warns of cyberattacks linked to China
Russian cyberspies hit Ukrainian, US targets with Windows zero-day attack
The FBI issued a warning to companies and organizations Oct. 15 about
cyberattacks by people linked with the Chinese government.The advisory, issued privately, contains
"information they can use to help determine whether their systems have
been compromised by these actors and provides steps they can take to mitigate
any continuing threats."The
warning came a day after security companies said they've been working closely
together to enable their products to detect several hacking tools used by a
China-based group against U.S. and other companies over several years.
should the government respond to JPMorgan hack?
According to former Attorney General Michael Mukasey, for now the proper
response by the U.S. government to last summer's JPMorgan hack "is to try
to find out who did it and why."But, said Mukasey, if a nation state turns out to be responsible for the
JPMorgan hack, the government should respond.
findings from Ponemon Institute’s ‘Cost of Cyber Crime’ studies
Ponemon Institute has released its 2014 Global Report on the Cost of Cyber
Crime, based on regional Cost of Cyber Crime studies for 11 countries,
including France, Germany and Italy. This post summarizes the key findings of
the European studies, and shows what you can do to protect yourself from cyber
security risks using the international standard for best-practice information
security management, ISO 27001.
device and date use skyrockets, US gov't survey says
U.S. mobile phone users are “rapidly embracing” smartphones and tablets,
noted a report from the U.S. Department of Commerce’s National
Telecommunications and Information Administration. Even though the report is
based on 2-year-old information from the U.S. Census Bureau, the latest NTIA
survey of U.S. residents’ Internet and computer use shows some important trends
and gives U.S policy makers “some valuable insights,” said John Morris,
director of Internet policy at the NTIA.
partners with MITRE on cybersecurity research and development center
University of Maryland (news release)
The University System of Maryland (USM), including the University of
Maryland, College Park (UMD) and University of Maryland, Baltimore County
(UMBC), is partnering with The MITRE Corporation to operate the first federally
funded research and development center (FFRDC) solely dedicated to enhancing
cybersecurity and protecting national information systems.
Council of Maryland to use $225,000 grant for cyber job training
Washington Business Journal
The Tech Council of Maryland will use $225,000 in federal money to train
job seekers for cyber and technology jobs. The funding is part of a $15 million
grant to the Cyber Technology Pathways Across Maryland Consortium, announced in
September. Fourteen community colleges, led by Montgomery College in Rockville,
comprise the consortium. They are working together to improve cyber job
training and access to cyber jobs, especially among veterans, women and
boost for cyber security research
Asia One / The Straits Times
Some $42 million will be set aside by Singapore for seven projects in cyber
security research over the next two to five years, as Singapore looks to boost
its defense against cyber attacks. The money will come out of a new $130
million government plan to enhance Singapore's fire power against cyber attacks
that could threaten government agencies and services such as banking. The seven
projects will involve research in topics such as digital forensics, and mobile
and cloud data security.
announces plan to tighten card security
Saying more must be done to stop data breaches affecting consumers,
President Barack Obama announced on Friday a government plan to tighten
security for the debit cards that transmit federal benefits like Social
Security to millions of Americans. Cards issued by the federal government will
now have an internal chip replacing magnetic strips to reduce the potential for
security on federal payment cards
As part of wide-ranging set of policy initiatives about financial
information security, President Obama announced the federal government will be
switching to payment cards that are protected by two new layers of security – a
microchip that is harder to clone than a magnetic strip and a personal
identification number that users key in during transactions, like a bank card.
Beginning next year, new payment processing terminals at federal agencies must
have the necessary software to support these new security features.
orders chip-and-PIN in government credit cards
President Obama issued an executive order Oct. 17 to have secure
chip-and-PIN technology embedded into government-issued credit and debit cards
as part of a broader move aimed at stemming payment data breaches. Under the
order, government-issued cards that transmit federal benefits such as Social
Security will have microchips embedded instead of the usual magnetic strips, as
well as associated PINs like those typically used for consumer debit cards. A
replacement program for the cards is set to begin on Jan. 1 of next year, with
the goal to have more than 1 million such cards issued by the end of the year.
