China-backed hackers penetrated TransCom contractor networks 20 times
Chinese government-backed hackers accessed networks of private-sector firms
with sensitive data about US military logistics nearly two dozen times in one
year, says a report by the Senate Armed Services Committee (SASC).The committee determined senior brass at US
Transportation Command, the military’s logistical hub, typically were unaware
of the network violations. Collectively, the 20 contractor network penetrations
“show vulnerabilities in the military’s system to deploy troops and equipment
in a crisis.”
defense contractors: You've been hacked
China committed about 20 cyberattacks across a year-long period on defense
contractors working with the government agency responsible for the
transportation of military forces and equipment, according to a newly
declassified Senate Armed Services Committee report.
campaign targeting financial and healthcare institutions
Barracuda researchers have identified a spam campaign involving thousands
of phishing emails being sent to financial and healthcare employees in the
greater Boston, North Carolina, New York, Texas and Alabama areas.
shares information on recent cyber attacks
JPMorgan Chase, one of the largest banks in the U.S., has confirmed that
its systems were breached this summer, but investigators say there's no
evidence that the attackers had gained access to highly sensitive information.
The hackers reportedly penetrated roughly 90 of the company's servers, gaining
access to the details of one million customers and information on installed
software after obtaining high-level administrative privileges. Initial reports
pointed a finger at cybercriminals believed to be from Russia or Eastern
Europe. Investigators also believe a foreign government might have played a
role in the operation. At least four other financial institutions are said to
have been hit in the same attack.
Mason University travel system targeted for malware attack
George Mason University detected a malware intrusion into its travel
booking system on July 16. No personal information is thought to have been
viewed, but the incident could have affected up to 4,400 users of the
university's travel request system.
computing under siege
By pooling computing resources, cloud computing not only offers significant
cost savings over traditional software and hardware products, it facilitates
innovation by allowing users, businesses and governments to procure, rapidly
and cheaply, a diversity of software, analytics and storage services.But despite these considerable benefits,
globally distributed cloud computing has come under threat. Over the past year,
in response to mounting concerns over data privacy, data security and the rise
of online surveillance, governments around the world have been seeking to pass
new data protection rules which are likely to impose economic harm without
achieving any of their stated goals.
Official: Chinese want NSA cyber schools. Really.
Entrepreneurs in China have voiced support for improving the notoriously
spotty relations between the U.S. and China in cyberspace, patterning Chinese
courses on NSA-approved curricula, said Ernest McDuffie, head of the National
Initiative for Cybersecurity Education.McDuffie, the top U.S. computer security education official, said
Chinese universities are welcome to adopt the U.S. National Security Agency's
cyber education program.
DHS must do to expand cybersecurity information-sharing
In the year since DHS expanded its voluntary Enhanced Cybersecurity
Services program for sharing classified and unclassified threat indicators with
critical infrastructure operators, only 40 critical infrastructure entities
were participating in the program as of May 2014. These companies represent
only three of the 16 designated sectors -- the defense industrial base, energy
sector and communication services -- and only two are commercial services
providers. Also, no additional providers have enrolled in the program since DHS
took the reins in February 2013, so the DHS inspector general has recommended
several ways to boost the program's participation rate and efficiency.
outreach key to unlocking federal cloud market
CIOs across the federal government have been working actively to
incorporate cloud technologies, but the success and pace of those initiatives
hinge on collaboration with the vendor community, federal IT leaders said at a
recent cloud computing conference. They urged cloud service providers to offer
agencies a glimpse of their roadmaps to help guide procurement strategies,
which is often a byzantine process hampered by perpetual government tech talent
offers help in securing printers, copiers, scanners from cyber intrusions
Fierce Government IT
Individuals and organizations need to be aware of the potential for
printers, copiers and scanners being hacked. As such, the National Institute of
Standards and Technology recently released draft guidance pointing out the
risks and vulnerabilities of so-called replication devices, which increasingly
also include 3D printers and scanners. Besides reminding people about potential
cybersecurity problems, it offers advice on how such devices and information
that's stored or transmitted can be better protected.
