Generic

Cybersecurity News

 

Cybercrime wave whacks European banks
CIO
07/22/14

Banks across Europe are now coping with a wave of cybercrime in which crooks are transferring funds out of customer accounts through a scam involving bypassing some two-factor authentication systems to steal large sums, according to a security firm assisting in the investigation.The funds transfers are affecting 34 institutions, in a crime wave seen first in Germany during the spring, and now across several countries, including Austria, Switzerland and Sweden. So far, the crimes are being traced to Romania and Russia. The amount of money that’s been fraudulently whisked out of both consumer and commercial bank accounts appears to be running in the millions.


Cybercriminals successfully bypass two-factor authentication at some European banks
Security Current
07/22/14

Cybercriminals are successfully bypassing two-factor authentication systems at some European banks and transferring funds out of victim accounts, Trend Micro said. The sophisticated attack campaign uses malicious email attachments, phishing sites, rogue DNS servers, fake SSL certificates, and malicious Android apps to steal session tokens used by banks as part of the two-factor authentication scheme. To date, 34 financial institutions have been affected across several countries, including Germany, Austria, Japan, Switzerland, and Sweden.


EU launches cross border cyber crime taskforce
IT News (Australia)
07/25/14

The European Union will commence a six-month pilot of a cyber crime unit charged with investigating cross-border attacks perpetrated by botnets, banking Trojans and the darknet. The Joint Cybercrime Action Taskforce (J-CAT) will be housed at the European Cybercrime Centre (EC3) in The Hague, with its board comprised of senior figures from EC3, the FBI, the NCA and Germany's Federal Criminal Police Office. Cyber crime police investigators from across Europe will reside permanently at the center and will be charged with building criminal cases. They will co-ordinate investigations with other countries including Australia, Canada and Columbia.


Russian cyberweapons cross-pollinating commercial malware, analysis claims
CIO
07/22/14

Sophisticated code of the sort used in Russian Government cyberweapons could be seeping into the commercial malware wielded by the country's criminals, a security firm has suggested after analyzing the apparent cross-pollination in a previously unknown piece of malware.


Collateral damage of Snowden leaks being felt in cyber, public trust
Federal News Radio
07/28/14

The National Security Agency's top lawyer said the disclosures from former contractor Edward Snowden not only hurt U.S. intelligence gathering capabilities, but also created a gap in the trust relationship between the agency and Congress. NSA general counsel Raj De said the disclosures also may have damaged the nation's ability to move the ball forward on improving its own cybersecurity posture.


House intel chief fears 'unseen war' in Gaza
The Hill
07/27/14

Rep. Mike Rogers (R-MI) said July 27 that new cyber threats are causing concern in the ongoing conflict in Gaza. "There is an unseen war in this particular event and that's the new cyber front," Rogers, chairman of the House Intelligence Committee, said on "Face the Nation."


NGA's online exchange facilitates fast acquisition
Federal Times
07/24/14

The National Geospatial-Intelligence Agency is undertaking an initiative to expand industry partnerships and to make critical capabilities speedier to acquire. The GEOINT Solutions Marketplace, described in an article at defense.gov as "a newly expanding pilot" program, "operates as an online exchange for government and vendors, commercial partners, academic institutions and the broader geospatial intelligence community."


Cyber bills cued up for house
Politico
07/25/14

Three cybersecurity bills are set for House action July 28: House Homeland Security Chairman Mike McCaul’s National Cybersecurity and Critical Infrastructure Protection Act, Rep. Patrick Meehan’s Critical Infrastructure Research and Development Advancement Act and Rep. Yvette Clarke’s Homeland Security Cybersecurity Boots-on-the-Ground Act. The bills would (1) codify and articulate the Department of Homeland Security’s role in cybersecurity, including through the National Cybersecurity and Communications Integration Center; (2) establish a DHS clearinghouse for critical infrastructure security technology; and (3) require DHS to set occupation classifications for cybersecurity and conduct a cybersecurity workforce assessment.


Senate committee seeks EHR interoperability investigation
Information Week
07/26/14

Members of the Senate Appropriations Committee are seeking an investigation into whether taxpayer-supported software is preventing the free exchange of patient records between non-partnering healthcare organizations. The senators pointed to so-called "information blocking," and detailed steps the Office of the National Coordinator for Health Information Technology (ONC) -- which oversees electronic health records (EHRs) -- should take to ensure the free flow of patient data between healthcare organizations.