'FedRAMP Ready' systems
The GSA will unveil its newest category for the Federal Risk and
Authorization Management Program on Oct. 17, showcasing cloud service providers
ready to perform assessments and authorizations with potential agency
systems have had their documentation reviewed by the FedRAMP program management
office and -- at a minimum -- have gone through the PMO readiness review
bidder pile-on for VA’s $22.3 billion tech deal
Next Gov - What's Brewin'
The number of companies that have expressed interest in bidding on the
Department of Veterans Affairs’ Twenty-One Total Technology Next Generation
contract -- known as T4NG -- hit 635 vendors Tuesday, according to a VA
spreadsheet.VA plans to award up to 20
indefinite-delivery, indefinite-quantity contracts under T4NG, which will run
for an initial five years with an option for another five years.
team, one fight in cybersecurity
The Defense Department understands the value of a physical co-location,
having put two of its key cybersecurity components, Cyber Command and the NSA,
at Ft. Meade. Having federal civilian agencies down the hall from each other
also is both possible and valuable.As
such, GSA has asked for $35 million in FY15 to develop requirements for and to
fund design of a civilian federal cybersecurity campus. The idea is to
collocate key components from multiple federal civilian agencies with
cybersecurity responsibilities, along with private sector partners, to improve
collaboration in the drive to enhance homeland and national security against
growing cyber threats.
data breach notification law unlikely in 2014
Gov Info Security
Despite President Obama's support and growing interest in Congress in
enacting a national data breach notification law, no such bill has reached
either the Senate or House floors in the current Congress, nor is such
legislation likely to be voted on before the current Congress adjourns.Business groups and consumer advocates with
allies in Congress cannot agree on key provisions of data breach notification
measures, with businesses wanting less stringent data breach notification rules
than do consumer advocates.
looks for models for securing commercial cloud
The Defense Information Systems Agency wants to test the viability of two
technical models for implementing commercial cloud within the Defense
Department.DoD wants its cloud use to
be secure, while also tapping expertise from commercial vendors. To do that,
DISA is looking for ideas on cloud-integration models that will offer "the
physical protections that a DOD installation provides, while still allowing the
commercial vendors to offer their contemporary cloud ecosystems directly to the
military community," the agency said Oct. 1 in announcing an RFI.
years after establishment, Army Cyber Command touts progress
The relatively new Army Cyber Command is looking to perform more joint
operations as it continues to build its capabilities, a pair of its senior
leaders said Oct. 15 at the Association of the United States Army annual
conference in Washington, D.C.But in
order to do that, it will need to collaborate with the government and private
industry to develop a capable, sustainable cyber environment, said its
commander, Lt. Gen. Edward Cardon.
comes the Army Cyber Battle Lab
Next Gov - What's Brewin'
The Army currently operates a Network Battle Lab and plans to change it to
the Cyber Battle Lab beginning in October 2015 -- and is looking for some
contractor support. The Network Battle Lab was focused only on experimentation
to support the network, but will now add experimentation to support all areas
of "cyber electromagnetic" activities. These include cyberspace
operations, electronic warfare and spectrum management operations.
eyes coordinated land-cyber missions
US Army officials say they are working toward a capability that will
synchronize land power and cyber capabilities for tactical effects on a future
battlefield. Army Chief of Staff Gen. Raymond Odierno said in an interview that
the service’s new operating concept calls for the synchronization of air, sea,
land and cyberspace.
electronic warfare ‘is a weapon’ – But cyber is sexier
Col. Joe Dupont, the Army’s project manager for electronic warfare programs
— and its recently declassified offensive cyber division — faces an uphill
battle against tight budgets and Army culture to make the case that EW doesn't
just enable weapons systems, "EW is a weapon system."As the world goes wireless, phones and
computers depend increasingly on radio links rather than physical cables, which
means jamming and hacking, traditional electronic warfare and the brave new
world of cyber, are beginning to blur together.
