Generic

Cybersecurity News

 

U.S. developing sanctions against China over cyberthefts
The Washington Post
08/30/15

The Obama administration is developing a package of unprecedented economic sanctions against Chinese companies and individuals who have benefited from their government’s cybertheft of valuable U.S. trade secrets. Issuing sanctions would represent a significant expansion in the administration’s public response to the rising wave of ­cyber-economic espionage initiated by Chinese hackers, who officials say have stolen everything from nuclear power plant designs to search engine source code to confidential negotiating positions of energy companies.


Why industry groups are wary of stronger FTC cybersecurity oversight
The Christian Science Monitor – Passcode
08/28/15

With a federal appeals court reaffirming the Federal Trade Commission's regulatory authority of data security practices, the question now becomes: Just how powerful will the agency become in overseeing matters of privacy and cybersecurity? Now, many industry groups are worried that at a time when corporations are dedicating more money and resources to protect data from criminal hackers, they'll also face more regulatory oversight and hefty fines from the government for data security practices.


More than 80% of healthcare IT leaders say their systems have been compromised
Computer World
08/27/15

Eighty-one percent of healthcare executives say their organizations have been compromised by at least one malware, botnet or other kind of cyberattack during the past two years, according to a survey by KPMG. The KPMG report also states that only half of those executives feel that they are adequately prepared to prevent future attacks. The attacks place sensitive patient data at risk of exposure, KPMG said.


Car industry bands together to thwart hacking threats
SC Magazine
08/27/15

The Alliance of Automobile Manufacturers and the Association of Global Automakers have banded together to lay the groundwork for an industry-wide Information Sharing and Analysis Center (ISAC) intended to share best practices in mitigating automotive cybersecurity threats that enable attackers to gain control of vehicle systems.Every major car manufacturer will participate in the ISAC with suppliers and telecommunications companies projected to join in later.


Can smart infrastructure be cyber-secure?
Governing
08/26/15

Many cities are rapidly deploying "smart" infrastructure technologies. But this technology's growing presence is raising new questions in a world in which cyber-breaches are beginning to seem like a daily occurrence: Just how secure are these systems and the data they hold? In response to this perceived threat, a group of experts recently launched a not-for-profit global initiative called Securing Smart Cities to help government leaders reduce the liabilities of implementing the technology.


Netflix is dumping anti-virus, presages death of an industry
Forbes
08/26/15

Movie streaming titan Netflix is hammering a rather significant nail in the anti-virus coffin, one that could well lead to the industry’s final interment. Netflix, a well-known innovator in the tech sphere, is the first major web firm to openly dump its anti-virus, and where Netflix goes, others often follow; just look at the massive uptick of public cloud usage in recent years, following the company’s major investment in Amazon Web Services. Also, in the last 10 years, research has indicated AV is rarely successful in detecting smart malware.


Tony Scott says IT spending 'headed the wrong way'
FCW
08/26/15

The state of IT spending isn’t making Tony Scott happy. The federal CIO spoke pessimistically of how much the government was spending to maintain old systems, instead of investing in new ones, and he also dinged common acquisition practice as part of the problem in recent remarks at an event organized around that very acquisition practice.He decried the "tons of year-end spending because it’s a ‘use it or lose it’ sort of proposition, and that’s just a really bad way to run IT.”


Why federal CIO Tony Scott hates the end-of-year IT spending spree
Next Gov
08/27/15

The end-of-the-year spending spree -- in which agencies cram contract spending into the last quarter of the fiscal year -- is a time-honored tradition in government contracting. And federal CIO Tony Scott hates the "use-it-or-lose-it" nature of federal IT funding that fuels the annual spending spike, saying recently, "That's just a really bad way to run IT.” The end-of-the-year pressure drives agencies into “exactly the wrong behavior,” Scott said: more short-term, even frivolous, spending and less of a focus on longer-term investments.


The outlook for OASIS
FCW
08/28/15

The General Services Administration’s $60 billion One Acquisition Solution for Integrated Services (OASIS) contract was one of the most anticipated agreements the agency has produced in the past decade. And despite being barely a year old, the service-oriented acquisition vehicle is already reshaping the way GSA handles other massive multiple-source procurements.


Feds urge energy companies to ramp up cyber protections
Next Gov
08/27/15

The federal government wants utilities companies to keep people from gaining unauthorized access to buildings, networks, data and control systems and potentially triggering power outages. In a new guide, Identity and Access Management for Electric Utilities, the National Institutes of Standards and Technology aims to teach energy companies to protect their digital and physical assets by using a platform that could let them see who has access to any part of a system at any time.


