Generic

Cybersecurity News

 

Big Data and analytics are changing the cybersecurity landscape
Help Net Security
04/28/15

An average of 35 percent of all cyberattacks still go undetected, and recent research shows that organizations need to shift from reactive to proactive strategies that seek to understand a threat before an attacker can cause damage. This requires constant monitoring of network behavior so that unusual activity can be distinguished from normal behavior. To do this, organizations require a new set of security solutions to match the increasing number and sophistication of attacks.


Cyber general: US satellite networks hit by 'millions' of hacks
The Hill
04/29/15

The top cyber official for the Air Force says the service’s space and satellite networks are being constantly hacked by outside groups. “There’s millions of probes every year into our networks, from every corner of the world,” according to Gen. John Hyten, the head of Air Force Space Command, and they "come from everything, from nation states down to individuals just curious, down to criminal behavior.”


VA Thwarts over a billion cyber threats -- Just in March
Next Gov
04/30/15

The Department of Veterans Affairs experienced a significant surge in cyber threats in March, Chief Information Officer Stephen Warren said, blocking 1.19 billion malware instances and 358 million intrusion attempts into VA systems in March alone. Warren indicated VA will need to scale its cybersecurity to prevent what could be an exponential increase in threats. He said the department has been beefing up its continuous monitoring technology, reinforcing external network connections, and security training.


Hospitals testing AC monitoring platform to spot malware in medical devices
SC Magazine
04/27/15

Two unnamed hospitals have signed on to test technology that can detect malware in outdated medical devices by monitoring by alternating current (AC) consumption. If successful, the monitoring platform, dubbed WattsUpDoc, could help hospitals overcome what has been a significant challenge--protecting medical devices that are antiquated or can't be modified due to regulatory constraints, and would allow hospitals to detect malware using power consumption side channel analysis without modifying code or hardware.


Cyber-security and why shipping needs to be worried
SeaTrade Global
04/27/15

Cyber-security is fast becoming a hot-button issue in shipping, perhaps because it is one on the agenda everywhere.One shipping industry official warned that shipping needs to “take cyber-security seriously”. When it comes to the encroaching digitization of everyday operations – the so called “internet of things” whereby machines talk to each other over IP – shipping certainly is not an exception as ships are increasingly computerized.


Warnings of hackers on planes all too familiar to airline security researchers
The Christian Science Monitor – Passcode
04/29/15

Fresh government reports and alerts about the hacking threat to airplane avionics systems underscores the challenges facing industry and government as more critical infrastructure becomes Internet connected.Government watchdogs, the FAA and computer researchers have been warning for years that the software used in modern airplanes is vulnerable to attacks from criminal hackers. Yet, according to many researchers, the industry as a whole still does not appear to have taken the necessary steps to keep their systems secure.


Can your flight be hacked?
Government Technology / Los Angeles Times
04/27/15

When a cybersecurity expert joked during a recent flight about hacking into a commercial airplane’s avionics computers through its wireless Internet system, it prompted a quick response from airlines, plane manufacturers and onboard Wi-Fi providers who insist that it cannot be done. Security experts say nothing is impossible.


'Operation Armageddon' cyber espionage campaign aimed at Ukraine: Lookingglass
Security Week
04/28/15

Researchers at Lookingglass Cyber Solutions outlined details of a cyber-espionage campaign aimed at the Ukrainian government that goes back more than two years. According to Lookingglass, 'Operation Armageddon' has been active since at least mid-2013. The campaign has been targeting Ukrainian government, law enforcement and military officials in an attempt to steal information.


GITEC 2015: Federal cyber spending continues to grow
Fed Tech
04/27/15

Cybersecurity will continue to grow as a large percentage of federal technology spending, likely reaching as much as 20 to 25 percent in the coming years, said Kevin Plexico, Deltek’s vice president of information solutions, in opening remarks at the 2015 GITEC Summit April 26 in Baltimore. As recently as five years ago, agency technology budgets allocated less than 10 percent of total spending to cybersecurity technologies. That number has increased to between 15 and 19 percent in recent years, but Plexico expects it to climb even higher.


Got ideas about cyber R&D strategy? You can weigh in now
Next Gov
04/30/15

The National Science Foundation has issued a Federal Register notice that it would be seeking public input about NSF’s comprehensive federal cybersecurity R&D strategic plan. Last year’s Cybersecurity Enhancement Act, created to cut down on cyber risks threatening critical infrastructure, directed certain agencies to development a strategic plan to manage cybersecurity research funded by the government. At least 10 agencies affiliated with the National Science and Technology Council and the Networking and Information Technology Research and Development Program have until the yearend to create a plan.


