number of industries getting classified cyberthreat tips from DHS has doubled
Firms from half of the nation’s 16 key industries, including wastewater and
banking, have paid for special technology to join a voluntary Department of
Homeland Security program, previously exclusive to defense contractors, that
shares classified cyberthreat intelligence. Cleared Internet service providers
participating in the Enhanced Cybersecurity Services initiative feed nonpublic
government information about threats into the anti-malware systems of critical
sector networks. As of July, only three industries – energy, communications and
defense – were using the service.
launches MitM attack on iCloud, Hotmail users
The Chinese government has started launching cyberattacks against Apple
customers just as the company announced the availability of the latest iPhone
in the country, according to a non-profit that monitors online censorship in
China. It appears local authorities have initiated man-in-the-middle (MitM)
attacks against customers of Apple's iCloud in an effort to obtain account
login credentials and gain access to the data stored by users in the cloud
shine light on vulnerabilities in FDA computer network
Fierce Government IT
Vulnerability testing of the Food and Drug Administration's computer
network found several deficiencies that could potentially be exploited by
attackers, but auditors did not gain unauthorized access to the network via
penetration testing.Several days before
the HHS Department Inspector General's Office test, the IG noted that a
wide-scale cybersecurity breach involving an FDA system was detected, exposing
sensitive data in 14,000 user accounts.
hackers targeting mobile phones to get bank info, survey says
Hackers are increasingly targeting mobile phones to get into bank accounts
of victims and steal money, according to a report by Kaspersky Labs with
Interpol. It found that 60 percent of the malicious programs targeting Android
devices were designed to steal money or banking credentials. The report focused
on Android, which accounts for roughly 85 percent of the mobile device market
and 98 percent of mobile malware. Like
other online operations, hackers are moving into mobile because more users
access the Internet from these devices.
government probes medical devices for possible cyber flaws
The U.S. Department of Homeland Security is reportedly investigating about
two dozen cases of suspected cybersecurity flaws in medical devices and
hospital equipment that officials fear could be exploited by hackers.The products under review by the agency's
Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.
device adoption following tablets' lead: PwC
Wearables are well on their way to following tablets as the next hot
product category. A new report from PricewaterhouseCoopers (PwC) indicates that
20 percent of U.S. adults already own a wearable device. It's a figure that
matches the adoption rate of tablets in 2012, and like tablets, the number is
expected to quickly rise -- but not without some challenges along the way.
ruled out as culprit in Chase cyber security breach, U.S. officials say
The Russian government has been ruled out as sponsor of a cyber attack on
JPMorgan Chase & Co disclosed in August, U.S. law enforcement officials
said Oct. 20.Officials from the FBI and
Secret Service announced that authorities believe the attack was the work of
cyber criminals. Early news reports in August said investigators feared the
attack was conducted on behalf of the Russian government as retribution for
economic sanctions imposed by the U.S.
executive order on payment fraud falls short on boosting security, say experts
The Obama administration issued an executive order last week that forces
federal agencies to purchase new payment terminals that support
"enhanced" security features, but experts say the directive stops
short of requiring fully activated encryption and other security measures that
would reduce the risk of a data breach.
security council welcomes Obama executive order on EMV
The Payment Card Industry Security Standards Council (PCI SSC) has welcomed
US President Obama’s executive order to speed up the adoption of cards that
reach the Europay, MasterCard and Visa (EMV) standard in the US. EMV is a
global standard for the inter-operation of integrated circuit cards, known as
chip and PIN, in the UK.
