House says unclassified network hit in cyberattack
An unclassified portion of the White House network has been hit with what
appears to be an ongoing cyberattack. Efforts to mitigate the threat have
resulted in temporary system outages and loss of network connectivity for some
users, a National Security Council spokeswoman confirmed Oct. 29. The attacks
have not caused any damage to White House computers or systems, though some
elements of the unclassified network have been impacted, the official said.
White House network
breach was likely nation-sponsored
Help Net Security
The White House has reportedly confirmed that the unclassified Executive
Office of the President network was breached by unknown hackers. People in the know speculate the attackers work
for the Russian government. It will be hard - if not impossible - to prove the
origin of the attack and pin it to a specific group or state, and another thing
that is yet unknown is what the attackers were after and what information they
managed to access.
the White House hackers gone?
Efforts to suppress abnormal behavior on an unclassified White House
network continue, according to Obama administration officials. "When we identified the activity of
concern, we took immediate measures to evaluate and mitigate the
activity," said a senior administration official who repeatedly declined
to answer whether the suspicious activity has been eliminated. So it’s possible
the unnamed attacker is still there.
White House networks hacked
The FBI, Secret Service and NSA are investigating a recent breach into
unclassified White House networks. A third party alerted the White House of the
breach two or three weeks ago, noting that the breach led to some temporary
disruptions of service, but no networks were taken down, and no classified
networks were breached. Few details have been released, and the party
responsible for the breach is unknown. Some analysts believe Russian hackers
are responsible, either rogue or state-sponsored.
warns of ongoing attack campaign targeting industrial control systems
The Department of Homeland Security's ICS-CERT (Industrial Control Systems
Cyber Emergency Response Team) has issued a warning about an ongoing attack
campaign targeting industrial control systems. According to ICS-CERT, the
campaign has compromised numerous industrial control systems environments and
has been ongoing since at least 2011.
now actively sharing cyberthreat intelligence
The retail industry's new cyber threat intelligence-sharing program, the
Retail Cyber Intelligence Sharing Center (R-CISC), has been up and running for
four months now and is looking for more retailers to sign up.
Street watchdog to bolster reviews of brokerage cyber security
Wall Street's industry funded watchdog plans to intensify its scrutiny of
cyber security practices at brokerage firms in 2015 and is hiring technology
savvy examiners to help boost its efforts. The Financial Industry Regulatory
Authority (FINRA) is in the midst of developing its so-called "examination
priorities" for 2015, and plans to publish its examination priorities in
officials urge more govt-business cooperation on cybersecurity
U.S. officials on Oct. 28 urged corporate America to work with the
government to fend off cyber threats and said intelligence and law enforcement
authorities are working to get useful information to companies about potential
attacks.This is shown in part by the
FBI having presented more than three dozen classified, sector-specific threat
briefings to companies in the past year.
identifies cyber espionage group possibly tied to Russian government
The country of Georgia and the Caucasus, Eastern European governments and
militaries, and various security-related organizations including the North
Atlantic Treaty Organization (NATO) have been the targets of a cyber espionage
group – referred to as APT28 – that is believed to Russian, according to
FireEye. APT28 is believed to have been operating since at least 2007, and its
targeting, malware, language, and working hours has led FireEye to believe that
the group is sponsored by the Russian government.
spending forecast: Slow growth ahead
Federal IT spending will grow very slowly over the next five years, with
growth on the civilian agency side slightly outpacing that of defense-related
agencies, predicts trade association TechAmerica in its latest annual forecast.
Federal spending on all IT programs in
2015 is estimated to hit roughly $80 billion, of which roughly $74 billion is
for unclassified programs, and does not include billions of dollars’ worth of
IT spending embedded in mission-focused programs.That $74 billion figure is down from roughly
$88 billion five years ago and is projected to slowly rise to $84 billion by
2020, for a compound annual growth rate of 2.6 percent.