OASIS looks to move beyond Air Force orders
FCW
04/29/15

With a half-year of operations under its belt, GSA's One Acquisition Solution for Integrated Services (OASIS) contracting vehicle's main user remains the Air Force, but the program's manager sees that changing dramatically next year. Some of that new business could be coming from the Federal System Integration and Management Center, the GSA component that provides acquisition support for information technology and professional services to federal agencies, as the demand for a mix of people and technology contracts increases.


FBI to create pool of contracted cyber experts
Federal Times
04/27/15

The FBI is about to release a solicitation to contract with cyber experts who can provide support services and expertise to the bureau on an as-needed basis. The winning contractors will work with several law enforcement and intelligence bureaus — including the intelligence branches; national security branch; the criminal, cyber, response and services branch; science and technology branch; inspection division; and internal policy office — to provide a pool of technical subject matter experts that can work directly with the FBI.


FBI readies multimillion contract for cyber expertise
Next Gov
04/27/15

To fill its growing list of unique openings -- especially in the cybersecurity arena -- the FBI plans to contract out professional, management and support services for up to $100 million. An upcoming RFP, expected to be released by May 6, seeks a contractor with “the ability to recruit, retain and replace” operational subject matter experts.The contract will cover six branches within the FBI, including the Intelligence Branch, the National Security Branch, and the Criminal, Cyber, Response and Services Branch. The synopsis suggests cybersecurity experts with high-level clearances will be particularly in demand within the FBI’s Cyber Division.


OMB unveils FITARA guidelines for public comment
Next Gov
04/30/15

Months after Congress approved the Federal IT Acquisition Reform Act (FITARA), OMB has released draft implementation guidelines. FITARA broadly aims to give agency CIOs more authority over budgets, also encouraging them to check in on federal IT contracts frequently to avoid failure. The requirements apply to most federal agencies, but DoD and the intelligence community are only subject to certain parts.


White House unveils cyber pact with Japan
The Hill
04/28/15

The U.S. and Japan unveiled a wide-ranging cybersecurity alliance April 28, a step toward the White House's goal of creating international cyber norms amid growing hacking threats from China and North Korea. The two countries agreed to swap more data on cyber threats and the state-sponsored digital theft of intellectual property — a practice commonly tied to China. The pair will also work to delineate “peacetime cyber norms” and present a united cyber front at international organizations, such as the United Nations General Assembly.


Hurd: Cyber bills are in good shape
FCW
04/27/15

Rep. Will Hurd, a former CIA agent with a computer science background, sponsored an amendment included in the cyber information sharing measure passed by the House on April 23 that would authorize the existing Einstein 3A program, and two other provisions of Hurd's were added during committee consideration. The legislation "is just the beginning," said Hurd. "This is just creating the framework to allow sharing [between industry and government]."


A cybersecurity turf war at home and abroad
Roll Call
04/27/15

The House has passed two competing bills to provide immunity from consumer lawsuits to companies that share with each other, and with the government, information about cyber-threats and attacks on their networks. The differences between the bills are significant. The first would allow companies to share data with any federal agency, except DoD, and receive liability protection. The second would require that companies go to the National Cybersecurity and Communications Integration Center, a new DHS division, if they want immunity.


House passes info sharing bill, ball in Senate court
Roll Call
04/27/15

The House passed cybersecurity legislation April 23 — for the second Congress in a row sending the Senate a clear message: Your move.The difference? House GOP leadership can’t blame Democrats if the bill stalls again. Instead, this go around will be the first attempt in three Congresses to pass major cybersecurity legislation with Republican leadership in the Senate as well as the House.


DISA director to explain agency role in cyber defense
C4ISR & Networks
04/27/15

DISA Director Lt Gen Ronnie Hawkins said in January the agency was reorganizing with an emphasis on the "five Cs" – cyber, cloud, collaboration, command and control. One goal of the reorganization is to alleviate pressure on U.S. Cyber Command by taking over some operational duties. The new Joint Force Headquarters -- DoD Information Networks -- will free up CyberCom to focus on strategic operations and coordination between combatant commands. Hawkins will detail DISA's role in defensive cyber operations at AFCEA's Defense Cyber Operations Symposium, originally set for May 5-7 in Baltimore but now rescheduled for June 16-18.


