Generic

Cybersecurity News

 

ISIS cyber ops: Empty threat or reality?
Security Week
09/25/14

The extremist militant group ISIS’s aggressive global use of social media is acknowledged as a strategic strength in its jihadist war of terror. Assessing ISIS’s potential to go further and do harm to the American homeland through deployment of offensive cyber operations, however, requires a broader perspective.


SEC alert places cyber security risk at forefront
Hedge Week
09/29/14

Cyber security has quickly become a headline risk for hedge fund managers. Last April, the SEC issued its Cyber-Security Risk Alert, a detailed 26-point questionnaire that aims to address various elements of a hedge fund’s technical and operational infrastructure to determine how vulnerable it is to cyber attacks and data theft. This initiative is being driven by the SEC’s Office of Compliance Inspections and Examinations. It will assess 50 individual firms and based on its findings will draft a set of final guidelines for hedge funds to adhere to. This is essentially a way to address ‘technology risk’ and implement best practices through documentation in the form of a Written Information Security Policy (WISP).


Report: Agencies continue to buck ‘cloud first’ policy -- And the lack of savings shows it
Next Gov
09/25/14

Cloud computing solutions should be considered even for legacy information technology investments not up for replacement, according to a GAO report that found federal agencies aren’t saving as much as they could. Together, seven agencies reviewed have spent $222 million on cloud services since GAO last examined the issue in a 2012 report. That brings their total combined cloud spending to $529 million. But these agencies together only increased spending on cloud services by a total of 1 percent since the 2012 report, and they failed to consider cloud computing services for 67 percent of their IT investments.


FBI director worries about encryption on smartphones
Computer World
09/25/14

The Federal Bureau of Investigation is concerned about moves by Apple and Google to include encryption on smartphones, agency director James Comey said.Quick law enforcement access to the contents of smartphones could save lives in some kidnapping and terrorism cases, according to Comey, who said he's concerned that smartphone companies are marketing "something expressly to allow people to place themselves beyond the law."


JELA, LPTA are but tools in a toolbox
C4ISR & Networks
09/26/14

Contracting tools such as joint enterprise licensing agreements (JELA) and lowest-price/technically acceptable (LPTA) contracts are only tools, according to Victor Gavin, the Navy’s program executive officer for Enterprise Information Systems. As such, they might change the way defense agencies buy IT in the future, but the changes will be beneficial only if officials use the techniques judiciously.


Office of Naval Research eyes tactical cloud
Next Gov
09/25/14

The Office of Naval Research wants to harness the power of cloud computing and bring big data fusion capabilities to the warfighting environment. Last month, the office kicked off a five-year, $12.3 million project for a Navy tactical cloud, a project which could be performed by up to six research organizations. ONR said the cloud infrastructure will exist at the “tactical edge” of Navy and Marine Forces and not ashore.


Making the cloud work for the Military
Breaking Defense
09/24/14

As the military and intelligence community try to take advantage of commercial IT innovation, especially in cloud computing, they have run into harsh limits. Security, long-range bandwidth and the sheer volume of data have created problems for the Pentagon that current commercially available cloud services can’t solve, two senior defense officials said recently. DoD will need a different kind of cloud, said Dave Mihelcic, chief technology officer at the Defense Information Systems Agency (DISA), and Dan Doney, chief innovation officer at the Defense Intelligence Agency (DIA). In fact, it’ll need several different kinds of cloud, customized for different missions.


DOD Is redefining the role of Its internal cloud broker
Fed Tech
09/24/14

As the Pentagon’s designated cloud broker, the Defense Information Systems Agency has played a central role in forging relationships between the Defense Department and commercial cloud vendors. But that model will change as soon as next month: A new memo will clarify DISA’s new role, according to acting DOD CIO Terry Halvorsen. To accelerate cloud adoption, DoD will now let the military departments do their own acquisitions for cloud services.


As cyber force grows, manpower details emerge
Air Force Times
09/23/14

The military will need to expand its force of cyber warriors beyond plans for 6,200 personnel, and the individual services are hammering out the manpower-related details of precisely how to build that force from the ground up, according to a new Pentagon report. The emerging requirements have the Army, Navy, Air Force and Marine Corps developing an array of new recruiting tactics, extended service commitments, training programs, retention bonuses and unique career tracks for the cyber career field.