Geospatial Agency seeks
small business innovation
The National Geospatial-Intelligence Agency is looking toward small
business to provide vital technologies as the agency confronts budget
constraints. Enticement efforts include targeted outreach, reshaped acquisition
patterns and improved networking among potential contractors.
the health data move
In the over-the-rainbow nirvana of health technology, all data generated by
patients, health records systems, consumer apps, medical devices and wearables
will seamlessly interact, to the benefit of patient outcomes, clinical research
and health care costs. But that dream is a long way off.A government agency is taking comments on a
vision paper that spells out a 10-year plan for an ecosystem of interoperable
updates DISA's role as the department's cloud broker
The Pentagon is refining the Defense Information Systems Agency’s role as
the Defense Department’s cloud broker, while outlining how DOD agencies can
acquire commercial cloud services. But DISA will continue to play a central
role in DOD’s move to the cloud, evaluating and approving the security of
commercial services and offering the department’s private milCloud.
rescinds DISA cloud-broker memo
C4ISR & Networks
The Defense Information Systems Agency is no longer the Pentagon’s
officially designated cloud broker. Defense Department officials have
apparently rescinded the 2012 memo, signed by then-DoD CIO Teri Takai, that
designated DISA as the priority choice for defense agencies seeking cloud
services. The move was part of a broader military cloud strategy.
communications: Bringing it all together
Unified capabilities (UC) refers to a series of IP-based services,
including voice, video and instant messaging, designed to make internal DOD
communications smoother and more secure. The Defense Department will open up
its quest for unified capabilities to the private cloud if and when the NSA
approves the project's security architecture. The Defense Information Systems
Agency, the Army and the Air Force will likely put out a joint request for
proposal for UC in the first quarter of fiscal 2015, a top Army official said
MAMA, U.S. Air Force aiming to raise cyber awareness on networks
The U.S. Air Force is attempting to enhance what it is calling cyber
situational awareness in order to contend with “increasingly sophisticated”
threats to its networks and systems. In a post on FedBizOpps.gov, the Air Force
Research Laboratory’s Information Directorate announced it is soliciting white
papers for a new program, dubbed MAMA, “Mission Awareness for Mission
Assurance.” MAMA’s goal is to achieve mission assurance for military operations
and automatically assess mission execution via the analysis of network traffic
flows. MAMA will prioritize mission essential functions, map critical cyber
assets and analyze and mitigate vulnerabilities and risks.
turns to industry for better cyber capabilities
The Army Contracting Command-Aberdeen Proving Ground is looking for ideas,
seeking white papers to identify potential sources for the procurement of cyber
capabilities, according to a Request for Information solicitation. More
specifically, the Army is studying industry feedback on cyber approaches that
could be used for future strategic and protected cyber needs, according to the
solicitation. Those approaches would focus on existing technical capabilities
for defense against capabilities that exploit, deny or manipulate.
Army plans to better manage cyber soldiers
The US Army is closer than ever to introducing a cyber branch to better
manage troops with highly sought skills in this area, according to a senior
Army cyber official. The branch, called Career Management Field 17, will draw
on experts from the intelligence and signals community for dedicated cyber
forces, said Ronald Pontius, deputy to the commander of US Army Cyber Command.
airmen race to stay ahead of new threats
C4ISR & Networks
As cyber threats increase and become more sophisticated, airmen in the
Cyber career field find themselves operating in a fast-paced environment just
trying to stay two steps ahead.For
months, the Air Force has been aggressively lining up airmen for the U.S. Cyber
Command-operated Cyber Mission Force teams: 1,715 airmen will be part of the
Defense Department initiative to recruit 6,000 personnel to be part of 133
joint mission teams.
NGI rolls out, FBI
exploring more biometrics
The FBI’s Next Generation Identification (NGI) system went live recently,
replacing the Integrated Automated Fingerprint Identification System and
improving accuracy. According to experts, the new system offers 99.6 percent
correct identification versus 92 percent with the former, and the NGI enables
automation of 93 percent of searches. Other upgrades include connections with
the National Palm Print System, an iris-modality repository and capabilities
for more mobile detections, and even more advancements in biometrics
identification are underway.
facial recognition system ready for use
The FBI has announced that it is prepared to roll out its new facial
recognition system. The Next Generation Identification (NGI) system, which has
more than 16 million face images, is intended to expand the agency's biometric
identification program and ultimately replace its outdated Integrated Automated
Fingerprint Identification System. According to the FBI, the agency believes
that this is “a significant step forward” in “utilizing biometrics as an
officials can track you all kinds of ways
Biometric identification moved past fingerprints long ago, and the range of
modalities is helping the keepers of law and order make a big difference in
several ways. Areas of growth include voice recognition software, facial
recognition technology, finger vein identification, and eye scans (not
necessarily of the iris, but of the area around the eye and the whites of the
eye). So what’s next? According to one security expert, one of the big trends
to watch is secure gesture authentication.