molds the defense IT enterprise
One of the greatest successes for Mike Krieger, deputy chief information
officer/G-6 for the Army, is the recent integration of enterprise email
throughout the Army. From a slew of Microsoft Exchange servers run by different
organizations, the Army now has just one email service for its 1.5 million
users run out of the DISA’s cloud.Organizations across the Army are now comfortable drawing services from
the enterprise compared to 2009-2010 when they still provided their own
services to users. Another other major change he’s witnessed is a shift in the
belief that network capabilities need to be “very tip-of-the-spear,” to a
recognition that there are things that can be better done from the enterprise.
chief: 1,000 new jobs coming to S.A.
My San Antonio
The director of the National Security Agency, Adm. Mike Rogers, said Oct.
16 that San Antonio could expect as many as 1,000 additional personnel working
on the Defense Department's ongoing cybersecurity mission over the next three
the cybersecurity executive order means for authentication
Secure ID News
President Obama has signed an executive order on cybersecurity that
requires federal agencies to issue and accept EMV payment cards and take extra
precautions online when protecting citizens’ personal information. The focus of
the announcement was on the move to EMV and the more secure chip and PIN
technology. But, event more significantly, a short section of the executive
order focused on a move to more secure authentication by government agencies.
The wording is vague and lacks concrete examples of how and why such a
multi-factor authentication system might be necessary. But here are some
scenarios of how this system is likely to roll out.
biometrics revolution is already here — and you may not be ready for it.
The Washington Post
The future is here, and it's biometric identification: You will soon be
able to unlock the most recent iPad model with your fingerprint; banks are
reportedly capturing voice imprints to catch telephone fraud; and the FBI's
facial recognition database is at "full operational capacity." But
while these technologies are already influencing consumers' lives, it's not clear
that everyone understands the long-term implications of widespread biometric
use, experts say.
ready for a new wave of biometrics
It's common knowledge that passwords are flawed, but if anything can
benefit from this year's seemingly never-ending security breaches, it's the
field of biometrics. Digital biometrics—using people's fingerprints, voices,
and faces to unlock devices instead of using memorized passcodes—aren't new.
What is new is the timing: The rapid demise of the conventional password in
this year alone means digital biometrics can be "cool" again.
The Russian cyber espionage and cybercrime worlds once again have collided in a newly discovered cyberspying campaign that uses a zero-day flaw found in all supported versions of Microsoft Windows. Among the targets of so-called Sandworm cyberespionage team are NATO, the Ukrainian government, a U.S. think tank specializing in Russian issues, Polish government and energy entities, a French telecommunications firm, and a Western European government agency.
DHS: Attackers hacked critical manufacturing firm for months
DHS has disclosed that an unnamed manufacturing firm vital to the U.S. economy recently suffered a prolonged hack. The event was complicated by the fact that the company had undergone corporate acquisitions, which introduced more network connections, and consequently a wider attack surface. The firm had more than 100 entry and exit points to the Internet.The case contains a lesson for civilian and military agencies, both of which are in the early stages of new initiatives to consolidate network entryways.
FDIC to banks: Prep for “urgent” threat of cyberattacks
JD Supra - Business Advisor
Financial institutions are facing an “urgent” threat of hacks and cyberattacks causing regulators to take a closer look at banks’ efforts to combat such concerns, the Federal Deposit Insurance Corporation (FDIC) Chairman recently cautioned.At the American Banker Regulatory Symposium, FDIC Chairman Martin Gruenberg told attendees that the rise of cyberattacks targeting banks has triggered a need for regulators to assess the efforts of institutions to fight back or prevent such attacks.
Obama said to warn of crippling cyber attack potential
President Obama reportedly believes cyber terrorism is one of the biggest threats to national security and says the White House is bracing for a possible doomsday scenario if hackers can successfully penetrate government and business computer systems.
Washington wants to become a hub for cybersecurity companies. Can it be done?