Apple suffers more phishing attacks than any other internet company, says new report
The Independent (U.K.)
09/26/14

Apple is the ‘most phished brand in the world’ according to a new survey of the hacking method that attempts to trick users into giving up their credentials.The industry body Anti Phishing Working Group (APWG) reported that the iPhone maker accounted for 17 per cent of reports they received followed by ‘perennial favorite’ PayPal and Chinese online marketplace Taobao (an Alibaba property).


Ford considers biometric authentication for future vehicles
BiometricUpdate.com
09/26/2014

Ford’s Global Technologies division has reportedly developed a system to bring advanced biometrics to future vehicles. Compatible with Apple’s iOS, as well as other mobile systems, the biometric system would be applied to the steering wheel of future Ford vehicles as an authentication device that identifies the driver. The system, which works in association with Apple’s Touch ID technology, ensures that the vehicle would only start if the fingerprint applied to the device matches that of the owner or owners. Additionally, the system can work with multiple fingerprints as the driver wraps them around the steering wheel and will measure the drivers pulse to see if there’s a match to the owner.

ISIS cyber threat to US under debate
Dark Reading
09/23/14

Amid fresh threats by ISIS against the US and its allies, worries of what the well-financed and social-media savvy militant group could do in the cyber realm has triggered debate over whether ISIS ultimately could or would disrupt US critical infrastructure networks.


MS-ISAC: Cybersecurity collaboration is needed now more than ever
Government Technology
09/21/14

The scale of cyberattacks, the cost of data breaches and the significant ramifications to our nation have never been greater. Cyber challenges have almost reached a boiling point. Meanwhile, the Multi-State Information Sharing & Analysis Center (MS-ISAC) has grown in its global capabilities and cyberdefense sophistication. World-class information security coordination is now available, but how can local and state governments become more engaged?


N.Y. financial regulator says to focus on cyber security
Reuters
09/22/14

New York's financial regulator said Sept. 22 his agency will focus on cybersecurity over the next year, saying the possibility of a systemic attack to the financial system is one thing that keeps him awake at night.Benjamin Lawsky, superintendent of the Department of Financial Services (DFS) for the state of New York, said cyberterrorism is "the most significant issue DFS will work on in the next year."


General Motors appoints its first cybersecurity chief
Reuters
09/23/14

General Motors has named an engineer to serve as its first cybersecurity chief as the No. 1 U.S. automaker and its rivals come under increasing pressure to better secure their vehicles against hackers. Vehicles rely on tiny computers to manage everything from engines and brakes to navigation, air conditioning and windshield wipers. Security experts say it is only a matter of time before malicious hackers are able to exploit software glitches and other vulnerabilities to try to harm drivers. Security researchers have also uncovered vulnerabilities in those systems that they say make cars susceptible to potentially dangerous attacks.


Russian cyber attack exploits Scottish independence vote
SC Magazine
09/19/14

Russian spy malware was spotted trying to infect new targets using the lure of information about the recent Scottish independence vote. The security firm that spotted the malware believes the most likely targets of the attack are Scottish oil companies and related contractors – who are “probably too complacent at this point with their assessment of how big a target they are”.


Navy to ditch NMCI for Microsoft in cloud email pilot
Next Gov
09/23/14

The Navy has decided to run a pilot of Microsoft cloud email for its reserve forces as an alternative to email on the Navy Marine Corps Intranet (NMCI) after determining it could save hundreds of millions of dollars over five years with the company.When the Microsoft Cloud email pilot is completed, DISA and the Navy’s chief information officer will compare the results to other DoD cloud email pilots to see whether the pilots meet security standards for DoD use. NMCI will transition to the follow-on Next Generation Enterprise Network next month.