NCCoE issues draft guidance for bolstering cybersecurity at utilities
Fierce Government IT
08/27/15

The National Cybersecurity Center of Excellence is urging utility companies to change decentralized identity management practices at their facilities to shore up a weak link against online attack. The NCCoE, which is a partnership of the National Institute of Standards and Technology (NIST), the State of Maryland and Montgomery County (MD), has released a draft guide to walk utility companies through the process of setting up a single identity management system that can work for employees no matter which department they work under.


US agency tells electric utilities to shore up authentication
PC World
08/25/15

U.S. electric utilities should pay close attention to their authentication systems and access controls to reduce data breaches, NIST says in a new cybersecurity guide. About five percent of all cybersecurity incidents that DHS' industrial control cyber team responded to in 2014 were tied to weak authentication, said NIST, and another four percent of industrial control incidents were related to abuses of access authority. The new cybersecurity guide, released in draft form by NIST's National Cybersecurity Center of Excellence (NCCoE), focuses on helping energy companies reduce their cybersecurity risks by showing them how they can control access to facilities and devices from a single console.


Cybersecurity under FTC authority: What does it mean?
Dark Reading (commentary)
08/27/15

A U.S. appellate court has granted the Federal Trade Commission (FTC) authority to regulate corporate cybersecurity. While this isn’t the first time the U.S. government has stepped in to mend the issues overlapping several industries, this is significant progress.


Federal CIO: Cybersecurity policies lacked ‘urgency’ before OPM hack
Next Gov
08/26/15

Shortly after Tony Scott became the federal government’s chief information officer in February, some of the Obama administration’s keystone tech policies -- including cybersecurity and cloud computing -- “felt like they were languishing a little bit and maybe had lost a sense of urgency,” the former corporate IT executive says. With cybersecurity, “What we didn't have was, I think, any kind of good cadence and sort of sense of urgency about that,” Scott said recently. “And so, even prior to OPM, I was thinking about: What are the things that we could do to sort of accelerate our progress on this?"


The Internet of Things: What’s Washington’s role?
Politico
08/28/15

Every second, 127 items are added to the Internet. Wired toasters and heart monitors; trucking fleets and individual cows. The business opportunities are vast: a report from the McKinsey Global Institute estimated that the Internet of Things could add as much as $11 trillion per year to the global economy by 2025.POLITICO and McKinsey & Company recent convened a working group of high-level voices to determine how—or if—Washington is likely to become involved. The group discussed policy options for addressing the privacy and security issues raised by the proliferation of networked objects.


22 amendments that could determine the fate of Senate's cyber bill
Next Gov
08/26/15

After a brief but heated battle, senators left for summer recess without voting on a key cybersecurity bill that sets up incentives for businesses to share cyberthreat information with the government, with the goal of supplying both with the tools and data they need to bolster their defenses. The measure could come up again when the Senate reconvenes in September, with the Senate leadership having announced that 22 amendments will be voted on that could make or break the bill.


Pentagon unveils new rules requiring contractors to disclose data breaches
Next Gov
08/26/15

New sweeping defense contractor rules on hack notifications took effect August 26, adding to a flurry of Pentagon IT security policies issued in recent years. Industry, which is already concerned about overlapping and burdensome cyber rules, worries the Pentagon will go back and retroactively change contracts, after the White House draft is finalized.


Army's Signal Corps undergoing cyber review
C4ISR & Networks
08/28/15

As part of a sweeping, end-to-end review by the Army CIO/G6, the service's signal corps are facing a hard look at the skills, requirements and military operational specialties (MOSes) that comprise the corps. The review, which started back in December, is happening as the Army looks to streamline and sharpen its forces dedicated to cyber operations. Already, integration between signal and cyber are happening in the schoolhouses and at Fort Gordon, Georgia, home to the 7th Signal Command, the Army Cyber Center of Excellence and eventually Army Cyber Command. As that integration gains momentum, Army leaders are looking at the best ways to bring the organizations together while still focusing on each side's core competencies.


Army tries to speed cyber acquisition process
FCW
08/27/15

The Army is trying to speed cyber-related acquisition by using a template known as the Information Technology Box. Officials said the goal is to quickly supply soldiers with IT tools such as sensors, forensics and "insider threat discovery capabilities" in a matter of weeks rather than the months or years a traditional acquisition might take.