The Washington Post
This fast-growing field of civil cybersecurity presents a multibillion-dollar business opportunity for technology companies and a powerful new economic development engine for the jurisdictions where those companies establish their headquarters.Few parts of the country are as flush with potential as the Washington region, but the region must also overcome certain deficiencies if it is to become a cybersecurity hotbed. A growing number of public and private sector initiatives have taken shape to address those shortcomings.
Cleveland Indians' IT team hits a grand slam with new analytics platform
Security Info Watch
The Cleveland Indians baseball team, like every enterprise organization, faces omnipresent cybersecurity threats.The team’s network, not only at the home ballpark, but at the out-of-state training facility and for the scouts on the road, must be fast and secure. Customer data and the Indians’ brand must be protected.The club has chosen virtual appliance software that monitors security, performance and compliance in cloud and virtualized infrastructures – all from a single screen.
Wearables and IoT among top tech trends for 2015
IT research firm Gartner has published its list of top 10 technology trends to watch next year as businesses draw up their strategic IT plans.The list includes mobile computing, wearables, Internet of Things (IoT) solutions, 3D printing, context-aware systems, autonomous smart devices, mobile-friendly cloud applications, software-defined applications and infrastructure, Web-scale IT and self-protecting, security-aware applications.
Why colleges should stop splurging on buildings and start investing in software
The Washington Post
For decades, America’s colleges and universities have been on a massive spending spree, building new dorms, student centers, sports complexes, and academic buildings, but key educational performance metrics have not greatly improved.What if the leaders of our colleges and universities had channeled just a fraction of this edifice-complex capital into technology improvements -- especially software -- instead?
Cloud computing is forcing a reconsideration of intellectual property
The New York Times
We’ve used ideas to sculpt the globe since the Industrial Revolution, thanks largely to the way we handle intellectual property. Now, according to people involved in the business of protecting ideas, all of that is set to change. Software, lashing together thousands of computer servers into fast and flexible cloud-computing systems, is the reason. Clouds, wirelessly connected to more software in just about everything, make it possible to shift, remix and borrow from once separate industrial categories.
Is it time for fresh procurement reform or just a rereading of existing law?
Federal News Radio
The 1996 Information Technology Management Reform Act (Clinger-Cohen) wasn't purely a procurement reform.But it did supersede prior law under which IT procurement became the province of the GSA, which had the power to delegate purchase authority to agencies, and it instituted a new way for federal agencies to do IT investments strategically.The Clinger- Cohen era bolstered the idea of IT and all strategic procurements as investments that must relate to missions.So what's needed for the future?
Governmentwide cloud contracting efforts missing key ingredients, IGs find
Federal News Radio
The Council of Inspectors General analyzed 77 commercial cloud contracts across 19 civilian agencies and found most failed to implement federal guidance and best practices.Additionally, 59 cloud systems reviewed did not meet the requirement to become compliant with the Federal Risk Authorization and Management Program (FedRAMP) by June 5, 2014, even though the requirement was announced on December 8, 2011.
Wolfe brings the cloud to the intelligence community
Doug Wolfe, the chief information officer of the Central Intelligence Agency, has embarked on a mission to guide the development of cloud computing for the whole of the intelligence community, knock down barriers between silos of data and analysis, introduce speedy IT and software development to traditionally slow-moving organizations and help make the intelligence sector a beacon of innovation for the rest of government.
Is FedRAMP toothless? Rogue cloud systems abound at agencies, IGs say
Many agencies blew past a deadline this summer to make sure their cloud computing systems met baseline security standards. And it appears they’ll face little reproof for doing so. Among the potential problems uncovered by the Council of Inspectors General on Integrity and Efficiency are a mostly toothless process for ensuring agencies’ cloud systems meet basic security standards and fuzzy service-level agreements between agencies and commercial cloud providers.
White House working around cyber bill impasse
As time runs out for Congress to pass cyber legislation before next year, White House officials are looking for ways around Capitol Hill’s inability to enact policies to secure government networks and critical infrastructure. The executive branch is accelerating efforts to implement cybersecurity within federal agencies and in the sectors responsible for critical infrastructure, including the financial and energy industries.
