and connected devices, today announced it is about to reach an agreement to sell its semiconductor business to WISeKey International Holding Ltd, a Swiss cybersecurity company listed in Zurich (SIX Swiss Exchange market: WIHN), for an enterprise value of CHF 13 million ($13.2 million), net of transferred cash.
The completion of the contemplated transaction would mark the final step in the repositioning of INSIDE Secure as a software security and technology licensing company, as announced on February 25, 2016. The company’s entire focus will be on software security serving primarily the expanding payment and mobile banking markets, and licensing embedded security technologies that serve the IoT markets
WISeKey is an existing customer of INSIDE Secure in the field of anti-counterfeiting solutions. The combination of WISeKey and INSIDE Secure’s semiconductor business would enable the creation of a comprehensive cybersecurity vertical trusted platform combining hardware, crypto and software and will reinforce the positioning of WISeKey as a cybersecurity IoT player. Ongoing support and solutions would be provided to existing INSIDE Secure semiconductor customers for existing products and development projects to ensure a smooth transition. For the full article click here
from cyber security caucus http://ift.tt/1WFoy05
via IFTTT
Wednesday, 18 May 2016
Sharing to improve skills access as government cybersecurity policy normalises collaboration
Government support for Australia’s emergent cybersecurity industry will provide much-needed impetus for better collaboration amongst the country’s many security specialists, one Australian security entrepreneur has argued in the wake of the federal Budget’s reassertion of support for the sector.
The government’s Cyber Security Strategy (CSS), launched last month, offered an outline of the Budget’s commitment to bolster national cybersecurity defences – including a $47.3m commitment to establish Joint Cyber Threat Centres and an online threat-sharing portal designed to coalesce the industry around the idea of aligning private and public security interests for a common national cybersecurity defence.
Such broad collaboration would encourage better sharing of information on threats – and Craig McDonald, founder and CEO of long-running Australian security vendor Mailguard, is ready to throw his resources behind the effort. “We’ve got great intelligence that we can be sharing with other groups,” he told CSO Australia. “We’re happy to do that and we do that today. The CSS announcement has highlighted that this definitely is an issue For the full article click here
from cyber security caucus http://ift.tt/1srnq3J
via IFTTT
StarHub and partners invest S$200m to enhance Singapore’s cybersecurity
Singapore’s popular telecommunications company StarHub will be investing around S$200 million for a sustained development of cyber security ecosystem in the country over the next five years.
The company recently launched its Cyber Security Centre of Excellence which is reportedly the “first-of-its-kind” approach to removing cyber threats at the source and prevent all such attacks from entering an organization’s firewall or security system.
The Centre enjoys the support of industry partners like Blue Coat, Wedge Networks, Fortinet, and Cyberbit, besides being backed by the Singapore Economic Development Board.
The company is expected to coach at least 300 experts for its Cyber Security Centre in association with institutes of higher learning such as Nanyang Polytechnic, Republic Polytechnic, Temasek Polytechnic and the Singapore University of Technology and Design.
The Centre will have special powers and monitoring control over the internet traffic across Singapore which is synonymous with the water treatment strategy being employed in the country. For the full article click here
from cyber security caucus http://ift.tt/1OI3PWW
via IFTTT
Cybersecurity is biggest risk to financial systems: SEC
WASHINGTON: Cybersecurity is the biggest risk facing the financial system, the chair of the US Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks.
Banks around the world have been rattled by a $81 millioncyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.
The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, For the full article click here
from cyber security caucus http://ift.tt/1OI3Vht
via IFTTT
ACS frames cybersecurity imperative as Victoria addresses ICT, security disasters
The Australian Computer Society (ACS) is pushing for renewed investment in cybersecurity skills as newly announced ICT-strategy commitments by the NSW and Victoria governments put additional pressure on cybersecurity skills that are already lagging demand and are expected to further outpace overall ICT-skills growth in coming years.
The ACS Victorian Cyber Security Paper, launched this week, notes that cybersecurity jobs “are the most difficult of jobs in the technology industry to fill despite being amongst the highest paid”. In attempting to lay down a path to close this gap – and avert future problems caused by “dwindling numbers of STEM students” – the ACS has recommended a range of initiatives including the development of a dedicated program similar to the US National Initiative for Cyber security Education(NICE) public-private partnership program.