gives agencies the lead role in combating ID theft
Federal News Radio
New, more secure government credit cards and multi-factor authentication
for federal websites dealing with sensitive citizen data are two ways the White
House wants the government to lead a nationwide effort to reduce identity theft
and fraud.President Obama's recent
Executive Order outlined a series of steps with deadlines to transition to more
secure online transactions under a new Buy Secure initiative. Federal
cybersecurity experts acknowledged the order with a combination of satisfaction
NIST's cloud computing
roadmap details research requirements and action plans
NIST (news release)
The National Institute of Standards and Technology (NIST) has published the
final version of the US Government Cloud Computing Technology Roadmap, Volumes
I and II. The roadmap focuses on strategic and tactical objectives to support
the federal government’s accelerated adoption of cloud computing, and leverages
the strengths and resources of government, industry, academia and standards
development organizations to support technology innovation in cloud computing.
urge early cooperation in malware investigations
Though the recently publicized hack of J.P. Morgan was a fresh reminder
that financial services are always in the crosshairs of cyber criminals, the
sector's information-sharing center has been praised for building resiliency
against threats.Law enforcement
officials made the case at an Oct. 20 conference on cybercrime that this
resiliency was due, in part, to public-private cooperation and aggressive
federal prosecution of cybercriminals.
devices will transform how government fieldwork gets done
Next Gov (op-ed)
Using mobile devices like iPads and iPhones can make government field
workers more efficient in creating reports and reducing paperwork, and they
become even more powerful when they provide analytics to uncover hidden
relationships and critical information. The ability to automatically analyze
multiple pieces of data across multiple systems of record and combine that with
real-time information collected by the user, can help provide previously
unknown new insights and recommendations.
future of government technology and the role of the IT department
New innovations for government are beginning to move at an accelerating
pace. The next five to ten years will be a critical renaissance period for
federal IT, transforming the way agencies use IT to fulfill their
missions.This will happen in spite of
the fact that many federal agencies continue to face ongoing budget challenges.
The transformation of government IT in the coming years will allow agencies to
be more efficient and effective, while still being very responsible with public
new commercial mobile encryption affect BYOD policy?
While law enforcement is up in arms about new default data encryption on
Apple iOS and Google Android devices, experts say the policy could have some
benefits for federal mobility as well.
push for ‘Internet of Things’ hearing
A bipartisan group of lawmakers on the Senate Commerce Committee wants
Chairman Jay Rockefeller (D-WV) to hold a hearing on the millions of new
connected refrigerators, cars and other devices, warning that the so-called
“Internet of Things” is “sparking a number of important policy questions” about
security and privacy.The proliferation
of “smart” appliances and machinery has exploded in recent years and could
generate $8.9 trillion in revenue by 2020, they noted, with hundreds of
billions of connected objects around the globe.
evolves its network integration process
Federal News Radio
Three years ago, the Army embarked on a process of Network Integration
Evaluations that were designed to test new systems in the hands of soldiers
before those technologies made their way into live-fire battlefields. But the
Army is making changes to the process to include more of an emphasis on
laboratory testing, and it's also tempered its hopes that commercial
technologies can fill the gaps in its current capabilities.
the edge of the Joint Information Environment
The Department of Defense is pursuing an ambitious initiative to develop an
integrated, enterprise-wide IT network, the Joint Information Environment
(JIE). To better understand how DoD employees perceive the benefits of and
challenges to the Joint Information Environment and mobility, Government
Business Council and Verizon Wireless undertook an in-depth research study
involving a survey over 300 senior DoD employees.
Army Cyber capabilities
increasing to include Guard, Reserve
Army News Service
The Army's top cyberspace experts said increasing digital capabilities of
the force include 11 cyber protection brigades in the National Guard, and 400
more cyber Soldiers in the Army Reserve.Leaders recently detailed how the Army is working toward network
modernization through the new Cyber Center of Excellence and cyber protection
date approaching for WIN-T en route mission planning IOC
C4ISR & Networks
Communications en route to overseas objectives are due for an upgrade,
courtesy of the Warfighter Information Network – Tactical program. November is
the target date for initial operating capability for en route mission command
capabilities. The goal is to enable voice, data, full-motion video, email and
other capabilities aboard planes on long flights, said LTC Joel Babbitt,
product manager for WIN-T Increment 1.
