Generic

Cybersecurity News

 

SASC: China-backed hackers penetrated TransCom contractor networks 20 times
Defense News
09/17/14

Chinese government-backed hackers accessed networks of private-sector firms with sensitive data about US military logistics nearly two dozen times in one year, says a report by the Senate Armed Services Committee (SASC).The committee determined senior brass at US Transportation Command, the military’s logistical hub, typically were unaware of the network violations. Collectively, the 20 contractor network penetrations “show vulnerabilities in the military’s system to deploy troops and equipment in a crisis.”


Attention, defense contractors: You've been hacked
Next Gov
09/17/14

China committed about 20 cyberattacks across a year-long period on defense contractors working with the government agency responsible for the transportation of military forces and equipment, according to a newly declassified Senate Armed Services Committee report.


Phishing campaign targeting financial and healthcare institutions
SC Magazine
09/15/14

Barracuda researchers have identified a spam campaign involving thousands of phishing emails being sent to financial and healthcare employees in the greater Boston, North Carolina, New York, Texas and Alabama areas.


JPMorgan shares information on recent cyber attacks
Security Week
09/16/14

JPMorgan Chase, one of the largest banks in the U.S., has confirmed that its systems were breached this summer, but investigators say there's no evidence that the attackers had gained access to highly sensitive information. The hackers reportedly penetrated roughly 90 of the company's servers, gaining access to the details of one million customers and information on installed software after obtaining high-level administrative privileges. Initial reports pointed a finger at cybercriminals believed to be from Russia or Eastern Europe. Investigators also believe a foreign government might have played a role in the operation. At least four other financial institutions are said to have been hit in the same attack.


George Mason University travel system targeted for malware attack
SC Magazine
09/12/14

George Mason University detected a malware intrusion into its travel booking system on July 16. No personal information is thought to have been viewed, but the incident could have affected up to 4,400 users of the university's travel request system.


Cloud computing under siege
FCW
09/12/14

By pooling computing resources, cloud computing not only offers significant cost savings over traditional software and hardware products, it facilitates innovation by allowing users, businesses and governments to procure, rapidly and cheaply, a diversity of software, analytics and storage services.But despite these considerable benefits, globally distributed cloud computing has come under threat. Over the past year, in response to mounting concerns over data privacy, data security and the rise of online surveillance, governments around the world have been seeking to pass new data protection rules which are likely to impose economic harm without achieving any of their stated goals.


US Official: Chinese want NSA cyber schools. Really.
Next Gov
09/17/14

Entrepreneurs in China have voiced support for improving the notoriously spotty relations between the U.S. and China in cyberspace, patterning Chinese courses on NSA-approved curricula, said Ernest McDuffie, head of the National Initiative for Cybersecurity Education.McDuffie, the top U.S. computer security education official, said Chinese universities are welcome to adopt the U.S. National Security Agency's cyber education program.


What DHS must do to expand cybersecurity information-sharing
Fed Tech
09/15/14

In the year since DHS expanded its voluntary Enhanced Cybersecurity Services program for sharing classified and unclassified threat indicators with critical infrastructure operators, only 40 critical infrastructure entities were participating in the program as of May 2014. These companies represent only three of the 16 designated sectors -- the defense industrial base, energy sector and communication services -- and only two are commercial services providers. Also, no additional providers have enrolled in the program since DHS took the reins in February 2013, so the DHS inspector general has recommended several ways to boost the program's participation rate and efficiency.


Vendor outreach key to unlocking federal cloud market
CIO
09/16/14

CIOs across the federal government have been working actively to incorporate cloud technologies, but the success and pace of those initiatives hinge on collaboration with the vendor community, federal IT leaders said at a recent cloud computing conference. They urged cloud service providers to offer agencies a glimpse of their roadmaps to help guide procurement strategies, which is often a byzantine process hampered by perpetual government tech talent shortages.