Pentagon needs to build cybersecurity into the acquisition process
At the confluence of cybersecurity, acquisition and the sometimes small but always vital electronic components that make up battlefield systems lies a serious vulnerability. The gist of the issue is simple: Our weapons platforms and systems are subject to potential compromise if we fail to secure them. And unless and until we embed cybersecurity into system architecture and design, we are handing our adversaries -- who are many and varied -- an advantage that they have not earned.
Army seeks industry partner for geospatial tech R&D
Gov Con Wire
The U.S. Army Corps of Engineers is looking for potential vendors who can provide research, development, engineering, assessment and validation support to the USACE Geospatial Center in Virginia. It is looking to award up to $200 million over five years for a partner who will help the organization build platforms intended to exploit GEOINT, full motion videos, wide area motion imagery and C4ISR data, and explore methods of disseminating geospatial information from mobile devices to data analytics and management systems being used by other military and civilian agencies.
COTS devices gain a tactical edge
C4ISR & Networks
Commercial off-the-shelf (COTS) technologies, once viewed with skepticism by the Defense Department and military services, are rapidly becoming mainstream tactical communication devices as well as trailblazing new form factors, functionalities and procurement processes.
AUSA: Army to require open-source intel training
C4ISR & Networks
The Army is formalizing its growing emphasis on open-source intelligence, or OSINT, including requiring soldiers to get at least some basic training in how it works, according to Army officials. In the coming weeks the service will launch a distance-learning package that will be required for all soldiers so that they have at least a basic understanding of how OSINT works.
MILCOM: Is enterprise IT mindset taking root at DoD?
C4ISR & Networks
The calls for streamlined technology and processes, shared services and enterprise-wide IT at the Defense Department usually are quickly followed with demands less tangible than servers and data centers. To truly enable real reform in defense IT, it’s the people that need to undergo a shift in thinking as well.
How WiFi makes a command post agile
C4ISR & Networks
The advantages of mobile technologies for soldiers are often readily apparent, but there are some important capabilities on the command-post side too, according to COL Ed Swanson, project manager for the Army's Warfighter Information Network-Tactical (WIN-T) program. In particular, the Army is working with “very nascent” commercial technologies, including 4g LTE and WiFi, Swanson said.
Air Force to step up recruiting, shorten training for cyber airmen
Air Force Times
The Air Force may shorten the training time for cyber airmen to move them into their jobs faster — and airmen with existing cyber certifications would get a head start.
AUSA: Army wrestles with talent amid cyber force build-up
C4ISR & Networks
As the Army assembles a 6,000-person-strong cyber mission force in the next two years, officials are trying to determine the best way to attract, organize and maintain the cyber talent required to secure Defense Department networks. The creation of a new Army branch dedicated to cyber means that leaders are learning how to recruit, train, retain and equip cyber forces. It’s been an ongoing effort over the past two years, one that the Army Cyber Command’s chief says is nearly halfway finished.
Detecting cyber attacks in a mobile and BYOD organization
Help Net Security
Many organizations understand that traditional perimeter security defenses are not effective at identifying attacks on mobile devices. This application note sets out to explore the challenges, understand the needs, evaluate mobile device management as an approach to detecting attacks and offer a flexible and high efficacy solution for detecting any phase of an ongoing attack on mobile devices regardless of device type, operating system or applications installed.
'Internet of Things' a risk-reward proposition for security professionals
Security Info Watch
We live in a highly connected world, with smartphone, tablets and other devices that all contain not only a multitude of data-producing sensors, but also a variety of software applications that may require Internet connectivity.And it is not just smartphones that are connected to the Internet.Momentum has been increasing to connect more and more devices of every type to the Internet, resulting in an Internet of Things (IoT).But despite numerous benefits, connected devices still present a myriad of threats.