Air Force gets a move on dynamic cyber defense
Defense Systems
07/24/14

As cyber threats continue to loom for private industry and the military alike, the Air Force is looking to improve its own defenses. In a solicitation released July 23, the Air Force has requested white papers for the development of a command and control capability that could orchestrate Moving Target Defense across the entire enterprise. MTD strategies seek to move cyber defenses from static configurations to a more dynamic, changing set of system parameters that would make it more difficult for attackers to discover and take advantage of vulnerabilities.


Advisers to DoD: Help private-sector innovators help you
Defense News
07/26/14

It’s well past time for the Pentagon to revamp its acquisition processes so the private sector can boost its role in technology development, a key Pentagon advisory panel says. The Defense Business Board has unanimously approved far-reaching recommenda­tions meant to improve DoD’s business dealings with the private sector, particularly companies that have not traditionally sought defense contracts. The recommendations came from a report by a DBB task force set up in the wake of much talk about the private sector’s ability to rapidly develop new products, while the military has difficulty getting a program off the ground before its technology is nearly obsolete.


As demand evolves, Army simplifies WIN-T
C4ISR & Networks
07/25/14

It has been more than a decade since the Army began working on the Warfighter Information Network-Tactical, incrementally updating and fielding communications capabilities to deployed soldiers around the world. With the first increment fully fielded and developments and upgrades ongoing, Army officials now say they are focused on modernizing WIN-T, particularly on making it easier for soldiers to use.


Army creates common technology marketplace for communications hardware
www.army.mil
07/17/14

The Army is creating a standard marketplace of tactical communications hardware to support the Common Operating Environment initiative and deliver a familiar and intuitive experience for Soldiers. The Common Hardware Systems, or CHS, program office maintains a portfolio of commercial technologies that satisfy tactical requirements including servers, clients, network routing and switching devices, ruggedized laptops, handheld devices, operational transit cases and other peripheral devices.


Cyber Guard exercise tests people, partnerships
American Forces Press Service (news release)
07/17/14

Partners from across government, academia, industry and the international coalition recently completed Cyber Guard 14-1, a two-week exercise designed to test operational and interagency coordination as well as tactical-level operations to protect, prevent, mitigate and recover from a domestic cyberspace incident. Elements of the National Guard, reserves, National Security Agency and U.S. Cyber Command exercised their support to Department of Homeland Security and FBI responses to foreign-based attacks on simulated critical infrastructure networks, promoting collaboration and critical information sharing in support of a "whole-of-nation" effort.


Agencies still plugging gaps in smart card security
Next Gov
07/25/14

Personal identity verification, or PIV, smart cards allow agency employees and contractors to access both federal facilities and agency networks and are a key part of the 2004 Homeland Security Presidential Directive-12, which required a common ID credential for federal personnel. Agencies have now taken most of the big steps toward HSPD-12 implementation, but the latest audit reveals some are still vexed by plugging all the gaps in the process, according to security experts.


PKI, digital certs poised for growth
Secure ID News
07/24/14

Public Key Infrastructure is still the gold standard when it comes to identity management and the market is poised for growth, according to the latest report from Frost & Sullivan which finds that the market earned revenues of $357.4 million in 2013 and estimates this to reach $532.8 million in 2017. The government sector is expected to account for the largest share of the total revenue owing to the implementation of several identity document projects. This growth is due to the increased number of data breaches and security bugs, and increasing use of mobile devices will further highlight the need to identify people, devices, and transactions, spurring the demand for PKI.


Two major media outlets fall prey to hackers
eWeek
07/22/14

Once again, media outlets have been targeted by attackers seeking to gain attention and disseminate false information. The Wall Street Journal's Facebook page was hacked July 20, and in a separate incident, MSNBC.com had some of its short link addresses redirected.The attacks on The Wall Street Journal and MSNBC.com show insecurity on major media platforms that can potentially be mitigated, according to security experts.