NIST offers help in securing printers, copiers, scanners from cyber intrusions
Fierce Government IT
09/15/14

Individuals and organizations need to be aware of the potential for printers, copiers and scanners being hacked. As such, the National Institute of Standards and Technology recently released draft guidance pointing out the risks and vulnerabilities of so-called replication devices, which increasingly also include 3D printers and scanners. Besides reminding people about potential cybersecurity problems, it offers advice on how such devices and information that's stored or transmitted can be better protected.


Geospatial Agency seeks small business innovation
Signal Online
09/01/14

The National Geospatial-Intelligence Agency is looking toward small business to provide vital technologies as the agency confronts budget constraints. Enticement efforts include targeted outreach, reshaped acquisition patterns and improved networking among potential contractors.


Making the health data move
FCW
09/15/14

In the over-the-rainbow nirvana of health technology, all data generated by patients, health records systems, consumer apps, medical devices and wearables will seamlessly interact, to the benefit of patient outcomes, clinical research and health care costs. But that dream is a long way off.A government agency is taking comments on a vision paper that spells out a 10-year plan for an ecosystem of interoperable health records.


DOD updates DISA's role as the department's cloud broker
Defense Systems
09/16/14

The Pentagon is refining the Defense Information Systems Agency’s role as the Defense Department’s cloud broker, while outlining how DOD agencies can acquire commercial cloud services. But DISA will continue to play a central role in DOD’s move to the cloud, evaluating and approving the security of commercial services and offering the department’s private milCloud.


DoD rescinds DISA cloud-broker memo
C4ISR & Networks
09/16/14

The Defense Information Systems Agency is no longer the Pentagon’s officially designated cloud broker. Defense Department officials have apparently rescinded the 2012 memo, signed by then-DoD CIO Teri Takai, that designated DISA as the priority choice for defense agencies seeking cloud services. The move was part of a broader military cloud strategy.


DOD communications: Bringing it all together
FCW
09/15/14

Unified capabilities (UC) refers to a series of IP-based services, including voice, video and instant messaging, designed to make internal DOD communications smoother and more secure. The Defense Department will open up its quest for unified capabilities to the private cloud if and when the NSA approves the project's security architecture. The Defense Information Systems Agency, the Army and the Air Force will likely put out a joint request for proposal for UC in the first quarter of fiscal 2015, a top Army official said Sept. 15.


With MAMA, U.S. Air Force aiming to raise cyber awareness on networks
Threatpost
09/15/14

The U.S. Air Force is attempting to enhance what it is calling cyber situational awareness in order to contend with “increasingly sophisticated” threats to its networks and systems. In a post on FedBizOpps.gov, the Air Force Research Laboratory’s Information Directorate announced it is soliciting white papers for a new program, dubbed MAMA, “Mission Awareness for Mission Assurance.” MAMA’s goal is to achieve mission assurance for military operations and automatically assess mission execution via the analysis of network traffic flows. MAMA will prioritize mission essential functions, map critical cyber assets and analyze and mitigate vulnerabilities and risks.


Army turns to industry for better cyber capabilities
Defense Systems
09/15/14

The Army Contracting Command-Aberdeen Proving Ground is looking for ideas, seeking white papers to identify potential sources for the procurement of cyber capabilities, according to a Request for Information solicitation. More specifically, the Army is studying industry feedback on cyber approaches that could be used for future strategic and protected cyber needs, according to the solicitation. Those approaches would focus on existing technical capabilities for defense against capabilities that exploit, deny or manipulate.


US Army plans to better manage cyber soldiers
Defense News
09/15/14

The US Army is closer than ever to introducing a cyber branch to better manage troops with highly sought skills in this area, according to a senior Army cyber official. The branch, called Career Management Field 17, will draw on experts from the intelligence and signals community for dedicated cyber forces, said Ronald Pontius, deputy to the commander of US Army Cyber Command.


Cyber airmen race to stay ahead of new threats
C4ISR & Networks
09/17/14

As cyber threats increase and become more sophisticated, airmen in the Cyber career field find themselves operating in a fast-paced environment just trying to stay two steps ahead.For months, the Air Force has been aggressively lining up airmen for the U.S. Cyber Command-operated Cyber Mission Force teams: 1,715 airmen will be part of the Defense Department initiative to recruit 6,000 personnel to be part of 133 joint mission teams.