Cyberspace is a top FBI priority
Signal Online
09/22/14

James Conley, the director of the Federal Bureau of Investigation (FBI), views cyberspace as one of the bureau’s top priorities across its entire mission set. Not only is economic national security threatened from cyberspace, it also may hold clues to deterring and preventing crimes—if the bureau can exploit it effectively. To be effective at meeting criminal threats, Conley said the FBI needs to be " effective in cyberspace,” which will require recruiting the right people for that realm, conducting surveillance, receiving swift notice of cyber attacks, and working with the commercial sector on cyber issues.


DHS officials tie agency future to risk management
Federal Times
09/24/14

The future of the Department of Homeland Security lies in moving beyond a one-size-fits-all approach to national security, according to top DHS officials. Secretary Jeh Johnson pointed to the Transportation Security Administration’s Pre-Check program as a model for other risk-based programs. He said a risk-based approach makes the most sense in a budget-constrained environment where DHS needs to devote its resources in the way that makes the most sense and has the most impact. Cybersecurity is another area where the agency is developing a risk-based approach by sharing data on potential threats with other agencies and the private sector and monitoring higher-risk areas for potential intrusions.


White House to agencies: We’ve told you enough about software
Next Gov
09/23/14

Agencies are starting to address the problems underlying the hundreds of millions of taxpayer dollars wasted on software, even as the White House continues to reject the notion it should improve its policies on the issue, the Government Accountability Office said Sept. 23.Since its May report identifying widespread software management problems, GAO said, the majority of agencies have reported back with plans for most of its recommendations. One outlier, however, is the Office of Management and Budget, which still disagrees that federal software management policies need improvement.


Health insurance marketplaces could improve information security
Threat Post
09/24//14

The health insurance marketplaces instituted by the Affordable Care Act aren’t doing a bad job of securing sensitive personal information but they could certainly be doing a better job, according a new analysis. The Centers for Medicare and Medicaid Services (CMS) have decreased the risk posed to customer information by establishing a dedicated security team to monitor and fix vulnerabilities, perform weekly vulnerability scans of Federally Facilitated Marketplaces (FFM) and complete two security control assessments of the FFM.


HealthCare.gov still struggling with security
CSO Online
09/24/14

The Inspector General of the Health and Human Services Department released a report Sept. 23 detailing the state of security on HealthCare.gov and the results of vulnerability scans performed in April and May of this year. The report's conclusions are grim, but far from surprising given the security issues that have plagued the site since it was launched. The report outlines several issues with the website, managed and maintained by the Centers for Medicare & Medicaid Services (CMS), many of which have existed for some time. In fact, the application vulnerabilities discovered by the IG are stacked on top of the problems recently discovered by the Government Accountability Office.


CMS sets new deadline to fix two dozen HealthCare.gov cyber shortfalls
Federal News Radio
09/19/14

The Centers for Medicare and Medicaid Services has until Nov. 15 to close real and potential cybersecurity holes in the HealthCare.gov website.Marilyn Tavenner, the CMS administrator, promised House lawmakers Sept. 18 that the site would be better protected when open enrollment begins in two months. The GAO found in a report released Sept. 16 that CMS had problems with its information security and privacy program and its technical security architecture, specifically around access controls and configuration management.


Pentagon unveils draft of new R&D strategy
C4ISR & Networks
09/23/14

Frank Kendall, undersecretary of defense for acquisition, has formally released a draft of his proposed new guidance for acquisition reform, calling for a renewed focus on research and innovation to maintain the increasingly tenuous lead that the U.S. holds in military technology over its adversaries. The "Better Buying Power 3.0" plan — which focuses broadly on technology development in a resource-constrained environment and working with the defense industry to revamp the ways in which the government works with private industry on the research, development and prototyping aspect of the acquisition process — still needs buy-in from industry, Congress and the military services, however.


DoD pursuing options for BYOD, SIPRNet mobility
C4ISR & Networks
09/24/14

Defense Department officials remain focused on mobility as a priority for the military, especially when it comes to being able to communicate securely and in ways that allow users to be productive whether in the Pentagon or deployed in the theater. According to Acting DoD CIO Terry Halvorsen, getting a smart phone that runs on the military’s classified SIPR network is job one, followed by unclassified smart phones that allow for work and personal use on the same device. Department officials also are looking at possibilities for bring-your-own-device options.