Army looks in-house for cyberwarriors
Next Gov
08/26/15

The Army has turned to its own ranks in hopes of satisfying its growing need for talented cybersecurity professionals. In June, the agency announced that all E-1 through E-8 ranked soldiers, regardless of their technical background, could apply to participate in a yearlong cyber training program, according to a recent Army press release. Those successful candidates who complete the program would then be reclassified into the 17C military occupational specialty – also known as cyber operations specialist.


5 key takeaways from AFCEA TechNet: Day 2
C4ISR & Networks
08/27/15

Day 2 of AFCEA's TechNet Augusta, held in the Georgia hometown of Fort Gordon, the 7th Signal Command and the Army Cyber Center of Excellence, saw a drill-down on the topics at hand. That included frank discussions on intelligence staffing and operations, the evolution of radio communications in the theater and dominance in cyberspace. The central tie between all of those themes? The dire need for joint communications. Here are five key snippets from Day 2's discussions that centered on solving the military's problems in cyber operations and communications on the move.


DHS outlines biometric future
GCN
08/28/15

The Department of Homeland Security has released its vision for how enhanced biometrics capabilities will transform the agency’s operations over the next 10 years. DHS has several biometric-based programs underway, including the Automated Biometrics Identification System as well as various research and development activities within its Science and Technology Directorate and operational components. This DHS strategic framework, released Aug. 26, will be used to identify and align DHS initiatives to meet strategic goals and objectives, the agency said, as well as identify gaps where action plans must be initiated.

DDoS attacks against banks increasing
Data Breach Today
08/24/15

Three years after leading U.S. banking institutions were targeted by waves of distributed denial-of-service attacks waged against them by a hacktivist group, DDoS attacks have continued to grow in number and magnitude.And while banking institutions have made improvements in their abilities to mitigate the effects of DDoS strikes against them, institutions are still struggling to keep up.


Ouch! Feeling the pain of cybersecurity in healthcare
Dark Reading
08/25/15

To see why medical records are increasingly a target of hackers, just thumb through all the personal identifiable information stored in your cell phones, fitness trackers, social media, the cloud, and in service provider databases. There are lots of reasons why medical data is so vulnerable – a fragmented industry, the explosion of electronic health records spurred by the Affordable Care Act, and medical PII's increasing value to hackers. But the sheer numbers at risk speaks volumes about the scale of the problem.


Exclusive: The OPM breach details you haven't seen
FCW
08/21/15

An official timeline of the Office of Personnel Management breach pinpoints the hackers' calibrated extraction of data and the government's step-by-step response. The timeline makes clear that the heist of data on 22 million current and former federal employees was one sustained assault rather than two separate intrusions to steal background investigation data and personnel records.The July 14 document was prepared by federal investigators for the office of U.S. CIO Tony Scott, and the detailed timeline corroborates administration officials' public testimony but is unique in its comprehensiveness and specificity.


Everything-as-a-Service
e.Republic
08/24/15

The unbundling of networks and servers by government owned and operated infrastructure is just the beginning of what the Center for Digital Government is seeing as a significant transformation towards Everything-as-a-Service that will sweep through states and localities in the years to come. Here's how the unbundling of technology will impact the future of state and local government, and what you need to know and how you can be a part of it.


University Of Virginia Breach targeted two individuals with China links
Dark Reading
08/21/15

Earlier this month, University of Virginia officials disclosed that federal authorities had informed the university of a potential intrusion into its networks originating from China. The university confirmed the breach June 21 but did not immediately disclose the incident until last week while it worked to remediate the issue. Security firm Mandiant, which was hired to investigate the intrusion, has confirmed that the attack appears to have been targeted at two specific employees whose work has a connection to China.


6 observations about cybersecurity based on two new surveys
Forbes
08/12/15

Cybersecurity incidents and attacks have become almost daily news, and two new surveys give voice to the executives and cybersecurity professionals struggling to defend their organizations.A record 79% of executives said they detected a security incident in the past 12 months, while 73% of security professionals say it is likely that they will have to respond to a significant compromise in the coming year.


Cyber sprint’s before and after picture gives reasons for hope, fear
Federal News Radio
08/21/15

There has been plenty of discussion in the federal community about the Office of Management and Budget’s 30-day cyber sprint and whether it made any difference or not. Some experts say the cyber sprint was just window dressing on long-standing problems. Others pointed to finally forcing agencies to use their smart identity cards to log-on to their networks and computers, and that was, at least, the type of difference maker that had been missing over the last decade. A new document shows just how bad a shape agencies were in as of June, including how many critical vulnerabilities that existed for more than 30 days and how many potential holes in individual agency networks, and just how far they’ve come over the summer.