NGI rolls out, FBI exploring more biometrics
Signal Online
09/16/14

The FBI’s Next Generation Identification (NGI) system went live recently, replacing the Integrated Automated Fingerprint Identification System and improving accuracy. According to experts, the new system offers 99.6 percent correct identification versus 92 percent with the former, and the NGI enables automation of 93 percent of searches. Other upgrades include connections with the National Palm Print System, an iris-modality repository and capabilities for more mobile detections, and even more advancements in biometrics identification are underway.


FBI facial recognition system ready for use
SC Magazine
09/15/14

The FBI has announced that it is prepared to roll out its new facial recognition system. The Next Generation Identification (NGI) system, which has more than 16 million face images, is intended to expand the agency's biometric identification program and ultimately replace its outdated Integrated Automated Fingerprint Identification System. According to the FBI, the agency believes that this is “a significant step forward” in “utilizing biometrics as an investigative enabler.”


Forget fingerprints, officials can track you all kinds of ways
Signal Online
09/16/14

Biometric identification moved past fingerprints long ago, and the range of modalities is helping the keepers of law and order make a big difference in several ways. Areas of growth include voice recognition software, facial recognition technology, finger vein identification, and eye scans (not necessarily of the iris, but of the area around the eye and the whites of the eye). So what’s next? According to one security expert, one of the big trends to watch is secure gesture authentication.


Intelligence community IDs cyber concerns
Signal Online
09/17/14

Sean Kanuck, national intelligence officer for cyber issues, Office of the Director of National Intelligence, says cyber pervades all other national security concerns, including biometrics. Every identity problem is a cyber issue going forward, because biometric and biographic information is collected and stored virtually. These systems have immense usage and hence are large targets for malicious activities, Kanuck explained. The country is at a critical juncture where innovation and the inability to protect systems of national security importance is a real problem. Kanuck urged developers of biometrics systems to consider emerging technical standards, policy, privacy and international issues.


DHS looks to replace IDENT
Signal Online
09/17/14

The Department of Homeland Security (DHS) is looking to replace its Automated Biometric Identification System (IDENT) in the next two to four years, an official with the department says. IDENT is DHS's central system for storing and processing biometric and associated biographic information for various homeland security purposes.


Apple Pay enabling biometric payments at the point-of-sale
Secure ID News
09/09/14

The latest set of iPhones will include near field communication and consumers will be able to pay by using the Touch ID sensor built into the handset. The Apple Watch, a new wearable from the computing giant, will also have NFC and enable payments. The iPhones 6 and 6 Plus will both include NFC and a secure element that will store all the payment card data.

Wearables Hardware a $53B Market by 2019
Datamation
09/12/14

A new forecast from technology analyst firm Juniper Research suggests that Apple's recent move into wearables is a smart and potentially lucrative one. Global retail sales of wearable devices will reach $53.2 billion by 2019, the market research firm predicted. This year the market is expected to reach $4.5 billion in sales.


Firefighters use Special Forces gear to stay connected
Popular Mechanics
09/10/14

In 2013, a fast-moving brushfire trapped Arizona fighters in a canyon, and although other firefighters tried to rescue the team, the smoke made aerial observation impossible, and calls over the radio went unanswered.In response to the disaster, the Defense Advanced Research Projects Agency (DARPA) began developing the Fire Line Advanced Situational Awareness for Handhelds (FLASH), a civilian version of the system used by special operators in areas without communications infrastructure. FLASH uses a Wave Relay radio, developed by Persistent Systems, to form a mobile comms network that can bounce signals between nodes and then over and around obstacles.


Retail breaches could spur channel business, modernized payment systems
CRN
09/11/14

The retail industry, reeling from a litany of recent credit card breaches, could finally get a long-awaited injection of data protection technology, creating opportunities for solution providers that specialize in data security, compliance assessments and modern payment terminal deployments.Target, Home Depot and other large retailers will be among the first to roll out terminals that support chip-and-PIN cards, but the technology alone doesn't provide the data security benefits, say solution providers. One expert says ewly manufactured, encrypted payment terminals would provide the greatest benefit in reducing fraud and help ease the barrage of data breaches.