'History may be repeating itself' in cyberspace
FCW
07/22/14

Ten years after issuing a damning report on the intelligence failures leading up to the Sept. 11 terrorist attacks, the 9/11 Commission has warned of parallel U.S. vulnerabilities in cybersecurity.Cyber threats have since multiplied with advances in IT, and a comprehensive assessment of the nation’s cyber-readiness was beyond the scope of the report. The document instead touched on the growing nexus between terrorism and cybersecurity, the American public's supposed lack of awareness of cyber threats, and the need for "comprehensive" legislation from Congress.


9/11 Commission report authors warn nation of cyberattack threats
The Washington Post
07/22/14

The authors of the 9/11 Commission report describe the threat of a cyberattack as a significant concern, likening it to the threat of terrorism before the Sept. 11, 2001, attacks. They describe the “cyber domain as the battlefield of the future” and say the country needs to take further steps to prevent the cyber equivalent of 9/11.They urge Congress to pass cybersecurity legislation to let private companies work with the government to counter threats, despite concerns about privacy provisions.



Obama adviser on cybersecurity: Limit cyber capabilities, regulate sometimes
Roll Call
07/21/14

A new report by the left-leaning Center for New American Security says the U.S. screwed it up from the start when designing the architecture of digital computing — security just wasn’t drawn into those original blueprints -- and now we have to live with it. The report, helmed by Richard Danzig, a former Navy secretary who currently serves as a member of the Defense Policy Board and The President’s Intelligence Advisory Board, makes recommendations on how, including adopting a national security standard for cyberspace.



Modern electric grid fighting cyber vulnerabilities
Government Technology
07/22/14

Utility companies are spending millions annually in cyber security costs, and the trend will continue with investments in smart meters and other technology meant to bring the electric grid up to date.


DoD, DHS see more, earlier testing as a possible fix to troubled programs
Federal News Radio
07/23/14

Two of the largest agencies are looking at increasing the amount of testing and evaluating of their often-troubled acquisition programs as the panacea to systemic problems.The Defense and Homeland Security departments are pushing project managers to test technology or weapons systems earlier in the acquisition lifecycle to understand and solve potential roadblocks sooner.


Agencies move past the FedRAMP deadline
Fed Tech
07/21/14

As of early June, cloud service providers that want to do business with the government should be in compliance with the Federal Risk and Authorization Management Program, an initiative to assess the security of cloud solutions and authorize them for government use. And at this point, agencies looking to realize the benefits of cloud computing should be using FedRAMP-authorized providers.



Significant deficiencies found in Treasury’s computer security
Next Gov
07/21/14

Weaknesses in Treasury Department computer systems that track federal debt are severe enough to disrupt accounting, according to a Government Accountability Office (GAO) audit. Newly discovered security vulnerabilities at the Bureau of the Fiscal Service, coupled with older unfixed problems, constitute a "significant deficiency" for financial reporting purposes, the GAO found.



GAO: Weaknesses remain in FDIC's information security
Next Gov
07/18/14

The Federal Deposit Insurance Corporation enforces banking laws and regulates financial institutions across the country, yet weaknesses in its security posture place information at unnecessary risk, according to a new Government Accountability Office report. The GAO report posits that while FDIC has “made progress in securing key financial systems” following a series of GAO audits dating back to 2011, its failure to implement specific recommendations by the watchdog agency has led to vulnerabilities in the “confidentiality, integrity and availability of financial systems and information.”



Government IT priorities: Security reigns, cloud crawls
Information Week
07/21/14

A new survey shows that federal agencies are focusing more on security, as they should, but they're still behind the times with cloud use, data center consolidation, and overall innovation.



Agencies inch toward solutions on BYOD
Government Technology
07/18/14

The BYOD phenomenon is becoming more entrenched in government, but as with any emerging technology, the transition to this new paradigm presents a range of hurdles to IT managers trying to do what’s best for the jurisdiction while simultaneously supporting the desires of end users. Security is a primary concern, as work data increasingly commingles with private information and travels outside the office walls. But there are other sticking points, including concerns about privacy, issues of overtime and the burden on IT of having to support a broad range of devices, to name a few. Public-sector technology leaders say these challenges can be overcome, but it takes some creativity and forethought.