What the Army’s cloud computing strategy really means
Gov Loop (opinion)
04/29/15

Nearly three years after the Defense Department released its cloud computing strategy, the Army is setting the stage to speed adoption of cloud technologies within its ranks. The Army’s new cloud computing strategy complements DoD’s 2012 document but also embodies the Pentagon’s evolving views on the benefits of cloud and how best to procure services. The Army strategy details the role cloud computing will play in the service’s larger network modernization agenda, what cloud deployment and security models the Army is considering and how it plans to mitigate risks.


Marine Corps CIO focuses on collapsing networks
FCW
04/28/15

The Marine Corps’ ongoing consolidation of its five major unclassified networks will save the service money while bolstering its network security, according to CIO Brig. Gen. Kevin Nally. The logic behind collapsing the networks, which is one of the pillars of the Corps’ evolving approach to cybersecurity, is that “there are less cyberattack vectors that the bad guys can get into,” Nally said.The consolidation could take years and depends on budgeting that has been anything but certain. And the project will retain another key security feature aside from consolidation: “redundancy,” or having multiple means of network connectivity should one fail.


Pentagon audit faults sole-source Air Force IT purchases
C4ISR & Networks
04/27/15

An audit of non-competitive Air Force IT acquisitions, conducted by the Department of Defense Inspector General, found significant flaws in some of them. Air Force contracting personnel properly justified the use of closed competitions for all 58 contracts examined, and also used "a valid statutory requirement when awarding 38 of the 58 contracts with a value (including options) of about $73.6 million," but "some contract files did not contain documentation required by the Federal Acquisition Regulation (FAR) for noncompetitive awards," the IG found.


RSA highlighted impending IoT troubles
Dark Reading
04/28/15

As attendees digest the messages coming out of the recent RSA Conference, they're sifting through plenty of important themes that came to light be it information sharing, big data analytics' impact on security, and the use of automation to better level the playing field with the scale attackers have achieved. But perhaps one of the most lasting topics is the impending difficulties enterprise IT will face in securing the Internet of Things (IoT).


IT pros say most businesses buy cyber tech based on cost, not security
Next Gov
04/29/15

Most IT professionals say their organizations have invested in security technology that was eventually scrapped, a new survey suggests. Technology wasn’t deployed for several reasons, including complexity and a lack of in-house expertise to deploy and operate products. Business considerations affected technology investments more than security concerns, the survey suggested. About 73 percent of respondents said business objectives were influential in technology purchases, followed by security risk with 68 percent. About 45 percent cited compliance with regulations. When deciding which technology to invest in, the majority of respondents -- 64 percent -- said cost was an important factor.


NIST plays matchmaker on identity verification
FCW
04/29/15

The U.S. government wants to play facilitator rather than savior in verifying online identities. Michael Garcia, a National Institute of Standards and Technology official focused on the issue, said one of NIST’s ongoing projects is to foster a private marketplace for identity verification best practices.


Homeland Security requests information about biometric matching system technologies
BiometricUpdate.com
04/28/15

The Office of Biometric Identity Management (OBIM) of the Department of Homeland Security has posted a request for information (RFI) to get industry information regarding current and near future technologies to store, match, and analyze biometric data. OBIM will use this information to provide customers with important data regarding immigration violators, criminals, and known or suspected terrorists and supports immigration management and border security decision makers.


SIBA founder urges DHS to implement biometric border exit in Senate testimony and roundtable
BiometricUpdate.com
04/28/15

Secure Identity & Biometrics Association founder Janice Kephart is calling on the Department of Homeland Security to promptly deploy a comprehensive biometric immigration exit system and re-designed entry system. In testimony before a Senate panel, Kephart emphasized the urgency of DHS implementing biometric solutions throughout the country’s airports amid the growing threat of ISIS and other terrorist groups.


OpenID launches self-certification testing, trust framework registry
Secure ID News
04/22/15

The OpenID Foundation wants to enable easy interoperability of OpenID Connect and has announced a self-certification program for the standard that ensures that those deploying it are adhering to the spec. The Open Identity Exchange also launched OIXnet, an online registry of trust frameworks and identity systems. It is a registry developed by global leaders across industry sectors to enable online transactions at higher volumes, velocity and variety. 

Russian hackers read Obama’s unclassified emails, officials say
The New York Times
04/25/15

Some of President Obama’s email correspondence was reportedly swept up by Russian hackers last year in a breach of the White House’s unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged. The hackers, who also got deeply into the State Department’s unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr. Obama’s BlackBerry, but they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr. Obama regularly communicated.