Active, reserve components spar over 'sexy' cyber mission
Air Force Times
09/22/14

The Pentagon is finalizing a plan to give reservists a limited role in U.S. Cyber Command’s effort to build a a cyber force.The growth of CYBERCOM has been fueling a tug-of-war between DoD’s active and reserve components. Reserve advocates say the mission is unique because many reservists have civilian careers in the tech sector and are more skilled in cyber operations than many active-duty troops shifting from traditional military career fields. But some active-duty military leaders are reluctant to share the “sexy” cyber mission, which comes with money and jobs that will be largely shielded from forcewide budget cuts, said Adm. Michael Rogers, CYBERCOM commander.


Rescinding DISA's cloud broker role to speed up process
Signal Online
09/23/14

Having a single agency act as the cloud broker for the whole of the U.S. Defense Department's migration to commercial cloud services slowed the process too much, prompting a policy change to divvy up the duties among the services, says the department's acting chief information officer (CIO), Terry Halvorsen.He says DoD has not moved to the cloud fast enough and he wants to give the department more opportunities to move faster, letting the military departments do their own acquisitions of the cloud services, rather than funneling that through one agency, DISA.


DISA to cede procurement authority for commercial cloud to military services
FCW
09/24/14

In an effort to hasten its move to the commercial cloud, the Defense Department will allow the military services to procure their own cloud services rather than leaving that authority to the Defense Information Systems Agency.The policy changeis a significant departure from the role acting DOD CIO Terry Halvorsen’s predecessor, Teri Takai, laid out for DISA as a centralized cloud broker.


Cyber has a new look in the U.S. Army
Signal Online
09/23/14

The U.S. Army officially activated its Cyber Protection Brigade earlier this month, marking the first time the service has had such a unit. It falls under the Army’s Network Enterprise Technology Command, commonly called NETCOM. As the defensive operations enabled by the brigade ramp up, the Army now also has a cyber branch operating provisionally, which will change the way soldiers are assigned to cyber career fields.


Navy looks for layered 'fishing nets' of cyber defense
Defense Systems
09/22/14

Acknowledging that there is no magic bullet to defeat all cyber intrusions, the Navy—and the Defense Department in general—are looking for layered cyber technologies that can at least make it hard for enemies to get into networks.


Networking defines Air Force intelligence
Signal Online
09/22/14

The U.S. Air Force intelligence architecture is a global network that ties together all of its intelligence, surveillance and reconnaissance (ISR), according to a high-ranking Air Force official. The service plays a major role in cyber operations, and one key to prevailing in cyberspace and maintaining effectiveness in the ISR network would be to let machines do some of the thinking for Air Force personnel, he suggested. The Air Force will continue to pursue advanced technologies, such as secure, reliable communications; an effective modeling and simulation environment; and air-specific technologies, and open architectures will be a requisite for any information technology system.


Obama's top military adviser urges new federal cybersecurity rules
Inside Cybersecurity
09/18/14

The federal government needs to impose carefully calibrated cybersecurity standards on the private sector but it might not happen until there is a crisis, according to Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff. The United States is still working to understand how to reconcile values like the freedom of information, privacy and security in the context of cyberspace, Dempsey said in a recent speech.


As cyber force grows, manpower details emerge
Military Times
09/22/14

The military will need to expand its force of cyber warriors beyond plans for 6,200 personnel, and the individual services are hammering out the manpower-related details of precisely how to build that force from the ground up, according to a new Pentagon report.


Air Force looking to combat cloud for future operations
C4ISR & Networks
09/22/14

Use of the cloud seems pervasive in the Defense Department these days, but one area where defense officials still are feeling out how to make it work is in combat in the air. In an era of increasingly contested environments in air and space, the need for sharing information and combat-related data is critical. Air Force officials say they are searching not only for the best solutions, but for the best ways to collaborate with the other services to make those solutions work — something easier said than done.


NATO urged to embed cyber defence into mission planning
Jane's
09/22/14

NATO needs to further simplify its networks to minimize the risk of cyber intrusion, while embedding cyber defense as a permanent feature of exercise and mission planning, according to the NATO's top cyber security official.