Former Navy secretary calls for minimalist approach to IT security
FCW
07/22/14

Former Navy Secretary Richard Danzig has unusual advice for the U.S. government: Enhance cybersecurity by cutting back on overly complex IT systems.Eschewing a common narrative of society's inexorable march toward the Internet of Things, Danzig called on Washington to "forsake some efficiencies, speed or capabilities" in critical systems "in order to achieve greater security."


Army rolling 4G out to theater
C4ISR & Networks
07/22/14

The Army is pushing high-speed 4G LTE infrastructure out to the battlefield, offering deployed soldiers the ability to carry out missions and in more flexible, agile ways. The Army’s Tactical Network Transmissions (TNT) package was introduced at Network Integration Evaluation (NIE) 14.2, held in March at Fort Bliss, Texas and White Sands Missile Range, New Mexico. The TNT package offers soldiers and coalition partners access to 4G bandwidth and capabilities that allow faster access to mission-critical applications via devices such as smart phones and tablets.


Army building a marketplace for tactical comm equipment
Defense Systems
07/21/14

In support of its push toward seamless frontline tactical communications, the Army is creating a one-stop shop for tactical communications hardware. The Common Hardware Systems program office will establish the technical standards—and a contract vehicle—for hardware used to support the Army’s Common Operating Environment (COE). The COE is an initiative to provide the same operational picture throughout the ranks, from headquarters to soldiers on the battlefield, incorporating everything from geospatial maps to video and other sensor data from unmanned systems to mobile devices carried by soldiers.


Ground commanders with cyber skills
Army Times
07/16/14

Ground commanders are already learning how to counter cyber threats in the field, but the Army’s cyber boss wants them to start launching their own attacks. "The way we’re going to have to do this is stand up the capability and start experimenting with it," said Lt. Gen. Edward Cardon, commander of Army Cyber Command. "From that we will develop the commander’s guidance for cyber." Cardon said the first step in educating and empowering brigade commanders is to incorporate the offensive capabilities as part of combat training center rotations.


US government conducts largest cyber-defense exercise to protect critical infrastructure
Fierce Government IT
07/21/14

The U.S. government has just wrapped up one of the largest cyber exercises to date, involving more than 500 participants from the military, law enforcement, civilian agencies, academia and the commercial sector.Cyber Guard 14-1was a two-week event testing how the services and federal agencies coordinated with each other at the strategic and tactical levels to protect, prevent, mitigate and recover from a cyber attack on U.S. national cyber infrastructure. U.S. Cyber Command, or Cybercom, was the lead organization for the event, which was envisioned as a "holistic, whole-of-nation effort" that also brought in observers from academia, private industry and state utilities.


National Guard, feds double down for foreign hack against US
Next Gov
07/17/14

The federal government deployed twice as many cyber professionals this year as in 2013 during a simulated foreign-based cyberattack on U.S. soil. About 550 participants recently completed "Cyber Guard 14-1," a two-week exercise executed by the U.S. Cyber Command and hosted at the FBI's National Academy in Quantico, Virginia. The annual rehearsal tests government-wide cooperation as well as tactical-level operations, according to the Defense Department.This year, the National Guard, Reserves, National Security Agency and CYBERCOM practiced supporting civilian agency responses to attacks on model "critical infrastructure" networks.


How to talk about blowing things up in cyberspace, according to the military
The Washington Post
07/23/14

The precise demands of military operations require very specific definitions, particularly when it comes to cyberspace.To avoid confusion regarding how to effectively use offensive cyberweapons, the Pentagon has developed its own glossary of sorts, published in 2009 by the U.S. Strategic Command. The document is a fascinating look into the military's ever-evolving cyber doctrine.


IT departments feel the heat on mobile initiatives
Baseline
07/18/14

Both employees and senior managers feel strongly that IT departments must help them increase existing mobile technology capabilities, according to a recent survey from Aruba Networks. Providing support and resources for an all-wireless workplace remains at the top of the must-have list for organizations. An Aruba executive said, "The workplace of the future will not only need to be right-sized to align with IT budgets, but it will also require a mobility-centric and secure wireless infrastructure—a move toward employee self-service."