Carter discloses Russian hack of Pentagon
FCW
04/23/15

Earlier this year, Russian hackers breached one of the Defense Department’s unclassified computer networks, Secretary Ashton Carter revealed April 23. The Russian hackers "discovered an old vulnerability in one of our legacy networks that hadn't been patched," Carter said, but noted they "quickly identified the compromise, and had a team of incident responders hunting down the intruders within 24 hours."Pentagon analysts studied the hackers' network activity and promptly evicted them from the network "in a way that minimized their chances of returning," Carter added.The Pentagon boss disclosed the incident publicly for the first time in the name of transparency, and to add dramatic effect to the cyber strategy he was unveiling.


McAuliffe: Virginia is getting serious about big data
GCN
04/24/15

Virginia Gov. Terry McAuliffe is pushing for more investments and public-private partnerships focused on big data and analytics, particularly as they pertain to bioscience. McAuliffe said the state's next budget will include significant funding for both government and university investments in analytics. Tony Fung, Virginia's deputy secretary for technology, said the state's universities already "are collaborating as far as their capabilities in developing data scientists, as well as their computing power." The challenge now, he said, is "coalescing all of these different folks ... with bioscience and big data coming together." McAuliffe said that cybersecurity efforts also will be part of that big data blend.


RSA 2015: In the healthcare industry, security must innovate with business
SC Magazine
04/24/15

Frank Kim, CISO with the SANS Institute and former executive director of cyber security with Kaiser Permanente, said he found alarming, told a session on healthcare security at RSA Conference 2015 that teams face many obstacles when it comes to security in the healthcare industry, including getting buy-in, justifying costs, spending effectively, being proactive instead of reactive, and lacking knowledge and understanding of how business works.


RSA 2015: Protecting critical infrastructure
SC Magazine
04/23/15

At an RSA session on Protecting Critical Infrastructure, attendees were told that hacking physical infrastructure is something that can affect us all, and like IT systems, there are many vulnerabilities, but the consequences are much greater, and the attacks have begun. Worryingly, most malware discovered was focused on collecting data, not causing crashes – collating and exfiltrating data, information on devices, topology, protocols, etc. - often to the same command and control, which it is believed will be used to enable future attacks.


RSA 2015: Point-of-sale system security is lacking
SC Magazine
04/23/15

Remote administration is possibly the biggest source of compromise when it comes to point-of-sale (POS) breaches, and nearly every register has some type of remote administration service, David Byrne, senior security associate with Bishop Fox, said during a session at RSA Conference 2015 in San Francisco. In some instances it is a matter of poor physical security, such as bad locks and easy access to ports, which gives attackers direct access to the systems. Other times the issue is a lack of updated antivirus software, using symmetric encryption over asymmetric encryption, or using default passwords.


Once a field of self-taught hackers, cybersecurity education shifts to universities
The Christian Science Monitor
04/22/15

Over the past year, colleges and universities across the country have received millions in funding from the government and foundations to launch cybersecurity initiatives. The result is a stark change for an industry made up of programmers who have often learned by trial and error.Among the institutions benefitting from this push and discussed here are George Mason University, George Washington University and MIT.


S&T showcases cybersecurity technologies
Department of Homeland Security
04/22/15

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) leverages innovation in the cyber arena to keep pace with malicious actors who may seek to damage our critical infrastructure sectors. At the recent RSA Conference 2015, S&T’s Cyber Security Division (CSD) introduced 12 technologies– eight from the TTP program and four from other CSD programs. These technologies seek to advance the private sector’s capabilities on cybersecurity issues such as cloud security, behavioral classification, and threat landscape analysis.


DHS courts private sector for threat intelligence-sharing
Dark Reading
04/23/15

The Department of Homeland Security doesn't want to "cannibalize" existing cyberthreat-intelligence services and operations, but rather work with and help them thrive, DHS undersecretary for cybersecurity and communications Phyllis Schneck said at the RSA Conference 2015. Schneck, who works with the National Protection and Programs Directorate of the DHS, outlined how the DHS National Cybersecurity and Communications Integration Center (NCCIC) will operate as a central repository for threat intel-sharing under the new Executive Order encouraging more sharing of intelligence in the federal government, and between the feds and private industry.