Cyber security failing in execution, says ex-US cyber czar
Former White House cybersecurity coordinator Howard Schmidt says “The cybersecurity strategies we have are all excellent... but we are still failing in execution."Schmidt believes software developers should do more to ensure users are not faced with security decisions they aren't qualified to make, and he called for greater effort to develop threat scenarios for all software developers, particularly in the critical sectors of energy, telecommunications and financial services.
Report: Rising cybersecurity budgets still not enough
The 2014 Deloitte-NASCIO Cybersecurity study shows what many state chief information security officers already know -- the landscape is fraught with evolving challenges -- and it makes at least two clear conclusions: cybersecurity is the primary concern of many state CIOs and state CISOs, and also that the concerns of CIOs and CISOs are well-founded.While over 47 percent of organizations showed a year over year budget increase, 75 percent cited budget constraints as a challenge.
Can CDM change the game?
Federal agencies have been following continuous monitoring directives and guidelines for a few years now. The Continuous Diagnostics and Mitigation (CDM) program, which the Department of Homeland Security manages with support from GSA, is the government's latest take on continuous monitoring. CDM provides a more comprehensive approach and makes funding available for agencies to adopt the security practice. However, NIST's Ron Ross acknowledges that continuous monitoring is difficult given the number of IT systems in the federal sector and agencies' diverse missions and business functions.
National security implications for financial system cyberattacks?
As the White House ponders whether this summer's massive hack of the financial services industry was a targeted, sponsored attack by Russia or terrorists, a recently released Proofpoint study provides new details on how the "cybercrime infrastructure" of a criminal operation that targets U.S. and European banking systems can work.
Not up to speed on continuous diagnostics and mitigation? Then wave goodbye to billions of cybersecurity dollars
Washington Business Journal
The federal cybersecurity market segment has finally started to gel into a definable, addressable market – valued at $13 billion, if you believe the OMB estimates - but it might actually be even higher than that. A DHS-funded program called continuous diagnostics and mitigation (CDM) has taken hold as the next phase of fighting cyber attacks in federal information systems.The complete market opportunity is many multiples larger than the funded CDM program, which requested $142.63 million for fiscal 2015. In repeated public presentations, DHS leaders have emphasized that the opportunities in federal dollars for CDM related products and services will exceed the $6 billion ceiling of the five-year BPAs.
DHS to launch acquisition improvement project
The Homeland Security Department will soon be launching a project to improve procurement, starting small but eventually encompassing "all of acquisition," according to Nicole Willis, a senior enterprise architect at DHS.But when she was asked about the need for cross pollination of business, IT and procurement, she said that DHS is looking internally at its procurement processes -- and that's her next project. "We're going to start a project to improve acquisition in general, but also IT acquisition specifically because we have a lot of challenges."
VA announces $22.3B IT services contract
The “next generation” of the Transformation Twenty-One Total Technology Program (T4NG) — the Department of Veterans Affairs’ contract to manage its IT systems — will almost double in scope from the current T4 contract, with the projected value rising from a ceiling of $12 billion to $22.3 billion. The T4NG contract is focused mainly on management of the VA’s IT systems, health IT and telecoms, however the chosen vendors will also have some discretion to purchase new software and hardware, as needed, to modernize the department’s systems.
White House shifts its cyber legislative strategy
Gov Info Security
White House Cybersecurity Coordinator Michael Daniel says the administration will abandon its efforts to seek passage of a comprehensive cybersecurity measure in favor of smaller, more tailored bills.However, the Senate has not scheduled any votes on cybersecurity legislation, and many people who track cybersecurity legislation have expressed doubts that Congress will act this year. Moreover, it is unclear whether compromise can be reached between the White House and the House over several key pieces of cybersecurity legislation.
White House now thinks smaller is better for cyber bills
Federal News Radio
The White House still holds out hope for comprehensive cybersecurity legislation from Congress — just not a lot of hope.Instead, the administration now has a goal of passing smaller bills that address challenges everyone can agree about, and there are two potential vehicles to do this: the Defense Authorization bill or an omnibus spending bill. Several bills have already made in through the House, including legislation to update FISMA,help promote cyber information sharing, and enhance the cyber workforce.
