Generic

Cybersecurity News

 

Cybersecurity is a severe and growing challenge for government contractors
Forbes
08/26/14

Washington is responding to the cyber threats against federal contractors by issuing laws, regulations, and standards that require contractors to take broad security measures to safeguard data. In September, the DoD is scheduled to issue a new rule that requires defense contractors to report cybersecurity breaches and give the Pentagon access to their networks to investigate attacks. Intelligence community contractors are bracing for a similar new rule in late 2014 or early 2015.


Information security spending to reach $71 billion in 2014
Information Management
08/25/14

Worldwide spending on information security will reach $71.1 billion in 2014, an increase of nearly 8 percent over 2013, with the data loss prevention segment showing the fastest growth at 19 percent, according to the latest forecast from Gartner Inc. Total information security spending will grow a further 8 percent in 2015 to reach $76.9 billion, helped by the increasing adoption of mobile technology, cloud services, social media and information in general.


Retailers warned to act now to protect against Backoff malware
Computer World
08/27/14

The Payment Card Industry Security Standards Council has issued a bulletin urging retailers to immediately review their security controls to ensure point-of-sale systems are protected against "Backoff," a malware tool that was used in the massive data theft at retailer Target last year. The bulletin instructed all covered entities to update their antivirus suites and to change default and staff passwords controlling access to key payment systems and applications. The council also urged merchants to inspect system logs for strange or unexplained activity, especially those involving transfers of large data sets to unknown locations.


FBI investigating reports of attacks on US banks
Associated Press
08/28/14

The FBI said Aug. 27 it's working with the Secret Service to determine the scope of recently reported cyberattacks against several U.S. financial institutions. News sources report the FBI is investigating an incident in which Russian hackers attacked the U.S financial system this month in possible retaliation against U.S. government-sponsored sanctions aimed at Russia, with security experts saying that the attack appeared "far beyond the capability of ordinary criminal hackers." The coordinated attacks, which reportedly affected JPMorgan Chase and at least four other firms, are said to have siphoned off huge amounts of data, including checking and savings account information.


Questions about Community Health Systems cyber attacks answered
Government Technology
08/26/14

Cyber attacks on Community Health Systems Inc. in April and June copied and transferred the data of 4.5 million patients. Among the 206 hospitals the company owns or leases in 29 states are several in Pennsylvania.  The Times Leader of Wilkes-Barr, Pa. asked a couple of computer experts to explain how this could happen and ways to provide more security to personal data.


6 charts that show why utilities, businesses are concerned about cyber  
Next Gov
08/26/14

The Ponemon Institute and Unisys have decided to figure out what the operators of critical infrastructure actually think of their own cyber safety, by surveying nearly 600 IT security executives of utility, energy and manufacturing organizations.  They found organizations are simply not prepared to deal with advanced cyber threats, with only half of the companies having  deployed IT security programs, and the top threat actually stems from negligent insiders.


Can your home be hacked? Possibly.
Security Watch
08/23/14

A Kaspersky Lab security researcher looked at the networked devices in his home and found that hackers could actually break in, even though he doesn't really have a lot of high-tech equipment.  In fact, you don't need fancy gadgets or high-tech equipment to have a networked home, as a typical home has around five devices connected to the local network which aren't computers, tablets or cellphones.


Major cyber attack hits Norwegian oil industry
The Register (UK)
08/27/14

More than 50 Norwegian oil and energy companies have been hacked by unknown attackers, according to government security authorities. A further 250 firms have been advised by the Norwegian government that they ought to check their networks and systems for evidence of a breach.


Behind the huge cyberattack campaign against Latin American governments
Next Gov
08/26/14

For the past four years, a secret cyber-attack campaign, possibly state-sponsored, has been directed at several Latin American intelligence services, military, embassies and other government institutions. Kaspersky Lab, which claims to have unearthed the campaign, has given it a name: El Machete.  According to Kaspersky, the attacks started in 2010, and its Spanish-speaking roots are revealed in the source code of the attackers as well as the nature of the attacked.