The ACS has also recommended establishment of a grants program to support cybersecurity startups and SMEs undertaking R&D; is also exploring the extension of its training accreditations to encompass cybersecurity education; and supports government-funded cybersecurity information campaigns for SMEs and the creation of a Victorian cyber security business advisory service to improve overall cybersecurity posture. For the full article click here
from cyber security caucus http://ift.tt/1OI3yDv
via IFTTT
StarHub sets up cybersecurity monitoring facility
StarHub has announced plans to partner several industry players with the goal to drive Singapore’s cybersecurity, jointly investing S$200 million (US$145.86 million) over five years to do so.
The initiative was unveiled Wednesday at the launch of the telco’s Cyber Security Centre of Excellence, which would serve as a hub to support the new initiative.
According to StarHub, an initial group of five industry players and four local tertiary institutions had joined the centre, including Blue Coat, Fortinet, and Wedge Networks, as well as Republic Polytechnic and Singapore University of Technology and Design. These partners would be involved in various initiatives aimed at boosting Singapore’s cybersecurity capabilities, specifically, in skills development and industry collaboration.
StarHub said it was targeting to train more than 300 professionals with relevant skillsets in over the next five years, and would work on research and development projects with the four educational institutions and Singapore’s Cyber Security Agency. For the full article click here
from cyber security caucus http://ift.tt/1OI3Avc
via IFTTT
Tuesday, 17 May 2016
Scientists develop new method to boost cybersecurity
NEW YORK: Computer scientists, including an Indian-origin student at the University of Texas at Austin, have developed a new method for producing truly random numbers — a breakthrough that can be used to encrypt data and improve cybersecurity .
The new method creates truly random numbers with less computational effort than other methods, which could facilitate significantly higher levels of security for everything from consumer credit card transactions to military communications.
This can also make electronic voting more secure, conduct statistically significant polls, and more accurately simulate complex systems such as the Earth’s climate.
“This is a problem I have come back to over and over again for more than 20 years. I’m thrilled to have solved it,” said computer science professor David Zuckerman For the full article click here
from cyber security caucus http://ift.tt/1NwGxmP
via IFTTT
Hurd Applauds Cybersecurity Bill
The United States House passed a cybersecurity bill carrying a big impact locally.
The National Cybersecurity Preparedness Consortium Act allows non-profits and universities, like UTSA, to work closely with Homeland Security, addressing risks and incidents at the state and local levels.
Congressman Joaquin Castro said communities can benefit from the Alamo City’s cybersecurity work. He called UTSA a leader of the National Cybersecurity Preparedness Consortium.
“This legislation allows consortiums like UTSA’s to share their cyber expertise with communities across our nation,” Castro said. “Increased collaboration will strengthen our defenses and keep us one step ahead of cyber attackers.“
“I’m hopeful the Senate will follow the House’s lead, pass this bill, and protect the American people from a growing threat to their safety,” Castro said. For the full article click here
from cyber security caucus http://ift.tt/1TltZhl
via IFTTT
Cybersecurity special report: Ransomware will get worse, hackers targeting whales, medical devices and IoT trigger new vulnerabilities
When it comes to digital security, healthcare provider organizations have the wrong mission and are using outdated approaches, generally failing at securing their organizations from today’s increasingly sophisticated cybercriminals.
That’s according to “Hacking Hospitals,” a two-year study by Independent Security Evaluators of 12 healthcare facilities, two healthcare data facilities, two healthcare technology platforms and two medical devices.
The study concluded healthcare has two major problems when it comes to digital security: a near-exclusive focus on defending patient records, and measures that target unsophisticated adversaries and blanket attacks.
“One of the biggest things we took away from our Anonymous attack was that in the past, I had always thought about cybersecurity related to health IT as safeguarding data ― but our experience made us understand it is more than that,” said Daniel Nigrin, MD, CIO at Boston Children’s Hospital, which was attacked by the hacker group Anonymous in 2014. “These cyberattacks can be disruptive to the routine daily operations of a hospital. One can argue these kinds of attacks are even more significant than the breach of data because at the end of the day we are taking care of patients who are sick, and that has to be Priority No. For the full article click here
from cyber security caucus http://ift.tt/27vf8YX
via IFTTT
Monday, 16 May 2016
UL Develops Cybersecurity Certification
(UL CAP), which uses the organization’s UL 2900 series of standards as testable cybersecurity criteria. The goal is to assess software vulnerabilities for network-connectable products and systems. UL CAP was designed to detect weaknesses, minimize exploitation, address known malware, review security controls, and increase security awareness.