Trouble tracking DHS acquisition
FCW
04/23/15

The Department of Homeland Security remains beset by bumpy execution of its acquisition policies, resulting in delays and billions in cost overruns, according to a new GAO study. The report's author said there are three critical factors plaguing DHS acquisition; lack of adequate staffing for program offices that do the day-to-day project execution; a mismatch of budgeting from what the agency expects to receive, versus what it actually receives; and mid-course or late changes to program requirements that can lead to slipped schedules and higher costs.


Continuous monitoring must include continuous sharing
Gov Loop
04/23/15

An annual report to Congress details a year’s worth of data on how well agencies perform a number of security-related tasks, including PIV card implementation, employee security awareness training and continuous monitoring. But the truth is agencies need a more dynamic approach for measuring if security investments are yielding results. While it’s helpful to see where agencies excel or fall short, the data is stale long before it’s printed and published. That’s where DHS' Continuous Diagnostics and Mitigation (CDM) program has made great strides in rolling out automated tools to help agencies identify, prioritize and fix their biggest security risks first.


Innovation in federal IT? Sorry, not in the budget this year
Next Gov - Emerging Tech
04/23/15

Federal CIO Tony Scott recently noted that more than 80 percent of the government’s IT budget is spent on legacy technology. He’s not alone in thinking government has its technology investment priorities backward.A survey by software provider SolarWinds of 123 public sector IT managers and directors unsurprisingly found “budget limitations” as the top barrier to new IT adoption. Subsequently, the Obama administration's budget has proposed actually increasing IT spending by 2.7 percent over last year. But spending money on ancient mainframes that run legacy applications means you’re not spending it on cloud computing pilots, improved analytics or other strategic innovation investments.


Cybersecurity, interoperability central to VA’s current IT efforts
Federal Technology Insider
04/23/15

According to Department of Veterans Affairs CIO Steph Warren, the department is making headway in establishing interoperability between VA and the Defense Department. There are three major elements to an electronic healthcare management system, he explained – the interface on the monitor used by physicians and nurses, the back-end systems needed to run a hospital or medical center, and the connection level that knits those together. VA is connected to DoD in that third element, called Janus, so the department can “translate” the data sent it by DoD, or DoD can translate VA data.


Industry wary of House-passed cyber bills
Federal Times
04/24/15

Over two days, the House of Representatives passed two bills that would authorize the sharing of cyber threat information between private sector companies and federal agencies. The Senate is expected to vote on one of its own proposals at some point.Despite provisions included in all three bills, privacy advocates remain staunchly against the idea, claiming it will be used as another tool for government surveillance. The bills' proponents say they have taken these concerns into account.


House passes second cyber measure
FCW
04/23/15

The House overwhelmingly passed an information sharing measure April 23, the second in as many days that would create a long-sought legal indemnity framework for private companies to report to government on cyber threats and attacks, while giving government authority to share threat information with private companies. This second bill would grant liability protection to companies that share details on cyberattacks with the Department of Homeland Security. It would also establish the job of undersecretary for cybersecurity and infrastructure protection, to head a DHS operational component replacing the National Protection and Programs Directorate.


House passes major cybersecurity bill despite fears it will bolster NSA spying
Next Gov
04/22/15

The House passed legislation April 22 to provide companies with expanded legal liability protections if they choose to voluntarily share certain kinds of digital data through a government "cyber portal." A similar info sharing measure approved two days later designates the Department of Homeland Security as the central government "cyber hub," while the bill approved April 22, which was developed by the House Intelligence Committee, is largely agnostic about which agency can operate as a hub, though it prevents either the NSA or DoD from filling that role.


Pentagon to strengthen cybersecurity requirements in contracts
Washington Business Journal
04/23/15

The Pentagon will incorporate new cybersecurity standards into all procurements for weapons systems as part of its new cyber strategy, unveiled April 23. The 42-page document details five overarching goals to improving the state of cybersecurity. It says DoD will “assess and initiate improvements to the cybersecurity of current and future weapons systems” on the basis of operational requirements. For all future weapons systems DoD will acquire or procure, the Pentagon will mandate specific cybersecurity standards to be met. Acquisition and procurement policy and practice will be updated to reflect the new standards, ensuring effective cybersecurity throughout a system’s life cycle.


Two observations about the new DOD cyber strategy
Lawfare (blog)
04/24/15

The publication of DOD’s new cyber strategy is a milestone and a major step forward in the cyber policy debate. In particular, the strategy is notable for its relative openness about the use of offensive options.Here are some observations about what is and what isn't in the strategy.