Awaited technologies about
to become reality for warfighters
The U.S. Army is extending advanced communications to disadvantaged users,
fielding a series of capabilities to various groups in an effort to give
soldiers at the pointy end of the spear the connectivity they need. With the
rollout, forward-deployed troops should be able to access classified networks
via wireless 4G long-term evolution connections. National Guard units also are
acquiring the tools to aid their troops in disaster response scenarios.
aim at stealthy attacks
GCN - Cybereye (blog)
When the vulnerability is unknown and the malicious code is well hidden, IT
managers have to look for active footprints to defend against threats. No
matter how stealthy the exploit, it has to activate inside the system, and that
is where to spot it and stop it. That’s the idea behind the Cyber Kill Chain,
which is based on the military concept of establishing a systematic process to
target, engage and defeat an adversary. It relies on the assumption that an
adversary will have to carry out specific steps to attack in a given
orders two-step IDs to combat credit card hacks
President Barack Obama issued an executive order Oct. 17 to stop rampant
credit card breaches by requiring federal agencies to issue government purchase
cards embedded with hacker-resistant microchips that require PIN numbers for
charges. The government aims to stimulate the market for so-called chip-and-PIN
cards, which is part of a larger strategy to abolish one-step identification
facial recognition system gives officers an investigative lead
New FBI facial recognition technology released in September means more than
18,000 law enforcement agencies can search potential criminals by face in
addition to fingerprint. The facial recognition tool, called the Interstate
Photo System, lets officers automatically compare a suspect's digital facial
image against the 20 million and growing images available for searches, giving
officers an investigative lead. But it has accuracy limits and has raised
concerns among privacy groups.
FBI warns of cyberattacks linked to China
Russian cyberspies hit Ukrainian, US targets with Windows zero-day attack
The FBI issued a warning to companies and organizations Oct. 15 about cyberattacks by people linked with the Chinese government.The advisory, issued privately, contains "information they can use to help determine whether their systems have been compromised by these actors and provides steps they can take to mitigate any continuing threats."The warning came a day after security companies said they've been working closely together to enable their products to detect several hacking tools used by a China-based group against U.S. and other companies over several years.
How should the government respond to JPMorgan hack?
According to former Attorney General Michael Mukasey, for now the proper response by the U.S. government to last summer's JPMorgan hack "is to try to find out who did it and why."But, said Mukasey, if a nation state turns out to be responsible for the JPMorgan hack, the government should respond.
Key findings from Ponemon Institute’s ‘Cost of Cyber Crime’ studies
Ponemon Institute has released its 2014 Global Report on the Cost of Cyber Crime, based on regional Cost of Cyber Crime studies for 11 countries, including France, Germany and Italy. This post summarizes the key findings of the European studies, and shows what you can do to protect yourself from cyber security risks using the international standard for best-practice information security management, ISO 27001.
Mobile device and date use skyrockets, US gov't survey says
U.S. mobile phone users are “rapidly embracing” smartphones and tablets, noted a report from the U.S. Department of Commerce’s National Telecommunications and Information Administration. Even though the report is based on 2-year-old information from the U.S. Census Bureau, the latest NTIA survey of U.S. residents’ Internet and computer use shows some important trends and gives U.S policy makers “some valuable insights,” said John Morris, director of Internet policy at the NTIA.
UMD partners with MITRE on cybersecurity research and development center
University of Maryland (news release)
The University System of Maryland (USM), including the University of Maryland, College Park (UMD) and University of Maryland, Baltimore County (UMBC), is partnering with The MITRE Corporation to operate the first federally funded research and development center (FFRDC) solely dedicated to enhancing cybersecurity and protecting national information systems.