How to get ahead of 2016: Ensuring federal IT can adapt to leadership transitions
Next Gov
08/20/15

As government agencies turn their attention to planning for 2016, one thing is clear: Most political appointees in agency leadership positions today will not be in seat 18 months from now and many may start their transitions early. Regardless of which party takes office, the new administration will bring its own set of priorities and most will be dependent on a strong digital foundation.


The nation’s 24-hour cyber watch center still has some empty seats
Next Gov
08/24/15

The watch floor of the National Cybersecurity and Communications Integration Center (NCCIC), which monitors hack attacks aimed at 16 critical U.S. industries, is still missing analysts from 75 percent of those sectors. The reasons for low attendance have little to do with controversies over sharing customer and business-sensitive information. The main problem is insufficient capital to put boots on the ground there.


Labor CIO pushes back against critical IG report
FCW
08/24/15

The top tech official at the Labor Department said officials have made progress in remediating information security weaknesses, and she raised concerns about the "completeness and accuracy" of a critical report released by the Office of Inspector General at the end of July. The report, which was a roundup of previous probes by Labor's OIG, asserted that the department only recently turned its attention to implementing two-factor authentication agency-wide in response to data breaches at the Office of Personnel Management. It also detailed lingering problems with privileged access to government systems by former employees and contractors.


Federal Election Commission refuses to release computer security study
The Center for Public Integrity
08/20/15

The Federal Election Commission is refusing to uncloak a pricey, taxpayer-funded study that details decay in the security and management of its computer systems and networks, which the Center for Public Integrity revealed had been successfully infiltrated by Chinese hackers in October 2013. The report — known within the FEC as the “NIST study” — also provides recommendations on how to fix the FEC’s problems and bring its computer systems in line with specific National Institute of Standards and Technology computer security protocols.


Cyber a growing topic in vehicle security
Defense News
08/25/15

When security flaws allowed a Jeep Cherokee to be hacked and remotely controlled earlier this month, the US Army took notice, according to a lead acquisitions official. Kevin Fahey, director of system of systems engineering and integration in the Office of the Assistant Secretary of the Army for Acquisition, Logistics and Technology, told the National Defense Industrial Association's tactical wheeled vehicle conference they must be concerned about cyber, particularly the security of the systems they manufacture. Fahey has been directed to incorporate system security into the formal defense acquisitions process.


Why Defense can’t buy cyber stuff fast enough
Government Executive
08/24/15

The Defense Department is under attack in cyber space, and national security is at stake. Yet in a field defined by rapid growth, DoD arms itself at the same pace with which it buys major weapons, an acquisition cycle of seven to 10 years. The “arsenal of democracy” has already provided the tools for hastening this process in the form of agile methods. The Pentagon has been reluctant to adopt different methods for software than it uses for other acquisitions. But unless it does so, it will lose its edge.


Central Command looks to private sector for joint cyber planning
Defense Systems
08/19/15

In an effort to shore up cyber defenses across government, a cross-agency effort is interested in procuring joint cyber planning services for the U.S. Central Command. In a recently published synopsis/solicitation, Centcom looks to further its efforts to integrate theater-level campaign constructs with the Defense Department and other agencies—the solicitation, in fact, was issued by the General Services Administration, along with the Joint Cyber Planning Services, which is tasked with leading the charge toward full-spectrum cyber operations. The solicitation is looking for contractors with expertise in the full range of cyber defense, offense and operations, everything from preparing policies to carrying out cyber responses to attacks.


6 things to know from AFCEA TechNet: Day 1
C4ISR & Networks
08/25/15

The theme for this year's TechNet event in Augusta, Georgia, is "cyber convergence," an idea hit on many times throughout the first day of the event. Here are six key takeaways attendees heard the first day, at TechNet Augusta: 1. Cyber is a team sport; 2. We need cyber schools; 3. Those new ways of doing things won't be easy; 4. Convergence is more than just lip service about collaboration; 5. collaboration -- within the Army, but also across DoD, the intelligence community and the broader government -- is "the challenge and opportunity we face together"; and 6. "Hyper-asymmetric war" is upon us.


DISA issues Pentagon-friendly cloud computing guide
Next Gov
08/25/15

The Defense Department’s information technology arm has unveiled a guide for IT shops in the defense and military space planning a move to the cloud. Released by the Defense Information Systems Agency, the guide is aimed at DOD “mission owners” wanting to migrate an existing information system from a physical environment to a virtualized cloud environment. The framework is based on real-world cloud pilot efforts within DoD.