WIN-T planners aim for increased user-friendliness
C4ISR & Networks
Since its 2004 rollout, the Army’s Warfighter Information Network-Tactical (WIN-T) platform has dramatically enhanced communications in the field. By drawing satellite connections into the communications chain, the system allows war fighters to remain in constant contact, even without an available line of sight. Today, the next iteration of that system is on target to significantly upgrade those capabilities. With its $1 billion annual budget, WIN-T Increment 2 promises to simplify system use and streamline operation and maintenance tasks.
Army Guard’s first cyber protection team activated; receives new shoulder sleeve insignia
The Army National Guard’s first cyber protection team received its new shoulder sleeve insignia Oct. 7 during a ceremony conducted by Army Cyber Command (ARCYBER) at Fort George G. Meade, Maryland. One official called it " symbolic of the integration of the reserve forces into the active forces in the common defense of our networks,” while another
cited the ceremony as a major milestone for Army cyberspace operations, Guard and Reserve forces and for the Army, saying “Army Cyber Command is taking a Total Force approach to building and employing the Army’s cyber force.”
Officers can apply to go cyber in voluntary transfer program
The Army is accepting applications from Regular Army officers in the ranks of second lieutenant through colonel who want to become members of the service’s new career branch for cyber warriors. Selections for duty as 17A cyber warfare officers will be made by a Voluntary Transfer Incentive Program panel. The Oct. 8 announcement comes one month after the Army activated its first-ever Cyber Protection Brigade at Fort Gordon, Georgia, which will be composed of several existing and future cyber protection teams detailed throughout the force.
Hackers show the NSA's capabilities are not magic
A group of security researchers, hardware hackers, hardware developers and hobbyists have set out to demonstrate that many of the tools similar to those used by the National Security Agency (NSA) for surveillance operations can be reproduced on a low budget with open source software and hardware components.
Wireless mesh networks for Internet of Things latency
Enterprise Networking Planet
The issue of Internet of Things security has already been hammered to death on tech news sites. Security, however, is far from the sole – or even necessarily primary – bugaboo facing widespread IoT deployment in the enterprise. Accessibility – security's mortal foe – is potentially just as big a problem. Several solutions have been floated, most involving some form of a distributed mesh network. And a ubiquitous one at that.
Four-digit passcodes remain a weak point in iOS 8 data encryption
The strength of Apple’s revised encryption scheme in iOS 8 hinges on users choosing a strong passcode or password, which they rarely do, according to a Princeton University fellow.By default, Apple asks users to set a “simple passcode,” which is a four-digit numerical PIN, although users can set much longer pass phrases. If an attacker can guess four-digit passcodes at 12 per second, the entire space of 10,000 possible PINs can be guessed in about 13 minutes, or 14 hours at the slower rate of one per five seconds. The best advice is to create a password that is at least a 12-digit random number or a nine-character string of lower-case letters.
White House will push piecemeal cybersecurity bills
During a speech in which he unveiled a new strategy to seek congressional action on cybersecurity legislation, White House Cybersecurity Coordinator Michael Daniel also said it would be major step forward in cybersecurity for Americans to stop using passwords as their major method of computer security. Password technology is just too vulnerable to attack, he said. Instead, Daniel advocated the use of biometric security measures such as using your fingerprint to access your computer or smartphone or face recognition security through the device's camera.
North Carolina to pilot secure electronic ID
NIST has awarded the North Carolina Departments of Transportation and Health and Human Services a pilot grant to create an electronic ID (eID) intended to operate with the same security and privacy online as driver licenses and state-issued IDs do in person. North Carolina will receive $1.47 million over the next two years to test the security, viability and interoperability of an eID that promotes “confidence, privacy, choice and innovation.” The objective is to bring the well-established trust of a physical driver's license into the online environment as a low-cost, readily available, highly reliable means of assuring that people are who they claim to be in an online setting.