Tech Council of Maryland to use $225,000 grant for cyber job training
Washington Business Journal
The Tech Council of Maryland will use $225,000 in federal money to train job seekers for cyber and technology jobs. The funding is part of a $15 million grant to the Cyber Technology Pathways Across Maryland Consortium, announced in September. Fourteen community colleges, led by Montgomery College in Rockville, comprise the consortium. They are working together to improve cyber job training and access to cyber jobs, especially among veterans, women and unemployed workers.
$42m boost for cyber security research
Asia One / The Straits Times
Some $42 million will be set aside by Singapore for seven projects in cyber security research over the next two to five years, as Singapore looks to boost its defense against cyber attacks. The money will come out of a new $130 million government plan to enhance Singapore's fire power against cyber attacks that could threaten government agencies and services such as banking. The seven projects will involve research in topics such as digital forensics, and mobile and cloud data security.
Obama announces plan to tighten card security
Saying more must be done to stop data breaches affecting consumers, President Barack Obama announced on Friday a government plan to tighten security for the debit cards that transmit federal benefits like Social Security to millions of Americans. Cards issued by the federal government will now have an internal chip replacing magnetic strips to reduce the potential for fraud.
Tightening security on federal payment cards
As part of wide-ranging set of policy initiatives about financial information security, President Obama announced the federal government will be switching to payment cards that are protected by two new layers of security – a microchip that is harder to clone than a magnetic strip and a personal identification number that users key in during transactions, like a bank card. Beginning next year, new payment processing terminals at federal agencies must have the necessary software to support these new security features.
Obama orders chip-and-PIN in government credit cards
President Obama issued an executive order Oct. 17 to have secure chip-and-PIN technology embedded into government-issued credit and debit cards as part of a broader move aimed at stemming payment data breaches. Under the order, government-issued cards that transmit federal benefits such as Social Security will have microchips embedded instead of the usual magnetic strips, as well as associated PINs like those typically used for consumer debit cards. A replacement program for the cards is set to begin on Jan. 1 of next year, with the goal to have more than 1 million such cards issued by the end of the year.
GSA unveils 'FedRAMP Ready' systems
The GSA will unveil its newest category for the Federal Risk and Authorization Management Program on Oct. 17, showcasing cloud service providers ready to perform assessments and authorizations with potential agency customers."FedRAMP Ready" systems have had their documentation reviewed by the FedRAMP program management office and -- at a minimum -- have gone through the PMO readiness review process.
Huge bidder pile-on for VA’s $22.3 billion tech deal
Next Gov - What's Brewin'
The number of companies that have expressed interest in bidding on the Department of Veterans Affairs’ Twenty-One Total Technology Next Generation contract -- known as T4NG -- hit 635 vendors Tuesday, according to a VA spreadsheet.VA plans to award up to 20 indefinite-delivery, indefinite-quantity contracts under T4NG, which will run for an initial five years with an option for another five years.
One team, one fight in cybersecurity
The Defense Department understands the value of a physical co-location, having put two of its key cybersecurity components, Cyber Command and the NSA, at Ft. Meade. Having federal civilian agencies down the hall from each other also is both possible and valuable.As such, GSA has asked for $35 million in FY15 to develop requirements for and to fund design of a civilian federal cybersecurity campus. The idea is to collocate key components from multiple federal civilian agencies with cybersecurity responsibilities, along with private sector partners, to improve collaboration in the drive to enhance homeland and national security against growing cyber threats.
U.S. data breach notification law unlikely in 2014
Gov Info Security
Despite President Obama's support and growing interest in Congress in enacting a national data breach notification law, no such bill has reached either the Senate or House floors in the current Congress, nor is such legislation likely to be voted on before the current Congress adjourns.Business groups and consumer advocates with allies in Congress cannot agree on key provisions of data breach notification measures, with businesses wanting less stringent data breach notification rules than do consumer advocates.