DISA’s best practices for cloud migration
GCN
08/21/15

The Defense Information Systems Agency recently released “Best Practices Guide for Department of Defense Cloud Mission Owners” for those planning to migrate existing systems from physical environments to the cloud. The new best practices guide provides knowledge gained from DoD cloud pilots, specifically, DISA’s Information Assurance Support Environment and the Army’s DOD Environment, Safety and Occupational Health Network and Information Exchange. It includes information on IP standards, domain name servers, to storage capacity to assessment and authorization.


Pentagon debunks DOD-VA interoperability myth
Next Gov
08/24/15

For years, the Pentagon and the Department of Veterans Affairs struggled to integrate their electronic health records systems, spending upward of a billion dollars on an effort that was ultimately scrapped. Ultimately, the Pentagon bid out and awarded a massive contract valued at up to $9 billion to Leidos to upgrade its health records system. Much of the build-up during the bid time frame centered on the Pentagon’s wish for interoperability between health systems. Yet, Pentagon officials, briefing reporters July 30 before the Leidos award, contended that interoperability between VA and the Defense Department was actually far less of an issue than it was made out to be.


Wyndham vs. FTC: Corporate security pros need to lawyer up about data breach protection, experts say
CIO
08/25/14

Corporate security executives need to meet with their legal teams to find out whether the way they protect customer data will keep them out of trouble with the Federal Trade Commission should that information be compromised in a data breach. Based on a U.S. Circuit Court of Appeals decision August 24, the best course of action is to learn what kinds of actions the FTC has taken in the past – and why - against companies whose defenses are cracked and whose customer data is stolen.


Interview: Big data and the importance of identity
IT Pro Portal
08/21/15

When it comes to big data, many companies are now adept at collecting it, but the harder part is knowing how to organize it and what to do with the data once you have it. The idea of identity is a vital one, as marketers can transformed this data into an actual representation of their current and potential customers, therefore providing valuable and actionable insight. To shed more light on the subject, Richard Lack, the Director of Sales in Northern Europe at Gigya was interviewed and discussed how to define big data, what mistakes are companies making when it comes to big data, and how companies can classify data to make it more effective.


With a major cybersecurity job shortage, we must act like we are at war
Next Gov - Tech Insider (opnion)
08/24/15

We are in the midst of a cyberwar and the bad guys are winning, but our “quick fixes” haven’t yet addressed the larger problem. We live in a world with hackers who are capable of breaking into all but the most highly sophisticated systems, yet the U.S. government is undermanned against hackers and can’t afford to wait for natural market forces to eventually increase the supply of skilled cyber warriors. Here are three critical things that need to happen to address the cyber workforce shortage.


NIST NCCoE seeks comments on Identity & Access Mgmt Guide for energy sector
Executive Gov
08/26/15

The National Institute of Standards and Technology‘s National Cybersecurity Center of Excellence has opened the comment period for a draft guide on access control measures for energy companies to reduce cyber risk. The draft guide provides end-to-end identity management solutions and a use-case scenario of a security challenge encountered in day-to-day operations. The agency will accept public comments on the guide through Oct. 23.


Identity management underpins security in application economy
Security Asia
08/24/15

Applications have become important points of engagement for many businesses and can be accessed across different types of devices, including notebooks, tablets, smartphones and desktop PCs.The application economy is identity-centric and device-agnostic, which is why identity management is critical. In a world with no perimeter and with fewer security anchor points, identity and authentication matter now more than ever. The abuse of identity is a common vector for many successful attacks. With the digital transformation underway globally, the application economy is forcing security leaders to change their mindsets.


Biometrics health care market worth $3.5 billion by 2024
Secure ID News
08/18/15

Health care could be one of the best opportunities for biometric vendors, according to a report from consultancy Tractica. Starting from a base of $250 million in 2015, the firm forecasts that global health care biometrics revenue will reach $3.5 billion by 2024, with cumulative revenue for the 10-year period totaling $12.5 billion.


Germans microwaving, boiling ID cards
Secure ID News
08/19/15

Germany has a national identity card that uses contactless smart card technology to communicate via short-range RFID signals. And if there’s one thing about contactless smart cards is that they are widely misunderstood.Some Germans (and others) have taken to disabling contactless chips in payments cards, national IDs or electronic passports via either microwaving or boiling the documents.