Intelligence community IDs
Sean Kanuck, national intelligence officer for cyber issues, Office of the
Director of National Intelligence, says cyber pervades all other national
security concerns, including biometrics. Every identity problem is a cyber
issue going forward, because biometric and biographic information is collected
and stored virtually. These systems have immense usage and hence are large
targets for malicious activities, Kanuck explained. The country is at a critical
juncture where innovation and the inability to protect systems of national
security importance is a real problem. Kanuck urged developers of biometrics
systems to consider emerging technical standards, policy, privacy and
DHS looks to replace IDENT
The Department of Homeland Security (DHS) is looking to replace its
Automated Biometric Identification System (IDENT) in the next two to four
years, an official with the department says. IDENT is DHS's central system for
storing and processing biometric and associated biographic information for
various homeland security purposes.
Pay enabling biometric payments at the point-of-sale
Secure ID News
The latest set of iPhones will include near field communication and
consumers will be able to pay by using the Touch ID sensor built into the
handset. The Apple Watch, a new wearable from the computing giant, will also
have NFC and enable payments. The iPhones 6 and 6 Plus will both include NFC
and a secure element that will store all the payment card data.
Wearables Hardware a $53B Market by 2019
A new forecast from technology analyst firm Juniper Research suggests that Apple's recent move into wearables is a smart and potentially lucrative one. Global retail sales of wearable devices will reach $53.2 billion by 2019, the market research firm predicted. This year the market is expected to reach $4.5 billion in sales.
Firefighters use Special Forces gear to stay connected
In 2013, a fast-moving brushfire trapped Arizona fighters in a canyon, and although other firefighters tried to rescue the team, the smoke made aerial observation impossible, and calls over the radio went unanswered.In response to the disaster, the Defense Advanced Research Projects Agency (DARPA) began developing the Fire Line Advanced Situational Awareness for Handhelds (FLASH), a civilian version of the system used by special operators in areas without communications infrastructure. FLASH uses a Wave Relay radio, developed by Persistent Systems, to form a mobile comms network that can bounce signals between nodes and then over and around obstacles.
Retail breaches could spur channel business, modernized payment systems
The retail industry, reeling from a litany of recent credit card breaches, could finally get a long-awaited injection of data protection technology, creating opportunities for solution providers that specialize in data security, compliance assessments and modern payment terminal deployments.Target, Home Depot and other large retailers will be among the first to roll out terminals that support chip-and-PIN cards, but the technology alone doesn't provide the data security benefits, say solution providers. One expert says ewly manufactured, encrypted payment terminals would provide the greatest benefit in reducing fraud and help ease the barrage of data breaches.
What’s really driving cyberattacks against retailers
The Washington Post
Security researchers say they've uncovered links to commentary that accuses the United States of fomenting unrest around the world in the code of the malware believed to have been used in a string of data breaches at U.S. retail stores over the past year. But these links don't necessarily mean that ideology was the driving force behind the hacks. Instead, the key motivator was likely financial gain.
Chinese hacking groups team up against government, military Systems
Two Chinese cyber espionage campaigns are working in tandem in hopes of sniffing out trade secrets from surrounding nations. Researchers from FireEye outlined information about the two attack groups Sept. 10 in advance of a more comprehensive report. Both groups are based on the Chinese coast and are likely targeting intelligence from countries surrounding the South China Sea such as Japan and Taiwan, according to FireEye.
Did NATO drop the ball on cyber defense?
Cyber defense capabilities are necessary for NATO to carry out its mission. But at the recent NATO Summit in Wales, the alliance missed the opportunity to address how to deal with a potential cyber attack that could be the result of new defense posture announced at the summit. NATO must expeditiously operationalize the Enhanced Cyber Defense Policy endorsed at the summit, which reinforces that NATO members will work together to build up the alliance’s cyber defenses. Protecting its member nations entails having its communications, troops, and command and control structures protected against cyber threats.
CDM dashboard stirs second contractor controversy
The inspector general at the General Services Administration is assessing claims raised by security technology vendor Agilance, which says contractors for the Department of Homeland Security's continuous diagnostic and mitigation (CDM) dashboard are engaged in questionable cross-marketing activities.