Mobile device security is sacrificed for workforce efficiency
Help Net Security
09/23/14

While mobile devices are an integral part of the workplace, the cyber security practices and budgets in most organizations are not keeping pace with the growing number of devices that must be managed and kept secure. According to a new survey by Raytheon, 52 percent of organizations and employees frequently sacrifice security practices to realize the efficiency benefits of mobile connectivity.


FBI’s new NGI system leads to faster and more accurate responses
BiometricUpdate.com
09/24/14

The FBI said that its new biometric identification system, Next Generation Identification, has resulted in faster and more accurate matches in the criminal history record database. The FBI’s biometric identification system, Next Generation Identification, is now in full operational capability phase and replaced the previous repository for fingerprints entitled Integrated Automated Fingerprint Identification System.

ISIS cyber capability judged more 'aspirational' than operational
FCW
09/17/14

Interviews with cybersecurity experts and questions posed to public officials reveal an assessment of the cyber warfare capabilities of the Islamic State of Iraq and Syria that, while potentially dangerous, remains more aspirational than operational.


Space, cyberspace are stealth threats to U.S.
Signal Online
09/19/14

Among the many perils faced by the U.S., space and cyberspace pose some of the greatest challenges. And, there is no public wave of awareness or demand for action looming on the horizon, to the detriment of the nation. This harsh assessment was recently delivered by the top two members of the House Permanent Select Committee on Intelligence, Chairman Mike Rogers (R-MI) and Rep. C.A. Dutch Ruppersberger (D-MD), ranking member.The two warnof increasing threats to U.S. economic prominence if those two areas are not addressed.


Michael Daniel: Cybersecurity in need of new approach
Politico
09/18/14

Efforts to improve the security of cyberspace have fallen short due to a general inability to grasp the economic and psychological dimensions of the problem, said White House Cybersecurity Coordinator Michael Daniel. Increased government involvement in cyberspace means that decisions that once were easy to make have become enveloped in political processes, Daniel said, but that isn’t a reversible state of affairs. As for concrete solutions, Daniel said the Obama administration is looking for an alternative way to engage the private sector that isn’t dependent on traditional regulation or contracting.


America should not shrug at its cyber vulnerability
The Washington Post (editorial)
09/19/14

Recent events show once again that the U.S. is under siege in cyberspace. Disruption, theft, espionage and attack have been accelerating, and vulnerabilities threaten everyone who holds a credit card, visits a doctor or uses social media. Yet the national response has been alarmingly and inexplicably passive. Congress has debated comprehensive legislation but failed to reach agreement, and the administration and has taken some modest steps, but it can’t solve the problem alone. The private sector, deeply dependent on the Internet, is seriously exposed but also cannot find a solution. There is a strange complacency about massive data breaches, but the thieves, spies and warriors in cyberspace need to be defeated, and it is long past time to get started figuring out how.


New federal regulations on cyber security lead to revenue loss, business disruption and loss of productivity in financial services sector, Radware survey finds
Globe Newswire (news release)
09/22/14

Radware, a provider of application delivery and application security solutions for virtual and cloud data centers, released a new survey which finds that even though 87 percent of those surveyed in the financial service industry agree that current regulatory changes are very important or critical to keeping their companies and industry secure, these new federal guidelines were having an adverse impact on their businesses.


Israel launches Cyber Defense Authority
Security Week
09/21/14

Israeli Prime Minister Benjamin Netanyahu has launched a National Authority for Cyber Defense to oversee the protection of both military and civilian systems. The announcement comes after Netanyahu accused regional foe Iran of launching repeated cyber attacks on Israel, particularly during its 50-day conflict with Hamas in July and August.


Intel agencies push shared IT services from concept to reality
Federal News Radio
09/19/14

Three years after the intelligence community's leaders agreed that it was time for them to consolidate their IT systems into a shared infrastructure, the project has moved beyond PowerPoint slides and scattered pilot projects. The Intelligence Community Information Technology Environment (ICITE) has services up and running now, with thousands of users consuming them.


ICITE ready to ramp up, ODNI official says
FCW
09/18/14

After more than two years of foundation-setting, the intelligence community is moving its project to establish a common IT platform into a new phase that includes enterprise management and advanced tools for the cloud.