The number of industries getting classified cyberthreat tips from DHS has doubled since July
toasters, medical devices add to DHS' cyber headaches
Federal News Radio
Cars, medical devices and even toasters are among the facets of life that are
quickly becoming Internet based. This is why the Homeland Security Department
already is working on cybersecurity technologies for these and many other
everyday devices. The director of DHS's
Science and Technology Directorate's Cybersecurity Division said the largest
number of white papers received from the June broad agency announcement to
award $95 million in cyber R&D funding came under the cyber physical systems
lays out roadmap for cloud computing
NIST has released the final version of its Cloud Computing Technology Roadmap
Volumes I and II, the culmination of a three-year old effort to assess and set
objectives for the accelerated adoption of cloud computing in government.The first volume identifies 10 requirements
NIST believes are necessary to maintain innovative cloud adoption across
government. The second volume is designed to be a technical reference for those
actively working on strategic and tactical cloud computing initiatives.
Offensive: Senate intel leaders push for US Chamber's help on cyber bill
The chairwoman and vice chairman of the Senate Intelligence Committee, Sen.
Dianne Feinstein (D-CA) and Sen. Saxby Chambliss (R-GA) told a U.S. Chamber of
Commerce audience that their support would ensure the Senate votes after the
November 4 election on a cybersecurity threat information sharing bill.
declassifies its long-awaited joint doctrine for cyberspace operations
Federal News Radio
The Defense Department has just posted an unclassified version of its joint
military doctrine for cyberspace operations. Joint Publication 3-12 was first issued in
March 2013 but was marked as secret. It's clear DoD is trying to consolidate
all of its thinking on cyberspace operations into one cohesive document. Cyber
doctrine until recently has been scattered across 16 different joint pubs and
dozens of other service-specific documents.
Clarifying DISA's cloud computing
Terry Halvorsen, the Defense Department’s acting CIO, is expected very soon to
release a new policy revising the role DISA plays in brokering cloud services.
The changes are designed to speed cloud service acquisitions by preventing
bottlenecks created by having only one agency act as broker. DISA no longer
will be the sole acquisition agency, but it will continue to ensure network
access to cloud service providers is secure and reliable.
DISA shops for
expansion of its classified commercial smartphone service
Federal News Radio
DISA is looking for a vendor that can support up to 2,000 smartphones that
store and transmit classified data, part of DoD's gradual evolution beyond the
SME-PED, a $3,000 handheld that only runs on 2G networks. In a sources sought notice, officials said
they're planning a procurement for the back-end infrastructure necessary to
support classified data on commercial devices, but the notice also pointed out there's
only one security technology that's been approved so far by the NSA for
transmission of classified data across commercial networks.
mobile update: BlackBerry still dominates
DISA officials say BlackBerry devices in use by the Defense Department total
85,000 -- slightly more than 10 times the number of Apple and Android devices
fielded today. DISA currently supports 270 secret classified mobile devices and
expects that number to grow to 1,500 by the end of 2015. There are 4,000 Apple
and Android devices on the unclassified network, a number that should grow to
40,000 by the end of 2015. DISA is also testing mobile gear that can operate in
top-secret network environments.
leaders try to speed IT acquisition by reinterpreting the FAR
Under ideal circumstances, it takes about six months for the Navy to move from
knowing what it wants to buy to awarding a contract, but a key Navy official
admits that just won't cut it when it comes to IT and cybersecurity due to the
rapidity with which IT can become outdated and cyberthreats can magnify. Navy
officials have two options for getting the Federal Acquisition Regulation to
help them buy IT and cybersecurity-related products and services more quickly.
Security Standards Council releases guide for building security awareness programs
The PCI Security Standards Council has published guidance to help businesses
build information security awareness programs. 'Best Practices for Implementing
a Security Awareness Program' has recommendations for educating staff on
protecting sensitive payment data. The
guidance was developed by retailers, banks and technology providers, and
focuses on three key areas: assembling a security awareness team; developing
appropriate security awareness content for the organization; and creating a
security awareness checklist.
& PIN vs. Chip & Signature
Krebs on Security (blog)
The Obama administration recently issued an executive order requiring that
federal agencies migrate to more secure chip-and-PIN based credit cards for all
federal employees that are issued payment cards. The move marks a departure
from the far more prevalent “chip-and-signature” standard, an approach that has
been overwhelmingly adopted by a majority of U.S. banks that are currently
issuing chip-based cards. This post seeks to explore some of the possible
reasons for the disparity.