DHS S&T chief plans for more relevant research, better employee morale
Federal News Radio
The Homeland Security Department's new science and technology chief says he has a plan to turn around an organization that outside auditors say is out of touch with its customers and has numerous duplicative projects, poorly-tracked investments and rock-bottom workforce morale.Dr. Reginald Brothers outlined an agenda Sept. 9 that would reduce the department's overall number of research programs and make the remaining ones more impactful and more strategically focused.
Data governance issues slowing US fed move to cloud
Business Cloud News
Nearly ninety per cent of federal government IT professionals are apprehensive about migrating their agencies’ systems to the cloud, with many migration projects still being held up by cloud-related data governance challenges, recently published research by MeriTalk reveals. Research by the same firm earlier this summer suggests these agencies could be missing out on roughly $19 billion in savings.
'You need to talk in terms of operational impact'
When Richard Spires was CIO at the Department of Homeland Security, getting funding was a difficult matter.Part of the issue, Spires and other former agency IT leaders at a recent cybersecurity conference said, was that legacy systems consume a large share of budgets, and that there is constant pressure to shift remaining money into new systems and new functionality. Because cybersecurity spending is generally invisible when it succeeds, Spires said, "it's always going to be a struggle, because you're always buying insurance." The key challenge for CIOs and other IT leaders, therefore, is to put the costs, risks and benefits of cyber into a context that non-technical executives can understand.
Modernizing VistA: Enabling scalable interoperability in a legacy system
The Veterans Health Information Systems and Technology Architecture (VistA) is the VA’s enterprise electronic health record system that tracks clinical treatment and care information.The Department of Veterans Affairs is in the midst of an evolution as it continues efforts to modernize and ensure the long-term viability of VistA to meet the healthcare needs of the nation’s military veterans.While the technical challenges are formidable, leveraging cutting-edge tools and platforms can be part of the solution for achieving fast, secure and scalable interoperability within the mission-critical legacy system.
Administration renews call for cyber legislation
Top Department of Homeland Security officials have renewed their calls for Congress to pass cybersecurity legislation to strengthen DHS’s ability to mitigate cyberattacks. The House has passed bills designed to boost information sharing, advance cyber technologies, improve the DHS cybersecurity workforce and give DHS some of the codified authority it seeks.The Senate has been slower to act, but DHS Secretary Jeh Johnson said Congress can rally around "areas of strong consensus" by passing legislation: codifying DHS’s cybersecurity responsibilities, making it easier for DHS and the private sector to collaborate on cybersecurity, and improving the department’s ability to hire top cyber talent.
U.S. at risk if cybersecurity bills stall, according to Congressional Republicans
The nation will be at serious risk if the current Congress fails to reach an agreement on cybersecurity legislation, Republican leaders of the House and Senate Intelligence Committees said Sept. 10, citing mounting attacks against U.S. companies.House Intelligence Committee Chairman Mike Rogers (R-MI) and Senate Intelligence Committee Vice Chairman Saxby Chambliss (R-GA) are pushing legislation to provide liability protection to companies that share cyberthreat data with government and industry partners. They urged final passage during the “lame-duck” period that follows the November elections, conceding that Congress is unlikely to get to the issue before that time.
DISA cloud brokering up in smoke
The Defense Information System Agency (DISA) had been identified as DoD's cloud broker, but that has been rescinded, reports Lt. Gen. Mark Bowman, USA, director, command, control, communications and computers/cyber and chief information officer, Joint Chiefs of Staff. He offered no other details on how or why it was rescinded, but he predicted that lower budgets next year will drive innovation and greater sharing within the Defense Department. Some services, he said, can be run “to standard” in a commercial environment.
DISA kicks off IT contract to support Cyber Command
The Defense Information Systems Agency launched Sept. 11 what it described as the first omnibus contract to provide a wide range of information technology services to the U.S. Cyber Command, including assistance for offensive and defensive cyber operations DISA said the indefinite delivery, indefinite quantity IT contract is open only to small businesses, with some of the tasks currently performed by large contractors, such as a security program that shares information with the Defense Industrial Base. The contract will streamline acquisition of cyber-related services and will provide support across multiple technical and nontechnical 55 disciplines under a centralized structure.