China to debut its own OS amid cybersecurity concerns
Defense Systems
08/25/14

China’s domestically developed operating system could be ready by October, according to the government-run Xinhua news agency.  Looking to compete with Google, Apple and Microsoft, the OS will first debut on desktop devices and eventually be implemented on mobile devices such as smartphones and tablets. Chinese officials hope the software will be able to replace current desktop systems in one to two years and mobile systems in three to five years.


Syrian cyber-attacks expose activists, firms to malware infection
eWeek
08/20/14

Groups of attackers have targeted activists on both sides of the Syrian civil war with a new malware campaign that, while not particularly sophisticated, has grown to compromise more than 10,000 systems, according to researchers from Kaspersky Labs, which analyzed more than 100 files used by group.


Breach of Homeland Security background checks raises red flags
Dark Reading
08/25/14

Background check records of 25,000 undercover investigators and other homeland security staff were exposed in the breach at US Investigations Services (USIS) this month. What agency officials have said about the incident--and what they haven't said about it--are raising questions about the breach's ultimate impact and about inadequate measures for ensuring that third-party government contractors properly secure classified data.


DHS Science and Technology seeks help to find its ‘North Star'
Federal News Radio
08/27/14

The Homeland Security Department is crowdsourcing its next set of research areas, launching a new effort on ideascale asking federal, state, local, private sector, academia and anyone else interested in the homeland security mission to offer ideas, suggestions or vote on what others have suggested.  The proposed visionary goals include "A Trusted Cyber Future" to protect privacy, commerce, and community against cyber attacks.


DHS official: Create a governmentwide seal of approval for apps
Next Gov
08/27/14

Federal agency personnel are often expected to use commercial apps, along with homegrown tools, to get their work done. But there's no way to make popular apps available governmentwide because each agency has different security requirements. Federal agencies should repurpose the certification route for vetting commercial cloud computing services to also screen popular mobile apps before employees download them, a top Department of Homeland Security official says.


Defining 'reasonable' software security
C4ISR & Networks (blog)
08/26/14

With wearable computing, the Internet of Things and vehicles as a computing platform the amount of software we interact with regularly is only going to grow. Now an FTC settlement with a company that produces and sells a product with software in it has implications that extend to every single devices/system that uses software. For the defense industry and military that uses a significant amount of COTS (commercial off the shelf software), this FTC decision has to influence the acquisition practices for any product that includes/embeds software.


How cloud is changing the spy game
Defense Systems
08/22/14

The Intelligence Community, whose agencies have earned a reputation for a stovepiped, proprietary approach to information, is moving away from an agency-centric IT model to a shared-services model based on cloud computing. After years of foot-dragging, the IC is finally embracing the benefits of the cloud’s on-demand network access to a pool of configurable computing resources and common services.


NGA's map to put a world of geospatial intell in one place
Defense Systems
08/25/14

By 2018, the National Geospatial-Intelligence Agency envisions a seamless, dynamic Map of the World (MoW) that enables users across the Intelligence Community to visualize and access integrated intelligence content fixed to accurate and authoritative geographic features on Earth.   The NGA 2018 Future State Vision calls for a MoW that displays “not only NGA-generated data” but also data generated by the Defense Department, the IC and America’s allies.


Beyond BYOD: Who oversees the apps?
FCW
08/25/14

As the government continues to embrace mobility, including bring-your-own-device (BYOD), the workforce is already starting to demand more. Now bring your own application, or BYOA, is making its way into the federal government, and people are starting to think about how the applications they rely on to be productive in their everyday lives could be applied to their jobs. This, however, does present additional security concerns for the government.


RFP officially begins DoD effort to modernize electronic health records
Federal News Radio
08/26/14

What may be one of the most highly watched and sought after procurements in recent memory has begun with a Defense Department request for proposals to modernize its electronic health record system, replacing the military's existing AHLTA system.  The potentially $11 billion effort is intended to both modernize DoD's system and interoperate more easily with VA's Veterans Health Information Systems and Technology Architecture (VistA) system.