Orgs choose network
performance over security
Help Net Security
An alarming number of organizations are disabling advanced firewall features in
order to avoid significant network performance degradation, say the results of
the Network Performance and Security report unveiled Oct. 29 by McAfee. Sixty
percent of the 504 IT professionals surveyed said design of their company’s
network was driven by security, but more than one-third of respondents admitted
to turning off firewall features or declining to enable certain security
functions in an effort to increase the performance of their networks.
IT is losing the
battle on security in the cloud
Help Net Security
A majority of IT organizations are kept in the dark when it comes to protecting
corporate data in the cloud, putting confidential and sensitive information at
risk, according to a recent Ponemon Institute survey of more than 1800 IT and
IT security professionals worldwide. The
research indicates that while organizations are increasingly using cloud
computing resources, IT staff is having trouble controlling the management and
security of data in the cloud.
services ranks cyberattacks top industry worry
The financial services industry -- one of the most security-savvy and
security-forward verticals in the world -- is increasingly getting nervous
about cyberattacks. A new report by the Depository Trust & Clearing
Corporation (DTCC) for the third quarter of 2014 found that 84% of financial
firms ranked cyberrisk as one of their top five concerns, up from 59% in the
first quarter of this year. A DTCC
official noted "No institution -- large or small, public or private -- is
immune to a potential cyberattack."
Why it’s not just about technology
The current defenses of U.S. organizations -- both public and private -- do not
rival the skill, persistence and prowess of those who seek to wreak havoc on
our information-technology infrastructure and operations. What many
organizations are doing in response to this growing and pervasive threat often
stops with efforts to secure their systems through technology without a
continued focus on building and sustaining a culture of deterrence and
vigilance. The problem with this approach is that attackers and their tools are
always changing.To protect their
systems from attacks, organizations need to build a culture of risk management
from the ground up.
'Massive' switch to new credit cards
Consumers can expect a flurry of thick, credit-card-carrying mail as some banks
attempt to get high-tech chip cards into their hands before the holidays. The
catalyst: A series of high-profile security breaches at U.S. retailers caused
an acceleration of a multi-year transition to the chip-and-pin technology.
Firms from half of the nation’s 16 key industries, including wastewater and banking, have paid for special technology to join a voluntary Department of Homeland Security program, previously exclusive to defense contractors, that shares classified cyberthreat intelligence. Cleared Internet service providers participating in the Enhanced Cybersecurity Services initiative feed nonpublic government information about threats into the anti-malware systems of critical sector networks. As of July, only three industries – energy, communications and defense – were using the service.
China launches MitM attack on iCloud, Hotmail users
The Chinese government has started launching cyberattacks against Apple customers just as the company announced the availability of the latest iPhone in the country, according to a non-profit that monitors online censorship in China. It appears local authorities have initiated man-in-the-middle (MitM) attacks against customers of Apple's iCloud in an effort to obtain account login credentials and gain access to the data stored by users in the cloud service.
Auditors shine light on vulnerabilities in FDA computer network
Fierce Government IT
Vulnerability testing of the Food and Drug Administration's computer network found several deficiencies that could potentially be exploited by attackers, but auditors did not gain unauthorized access to the network via penetration testing.Several days before the HHS Department Inspector General's Office test, the IG noted that a wide-scale cybersecurity breach involving an FDA system was detected, exposing sensitive data in 14,000 user accounts.
More hackers targeting mobile phones to get bank info, survey says
Hackers are increasingly targeting mobile phones to get into bank accounts of victims and steal money, according to a report by Kaspersky Labs with Interpol. It found that 60 percent of the malicious programs targeting Android devices were designed to steal money or banking credentials. The report focused on Android, which accounts for roughly 85 percent of the mobile device market and 98 percent of mobile malware. Like other online operations, hackers are moving into mobile because more users access the Internet from these devices.
U.S. government probes medical devices for possible cyber flaws
The U.S. Department of Homeland Security is reportedly investigating about two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment that officials fear could be exploited by hackers.The products under review by the agency's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.
Wearable device adoption following tablets' lead: PwC
Wearables are well on their way to following tablets as the next hot product category. A new report from PricewaterhouseCoopers (PwC) indicates that 20 percent of U.S. adults already own a wearable device. It's a figure that matches the adoption rate of tablets in 2012, and like tablets, the number is expected to quickly rise -- but not without some challenges along the way.