Treasury Secretary warns of cyber threats to financial sector
FCW
07/16/14

Treasury Secretary Jacob Lew warned of the dangers of cyberattacks on the financial sector in a July 16 speech in New York City, calling the cyber defense of businesses and government "a central test for all of us going forward."Lew beseeched financial services firms and vendors that serve them to use the Obama administration’s framework document for managing cyber risk for critical infrastructure, and joined other administration officials calling on Congress to pass a cybersecurity bill to bolster public-private information sharing of threats and to protect firms from liability for sharing such information.


Lew says financial industry could do more to prevent cyberattacks
The Washington Post
07/17/14

Treasury Secretary Jack Lew said July 16 that banks and credit unions have faced 250 distributed denial-of-service attacks since 2011 — a type of cyberassault that officials believe could disrupt the U.S. financial system.Lew said the Treasury Department will launch the Financial Sector Cyber Intelligence Group to circulate warnings about cyber threats and thwart electronic incursions.


Feds declare big win over Cryptolocker ransomware
Computer World
07/15/14

Even as security researchers reported that the hacker gang responsible for the Gameover Zeus botnet had begun distributing new malware, U.S. government officials claimed victory over the original and said that the Cryptolocker ransomware that the botnet had been pushing has been knocked out.


A new age in cyber security: Public cyberhealth
Dark Reading (commentary)
07/17/14

Managing mass cyber infections is challenging. Our adversaries are well funded, agile, and adaptive. They are also constantly seeking the next weakness to exploit. Clean-up operations require broad global cooperation from law enforcement, domain registrars, security vendors, sinkhole operators, and most importantly, victims -- who must largely "opt-in." The recent Justice Department DOJ effort aimed at disrupting several mass cyber infections was one of the first and largest experiments of its kind in cyberhealth notification and inoculation, and is a blueprint for good public cyberhealth.


Report: Administration, Congress, others must better shield electricity grid vs. cyber attack
Roll Call
07/15/14

A high-level report on the security of the electricity grid is complimentary of the Obama administration’s efforts to protect it and faults Congress for not doing enough. Yet protecting the grid — "the most critical of critical infrastructure" and "the backbone of our modern society" — requires more action from everyone, from the executive branch to the Hill to industry, the report for concludes. It details the nature of the threat, from which countries it emanates, what has been done about it and should be done about it in all branches of government, from the state regulatory level to within the private sector.


Chinese hackers extending reach to smaller U.S. agencies, officials say
The New York Times
07/16/14

After years of cyberattacks on the networks of high-profile government targets like the Pentagon, Chinese hackers appear to have turned their attention to far more obscure federal agencies. Law enforcement and cybersecurity analysts in March detected intrusions on the computer networks of the Government Printing Office and the Government Accountability Office.


Tech decisions driving Michigan's public safety expansion
GCN
07/07/14

In the last decade, the state of Michigan has achieved near blanket coverage of its Public Safety Communications System (MPSCS), a digital voice IP network of federal, state, tribal and private public safety agencies and police departments across the state.Today, 1,460 agencies are knitted together via the network, an order of magnitude more than the 152 linked in 2002. The growth is attributed to three primary factors: economies of scale, increased equipment interoperability and resiliency in the network.


How to approach declining federal IT spending
Next Gov
09/17/14

More efficient federal information technology systems will require fewer dollars, according to a new report from Deltek that predicts agency IT spending will fall from $101 billion to $94 billion in five years. Deltek factors in IT spending that often is left out of the overarching budget numbers, such as technology for the judicial and legislative branches and the intelligence community, as well as IT embedded in large defense systems.


How to spot opportunities in VA's health record quest
Washington Technology
07/16/14

The story of federal electronic health records (EHRs) has taken another turn, with solicitations released by of the Defense and Veterans Affairs departments.. The VA thinks its Veterans Health Information Systems and Technology Architecture (VistA) Evolution Program could be the standardized EHR format across VA and the DOD – and they aim to prove it by pursuing DOD’s Department Healthcare Management Systems Modernization (DHMSM) contract, now in its third revision.


DeSalvo: Time for the heavy lifting on health record interoperability
FCW
07/17/14

The federal government is fleshing out the details of a 10-year plan to put in place interoperability standards for electronic health records. The Office of the National Coordinator for Health IT recently outlined basic policy building blocks in a vision paper.Six months into her tenure, ONC head Dr. Karen DeSalvo is now leading the charge to get comments from vendors, clinicians and other stakeholders to develop technical standards, certification for EHR systems, and privacy and security protections for health records, while also guaranteeing consumer access to individual records.