NSA Technology Directorate looks internally, externally
Signal Online
09/17/14

The National Security Agency (NSA) is focusing inward and externally as it adopts a new approach to technology policy. This effort ranges from seeking outside partners in technology development to conducting an internal audit to uncover weak points that might bring down the agency. NSA's director of research says her directorate has three areas of focus, including looking at the agency’s technologies with a critical eye toward vulnerabilities and looking at how NSA partners with technological partners on the outside.


Is NSA planning to beef up cyber response capabilities?
Next Gov
09/18/14

The head of Cyber Command and the NSA, Adm. Mike Rogers, suggests that more spying is important for better cyber defenses and that Cyber Command is pursuing partnerships with businesses that make up the nation’s infrastructure to get them to report data breaches much more quickly. Rogers’s comments suggest that the NSA will not be changing its approach to metadata collection in any meaningful way. In fact, he seemed to imply that the growing threat posed by massive cyber incidents could serve as justification of expanded types of data collection, and that he wants to build up a “full spectrum of capability” to allow the government to respond to cyber attacks and, of course, launch them.


Government, industry must expand cyber intelligence sharing
Signal Online
09/18/14

Defeating cyberthreats will require greater sharing among government and industry in new ways, according to cyber intelligence experts. A recent panel discussion explored new issues in cyber intelligence information sharing, with a DIA official saying that cyber intelligence sharing is important at the intrusion level as well as at the strategic level. Another said that when an intruder penetrates an organization, defenders must examine why the adversary chose their group, especially if the intruder wishes to attack again.


Agencies demand FedRAMP-approved cloud services
Fed Tech
09/17/14

The Federal Risk and Authorization Management Program has redefined how commercial cloud vendors do business with the government, setting clear expectations for both agencies and companies by creating a common language and standards for securing cloud-based products and services. Federal cloud computing has grown into a $3 billion market since the pre-FedRAMP era, when agencies didn’t have a mechanism for certifying if vendors could meet security requirements. Agencies have come a long way since then, and it shows in their solicitations for cloud services, with requests for FedRAMP-approved cloud services now common.


Uncle Sam drops $3M in grants to kill the password
Next Gov
09/18/14

The nation's wireless carriers, the state of North Carolina and several online stores have been awarded $3 million in federal grants to do away with passwords and offer consumers other options to securely access online services, Commerce Department officials have announced. The National Strategy for Trusted Identities in Cyberspace is seeding an industry-led initiative to build a better login. The three pilot projects are intended to lay the foundation for a global ID exchange.


White House: ‘Work as a community’ for cybersecurity
The Hill
09/19/14

The White House wants private companies’ help to secure the country’s cyber networks. In a blog post, White House cybersecurity coordinator Michael Daniel has called for companies to weigh in to the federal government and help coordinate to fight hackers. Daniel said companies can weigh in on the Commerce Department’s framework for protecting critical infrastructure networks like Wall Street and utility grids, which the department is currently accepting comments for until Oct. 10, and more generally companies can put their heads together with the government to figure out how to respond to specific attacks.


This is why we don’t have meaningful cybersecurity legislation yet
Next Gov
09/18/14

Why is it so difficult for governments to establish proper legislation about cybersecurity and privacy? The issue of governing the multidimensional virtual world is rather complex, as it is not easy to define the territory. Territory boundaries in the cyber realm are naturally based on a large network boundaries on which citizens interact daily – making purchases, doing taxes, renewing insurance, communicating with friends and family – all online. These boundaries generally do not line up with state lines or country borders. The starting point here should be to identify the parameters of the situation.


Better Buying Power 3.0: How the Pentagon hopes to save its technological advantage
FCW
09/19/14

The Defense Department's top acquisition official continued his odyssey to improve how the Pentagon spends tens of billions of dollars annually on weapons and IT by releasing a draft of "Better Buying Power 3.0" on Sept. 19.While the first two versions of BBP centered on acquisition best practices and decision-making, respectively, this round is hands-on: it focuses on getting new gear into the hands of soldiers faster and with a closer eye on American adversaries. The new initiative is an effort to halt the erosion of American technological advantage at the hands of China and Russia.