Russia ruled out as culprit in Chase cyber security breach, U.S. officials say
The Russian government has been ruled out as sponsor of a cyber attack on JPMorgan Chase & Co disclosed in August, U.S. law enforcement officials said Oct. 20.Officials from the FBI and Secret Service announced that authorities believe the attack was the work of cyber criminals. Early news reports in August said investigators feared the attack was conducted on behalf of the Russian government as retribution for economic sanctions imposed by the U.S.
Obama's executive order on payment fraud falls short on boosting security, say experts
The Obama administration issued an executive order last week that forces federal agencies to purchase new payment terminals that support "enhanced" security features, but experts say the directive stops short of requiring fully activated encryption and other security measures that would reduce the risk of a data breach.
PCI security council welcomes Obama executive order on EMV
The Payment Card Industry Security Standards Council (PCI SSC) has welcomed US President Obama’s executive order to speed up the adoption of cards that reach the Europay, MasterCard and Visa (EMV) standard in the US. EMV is a global standard for the inter-operation of integrated circuit cards, known as chip and PIN, in the UK.
White House gives agencies the lead role in combating ID theft
Federal News Radio
New, more secure government credit cards and multi-factor authentication for federal websites dealing with sensitive citizen data are two ways the White House wants the government to lead a nationwide effort to reduce identity theft and fraud.President Obama's recent Executive Order outlined a series of steps with deadlines to transition to more secure online transactions under a new Buy Secure initiative. Federal cybersecurity experts acknowledged the order with a combination of satisfaction and frustration.
NIST's cloud computing roadmap details research requirements and action plans
NIST (news release)
The National Institute of Standards and Technology (NIST) has published the final version of the US Government Cloud Computing Technology Roadmap, Volumes I and II. The roadmap focuses on strategic and tactical objectives to support the federal government’s accelerated adoption of cloud computing, and leverages the strengths and resources of government, industry, academia and standards development organizations to support technology innovation in cloud computing.
Feds urge early cooperation in malware investigations
Though the recently publicized hack of J.P. Morgan was a fresh reminder that financial services are always in the crosshairs of cyber criminals, the sector's information-sharing center has been praised for building resiliency against threats.Law enforcement officials made the case at an Oct. 20 conference on cybercrime that this resiliency was due, in part, to public-private cooperation and aggressive federal prosecution of cybercriminals.
Mobile devices will transform how government fieldwork gets done
Next Gov (op-ed)
Using mobile devices like iPads and iPhones can make government field workers more efficient in creating reports and reducing paperwork, and they become even more powerful when they provide analytics to uncover hidden relationships and critical information. The ability to automatically analyze multiple pieces of data across multiple systems of record and combine that with real-time information collected by the user, can help provide previously unknown new insights and recommendations.
The future of government technology and the role of the IT department
New innovations for government are beginning to move at an accelerating pace. The next five to ten years will be a critical renaissance period for federal IT, transforming the way agencies use IT to fulfill their missions.This will happen in spite of the fact that many federal agencies continue to face ongoing budget challenges. The transformation of government IT in the coming years will allow agencies to be more efficient and effective, while still being very responsible with public dollars.
Will new commercial mobile encryption affect BYOD policy?
While law enforcement is up in arms about new default data encryption on Apple iOS and Google Android devices, experts say the policy could have some benefits for federal mobility as well.
Senators push for ‘Internet of Things’ hearing
A bipartisan group of lawmakers on the Senate Commerce Committee wants Chairman Jay Rockefeller (D-WV) to hold a hearing on the millions of new connected refrigerators, cars and other devices, warning that the so-called “Internet of Things” is “sparking a number of important policy questions” about security and privacy.The proliferation of “smart” appliances and machinery has exploded in recent years and could generate $8.9 trillion in revenue by 2020, they noted, with hundreds of billions of connected objects around the globe.
Army evolves its network integration process
Federal News Radio
Three years ago, the Army embarked on a process of Network Integration Evaluations that were designed to test new systems in the hands of soldiers before those technologies made their way into live-fire battlefields. But the Army is making changes to the process to include more of an emphasis on laboratory testing, and it's also tempered its hopes that commercial technologies can fill the gaps in its current capabilities.