Pentagon cybersecurity strategy comes with olive branch to Silicon Valley
The Christian Science Monitor – Passcode
04/23/15

In unveiling the nation’s new strategy for cybersecurity defense during a trip to Silicon Valley, Defense Secretary Ashton Carter has some heavy lifting ahead of him. High on his to-do list is convincing some skeptical software giants – a group the US military is eagerly courting for its tech expertise – that the Pentagon is not involved in a nefarious plot to insert itself in their businesses or siphon off sensitive data in a quest to militarize cyberspace.


Department of Defense unveils new cyber strategy
Security Week
04/24/15

The Department of Defense on April 23 unveiled its latest cyber strategy, described as a way to guide the development of DoD's cyber forces and strengthen its cyber defense and cyber deterrence posture. The new strategy focuses on building cyber capabilities and organizations for DoD’s three cyber missions:1) Defend DoD networks, systems, and information; 2) Defend the United States and its interests against cyberattacks of significant consequence; and 3) Provide integrated cyber capabilities to support military operations and contingency plans. The strategy sets five strategic goals and establishes specific objectives for DoD to achieve over the next five years and beyond.


Defense Secretary outlines new cybersecurity strategy
Dark Reading
04/24/15

Defense Secretary Ash Carter described April 23 DoD's updated cybersecurity strategy that includes more transparency about its mission and operations and a "renewed partnership" with the technology industry. At the heart of the DoD's cyber defense strategy is deterrence, stopping malicious behavior before it occurs, and identifying from where the attack came.


Pentagon promotes innovation, strengthening cybersecurity
Government Technology / Los Angeles Times
04/23/15

Defense Secretary Ashton Carter sought April 23 to begin repairing the Pentagon’s relationship with the technology industry, reminding Silicon Valley about the fruits of innovation that came from closely working with the government. In a speech at Stanford University, Carter announced a number of new initiatives to give the military better access to ideas and leaders in robotics, 3-D printing, biomedicine, data analysis and other emerging fields.The new strategy includes opening the Defense Department’s first full-time office in Silicon Valley.


Carter unveils new cyber defense roadmap
National Defense
04/23/15

Defense Secretary Ashton Carter is positioning the military to assume a key role in combating potentially devastating cyber attacks against the U.S.Carter's plan for combating the growing array of threats is articulated in the Pentagon's new cyber strategy. Of significance in this new roadmap is a clearer definition of the Pentagon’s role in defending the nation. Whereas DHS and the FBI are the lead agencies that deal with domestic cyber crimes and network intrusions most of the time, the Pentagon would be in charge if there were a catastrophic attack that rose to a level considered a threat to national security.


Pentagon chief looks to Silicon Valley for cyber skills
C4ISR & Networks
04/23/15

On April 23, Defense Secretary Ashton Carter formally unveiled a new cyber strategy, emphasizing innovation and partnership with Silicon Valley in combating growing cyber threats. The push for renewed ties includes initiatives like the experimental Defense Innovation Unit X, a "DoD point of partnership" to be located in Silicon Valley and staffed with elite tech talent from active-duty military, civilian personnel and members of the Reserves. Pentagon leaders also will build out other exchanges of talent and ideas with the private sector.


DHS: Most organizations need improvement in managing security risk
Dark Reading
04/20/15

Government agencies and organizations in the private sector must place more emphasis on software analysis, testing and life-cycle support to mitigate threats exploiting known vulnerabilities and new avenues opened up by the use of open source and re-used software components, according to Department of Homeland Security officials.


Behavioral biometrics on the rise at RSA Conference
Dark Reading
04/23/15

Fingerprints and retinal scans are awfully hard to spoof, but they are static data that could be stolen, and worse yet, they force users to go through another pesky step in the authentication process. These are the problems being solved by behavioral biometrics technology -- or "passive biometrics." These new technologies may monitor mouse dynamics, navigation habits, and keystroke dynamics, like the speed you type and the pressure you hit the keys with, gesture dynamics like swipe speed and distance -- all things you do unconsciously which happen to be very unique to you.


Healthcare biometrics market to grow to US$5.8 billion in 2019: Transparency Market Research
BiometricUpdate.com
04/23/15

Transparency Market Research has published a 97-page report which states that the worldwide market for healthcare biometrics is largely driven by mounting security concerns of the global healthcare industry.According to the report, medical insurance providers and workers in various healthcare services and facilities advocate the need for biometrics in an industry that is rather data sensitive. The report forecasts that the global healthcare biometrics market will grow to US$5.8 billion in 2019, from approximately US$1.2 billion in 2012. The market will grow at a staggering 25.9% CAGR from 2013 to 2019.