DISA to launch first round of JRSS network upgrades
The U.S. Defense Department is primed to take a first step toward the realization of the colossal concept of connecting its entire network system under the Joint Information Environment (JIE). For more than a year, the Defense Information Systems Agency (DISA), along with the Army, Air Force and defense contractor Lockheed Martin, has worked on the joint regional security stacks (JRSS), a key upgrade to streamline network operations and, officials say, improve security.To begin with, DISA will migrate network users from their as-is infrastructure and security posture to the JRSS, beginning now at Joint Base San Antonio in Texas.
DoD ramps up security as it drifts toward cloud
The Defense Department is committed to pursuing cloud-based services and steadily has been improving its capabilities to utilize the technology . The latest evidence of DoD embracing the cloud is its approval of a protocol that will facilitate the use of the technology at higher security levels. DISA wants to pursue a three-part cloud strategy, said Deltek's Alex Rossino: "One is the use the agency's [IaaS] milCloud offering for DoD customers. The second is use of a commercial cloud infrastructure 'inside the DoD fence line' for cybersecurity purposes, and the third is use of purely commercial cloud solutions for publicly releasable data. This leaves a lot of room for multiple players."
Army Contracting Command running through the doors that cloud opens
Federal News Radio
The Army Contracting Command (ACC) will remove those bulky desktop computers from underneath most of its employees' desks in the coming year or so. The ACC is preparing to go to a zero-client setup for its computer network.Gino Magnifico, the chief information officer of the Army Contracting Command, said the command's move to the cloud in 2010 really set the stage for the decision to give employees a monitor, keyboard and mouse, and remove the rest of the computer from their desks.
Army cyber chief: Let's get closer to industry
To keep pace with rapid changes in the cyber domain, the military needs “a much tighter relationship between industry and government,” the head of U.S. Army Cyber Command said Sept. 11.Lt. Gen. Edward Cardon said there were opportunities for industry to develop network infrastructures, operating systems and applications — and that past collaboration on a training environment had worked well. A central clearinghouse for industry to access the service’s cyber requirements is in the works, Cardon said.
DOD Deputy CIO: 'Cybersecurity should vary by mission'
The different levels of mission risk at the Defense Department have posed a major challenge to building out DoD's cybersecurity posture. Now, according to Deputy CIO Richard Hale, DoD is trying to rework its computing and wide area network infrastructure in order to have a "more sophisticated notion of zoning by mission risk."That involves cleaning up the server computing side of things and distinguishing it from the user computing side. Without achieving that, Hale said, DoD will never be able to go fully mobile. Moving to a Joint Information Environment would also position DoD to take more advantage of mobile and cloud, according to Hale.
Naval Academy works on accrediting cyber major
A Naval Academy dean said Sept. 8 that he hopes cybersecurity, a field of increasing importance to national security and civilian computer networks, can be accredited as a major by the time the academy’s first cybersecurity students graduate in 2016. The academy wants to be among the first to receive such accreditation.
Why email is worth saving
Contrary to popular opinion in some quarters, email is not dead. Email is the unsung hero of the global economy, the rusty workhorse that will likely be around forever. Facebook, Snapchat, Whatsapp, and other nominal email replacements are completely inadequate for personal B2C communication and sensitive P2P messaging, not to mention robust B2B communication. Email is worth saving and protecting and there is an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery --Domain-based Message Authentication, Reporting & Conformance (DMARC) -- which is an emerging email delivery standard that has shown much progress and potential.
Identity Management in the age of wearable technology
Given Apple's track record, it is likely that the Apple Watch is going to accelerate the adoption of wearable technology.Although many focus on the potentially negative impact of wearable technology, including security risks and network overload, it should also be seen as a great opportunity. The list of connected devices will keep growing, as will the list of commercial opportunities for companies willing to invest in consumer-facing identity software. As more and more organizations today go through digital transformation, identity software is becoming the critical technology that securely bridges cloud, mobile and Internet of Things (IoT) offerings – and this now includes wearable devices.
Intel wants biometrics to replace passwords
An Intel executive says that the company is currently working on a facial recognition system as security measure for its users that will replace the existing password system.The official said the system will enable users to log into their devices and websites using their face as an identity authentication tool.
Surge in cyberattacks targeting financial services firms
Help Net Security
According to a Kaspersky Lab and B2B International survey of worldwide IT professionals, 93% of financial services organizations experienced various cyberthreats in the past 12 months. And while cyberattacks targeting financial services firms are on the rise, nearly one out of three still don’t provide protection of users’ endpoints or implement specialized protection inside their own infrastructure. This lack of action to protect themselves from attack is causing many businesses to lose faith in financial firms.