Reaching the edge of the Joint Information Environment
The Department of Defense is pursuing an ambitious initiative to develop an integrated, enterprise-wide IT network, the Joint Information Environment (JIE). To better understand how DoD employees perceive the benefits of and challenges to the Joint Information Environment and mobility, Government Business Council and Verizon Wireless undertook an in-depth research study involving a survey over 300 senior DoD employees.
Army Cyber capabilities increasing to include Guard, Reserve
Army News Service
The Army's top cyberspace experts said increasing digital capabilities of the force include 11 cyber protection brigades in the National Guard, and 400 more cyber Soldiers in the Army Reserve.Leaders recently detailed how the Army is working toward network modernization through the new Cyber Center of Excellence and cyber protection brigades.
Target date approaching for WIN-T en route mission planning IOC
C4ISR & Networks
Communications en route to overseas objectives are due for an upgrade, courtesy of the Warfighter Information Network – Tactical program. November is the target date for initial operating capability for en route mission command capabilities. The goal is to enable voice, data, full-motion video, email and other capabilities aboard planes on long flights, said LTC Joel Babbitt, product manager for WIN-T Increment 1.
Awaited technologies about to become reality for warfighters
The U.S. Army is extending advanced communications to disadvantaged users, fielding a series of capabilities to various groups in an effort to give soldiers at the pointy end of the spear the connectivity they need. With the rollout, forward-deployed troops should be able to access classified networks via wireless 4G long-term evolution connections. National Guard units also are acquiring the tools to aid their troops in disaster response scenarios.
Taking aim at stealthy attacks
GCN - Cybereye (blog)
When the vulnerability is unknown and the malicious code is well hidden, IT managers have to look for active footprints to defend against threats. No matter how stealthy the exploit, it has to activate inside the system, and that is where to spot it and stop it. That’s the idea behind the Cyber Kill Chain, which is based on the military concept of establishing a systematic process to target, engage and defeat an adversary. It relies on the assumption that an adversary will have to carry out specific steps to attack in a given environment.
Obama orders two-step IDs to combat credit card hacks
President Barack Obama issued an executive order Oct. 17 to stop rampant credit card breaches by requiring federal agencies to issue government purchase cards embedded with hacker-resistant microchips that require PIN numbers for charges. The government aims to stimulate the market for so-called chip-and-PIN cards, which is part of a larger strategy to abolish one-step identification checks.
FBI facial recognition system gives officers an investigative lead
New FBI facial recognition technology released in September means more than 18,000 law enforcement agencies can search potential criminals by face in addition to fingerprint. The facial recognition tool, called the Interstate Photo System, lets officers automatically compare a suspect's digital facial image against the 20 million and growing images available for searches, giving officers an investigative lead. But it has accuracy limits and has raised concerns among privacy groups.
FBI warns of cyberattacks linked to China
The FBI issued a warning to companies and organizations Oct. 15 about cyberattacks by people linked with the Chinese government.The advisory, issued privately, contains "information they can use to help determine whether their systems have been compromised by these actors and provides steps they can take to mitigate any continuing threats."The warning came a day after security companies said they've been working closely together to enable their products to detect several hacking tools used by a China-based group against U.S. and other companies over several years.
How should the government respond to JPMorgan hack?
According to former Attorney General Michael Mukasey, for now the proper response by the U.S. government to last summer's JPMorgan hack "is to try to find out who did it and why."But, said Mukasey, if a nation state turns out to be responsible for the JPMorgan hack, the government should respond.
Key findings from Ponemon Institute’s ‘Cost of Cyber Crime’ studies
Ponemon Institute has released its 2014 Global Report on the Cost of Cyber Crime, based on regional Cost of Cyber Crime studies for 11 countries, including France, Germany and Italy. This post summarizes the key findings of the European studies, and shows what you can do to protect yourself from cyber security risks using the international standard for best-practice information security management, ISO 27001.
Mobile device and date use skyrockets, US gov't survey says
U.S. mobile phone users are “rapidly embracing” smartphones and tablets, noted a report from the U.S. Department of Commerce’s National Telecommunications and Information Administration. Even though the report is based on 2-year-old information from the U.S. Census Bureau, the latest NTIA survey of U.S. residents’ Internet and computer use shows some important trends and gives U.S policy makers “some valuable insights,” said John Morris, director of Internet policy at the NTIA.