DoD kicks off $11B health IT competition
Federal Times
08/26/14

The Pentagon is now taking bids on an estimated $11 billion program to modernize the management of its health records. Industry responses are due Oct. 9 for the single-award, indefinite-delivery indefinite-quantity (IDIQ) contract. As part of the effort, DoD intends for the new EHR system to share data with other systems in the private sector and at Veterans Affairs Department facilities. The contract is to be awarded in the third quarter of FY 2015.


Pentagon satellite maker ignoring ‘thousands’ of major cyber vulnerabilities
Defense Systems
08/26/14

The Commerce Department inspector general is blasting a federal climate-satellite program and its supporting contractor, Raytheon, for ignoring tens of thousands of major cyber vulnerabilities. According to the IG, the system’s critical vulnerabilities have spiked by more than 60 percent since 2012, increasing from 14,486 security holes to 23,868 holes.


DISA to undergo cyber-focused restructure
C4ISR & Networks
08/25/14

Defense Department officials are considering a reorganization at Fort Meade that could restructure the Defense Information Systems Agency and other cybersecurity-focused military offices in a bid to better defend DoD networks. The goal is to create a more comprehensive defense strategy and to secure the DoD information network (DoDIN). The move would give greater oversight, visibility and authority to DISA, and would create a new joint force headquarters dedicated to DoD network defenses.


DISA to restructure with eye toward more agility, Cyber Command
Federal News Radio
08/25/14

Defense Information Systems Agency leaders are preparing for a significant restructuring that they hope will make the IT agency more agile and more able to cope with its increasing responsibilities in a time of declining budgets, and more connected to its Defense IT counterparts at U.S. Cyber Command.  DISA director Lt. Gen. Ronnie Hawkins said the restructuring would make DISA more responsive to rapid changes in technology and to its mission responsibilities.


Mobility becomes central to DISA's strategy
C4ISR & Networks
08/26/14

As the Defense Information Systems Agency rolls out shared-service offerings under its unified capabilities (UC) effort, officials say they want to integrate mobility into applications rather than focus separately on smart phones and devices. This strategy, along with DISA's mobile device management (MDM) solution contract potentially coming up for re-bid in the coming months, has officials looking closely at where mobility fits in with everything else in development.


DISA looks to intelligence community for cloud tips
C4ISR & Networks
08/26/14

DISA is in the midst of implementing cloud pilot programs that are helping agency officials determine the best strategies and approaches, and is helping lead DoD's transition to the Joint Information Environment (JIE). The DISA and DoD activities are taking place as the intelligence community moves forward with its own centralized IT effort in information-sharing known as the IC Information Technology Environment, or ICITE, and officials on both sides are consulting each other along the way.


Army turning Signal Center of Excellence into Cyber CoE
C4ISR & Networks
08/25/14

MG LaWarren Patterson is the Army’s Chief of Signal, and commanding general of the Signal Center of Excellence and Fort Gordon in Georgia. Last December, the Army chose Fort Gordon as the new headquarters for Army Cyber Command (ARCYBER). In this interview, Patterson discusses the new cyber center of excellence and other subjects like simplification of the tactical network.


New Navy shipboard net key to information dominance
Next Gov
08/22/14

The Navy’s $2.5 billion shipboard-network contract awarded Aug. 20 is critical to the service’s push for information dominance in future wars, according to Navy officials.  The Consolidated Afloat Networks and Enterprise Services (CANES) program will automate shipboard cyber systems and could ultimately connect shipboard systems to information stored in the cloud.


DoD plans 5 cloud pilot projects
C4ISR & Networks
08/22/14

The Defense Department will soon move some of its data into the cloud as part of a series of five pilot projects that defense officials hope will help them improve on their use of cloud services in the military. Beyond reducing costs and becoming more efficient, DoD leaders are looking to use the pilots as means to reevaluate how they approve vendors providing secure cloud services to the military. Officials also hope the pilot programs will clarify defense operations in the cloud.


The geospatial approach to cybersecurity
Gov Loop (blog)
08/25/14

As our world has become more connected, the importance of tying location to cybersecurity efforts has become even greater. With agencies creating more data than ever, and moving more and more services to the web, taking a proactive approach to cybersecurity is mission critical.  With a geographic information system (GIS), organizations can leverage location data in ways to better anticipate, detect, respond and recover from cyberattacks.