Home Depot confirms breach
After nearly a week of investigation, Home Depot confirmed Sept. 8 that intruders had indeed broken into its payment networks and accessed credit and debit card data belonging to an unspecified number of customers who shopped at its U.S. and Canadian stores. However, the statement announcing the breach did not detail the number of stores affected or the total number of cards compromised.
Raising the stakes: NATO says a cyber attack on one is an attack on all
NATO’s new cyber defense policy will consider cyber attacks that threaten a member’s security to be on par with traditional attacks – and may now provoke collective defense from the alliance’s 28 members. The new policy means that a significant cyber attack on any member of the alliance could be viewed as an attack on all, per Article 5 of the NATO charter.
SACT and the Estonian Minister of Defense sign an agreement to establish the NATO Cyber Range Capability
NATO (news release)
During the recent NATO Summit in Wales, the Alliance officially established a Cyber Range Capability. A Memorandum of Understanding signed by the Supreme Allied Commander Transformation with the Estonian Minister of Defense details arrangements for NATO's use of the Estonian Defense Forces' national cyber range facility.
U.S. grid safe from large-scale attack, experts say
The specter of a large-scale, destructive attack on the U.S. power grid is at the center of much strategic thinking about cybersecurity. But a half-dozen security experts interviewed for this article agreed it’s virtually impossible for an online-only attack to cause a widespread or prolonged outage of the North American power grid. Even laying the groundwork for such a cyber operation could qualify as an act of war against the U.S. — a line that few nation-state-backed hacker crews would wish to cross.
Salesforce.com says wearables push catching on with customers, partners
A few months after launching a developer toolkit for writing apps that run on wearable devices, Salesforce.com says the concept is gaining traction with customers and partners. The initiative, which is called Wear, launched with a number of hardware partners.A Salesforce.com executive says that while much of the interest in wearables to date has centered on consumer applications, there’s a wealth of potential for the enterprise as well.
Cyber breaches rare among U.S. state-registered investment advisers : study
Cyber security breaches are rare among investment advisory firms registered with U.S. states, but improvements to technology and procedures could still bolster protection of client information, state securities regulators say. Just 4 percent of advisers reported having a "cyber security incident" during the years in which they have been registered in their respective states, according to a study by the North American Securities Administrators Association (NASAA).
WH Official: Cyber Coverage Will Be a Basic Insurance Policy By 2020
There isn't a market for cyber insurance yet — not for lack of interest, but because of the lack of data on the odds companies will be breached and the true costs of those hacks.However, a White House cyber official predicts that, by 2020, private firms will be buying cybersecurity insurance when they sign up for product liability coverage and other basic policies.Responding to earlier calls that the government initially guarantee coverage, she said the marketplace is “really growing quite a bit” today without government intervention.
What happens when a car is hackable? Science agency spends $1M to find out
Ryan Gerdes of Utah State University is using a $1.2 million grant from the National Science Foundation to look at various cybersecurity threats that could target the autonomous (self-driving) vehicle of the future.
Hackers attacking Israeli think tank aren’t interested in state secrets
The website of a respected Israel-based foreign policy institute -- the Jerusalem Center for Public Affairs -- has been infected with code that is trying to steal bank account information from visitors. The campaign looks like an “advanced persistent threat-style attack” devised to siphon intelligence from government officials browsing the site, but “the threat is ultimately designed to pilfer banking credentials,” Kaspersky Lab reports.
Report: Agencies aren’t properly vetting all cyber contractors
The latest federal audit of agency cybersecurity finds that while vendors operating systems that handle government data are required to take security precautions, most agencies are not making sure they do so. The deficiency is significant because contract employees make up a third of the total federal cyber workforce, according to the Government Accountability Office (GAO).
Officials worry about 'cyber Fort Hood'
The most dangerous cybersecurity threat facing U.S. military and intelligence agencies might not be another Edward Snowden aiming to steal secrets, but rather a rogue IT administrator bent on destruction of critical infrastructure, according to a senior Intelligence official who described such an attack as a potential “Fort Hood in cyberspace.” Given the right access and skills, a federal IT administrator or other computer worker could be able to shut down government computers, disable military navigation systems, or even destroy critical infrastructure like power plants or oil refineries causing extensive loss of life.