UMD partners with MITRE on cybersecurity research and development center
University of Maryland (news release)
The University System of Maryland (USM), including the University of Maryland, College Park (UMD) and University of Maryland, Baltimore County (UMBC), is partnering with The MITRE Corporation to operate the first federally funded research and development center (FFRDC) solely dedicated to enhancing cybersecurity and protecting national information systems.
Tech Council of Maryland to use $225,000 grant for cyber job training
Washington Business Journal
The Tech Council of Maryland will use $225,000 in federal money to train job seekers for cyber and technology jobs. The funding is part of a $15 million grant to the Cyber Technology Pathways Across Maryland Consortium, announced in September. Fourteen community colleges, led by Montgomery College in Rockville, comprise the consortium. They are working together to improve cyber job training and access to cyber jobs, especially among veterans, women and unemployed workers.
$42m boost for cyber security research
Asia One / The Straits Times
Some $42 million will be set aside by Singapore for seven projects in cyber security research over the next two to five years, as Singapore looks to boost its defense against cyber attacks. The money will come out of a new $130 million government plan to enhance Singapore's fire power against cyber attacks that could threaten government agencies and services such as banking. The seven projects will involve research in topics such as digital forensics, and mobile and cloud data security.
Obama announces plan to tighten card security
Saying more must be done to stop data breaches affecting consumers, President Barack Obama announced on Friday a government plan to tighten security for the debit cards that transmit federal benefits like Social Security to millions of Americans. Cards issued by the federal government will now have an internal chip replacing magnetic strips to reduce the potential for fraud.
Tightening security on federal payment cards
As part of wide-ranging set of policy initiatives about financial information security, President Obama announced the federal government will be switching to payment cards that are protected by two new layers of security – a microchip that is harder to clone than a magnetic strip and a personal identification number that users key in during transactions, like a bank card. Beginning next year, new payment processing terminals at federal agencies must have the necessary software to support these new security features.
Obama orders chip-and-PIN in government credit cards
President Obama issued an executive order Oct. 17 to have secure chip-and-PIN technology embedded into government-issued credit and debit cards as part of a broader move aimed at stemming payment data breaches. Under the order, government-issued cards that transmit federal benefits such as Social Security will have microchips embedded instead of the usual magnetic strips, as well as associated PINs like those typically used for consumer debit cards. A replacement program for the cards is set to begin on Jan. 1 of next year, with the goal to have more than 1 million such cards issued by the end of the year.
GSA unveils 'FedRAMP Ready' systems
The GSA will unveil its newest category for the Federal Risk and Authorization Management Program on Oct. 17, showcasing cloud service providers ready to perform assessments and authorizations with potential agency customers."FedRAMP Ready" systems have had their documentation reviewed by the FedRAMP program management office and -- at a minimum -- have gone through the PMO readiness review process.
Huge bidder pile-on for VA’s $22.3 billion tech deal
Next Gov - What's Brewin'
The number of companies that have expressed interest in bidding on the Department of Veterans Affairs’ Twenty-One Total Technology Next Generation contract -- known as T4NG -- hit 635 vendors Tuesday, according to a VA spreadsheet.VA plans to award up to 20 indefinite-delivery, indefinite-quantity contracts under T4NG, which will run for an initial five years with an option for another five years.
One team, one fight in cybersecurity
The Defense Department understands the value of a physical co-location, having put two of its key cybersecurity components, Cyber Command and the NSA, at Ft. Meade. Having federal civilian agencies down the hall from each other also is both possible and valuable.As such, GSA has asked for $35 million in FY15 to develop requirements for and to fund design of a civilian federal cybersecurity campus. The idea is to collocate key components from multiple federal civilian agencies with cybersecurity responsibilities, along with private sector partners, to improve collaboration in the drive to enhance homeland and national security against growing cyber threats.
U.S. data breach notification law unlikely in 2014
Gov Info Security
Despite President Obama's support and growing interest in Congress in enacting a national data breach notification law, no such bill has reached either the Senate or House floors in the current Congress, nor is such legislation likely to be voted on before the current Congress adjourns.Business groups and consumer advocates with allies in Congress cannot agree on key provisions of data breach notification measures, with businesses wanting less stringent data breach notification rules than do consumer advocates.