Younger customers prefer biometrics to passwords
Smartmatic
03/04/15

Young banking customers would rather use biometric security devices than PINs and passwords for authentication, according to a recent study carried out by Visa Europe. The payments firm found that 75% of adults between 16 to 24 years of age, the so-called generation Z, would prefer to use biometric security, with 69% claiming it to be faster and easier to use than passwords or PINs.

Companies join forces to fight hackers
The Wall Street Journal
04/21/15

With hackers and cyberterrorists becoming more advanced and breaches proliferating in both frequency and scale—and claiming victims out of some of the world’s biggest and most sophisticated companies—collaboration among firms has emerged as one of the key ways to fight back. Many firms have been reluctant to share sensitive information about cyberattacks, but amid increased attention from Washington and a growing recognition of the consequences at stake, companies and industry groups have begun rapidly expanding the scope and potency of their information-sharing capabilities.


Virginia forms first state-level cyberthreat intel-sharing organization
Dark Reading
04/21/15

The Commonwealth of Virginia has become the first state to set up a cyberattack threat intelligence-sharing organization. Gov. Terry McAuliffe said that forming its own Information Sharing and Analysis Organization (ISAO) "is our logical next step in building on the outstanding work of the Virginia Cyber Security Commission, Virginia Cyber Security Partnership, Virginia Information Technologies Agency, and the cybersecurity efforts of so many other public- and private-sector partners throughout the Commonwealth."


Lawmaker says USIS may have shortchanged cybersecurity before hack of 27,000 employee records
Next Gov
04/23/15

OPM says that government background checker USIS blocked U.S. officials from fully probing the hack of more than 27,000 employee records on its network, and te top Democrat on the House Oversight and Government Reform Committee also suggested the embattled company appeared to have shortchanged network security before the hack. The new accusations come on top of a $1 billion Justice Department lawsuit alleging USIS defrauded the government by conducting incomplete background investigations.


Sebi plans cyber security framework for stock market
Business Standard
04/20/15

The Securities and Exchange Board of India (Sebi) is working on a multi-level cyber security framework for the stock market, covering bourses, depositories and intermediaries. Sebi is reportedly looking at separate cyber security guidelines for stock exchanges, depositories and security firms.


Feds heighten scrutiny of TSA screeners and aviation staff to thwart insider threat
Next Gov
04/20/15

Transportation Security Administration and aviation industry employees will be subjected to heightened electronic surveillance following several incidents involving insiders who abused their badges to traffic guns, federal officials announced April 20. Random passenger-like screening of airline employees throughout the workday and biennial criminal history checks will begin immediately until there is a system in place for “real-time recurrent” FBI background checks for all aviation workers, officials said.


Homeland Security chief talks cybersecurity at major conference
Signal (blog)
04/21/15

Department of Homeland Security Secretary Jeh Johnson told the RSA Conference 2015 that, while DHS was formed in 2002 in response to terrorist attacks with counterterrorism as the cornerstone mission, “the reality is that in 2015, cybersecurity has become a mission of equal importance.” Johnson’s speech highlighted missions of the National Cybersecurity and Communications Integration Center (NCCIC) and shared the DHS’s plans for the office, which include enabling the center to provide near real-time automated information sharing to the private sector.


Homeland Security to open satellite cyber office in Silicon Valley
NBC News
04/21/15

The Department of Homeland Security says it will open a satellite office in Silicon Valley to better collaborate with tech companies in the fight against cyberattacks. Homeland Security Secretary Jeh Johnson said, "We want to strengthen critical relationships in Silicon Valley and ensure that the government and the private sector benefit from each other's research and development."


DHS to open up shop in Silicon Valley
Next Gov
04/21/15

Department of Homeland Security Secretary Jeh Johnson says DHS is close to opening a branch in Silicon Valley to help tighten the tech industry's computer security -- and conscript its top talent. The move is part of a larger attempt to build a bridge between West Coast Web giants and the government, after 2013 revelations of online surveillance soured many in the industry on the concept of public-private partnerships.


Feds’ enthusiasm for ‘bring-your-own-device’ deflates
Next Gov - Wired Workplace
04/21/15

Government agencies, both in the U.S. and other nations, appear to have even less interest in the highly publicized "bring your own device" movement than they did last year, according to a new study, with more than 70 percent of government workers polled saying BYOD initiatives aren’t on their IT organization’s agenda or are a low priority. “Overall, government agencies are significantly less likely than organizations in all other industry sectors to prioritize deployment of BYOD programs,” the study stated.