No love for profit in DOD's Better Buying Power 3.0
Washington Technology - WT Business Beat (blog)
09/19/14

The Pentagon's Better Buying Power 3.0 initiative is focused on affordability, incentives for government and industry, better competition, eliminating unproductive processes, more innovation and a more professional acquisition workforce. But one industry expert says the plan doesn't go far enough, and that there isn’t enough focus on “achieving extraordinary outcomes.” Instead there is too much focus on internal process changes and there are still too many barriers to innovation and efficiency.


After hacks, Transcom to require contractors to report data breaches
Defense Systems
09/18/14

After being kept largely in the dark as suspected Chinese hackers spent a year breaking into the networks of some of its contractors, the U.S. Transportation Command will now require its contractors to report any suspected breaches.


US military in the dark on cyberattacks against contractors
Dark Reading
09/18/14

A new Senate Armed Services Committee report shows that a lack of communication has left the US Transportation Command (Transcom) in the dark about threats to cyber security. The reportcontends that hackers tied to the Chinese government successfully penetrated systems belonging to Transcom contractors at least 20 times during a 12-month period beginning June 1, 2012. The report is the culmination of a year-long investigation by the committee, which found that gaps in reporting requirements and a lack of information sharing between government agencies left Transcom largely unaware of the compromises.


Army may face cyber sticker shock
Signal Online
09/10/14

The U.S. Army is building a Cyber Center of Excellence at Fort Gordon, Georgia, and it will not come cheap, warned Maj. Gen. Stephen Fogarty, USA, the center’s new commanding general. Right now, he said, the service's CIO and the intelligence community are helping fund Signal Corps and intelligence aspects of the center, but much of the funding needed will not fall under either function. Among other things, the center requires secure facilities commonly referred to as a SCIF, or sensitive compartmented information facility.He said the Army will have to identify a new funding stream to provide a signal and cyber SCIF for the center of excellence.


Army, Air Force reach first milestone in shared cybersecurity system
Federal News Radio
09/18/14

The Army and Air Force have taken a major step toward building a shared cybersecurity architecture for their military bases. The first installation is up and running at Joint Base San Antonio (formerly known as Fort Sam Houston and Lackland Air Force Base) under the joint security construct. Several more installations are expected to follow suit over the next few months.


Is enterprise IT security ready for iOS 8?
Dark Reading
09/19/14

Apple hopes to up the security and privacy ante with a passel of new security features in iOS 8. However, enterprises may find that they still must work hard to secure data traversing across devices using the new mobile operating system.


DC tests ID management for first responders
GCN
09/17/14

When an emergency occurs on federal property, responders from different agencies and jurisdictions arrive on the scene to help. Without good access control, first responders could be walking into a situation they are not properly trained for, or wherean attacker could use the emergency to cover his entrance into a secure facility. The problem of incident security ultimately will be solved with a nationwide network of standard first responder credentials, according to a DHS official who is working with state and local agencies to build just such a system.


Passwords vs. biometrics
GCN - Cybereye (blog)
09/19/14

Identity management and access control are the front lines of security. The ability to accurately identify users and control what they do within your systems is what separates insiders from outsiders. It has been apparent for some time that the traditional tool for this task – the password – is inadequate for the job, and biometrics is emerging as an alternative.


Identity and access management: Hot or not?
CTO Vision
09/19/14

Identity and access management (IAM) is increasingly being deployed within organizations across multiple sectors as they recognize that a progressive approach to IAM is crucial for their companies. Though not yet mature, the IAM market continues to grow because of a number of influences and developments. Some of the developments include, among others, cloud computing, web solutions, information governance and BYOD. To better understand how the market in moving toward IAM, here is a look at some of the developments and their impacts.


MasterCard biometric verification system achieves 98% success rate in pilot
BiometricUpdate.com
09/19/14

MasterCard says that a biometric verification system, which combines both voice and facial recognition, has achieved a 98% success rate in its pilot trials. The credit card firm recently held a closed pilot trial to gain a deeper understanding of consumer interaction with voice and facial recognition.


Error in element (see logs)