Cards emerge as key player in authentication
C4ISR & Networks
08/26/14

Central to the debate over how to better secure federal networks is the use of passwords, often cited as the weakest link in the chain. Most experts agree it is time to move to tighter security, but questions surround what the best option is and how to implement changes at the enterprise level. Much of the latest focus is on further development of personal identity verification, or PIV, cards. PIV cards aren’t new to federal agencies, but their emergence as a prime candidate in implementing multifactor authentication is heightening emphasis on greater use.


Biometric authentication moves beyond science fiction
Security Info Watch
08/28/14

Computer systems typically use knowledge-based identification systems requiring a password or personal identification number (PIN). However, human nature being what it is, passwords and PINs can sometimes be guessed, stolen or, with the proper software tools, easily determined. Biometric identification methods involve analyzing physiological and/or behavioral characteristics of the body, both classes of which would be presumably unique to an individual


Official says hackers hit up to 25,000 Homeland Security employees
The Washington Post
08/23/14

The internal records of as many as 25,000 Homeland Security Department employees were exposed during a recent computer break-in at a federal contractor that handles security clearances, an agency official said August 22. The official, who spoke on the condition of anonymity to discuss details of an incident that is under active federal criminal investigation, said the number of victims could be greater. The department was informing employees whose files were exposed in the hacking against contractor USIS and warning them to monitor their financial accounts.


IT security contributes to record volume of tech M&A deals
Security Week
08/21/14

Technology mergers and acquisitions (M&A) soared by 57% year-over-year in the second quarter of 2014 and IT security has played an important role in this trend, according to Ernst & Young. The April-June 2014 issue of the company's global technology M&A update shows that cloud/SaaS, financial services, security and big data analytics deals have all contributed to a record-setting volume of global technology M&A transactions.


U.S. finds ‘Backoff’ hacker tool is widespread
The New York Times
08/22/14

More than 1,000 American businesses have been affected by the cyberattack that hit the in-store cash register systems at Target, Supervalu and most recently UPS Stores, the Department of Homeland Security said in an advisory released Aug. 22. The attacks were much more pervasive than previously reported, the advisory said, and hackers were pilfering the data of millions of payment cards from American consumers without companies knowing about it. The breadth of the breaches, once considered limited to a handful of businesses, underscored the vulnerability of payment systems widely used by retail stores across the country.


Heartbleed not only reason for Health Systems breach
Dark Reading
08/20/14

A security researcher has announced that the notorious OpenSSL bug, Heartbleed, was the initial point of entry for the attack on Community Health Systems (CHS) that netted 4.5 million identity records. But other researchers point out that Heartbleed is only the beginning of the problem, saying Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation.


Secret Service estimates type of malware that led to Target breach is affecting over 1,000 U.S. businesses
The Washington Post
08/22/14

The type of point of sale (PoS) malware that resulted in massive credit card breaches from Target and other retailers over the past year is more widespread than previously reported, an advisory from the Department of Homeland Security and the Secret Service revealed Aug. 22. Moreover, the malware, the agencies reported, has "likely infected many victims who are unaware that they have been compromised." The Secret Service estimated that more than 1,000 businesses in the United States have been affected by one type of PoS malware, dubbed "Backoff."


Universities fail to get to grips with cyber security
Beta News
08/21/14

New research by security ratings company BitSight shows that Ivy League schools, for example, see a 48 percent increase in the number of malware infections during the academic year from September to May.In order to assess the security performance of American higher education institutions the research focuses on major collegiate athletic conferences and finds that the security ratings for these conferences are considerably below those of retail and healthcare organizations.


CDM enters stage two: Critical applications
FCW
08/21/14

The federal government is transitioning to a phase of continuous diagnostics and mitigation that tackles a layer of vulnerabilities inherent in software code and other add-ons to networks. That was the forward-looking message of an Aug. 20 speech by John Streufert, the Department of Homeland Security's director of federal network resilience. DHS is trying to usher in a new era of CDM through a program called Critical Application Resilience, which Streufert described recently as taking "the controls that are protected in the dot-gov networks and [applying] them to the custom software of civilian government."