DISA looks for models for securing commercial cloud
The Defense Information Systems Agency wants to test the viability of two technical models for implementing commercial cloud within the Defense Department.DoD wants its cloud use to be secure, while also tapping expertise from commercial vendors. To do that, DISA is looking for ideas on cloud-integration models that will offer "the physical protections that a DOD installation provides, while still allowing the commercial vendors to offer their contemporary cloud ecosystems directly to the military community," the agency said Oct. 1 in announcing an RFI.
Four years after establishment, Army Cyber Command touts progress
The relatively new Army Cyber Command is looking to perform more joint operations as it continues to build its capabilities, a pair of its senior leaders said Oct. 15 at the Association of the United States Army annual conference in Washington, D.C.But in order to do that, it will need to collaborate with the government and private industry to develop a capable, sustainable cyber environment, said its commander, Lt. Gen. Edward Cardon.
Here comes the Army Cyber Battle Lab
Next Gov - What's Brewin'
The Army currently operates a Network Battle Lab and plans to change it to the Cyber Battle Lab beginning in October 2015 -- and is looking for some contractor support. The Network Battle Lab was focused only on experimentation to support the network, but will now add experimentation to support all areas of "cyber electromagnetic" activities. These include cyberspace operations, electronic warfare and spectrum management operations.
Army eyes coordinated land-cyber missions
US Army officials say they are working toward a capability that will synchronize land power and cyber capabilities for tactical effects on a future battlefield. Army Chief of Staff Gen. Raymond Odierno said in an interview that the service’s new operating concept calls for the synchronization of air, sea, land and cyberspace.
Army electronic warfare ‘is a weapon’ – But cyber is sexier
Col. Joe Dupont, the Army’s project manager for electronic warfare programs — and its recently declassified offensive cyber division — faces an uphill battle against tight budgets and Army culture to make the case that EW doesn't just enable weapons systems, "EW is a weapon system."As the world goes wireless, phones and computers depend increasingly on radio links rather than physical cables, which means jamming and hacking, traditional electronic warfare and the brave new world of cyber, are beginning to blur together.
Krieger molds the defense IT enterprise
One of the greatest successes for Mike Krieger, deputy chief information officer/G-6 for the Army, is the recent integration of enterprise email throughout the Army. From a slew of Microsoft Exchange servers run by different organizations, the Army now has just one email service for its 1.5 million users run out of the DISA’s cloud.Organizations across the Army are now comfortable drawing services from the enterprise compared to 2009-2010 when they still provided their own services to users. Another other major change he’s witnessed is a shift in the belief that network capabilities need to be “very tip-of-the-spear,” to a recognition that there are things that can be better done from the enterprise.
NSA chief: 1,000 new jobs coming to S.A.
My San Antonio
The director of the National Security Agency, Adm. Mike Rogers, said Oct. 16 that San Antonio could expect as many as 1,000 additional personnel working on the Defense Department's ongoing cybersecurity mission over the next three years.
What the cybersecurity executive order means for authentication
Secure ID News
President Obama has signed an executive order on cybersecurity that requires federal agencies to issue and accept EMV payment cards and take extra precautions online when protecting citizens’ personal information. The focus of the announcement was on the move to EMV and the more secure chip and PIN technology. But, event more significantly, a short section of the executive order focused on a move to more secure authentication by government agencies. The wording is vague and lacks concrete examples of how and why such a multi-factor authentication system might be necessary. But here are some scenarios of how this system is likely to roll out.
The biometrics revolution is already here — and you may not be ready for it.
The Washington Post
The future is here, and it's biometric identification: You will soon be able to unlock the most recent iPad model with your fingerprint; banks are reportedly capturing voice imprints to catch telephone fraud; and the FBI's facial recognition database is at "full operational capacity." But while these technologies are already influencing consumers' lives, it's not clear that everyone understands the long-term implications of widespread biometric use, experts say.
Get ready for a new wave of biometrics
It's common knowledge that passwords are flawed, but if anything can benefit from this year's seemingly never-ending security breaches, it's the field of biometrics. Digital biometrics—using people's fingerprints, voices, and faces to unlock devices instead of using memorized passcodes—aren't new. What is new is the timing: The rapid demise of the conventional password in this year alone means digital biometrics can be "cool" again.