What’s really driving cyberattacks against retailers
The Washington Post
09/11/14

Security researchers say they've uncovered links to commentary that accuses the United States of fomenting unrest around the world in the code of the malware believed to have been used in a string of data breaches at U.S. retail stores over the past year. But these links don't necessarily mean that ideology was the driving force behind the hacks. Instead, the key motivator was likely financial gain.


Chinese hacking groups team up against government, military Systems
Threat Post
09/11/14

Two Chinese cyber espionage campaigns are working in tandem in hopes of sniffing out trade secrets from surrounding nations. Researchers from FireEye outlined information about the two attack groups Sept. 10 in advance of a more comprehensive report. Both groups are based on the Chinese coast and are likely targeting intelligence from countries surrounding the South China Sea such as Japan and Taiwan, according to FireEye.


Did NATO drop the ball on cyber defense?
Next Gov
09/11/14

Cyber defense capabilities are necessary for NATO to carry out its mission. But at the recent NATO Summit in Wales, the alliance missed the opportunity to address how to deal with a potential cyber attack that could be the result of new defense posture announced at the summit. NATO must expeditiously operationalize the Enhanced Cyber Defense Policy endorsed at the summit, which reinforces that NATO members will work together to build up the alliance’s cyber defenses. Protecting its member nations entails having its communications, troops, and command and control structures protected against cyber threats.


CDM dashboard stirs second contractor controversy
FCW
09/12/14

The inspector general at the General Services Administration is assessing claims raised by security technology vendor Agilance, which says contractors for the Department of Homeland Security's continuous diagnostic and mitigation (CDM) dashboard are engaged in questionable cross-marketing activities.


DHS S&T chief plans for more relevant research, better employee morale
Federal News Radio
09/12/14

The Homeland Security Department's new science and technology chief says he has a plan to turn around an organization that outside auditors say is out of touch with its customers and has numerous duplicative projects, poorly-tracked investments and rock-bottom workforce morale.Dr. Reginald Brothers outlined an agenda Sept. 9 that would reduce the department's overall number of research programs and make the remaining ones more impactful and more strategically focused.


Data governance issues slowing US fed move to cloud
Business Cloud News
09/11/14

Nearly ninety per cent of federal government IT professionals are apprehensive about migrating their agencies’ systems to the cloud, with many migration projects still being held up by cloud-related data governance challenges, recently published research by MeriTalk reveals. Research by the same firm earlier this summer suggests these agencies could be missing out on roughly $19 billion in savings.


'You need to talk in terms of operational impact'
FCW
09/11/14

When Richard Spires was CIO at the Department of Homeland Security, getting funding was a difficult matter.Part of the issue, Spires and other former agency IT leaders at a recent cybersecurity conference said, was that legacy systems consume a large share of budgets, and that there is constant pressure to shift remaining money into new systems and new functionality. Because cybersecurity spending is generally invisible when it succeeds, Spires said, "it's always going to be a struggle, because you're always buying insurance." The key challenge for CIOs and other IT leaders, therefore, is to put the costs, risks and benefits of cyber into a context that non-technical executives can understand.


Modernizing VistA: Enabling scalable interoperability in a legacy system
GCN
09/11/14

The Veterans Health Information Systems and Technology Architecture (VistA) is the VA’s enterprise electronic health record system that tracks clinical treatment and care information.The Department of Veterans Affairs is in the midst of an evolution as it continues efforts to modernize and ensure the long-term viability of VistA to meet the healthcare needs of the nation’s military veterans.While the technical challenges are formidable, leveraging cutting-edge tools and platforms can be part of the solution for achieving fast, secure and scalable interoperability within the mission-critical legacy system.