US agencies to release cyberthreat info faster to healthcare industry
Computer World
08/23/14

U.S government agencies will work to release cyberthreat information faster to the healthcare industry after a massive breach at hospital operator Community Health Systems, representatives of two agencies said.


FBI warns healthcare firms they are targeted by hackers
Reuters
08/20/14

The FBI has warned that healthcare industry companies are being targeted by hackers, publicizing the issue following an attack on U.S. hospital group Community Health Systems Inc that resulted in the theft of millions of patient records. The FBI has been concerned about healthcare providers for several months. In April, it warned the industry that its systems were lax compared with other sectors, making it vulnerable to hackers looking to access bank accounts or obtain prescriptions.


Healthcare industry, feds talk information sharing
Dark Reading
08/22/14

When Community Health Systems admitted it had been breached in April and June in a filing with the Securities Exchange Commission (SEC), it shined a spotlight on cybersecurity in the healthcare industry.Inside the industry the focus has been on getting information about the incident that could be used to prevent any similar attacks. Both the FBI and DHS, while noting they have a difficult time sharing classified information about cyber attacks, say they are constantly looking for ways to refine the procedures for interacting with the private sector.


DHS cybersecurity program finds few takers
Government Technology
08/22/14

Last year, President Obama directed the U.S. Department of Homeland Security to open a program for sharing classified and unclassified cybersecurity information to 16 “critical infrastructure” sectors, including state and local governments. But word of the information-sharing initiative doesn't seem to be reaching state security officials. Three state chief information security officers (CISOs) were contacted by Government Technology and none of them were familiar with the DHS Enhanced Cybersecurity Services program.


DoD revisiting security guidelines for commercial cloud
Federal News Radio
08/21/14

DISA is undertaking a top-to-bottom review of the cybersecurity rules that guide its decisions about whether individual commercial cloud computing systems are safe enough for Defense data. DISA officials have concluded that the current process perhaps is too stringent and definitely is too slow. The "scrub" is a reexamination of a set of cloud security review criteria the agency first put in place last December as part of its role as DoD's exclusive broker for buying commercial cloud solutions. The review system uses the controls within the Federal Risk Authorization Management Program (FedRAMP) as a baseline, but then layers on a host of DoD-specific constraints.


Is DOD’s bar too high for cloud security?
Fed Tech
08/21/14

Breaking into the federal cloud computing market can be tough, especially for companies looking to do business with the Department of Defense. That’s in part because DOD’s security standards for industry exceed the government’s own Federal Risk and Authorization Management Program (FedRAMP) baseline requirements. In light of this, DISA is examining whether the Pentagon’s security standards are too cumbersome for industry and should be revised.


DISA launches 5 cloud tests, warns on industry consolidation
Breaking Defense
08/22/14

DISA, which this fiscal year will buy over $8 billion in cyber and IT products and services for the rest of the Defense Department, is looking for every opportunity to save in 2015 and beyond. That includes relentlessly competing contracts wherever possible, rather than using single-source contracts that are currently all too common. It also includes systematically consolidating contracts where multiple firms are currently providing a similar product or service, where multiple military organizations are independently buying similar things, or where individual bases and commands have one-off arrangements that could be consolidated into a wider regional contract. DISA is also consolidating internally.


DISA's Bennett preaches COTS and consolidation
FCW
08/21/14

David Bennett, CIO of the Defense Information Systems Agency, has the job of moving DoD customers to enterprise wide services, including the dot-mil email system that currently supports 1.6 million users on an unclassified network and DISA is also leading the effort to supply cloud services. Bennett is on a mission to "shut down all these local mom and pop solutions that are popping up everywhere." Moving to enterprise solutions not only saves money on software, but allows individual business units to allocate IT support staff to other functions.


DISA looks to new era in network services
C4ISR & Networks
08/19/14

The Defense Information Systems Agency is on the verge of transforming the ways it offers a range of network services to its national security customers, especially when it comes to communications. Whether it’s voice, video, messaging or the networks those capabilities ride on, DISA is working to provide information superiority to the Department of Defense, the White House, federal agencies and other users scattered across the globe.