House bill slashes research critical to cybersecurity
Computer World
04/22/15

A House bill that will set the nation's basic research agenda for the next two years calls for increased funding for computer science, but at the expense of other areas important to cybersecurity. The measure hikes funding for computer science, but cuts - almost by half - social sciences funding, which includes the study of human behavior. Cybersecurity uses human behavior research because humans are often the weakest security link. The Competes Act sets National Science Foundation (NSF) funding for 2016-17 fiscal years and divides it up by research disciplines.


One down, one to go on info sharing legislation
FCW
04/22/15

The House has passed sweeping legislation that sets up an information sharing regime between private companies that want to report cyberattacks and the federal government. The bill charges the Office of the Director of National Intelligence with sharing cyber threat indicators known to the government with private firms, and gives license to private firms to defend their networks against attack. It also provides statutory authority for the Cyber Threat Intelligence Integration Center, recently proposed as an addition to ODNI by the Obama administration.


House okays cyberthreat sharing bill despite privacy concerns 
Computer World
04/22/15

The House of Representatives voted April 21 to approve legislation that would encourage companies to share cyberattack information with each other and with the government, despite concerns by some that it would put new consumer information in the hands of surveillance agencies. The Protecting Cyber Networks Act (PCNA) would protect companies that voluntarily share cyber threat information from customer lawsuits.


House passes cyber-threat information bill
Reuters
04/22/15

The House of Representatives passed a bill April 22 that would make it easier for private companies to share information about cyber security threats with each other and the government without fear of lawsuits. While privacy advocates oppose the measure, a series of high-profile cyber attacks on U.S. corporations has added urgency to the push for legislation.The Obama administration has some concerns about the bill but supported its passage and believes it could be fixed as the legislation is finalized. A similar measure has cleared a Senate committee.


Rewiring the Pentagon: Carter's new cyber strategy
FCW
04/23/15

Secretary Ashton Carter will on April 23 unveil a new DOD cyber strategy that emphasizes developing the personnel and technologies necessary to stay abreast of an ever-evolving threat. The strategy seeks to accelerate cyber-related R&D at the Pentagon, calls for an assessment of the DOD cyber mission force's ability to deal with multiple threats, and fleshes out DoD’s deterrence doctrine.


Defense Secretary unveils new Pentagon cyberstrategy
The Washington Post
04/22/15

In a speech to leaders of tech firms he hopes will drive innovation in cybersecurity and defense, Defense Secretary Ashton Carter will unveil a Pentagon cyberstrategy April 23 that stresses deterrence, private-sector partnerships and transparency.The strategy, an unclassified version of which will be released, builds on the first cyberstrategy released in 2011 which focused heavily on defense to avoid appearing bellicose at a time when the Pentagon was seen in some quarters as seeking to militarize cyberspace.


The 'ISIS effect' on DOD networks
FCW
04/20/15

In bombing the Islamic State beginning last August, the Pentagon turned to a familiar method with an unfamiliar underpinning. The U.S. military once again employed its vaunted air power, but effectively communicating across the services and with allied countries required an entirely new infrastructure because when the U.S. military withdrew from Iraq it and took with it the communications networks that supported fighting there.


NIST issues identity management considerations for FirstNet
Fierce Mobile Government
04/22/15

As work moves forward on a nationwide public safety broadband network, the First Responder Network Authority (FirstNet), NIST has released guidelines for addressing identity management across the new system. NIST's report, released March 30, gives information on identity management and applicable federal and industry guidance for using next-generation networks. It covers topics such as selecting identity credentials, authentication processes and identity management technologies that could be used.


Broad range of technology trends impacting access control
Security Info Watch
04/21/15

There have been a number of access control technology developments in recent years that could have a significant impact on the market moving forward. Whether it is the advent of wireless locks or IP-based card readers, access control companies are constantly evolving to meet the demands of customers across a wide range of vertical markets. Here’s what several industry experts had to say about the biggest trends they see impacting the market, as well as some of the factors that are driving them.


Biometrics replacing passwords contingent on consumer trust, says KPMG
BiometricUpdate.com
04/21/15

Financial services consulting firm KPMG recently contributed to the discussion of when passwords will be replaced by a new generation of identity verification devices that read various body functions such as heartbeat, glucose levels and vein patterns. A senior manager in cyber security practice at KPMG said that it all revolves around the issue of establishing consumer trust.