Administration renews call for cyber legislation
FCW
09/11/14

Top Department of Homeland Security officials have renewed their calls for Congress to pass cybersecurity legislation to strengthen DHS’s ability to mitigate cyberattacks. The House has passed bills designed to boost information sharing, advance cyber technologies, improve the DHS cybersecurity workforce and give DHS some of the codified authority it seeks.The Senate has been slower to act, but DHS Secretary Jeh Johnson said Congress can rally around "areas of strong consensus" by passing legislation: codifying DHS’s cybersecurity responsibilities, making it easier for DHS and the private sector to collaborate on cybersecurity, and improving the department’s ability to hire top cyber talent.


U.S. at risk if cybersecurity bills stall, according to Congressional Republicans
Bloomberg BNA
09/10/14

The nation will be at serious risk if the current Congress fails to reach an agreement on cybersecurity legislation, Republican leaders of the House and Senate Intelligence Committees said Sept. 10, citing mounting attacks against U.S. companies.House Intelligence Committee Chairman Mike Rogers (R-MI) and Senate Intelligence Committee Vice Chairman Saxby Chambliss (R-GA) are pushing legislation to provide liability protection to companies that share cyberthreat data with government and industry partners. They urged final passage during the “lame-duck” period that follows the November elections, conceding that Congress is unlikely to get to the issue before that time.


DISA cloud brokering up in smoke
Signal Online
09/11/14

The Defense Information System Agency (DISA) had been identified as DoD's cloud broker, but that has been rescinded, reports Lt. Gen. Mark Bowman, USA, director, command, control, communications and computers/cyber and chief information officer, Joint Chiefs of Staff. He offered no other details on how or why it was rescinded, but he predicted that lower budgets next year will drive innovation and greater sharing within the Defense Department. Some services, he said, can be run “to standard” in a commercial environment.


DISA kicks off IT contract to support Cyber Command
Next Gov
09/12/14

The Defense Information Systems Agency launched Sept. 11 what it described as the first omnibus contract to provide a wide range of information technology services to the U.S. Cyber Command, including assistance for offensive and defensive cyber operations DISA said the indefinite delivery, indefinite quantity IT contract is open only to small businesses, with some of the tasks currently performed by large contractors, such as a security program that shares information with the Defense Industrial Base. The contract will streamline acquisition of cyber-related services and will provide support across multiple technical and nontechnical 55 disciplines under a centralized structure.


DISA to launch first round of JRSS network upgrades
Signal Online
09/09/14

The U.S. Defense Department is primed to take a first step toward the realization of the colossal concept of connecting its entire network system under the Joint Information Environment (JIE). For more than a year, the Defense Information Systems Agency (DISA), along with the Army, Air Force and defense contractor Lockheed Martin, has worked on the joint regional security stacks (JRSS), a key upgrade to streamline network operations and, officials say, improve security.To begin with, DISA will migrate network users from their as-is infrastructure and security posture to the JRSS, beginning now at Joint Base San Antonio in Texas.


DoD ramps up security as it drifts toward cloud
E-Commerce Times
09/14/14

The Defense Department is committed to pursuing cloud-based services and steadily has been improving its capabilities to utilize the technology . The latest evidence of DoD embracing the cloud is its approval of a protocol that will facilitate the use of the technology at higher security levels. DISA wants to pursue a three-part cloud strategy, said Deltek's Alex Rossino: "One is the use the agency's [IaaS] milCloud offering for DoD customers. The second is use of a commercial cloud infrastructure 'inside the DoD fence line' for cybersecurity purposes, and the third is use of purely commercial cloud solutions for publicly releasable data. This leaves a lot of room for multiple players."


Army Contracting Command running through the doors that cloud opens
Federal News Radio
09/11/14

The Army Contracting Command (ACC) will remove those bulky desktop computers from underneath most of its employees' desks in the coming year or so. The ACC is preparing to go to a zero-client setup for its computer network.Gino Magnifico, the chief information officer of the Army Contracting Command, said the command's move to the cloud in 2010 really set the stage for the decision to give employees a monitor, keyboard and mouse, and remove the rest of the computer from their desks.