UL CAP was created for vendors who were seeking trusted support in assessing security risks as they build connected products, as well as for purchasers of products who want to mitigate risks by sourcing products validated by a trusted third party. UL CAP is also designed to help insurance companies determine cybersecurity risk. UL launched the certification program during first week of April.
The certification was originally prompted by vendors who wanted a blessing for their connected products and systems. Other entities such as insurance companies soon followed.
“When we started looking at this and how we would do cybersecurity evaluation, we started out working with manufactures. They asked us to look at their challenges, which is similar to their safety evaluations,” Ken Modeste, principal engineer at UL, told Design News. “As we started engaging more and more stakeholders, insurance companies started reaching out with the same concerns. They wanted a third-party organization to determine their risk. They were looking for ways to vet the standards.” For the full article click here
from cyber security caucus http://ift.tt/1OvwWrg
via IFTTT
Q&A: Driving growth in the application security market
WhiteHat Security – an ethical hacking company – is 15 years old this year and is now experiencing something of a teenage growth spurt, both in terms of customers and headcount.
In what is an increasingly competitive market, we caught up with Craig Hinkley, who joined the company as CEO in 2015, to get the inside story on the application security space and what is driving the company.
WhiteHat is 15 this year. You must have been one of the earliest companies to establish an application security company and product, correct?
WhiteHat pioneered the Software-as-a-Service model for application security and we were first to combine the tools and technology with the expertise of security researchers to create actionable, accurate, continuous web security assessment at scale. That’s not all though; this year we will publish our 11th annual statistics report. Through this report, we were one of the first companies to bring concise, measurable data to the application security market. For the full article click here
from cyber security caucus http://ift.tt/1OvwTvu
via IFTTT
Financial institutions need ‘strong IT controls’ following SWIFT attacks: MAS
SINGAPORE: The Monetary Authority of Singapore (MAS) “expects financial institutions to implement strong controls in their IT systems”, in the wake of two attacks using the Society for Worldwide Interbank Financial Telecommunication (SWIFT) financial messaging system.
The regulator told Channel NewsAsia on Monday (May 16) that this included maintaining a high level of security for their critical IT systems such as SWIFT. “MAS will continue to monitor the security landscape and threats faced by the financial industry and provide guidance where necessary,” a spokesperson said.
MAS’ comments come in the wake of a number of cyber attacks on banks worldwide through SWIFT’s system – a network that allows institutions to carry out financial transactions by sending out messages through a secured global communications network. For the full article click here
from cyber security caucus http://ift.tt/1OvwWHB
via IFTTT
Don’t fear cyber security; promote it!
Air travel has long been known to be the safest form of transport. We have an abundance of statistics to prove this. Safety has been cited as a valid reason for choosing air travel for a long time and the industry quite rightly prides itself on its exemplary safety record. Passengers feel reassured by this when travelling by air.
This is not so true of cyber security. As cyber security has entered into mainstream thinking it has often been tainted by glamourous tales of ruthless and clever hackers who have exploited systems for millions of dollars. There is a general belief that all systems can be hacked and nothing is safe from hackers. In a world of absolutes where we take into consideration every possibility then nothing is safe from being hacked. However, if we apply this type of thinking to other areas of our lives we would realise that absolute thinking is not always helpful.
Let’s take the example of the front door on the house where you live. Ask yourself ‘can that door be broken and your house entered in to?’ The answer is an obvious yes. We put a door on our house that we deem secure enough for the role it has to perform. We take a risk-based approach to our household security. For the full article click here
from cyber security caucus http://ift.tt/1OvwVnh
via IFTTT
7 reasons to gamify your cybersecurity strategy
Data breaches continue to grow in number, size, severity and cost. With the increase in new security holes, vulnerabilities and attack vectors that need to be fixed, many businesses are turning to gamification to help employees adhere to cybersecurity best practices.
Gamification is the process of engaging people and changing behavior using game mechanics in a non-game context. Essentially, it’s taking what’s fun about games and applying it to situations that maybe aren’t so fun.