CANES experiments with cloud computing at sea
Signal Online
08/21/14

U.S. Navy officials have revealed that the Consolidated Afloat Networks and Enterprise Services (CANES) program office and the Office of Naval Research are experimenting with cloud computing to help reduce hardware on ships.


DISA weighs contract consolidation as sequester solution
Federal Times
08/21/14

The Defense Information Systems Agency is considering consolidating contracts as means to increase efficiencies and save money, particularly with the possibility of another round of sequestration bearing down on them for fiscal 2016. The agency is also preparing to reorganize under broader DoD cybersecurity plans.


CANES contract opens new phase for the program
C4ISR & Networks
08/22/14

With the award of a $2.5 billion contract to build and deliver the Navy’s Consolidated Afloat Networks and Enterprise Services (CANES)—its next-generation tactical afloat network—the program moves onto an eight-year path to full operational capability. CANES is a critical element in the Navy's overall IT modernization strategy, and is scheduled to be deployed to 180 ships, submarines and Maritime Operations Centers by 2022.


Identity and access management (IAM) will greatly impact future connected car sales
Programmable Web
08/20/14

It will be important in the future to solve problems related to the connected car industry, such as the slow pace of automotive development, the lack of Internet availability on many stretches of roadways and ensuring the security of connected car applications. Identity management is another key issue when it comes to connected cars, both for connected car manufacturers and for owners. There are many facets to identity management, and there are no universal standards or agreed upon best practices among car manufacturers or the connected car industry for collecting, storing and managing connected car owner data, or for managing a connected car owner's "Identity."

Nuke regulator hacked by suspected foreign powers
Next Gov
08/18/14

Nuclear Regulatory Commission computers within the past three years were successfully hacked by foreigners twice and also by an unidentifiable individual, according to an internal investigation. One incident involved emails sent to about 215 NRC employees in "a logon-credential harvesting attempt," according to an inspector general report. A dozen NRC personnel took the bait and clicked the link.


Nuclear Regulatory Commission hacked three times in three years
Network World (opinion)
08/19/14

NRC was hacked three times in three years, with at least two of those attacks traced back to foreigners who used Google Spreadsheet to harvest credentials and malware hosted in Microsoft's One Drive.


Chinese national indicted over Boeing, Lockheed Martin hack
SC Magazine
08/18/14

A Chinese national is facing prison time after a federal grand jury indicted him on five felony charges related to a computer hacking ruse that targeted defense contractors Boeing and Lockheed Martin.The accused operated an aviation tech firm Lode-Tech with offices in Canada. He allegedly worked with two unnamed Chinese to hack into the U.S. companies and steal trade secrets.


Why would Chinese hackers want US hospital patient data?
Computer World
08/18/14

The theft of personal data on 4.5 million patients of Community Health Systems by hackers in China highlights the increasing degree to which hospitals are becoming lucrative targets for information theft. Already this year, around 150 incidents of lost or stolen personal data -- either due to hacking or ineptitude -- have been reported by medical establishments to the U.S. Department of Health and Human Services. In the case of Community Health Systems, hackers stole patient information but not medical data, which can be the real prize in such breaches.


Identifying and mitigating healthcare IT security risks
Health IT Security
08/19/14

Being proactive in healthcare IT security means picking out risks before incidents occur, not after the fact. But the challenge is that potential risks are spread across a variety of areas within a healthcare organization. Blair Smith, Ph.D. Dean, Informatics-Management-Technology (IMT) at American Sentinel University, discusses security considerations for healthcare organizations.


Healthcare organizations still too lax on security
Computer World
08/19/14

The data breach at Community Health Systems that exposed the names, Social Security numbers and other personal details on more than 4.5 million people is a symptom of the chronic lack of attention to patient data security and privacy within the healthcare industry. For more than 10 years, the Health Information Portability and Accountability Act (HIPAA) has required all entities handling healthcare data to implement controls for protecting the data, yet many organizations pay little more than glancing attention to the rules because of the relatively lax enforcement of the standards.