Army cyber chief: Let's get closer to industry
Defense News
09/11/14

To keep pace with rapid changes in the cyber domain, the military needs “a much tighter relationship between industry and government,” the head of U.S. Army Cyber Command said Sept. 11.Lt. Gen. Edward Cardon said there were opportunities for industry to develop network infrastructures, operating systems and applications — and that past collaboration on a training environment had worked well. A central clearinghouse for industry to access the service’s cyber requirements is in the works, Cardon said.


DOD Deputy CIO: 'Cybersecurity should vary by mission'
FCW
09/10/14

The different levels of mission risk at the Defense Department have posed a major challenge to building out DoD's cybersecurity posture. Now, according to Deputy CIO Richard Hale, DoD is trying to rework its computing and wide area network infrastructure in order to have a "more sophisticated notion of zoning by mission risk."That involves cleaning up the server computing side of things and distinguishing it from the user computing side. Without achieving that, Hale said, DoD will never be able to go fully mobile. Moving to a Joint Information Environment would also position DoD to take more advantage of mobile and cloud, according to Hale.


Naval Academy works on accrediting cyber major
Navy Times
09/08/14

A Naval Academy dean said Sept. 8 that he hopes cybersecurity, a field of increasing importance to national security and civilian computer networks, can be accredited as a major by the time the academy’s first cybersecurity students graduate in 2016. The academy wants to be among the first to receive such accreditation.


Why email is worth saving
Dark Reading
09/12/14

Contrary to popular opinion in some quarters, email is not dead. Email is the unsung hero of the global economy, the rusty workhorse that will likely be around forever. Facebook, Snapchat, Whatsapp, and other nominal email replacements are completely inadequate for personal B2C communication and sensitive P2P messaging, not to mention robust B2B communication. Email is worth saving and protecting and there is an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery --Domain-based Message Authentication, Reporting & Conformance (DMARC) -- which is an emerging email delivery standard that has shown much progress and potential.


Identity Management in the age of wearable technology
Tech Radar
09/13/14

Given Apple's track record, it is likely that the Apple Watch is going to accelerate the adoption of wearable technology.Although many focus on the potentially negative impact of wearable technology, including security risks and network overload, it should also be seen as a great opportunity. The list of connected devices will keep growing, as will the list of commercial opportunities for companies willing to invest in consumer-facing identity software. As more and more organizations today go through digital transformation, identity software is becoming the critical technology that securely bridges cloud, mobile and Internet of Things (IoT) offerings – and this now includes wearable devices.


Intel wants biometrics to replace passwords
BiometricUpdate.com
09/11/14

An Intel executive says that the company is currently working on a facial recognition system as security measure for its users that will replace the existing password system.The official said the system will enable users to log into their devices and websites using their face as an identity authentication tool.


Surge in cyberattacks targeting financial services firms
Help Net Security
09/08/14

According to a Kaspersky Lab and B2B International survey of worldwide IT professionals, 93% of financial services organizations experienced various cyberthreats in the past 12 months. And while cyberattacks targeting financial services firms are on the rise, nearly one out of three still don’t provide protection of users’ endpoints or implement specialized protection inside their own infrastructure. This lack of action to protect themselves from attack is causing many businesses to lose faith in financial firms.


Home Depot confirms breach
Computer World
09/08/14

After nearly a week of investigation, Home Depot confirmed Sept. 8 that intruders had indeed broken into its payment networks and accessed credit and debit card data belonging to an unspecified number of customers who shopped at its U.S. and Canadian stores. However, the statement announcing the breach did not detail the number of stores affected or the total number of cards compromised.


Raising the stakes: NATO says a cyber attack on one is an attack on all
Defense Systems
09/08/14

NATO’s new cyber defense policy will consider cyber attacks that threaten a member’s security to be on par with traditional attacks – and may now provoke collective defense from the alliance’s 28 members. The new policy means that a significant cyber attack on any member of the alliance could be viewed as an attack on all, per Article 5 of the NATO charter.


SACT and the Estonian Minister of Defense sign an agreement to establish the NATO Cyber Range Capability
NATO (news release)
09/08/14

During the recent NATO Summit in Wales, the Alliance officially established a Cyber Range Capability. A Memorandum of Understanding signed by the Supreme Allied Commander Transformation with the Estonian Minister of Defense details arrangements for NATO's use of the Estonian Defense Forces' national cyber range facility.