By using gamification, organizations are finding new ways to educate employees on the importance of cybersecurity, through gaming elements like one-on-one competitions, rewards programs and more. Mark Stevens, senior vice president of Global Services atDigital Guardian, provided seven reasons to use gamification to address data security. For the full article click here
from cyber security caucus http://ift.tt/1OvwVU8
via IFTTT
Saturday, 14 May 2016
Pornhub Invites ‘Unexploited Talents’ to Try Their Hand at Cybersecurity
Adult video giant Pornhub has joined a number of technology giants like Google and Yahoo that have recently implemented so-called bug bounty programs. The company is now offering up to 25,000 dollars to those who can find security vulnerabilities on its website. Radio Sputnik discussed the issue with Alexi Klein, from Pornhub’s Marketing Team.
“Since we officially launched earlier this week we have got some fifty or so submissions that we are now vetting and which should be qualifying for a bounty. We’ve received over a ton [of such submissions] since we opened up,” Alexi Klein said.
When asked to say a few words about the history of Pornhub and whether this was the result of many of those visiting their website being a little “nerdy” Alexi said there was a lot of traffic coming in from all over the world every day. For the full article click here
from cyber security caucus http://ift.tt/1qkqtcA
via IFTTT
Sweet: Penny Pritzker races to finish up before Obama is out
WASHINGTON — Commerce Secretary Penny Pritzker is a runner. And she knows the weeks are racing by to the end of President Barack Obama’s second term.
“I would say, in general, that we are not slowing down,” she said in an interview. “I have a sign in my office that says, ‘Run through the tape.’ And that’s what we are doing.”
We spoke on Thursday after Pritzker came home to give a speech to the Economic Club of Chicago.
The day before, Pritzker was in the Silicon Valley with Defense Secretary Ashton Carter and Homeland Security Secretary Jeh Johnson to talk about threats to cybersecurity at a conference at Intel Corp.’s Santa Clara, Calif., campus.
On Monday, Pritzker will be on a panel here with James Clapper, the director of national intelligence, to talk more about cybersecurity and digital challenges.
Cybersecurity wasn’t a specialty of the billionaire Chicago business executive when she was sworn in as commerce secretary on June 26, 2013. For the full article click here
from cyber security caucus http://ift.tt/1WwJeIk
via IFTTT
Delphi Joins Auto Industry’s Cybersecurity Sharing Group
Delphi joins auto industry’s cybersecurity sharing group, a new hub for intelligence analysis on cybersecurity threats in Wi-Fi connected vehicles. On Tuesday Delphi Automotive PLC joined the group on Tuesday, making it the first company in the group that is not a car manufacturer.
The Automotive Information Sharing and Analysis Center’s board includes executives from nearly all the largest U.S. automakers, including Ford Motor Co., General Motors Co.BMW of North America LLC, Kia Motors Corp., Hyundai Motor Co., FCA US LLC andVolkswagen AG. Delphi resides as the parts manufacturer of the group, which formed last year in an industry-wide effort to make technologically advance cares less susceptible to computer hacking.
“The design and engineering of vehicle components and modules by suppliers is critical to the security of the vehicle as a whole,” said Tom Strickler, the Toyota chair of Auto-ISAC, on Tuesday. “Delphi’s membership in Auto-ISAC will help the industry continue to produce more advanced vehicles with modern and robust security protections incorporated from conception.” For the full article click here
from cyber security caucus http://ift.tt/1qkqvkI
via IFTTT
IUP offering cybersecurity summer camp
Indiana University of Pennsylvania is offering a free Cybersecurity Camp for middle and high school students and teachers from June 13 to 17 on the IUP campus.
The camp is part of a national initiative supported by the National Security Agency and the National Science Foundation. IUP is the only school in Pennsylvania that is part of this initiative for 2016.
Applications for the camp are due by May 23, but late registrations may be considered based on availability.
Information about the camp and application forms are available at http://ift.tt/1WwJp6p. The camp is limited to 45 participants (30 students and 15 teachers).
The camp runs from 9 a.m. to 4:30 p.m. each day. Lunch and a snack will be provided as part of the program, which includes direct instruction, group activities and hands-on experiences. It will be taught by a team of faculty with established expertise in cybersecurity teaching and research.
All students will receive a free miniature computer to take home; all teachers will receive a free iPad to take home. Teachers will also receive Act 48 credits, and mileage reimbursement is available. For the full article click here
from cyber security caucus http://ift.tt/1qkqsW2
via IFTTT