As cyber attackers get more sophisticated, so must agencies' protections
Federal News Radio
07/18/14

At a recent panel discussion, federal agency and private sector information security experts examined cyber prevention tactics and warned cyber criminals are stepping up their game with no signs of stopping. This includes launching more sophisticated attacks, yet on the opposite end, skewing simple in hacking tactics too.


Why a detection-centric approach to cybersecurity is the wrong path for federal
Next Gov (op-ed)
07/16/14

Surely, detection is a key component of any security program. But should our government be spending more time on detection than prevention? The answer is no. Here's what’s wrong with a detection-centric approach, how to build prevention into systems and ways to strike an appropriate balance between prevention and detection.


Teaming up to train, recruit cyber specialists
FCW
07/18/14

Two of the Department of Energy's advanced research laboratories are joining with Bechtel to recruit and train cybersecurity specialists to protect critical infrastructure.Lawrence Livermore National Laboratory said in a July 15 statement that it was joining Bechtel BNI and Los Alamos National Laboratory in a program aimed at training a new class of cyber defense professionals. Bechtel co-manages both labs with the University of California and other partners.


Senate hearing calls for changes to cybercrime law
Dark Reading
07/16/14

In the wake of Microsoft's seizure of No-IP servers and domains, private and public sector representatives met to discuss what can be done to address the problem of botnetsk with panelists at a Senate Judiciary Committee hearing calling for changes to the Computer Fraud and Abuse Act (CFAA) and other legislation that addresses cybercrime.


Northern Command nominee: U.S. behind in cyber defense
FCW
07/18/14

A Navy admiral nominated to head the joint command responsible for defending the U.S. homeland and aerospace acknowledged in his confirmation hearing that the country is lagging in its cyber-defense of critical infrastructure.Adm. William Gortney, who has been tapped to head the U.S. Northern Command and the North American Aerospace Defense Command, also told the Senate Armed Services Committee on July 10 that he was unaware of a formal coordinating mechanism between Northern Command and the Department of Homeland Security for responding to cyberattacks.


DISA shutters Alabama DECC
C4ISR & Networks
07/16/14

The Defense Information Systems Agency is moving forward with plans to centralize IT operations, closing a defense enterprise computing center (DECC) in Huntsville, Alabama. The latest closure is expected to save the Defense Department $3.2 million per year. DISA now has 10 DECCs, a decrease from 18 in 2008. Overall the closures—part of the broader Federal Data Center Consolidation Initiative, and also in line with the department’s transition to the Joint Information Environment (JIE)—are expected to save DoD $17 million per year.


Army moving enterprise apps to core data centers
Defense Systems
07/14/14

In line with its data center consolidation plan started three years ago, the Army has begun moving its enterprise systems and applications to designated core data centers.The migration represents the first step in establishing policies and procedures for the centralization of data hosting, according to an Army release. The entire migration is slated to be completed by the end of fiscal 2018.


Senate would trim president's defense IT budget by $500M
FCW
07/15/14

The Senate Appropriations Defense Subcommittee approved a bill July 15 that would provide $500 million less for defense IT than President Barack Obama’s budget requested.A bill summary provided by the subcommittee justified the lower figure -- which it said was 3 percent below the president’s request -- by saying, :trimming IT funding will help prioritize and better target non-cybersecurity IT investments in an era of fiscal constraint."


Senate bill proposes $61.6M in cuts to Pentagon IT programs
C4ISR & Networks
07/17/14

The Obama administration requested about $11 billion for all Defense Department information technology activities next year. However, in a report accompanying its 2015 military spending bill, the Senate Appropriations Defense subcommittee proposes several sizable cuts, and is calling on DoD to trim duplicative programs.


Identity management will get a mobile makeover by 2017
Information Week - Bank Systems & Technology
07/16/14

The proliferation of mobile devices has led to a new consumer paradigm -- many consumers think and act in a “mobile-first” way. In financial services, devices are moving from simple information servicesto transaction providersor more complex solutions, with adoption growing. A key building block to this trend is a high-quality method of determining identity. In the first of a two-part series, how mobile will change user authentication and risk management in financial services is explored.