U.S. grid safe from large-scale attack, experts say
Politico
09/10/14

The specter of a large-scale, destructive attack on the U.S. power grid is at the center of much strategic thinking about cybersecurity. But a half-dozen security experts interviewed for this article agreed it’s virtually impossible for an online-only attack to cause a widespread or prolonged outage of the North American power grid. Even laying the groundwork for such a cyber operation could qualify as an act of war against the U.S. — a line that few nation-state-backed hacker crews would wish to cross.


Salesforce.com says wearables push catching on with customers, partners
CIO
09/03/14

A few months after launching a developer toolkit for writing apps that run on wearable devices, Salesforce.com says the concept is gaining traction with customers and partners. The initiative, which is called Wear, launched with a number of hardware partners.A Salesforce.com executive says that while much of the interest in wearables to date has centered on consumer applications, there’s a wealth of potential for the enterprise as well.


Cyber breaches rare among U.S. state-registered investment advisers : study
Reuters
09/10/14

Cyber security breaches are rare among investment advisory firms registered with U.S. states, but improvements to technology and procedures could still bolster protection of client information, state securities regulators say. Just 4 percent of advisers reported having a "cyber security incident" during the years in which they have been registered in their respective states, according to a study by the North American Securities Administrators Association (NASAA).


WH Official: Cyber Coverage Will Be a Basic Insurance Policy By 2020
Next Gov
09/08/14

There isn't a market for cyber insurance yet — not for lack of interest, but because of the lack of data on the odds companies will be breached and the true costs of those hacks.However, a White House cyber official predicts that, by 2020, private firms will be buying cybersecurity insurance when they sign up for product liability coverage and other basic policies.Responding to earlier calls that the government initially guarantee coverage, she said the marketplace is “really growing quite a bit” today without government intervention.


What happens when a car is hackable? Science agency spends $1M to find out
Next Gov
09/09/14

Ryan Gerdes of Utah State University is using a $1.2 million grant from the National Science Foundation to look at various cybersecurity threats that could target the autonomous (self-driving) vehicle of the future.


Hackers attacking Israeli think tank aren’t interested in state secrets
Next Gov
09/09/14

The website of a respected Israel-based foreign policy institute -- the Jerusalem Center for Public Affairs -- has been infected with code that is trying to steal bank account information from visitors. The campaign looks like an “advanced persistent threat-style attack” devised to siphon intelligence from government officials browsing the site, but “the threat is ultimately designed to pilfer banking credentials,” Kaspersky Lab reports.


Report: Agencies aren’t properly vetting all cyber contractors
Next Gov
09/09/14

The latest federal audit of agency cybersecurity finds that while vendors operating systems that handle government data are required to take security precautions, most agencies are not making sure they do so. The deficiency is significant because contract employees make up a third of the total federal cyber workforce, according to the Government Accountability Office (GAO).


Officials worry about 'cyber Fort Hood'
Politico
09/09/14

The most dangerous cybersecurity threat facing U.S. military and intelligence agencies might not be another Edward Snowden aiming to steal secrets, but rather a rogue IT administrator bent on destruction of critical infrastructure, according to a senior Intelligence official who described such an attack as a potential “Fort Hood in cyberspace.” Given the right access and skills, a federal IT administrator or other computer worker could be able to shut down government computers, disable military navigation systems, or even destroy critical infrastructure like power plants or oil refineries causing extensive loss of life.


Is there any part of government that hasn’t been hacked yet?
Next Gov
09/10/14

A government cybersecurity official told Congress Sept. 10 that DHS’ National Cybersecurity and Communications Integration Center (NCCIC) has already responded to more than 600,000 cyber incidents this fiscal year. A top FBI cyber expert told the same committee that any part of government that hasn’t been hacked yet probably has been hacked – they just haven't realized it yet - and the only way to stay ahead of the evolving threats is to collaborate and share information with the private sector.