Researchers say 2018 wearables market will be 14x 2013′s
Wearable Tech Insider
08/18/14

CCS Insight reports the wearables market in 2018 will be 135 million units, up from 9.7 million units last year. The industry, they say, will be dominated by wristware: 87 percent of the devices shipped that year will be worn on the wrist.


Even rivals are waiting for Apple to get into wearables
Computer World
08/20/14

In a research report issued to his clients, Jan Dawson, chief analyst at Jackdaw Research, argued that the market for smartwatches as they now exist is tiny and demand is weak. But he said two major things could catalyze demand in this market: a player overcoming the significant technological challenges associated with the current smartwatch model, or a player which breaks the model and reinvents the category.Dawson named Apple as one company, but not the only one, that could do either, or both.


The ISIS cyber threat-a great unknown
C4ISR & Networks
08/18/14

ISIS has clearly demonstrated their ability to achieve their objectives in the physical world, but what about cyber? The cyber capabilities of ISIS are not really well understood due to lack of actual attacks that have been traced back to ISIS, but there is at least one interesting indicator of their cyber interest and or capabilities.


Chinese hackers targeted MH 370 investigation and appear to have stolen classified documents
Next Gov
08/20/14

Chinese hackers targeted the computers of high-ranking officials from the Malaysian government and Malaysia Airlines and stole classified information during the early stages of the investigation into missing flight MH 370. The officials who were targeted reportedly were from the country’s Department of Civil Aviation, the National Security Council, and Malaysia Airlines. The country’s cyber security agency recognized the breach hours later, when it then blocked all transmissions and shut down the compromised machines.


Israel faced a huge wave of cyber attacks during its war with Hamas — And Iran could be the reason why
Business Insider
08/18/14

In the war between Israel and Hamas, Israeli websites faced a larger, more coordinated, and more skilled series of cyber attacks than during similar conflicts. Indeed, at the same time Hamas was trading fire with the Israel Defense Forces, hackers from all over the world launched a string of attacks on electronic targets in Israel.


Pakistan the latest cyberspying nation
Dark Reading
08/18/14

A recently unearthed targeted attack campaign suggests that Pakistan is evolving from hacktivism to cyber espionage. Operation Arachnophobia, which appears to have begun in early 2013, has all the earmarks of classic advanced persistent threat/cyber espionage activity but with a few twists, including the possible involvement of a Pakistani security firm, and it may well be Pakistan's answer to cyber espionage campaigns against its nation that appear to have come from India.


Wearable electronic devices augur change for NGA operations, show ‘immersive’ potential
National Geospatial-Intelligence Agency
08/14/14

Developers at the National Geospatial-Intelligence Agency are creating applications for wearable electronic devices that place analysts and customers in virtual and augmented-reality environments to help them do their jobs better. The prototype applications created for Google Glass and Oculus Rift could serve as gateways to the immersive intelligence experience being advanced by NGA leadership.


US digital strike team chief acknowledges ‘tall order’
The Hill
08/19/14

Last week, the White House announced the formation of a new tech strike team — dubbed the “U.S. Digital Service” — to help government agencies improve their tech operations. The team will be led by Mickey Dickerson, a former Google engineer and the person the White House brought in last year to fix HealthCare.gov, the site created to implement the Affordable Care Act. Dickerson acknowledges that shifting government tech projects away from old methods and incumbent tech companies is no easy task.


DoD procurement chief sees overuse of firm fixed price level of effort contracts (second article in this column)
Federal News Radio
08/15/14

The Defense acquisition community can expect to see new guidance soon on when it is and isn't OK for contracting officers to make awards under firm fixed price level of effort (FPLOE) contracts.That contract type, which pays contractors for a pre-arranged amount of work and not necessarily an outcome, has become overused in recent years and for situations that are inappropriate, according to Dick Ginman, the director of defense procurement and acquisition policy.