Is there any part of government that hasn’t been hacked yet?
A government cybersecurity official told Congress Sept. 10 that DHS’ National Cybersecurity and Communications Integration Center (NCCIC) has already responded to more than 600,000 cyber incidents this fiscal year. A top FBI cyber expert told the same committee that any part of government that hasn’t been hacked yet probably has been hacked – they just haven't realized it yet - and the only way to stay ahead of the evolving threats is to collaborate and share information with the private sector.
Sandia cyber-testing contributes to DHS Transition to Practice
Sandia National Laboratories (news release)
Through the Department of Homeland Security’s Transition to Practice (TTP) program, cybersecurity technologies developed at Sandia National Laboratories — and at other federal labs — now stand a better chance of finding their way into the real world. The innovative TTP program, spearheaded by the department’s Science and Technology Directorate (S&T), helps move federally funded cybersecurity technologies into broader use.
Senate panel assesses cyberthreats
Gov Info Security
At a Senate Homeland Security & Government Affairs Committee hearing the day before the 13th anniversary of the Sept. 11 terrorist attacks, representatives of the FBI and the Department of Homeland Security joined panel chairman Tom Carper (D-DE) and ranking member Tom Coburn (R-OK) in stressing the need to ramp up efforts to repel emerging cyberthreats. Coburn expressed disappointment that cyber threat information sharing legislation hasn't been put on the floor for a vote in the Senate.
Expectations low for cyber legislation
Gov Info Security
Congress isn't ignoring cybersecurity as lawmakers return to Washington, with several hearings on cyber matters scheduled. But it's unlikely the House or Senate will vote on any significant cybersecurity legislation before they adjourn later this month in advance of the fall election. Cybersecurity is seen as a growing concern among lawmakers, but it pales when compared with other issues Congress must confront in the next few weeks.
Amid shrinking budgets, DISA turns to the commercial cloud
Sequestration and more budget cuts are driving the Defense Information Systems Agency to cut out costs in its milCloud program and other areas, while looking to commercial solutions, said Maj. Gen. Alan Lynn, the agency’s vice director.In a speech Sept. 4, Lynn reassured industry that as sequestration approaches, the agency will be considering cheaper, commercial supplements to DISA’s cloud-services product portfolio, milCloud.
US Army activates its first cyber protection brigade
The US Army on Sept. 5 activated a new Cyber Protection Brigade — the first of its kind in the Army — at Fort Gordon, Georgia.The brigade is made up of Cyber Protection Teams, manned by a mix of soldiers and civilians. The brigade will have 20 of these teams, each with about 39 personnel. The teams will conduct defensive cyberspace operations in support of joint and Army missions, according to information from Army Cyber Command.
NGEN transition on track, program ready for potential changes
The U.S. Navy’s Next Generation Enterprise Network (NGEN) is on schedule to complete its transition on October 1. While the transition has not been without unexpected challenges, it has been relatively seamless to the user, officials note. The transition has reached 74 percent of its seats and more than 90 percent of its overall activity. Officials say NGEN should be “flexible and agile” enough to address changing Navy missions and force structure, including the ability to modify the contract if necessary.
The positive side of cyber
All too often, the topic of cyber presents a negative view of vulnerabilities and attacks, but cyber has a positive role to play in national defense, said Lt. Gen. Edward Cardon, USA, commanding general, U.S. Army Cyber Command, who spoke at AFCEA TechNet Augusta.And it’s not just a DoD issue, he noted, saying he works closely with DHS and Justice Department, and that “As we go forward, common concepts, operations, partnerships and collaboration are critical.”
Smart technology tracks hospital patients
Across the country, whether it is in the form of a bracelet ID or smart ID tags affixed to bags of blood, IV bags or surgical tools, hospitals and health care organizations are adding smartcard technology to their IT mix. Hospitals, physicians and clinics are currently implementing smartcards in combination with identity software solutions.
Forget your password? No problem -- here are 4 body parts that could authenticate your identity online
Banks and online retailers—who have the most to lose from hacks—know that no matter how much they ask users to think up a password with capitals, numbers, characters, and obscure phrases in Tagalog, passwords will always remain weak and prone to hacking. So if thoughts from inside your head won’t cut it, perhaps actual body parts will. Here are four examples which some people think might replace passwords for good.