Sandia cyber-testing contributes to DHS Transition to Practice
Sandia National Laboratories (news release)
09/10/14

Through the Department of Homeland Security’s Transition to Practice (TTP) program, cybersecurity technologies developed at Sandia National Laboratories — and at other federal labs — now stand a better chance of finding their way into the real world. The innovative TTP program, spearheaded by the department’s Science and Technology Directorate (S&T), helps move federally funded cybersecurity technologies into broader use.


Senate panel assesses cyberthreats
Gov Info Security
09/10/14

At a Senate Homeland Security & Government Affairs Committee hearing the day before the 13th anniversary of the Sept. 11 terrorist attacks, representatives of the FBI and the Department of Homeland Security joined panel chairman Tom Carper (D-DE) and ranking member Tom Coburn (R-OK) in stressing the need to ramp up efforts to repel emerging cyberthreats. Coburn expressed disappointment that cyber threat information sharing legislation hasn't been put on the floor for a vote in the Senate.


Expectations low for cyber legislation
Gov Info Security
09/09/14

Congress isn't ignoring cybersecurity as lawmakers return to Washington, with several hearings on cyber matters scheduled. But it's unlikely the House or Senate will vote on any significant cybersecurity legislation before they adjourn later this month in advance of the fall election. Cybersecurity is seen as a growing concern among lawmakers, but it pales when compared with other issues Congress must confront in the next few weeks.


Amid shrinking budgets, DISA turns to the commercial cloud
Defense Systems
09/04/14

Sequestration and more budget cuts are driving the Defense Information Systems Agency to cut out costs in its milCloud program and other areas, while looking to commercial solutions, said Maj. Gen. Alan Lynn, the agency’s vice director.In a speech Sept. 4, Lynn reassured industry that as sequestration approaches, the agency will be considering cheaper, commercial supplements to DISA’s cloud-services product portfolio, milCloud.


US Army activates its first cyber protection brigade
Defense News
09/10/14

The US Army on Sept. 5 activated a new Cyber Protection Brigade — the first of its kind in the Army — at Fort Gordon, Georgia.The brigade is made up of Cyber Protection Teams, manned by a mix of soldiers and civilians. The brigade will have 20 of these teams, each with about 39 personnel. The teams will conduct defensive cyberspace operations in support of joint and Army missions, according to information from Army Cyber Command.


NGEN transition on track, program ready for potential changes
Signal Online
09/10/14

The U.S. Navy’s Next Generation Enterprise Network (NGEN) is on schedule to complete its transition on October 1. While the transition has not been without unexpected challenges, it has been relatively seamless to the user, officials note. The transition has reached 74 percent of its seats and more than 90 percent of its overall activity. Officials say NGEN should be “flexible and agile” enough to address changing Navy missions and force structure, including the ability to modify the contract if necessary.


The positive side of cyber
Signal Online
09/09/14

All too often, the topic of cyber presents a negative view of vulnerabilities and attacks, but cyber has a positive role to play in national defense, said Lt. Gen. Edward Cardon, USA, commanding general, U.S. Army Cyber Command, who spoke at AFCEA TechNet Augusta.And it’s not just a DoD issue, he noted, saying he works closely with DHS and Justice Department, and that “As we go forward, common concepts, operations, partnerships and collaboration are critical.”


Smart technology tracks hospital patients
Fox News
09/04/14

Across the country, whether it is in the form of a bracelet ID or smart ID tags affixed to bags of blood, IV bags or surgical tools, hospitals and health care organizations are adding smartcard technology to their IT mix. Hospitals, physicians and clinics are currently implementing smartcards in combination with identity software solutions.


Forget your password? No problem -- here are 4 body parts that could authenticate your identity online
Next Gov
09/08/14

Banks and online retailers—who have the most to lose from hacks—know that no matter how much they ask users to think up a password with capitals, numbers, characters, and obscure phrases in Tagalog, passwords will always remain weak and prone to hacking. So if thoughts from inside your head won’t cut it, perhaps actual body parts will. Here are four examples which some people think might replace passwords for good.