Army begins search for DCGS-A Increment 2
C4ISR & Networks
08/19/14

The U.S. Army has begun the search for the second increment of the Distributed Common Ground System-Army (DCGS-A) with a request for industry feedback on the planned requirements and acquisition strategy. DCGS-A Increment 2 will take advantage of information technology developed by U.S. intelligence agencies. Increment 2 capabilities will focus on aligning DCGS-A to the Intelligence Community Information Technology Enterprise (IC ITE).


Making WIN-T Increment 2 invisible to the user
C4ISR & Networks
08/19/14

Since 2004, the Army’s Warfighter Information Network-Tactical system has given soldiers in the field the ability to stay in contact when line of sight is unavailable, bouncing signal onto a satellite network as needed, even when on the move. With the rollout of WIN-T Increment 2, systems designers are taking major strides forward, adding greater ease of use and streamlining functionality. With the latest round of upgrades, the system has become "almost invisible to the user," said the program's product manager.


New acquisition techniques coming to DISA
C4ISR & Networks
08/19/14

The chief of acquisitions for the Defense Information Systems Agency has a big vision for how the agency will revamp its complex acquisitions process in the coming years. Dr. Jennifer Carter says her office is seeking ways to foster competition. She plans to pursue the rising trend toward joint, interagency purchasing, and she’s looking for ways to put in place a more thoughtful, more strategic process for acquisitions.


Rogers: Cybercom defending networks, nation
DoD News
08/18/14

U.S. Cyber Command continues to expand its capabilities and capacity, Navy Adm. Mike Rogers said in an interview Aug. 14.Rogers, who is Commander of Cybercom and director of the National Security Agency, described how he is focusing on five priorities for Cybercom.


Software could be a solution for DoD's saturated networks
C4ISR & Networks
08/15/14

The Defense Department’s move to software defined networks will bring with it a set of code-writing guidelines for contractors, acting chief information officer Terry Halvorsen said Aug. 13. Halvrosen said that the department was working on standards that includes an emphasis on keeping bandwidth requirements low, especially for operating in environments where it might be scarce.


Cybersecurity: How involved should boards of directors be?
Information Week
08/19/14

IT security audit organization ISACA and the Institute of Internal Auditors (IIA) are weighing in on what role the board of directors should play in an enterprise's cybersecurity strategies with a new report.


Supervalu breach shows why move to smartcards is long overdue
CSO
08/18/14

The U.S. remains one of the last developed nations to use magnetic stripe cards, and the data breach disclosed by Supervalu shows yet again why the ongoing migration of the U.S. payment system to smartcard technology can't happen soon enough.


Law enforcement biometrics market in North America expected to grow at 18.2% CAGR: report
BiometricUpdate.com
08/18/14

TechNavio has published its latest research report, “Law Enforcement Biometrics Market in North America 2014-2018” and expects the market to grow at a CAGR of 18.2 percent during the forecast period. This latest report also highlights the integration of biometrics in smart cards as one of the top emerging market trends, such as those relating to the upgrading of driver’s licenses and passports.


TSA moves toward e-check of IDs
FCW
08/18/14

The Transportation Security Administration has awarded an $85 million contract to Morphotrust for technology that will let it electronically check passengers' identification cards and other documents against multiple databases.The aim is to speed up passenger security lines at airports by allowing electronic checks of drivers' licenses and other documents that are now checked visually by TSA agents against passengers' boarding passes. The Electronic Credential Authentication Technology (E-CAT) contract could last as long as seven years.


Oak Ridge National Labs deploys combination PIV, CIV smart card ecosystem
Secure ID News
08/18/14

The U.S. Energy Department's Oak Ridge National Labs is deploying a mix of PIV and CIV credentials throughout its Tennessee facilities. The new smart card credentials will be used for physical and logical access. The lab went with the PIV smart cards for those employees who travel and need to use the credentials for access to other facilities, while CIV credentials will be for those who are just using the cards on site.


NYC to roll out municipal ID
GCN
08/19/14

In January, New York City will launch a new municipal identity card program targeted to those who do not have a driver’s license or other official identification. The program would allow New Yorkers, regardless of their citizenship status, to access basic city services, open bank accounts and lease apartments.In April the mayor issued a solicitation for project management and quality assurance services systems; integration services; and card printing services for the ID card.