DISA looks for models for securing commercial cloud
The Defense Information Systems Agency wants to test the viability of two technical models for implementing commercial cloud within the Defense Department.DoD wants its cloud use to be secure, while also tapping expertise from commercial vendors. To do that, DISA is looking for ideas on cloud-integration models that will offer "the physical protections that a DOD installation provides, while still allowing the commercial vendors to offer their contemporary cloud ecosystems directly to the military community," the agency said Oct. 1 in announcing an RFI.
Four years after establishment, Army Cyber Command touts progress
The relatively new Army Cyber Command is looking to perform more joint operations as it continues to build its capabilities, a pair of its senior leaders said Oct. 15 at the Association of the United States Army annual conference in Washington, D.C.But in order to do that, it will need to collaborate with the government and private industry to develop a capable, sustainable cyber environment, said its commander, Lt. Gen. Edward Cardon.
Here comes the Army Cyber Battle Lab
Next Gov - What's Brewin'
The Army currently operates a Network Battle Lab and plans to change it to the Cyber Battle Lab beginning in October 2015 -- and is looking for some contractor support. The Network Battle Lab was focused only on experimentation to support the network, but will now add experimentation to support all areas of "cyber electromagnetic" activities. These include cyberspace operations, electronic warfare and spectrum management operations.
Army eyes coordinated land-cyber missions
US Army officials say they are working toward a capability that will synchronize land power and cyber capabilities for tactical effects on a future battlefield. Army Chief of Staff Gen. Raymond Odierno said in an interview that the service’s new operating concept calls for the synchronization of air, sea, land and cyberspace.
Army electronic warfare ‘is a weapon’ – But cyber is sexier
Col. Joe Dupont, the Army’s project manager for electronic warfare programs — and its recently declassified offensive cyber division — faces an uphill battle against tight budgets and Army culture to make the case that EW doesn't just enable weapons systems, "EW is a weapon system."As the world goes wireless, phones and computers depend increasingly on radio links rather than physical cables, which means jamming and hacking, traditional electronic warfare and the brave new world of cyber, are beginning to blur together.
Krieger molds the defense IT enterprise
One of the greatest successes for Mike Krieger, deputy chief information officer/G-6 for the Army, is the recent integration of enterprise email throughout the Army. From a slew of Microsoft Exchange servers run by different organizations, the Army now has just one email service for its 1.5 million users run out of the DISA’s cloud.Organizations across the Army are now comfortable drawing services from the enterprise compared to 2009-2010 when they still provided their own services to users. Another other major change he’s witnessed is a shift in the belief that network capabilities need to be “very tip-of-the-spear,” to a recognition that there are things that can be better done from the enterprise.
NSA chief: 1,000 new jobs coming to S.A.
My San Antonio
The director of the National Security Agency, Adm. Mike Rogers, said Oct. 16 that San Antonio could expect as many as 1,000 additional personnel working on the Defense Department's ongoing cybersecurity mission over the next three years.
What the cybersecurity executive order means for authentication
Secure ID News
President Obama has signed an executive order on cybersecurity that requires federal agencies to issue and accept EMV payment cards and take extra precautions online when protecting citizens’ personal information. The focus of the announcement was on the move to EMV and the more secure chip and PIN technology. But, event more significantly, a short section of the executive order focused on a move to more secure authentication by government agencies. The wording is vague and lacks concrete examples of how and why such a multi-factor authentication system might be necessary. But here are some scenarios of how this system is likely to roll out.
The biometrics revolution is already here — and you may not be ready for it.
The Washington Post
The future is here, and it's biometric identification: You will soon be able to unlock the most recent iPad model with your fingerprint; banks are reportedly capturing voice imprints to catch telephone fraud; and the FBI's facial recognition database is at "full operational capacity." But while these technologies are already influencing consumers' lives, it's not clear that everyone understands the long-term implications of widespread biometric use, experts say.
Get ready for a new wave of biometrics
It's common knowledge that passwords are flawed, but if anything can benefit from this year's seemingly never-ending security breaches, it's the field of biometrics. Digital biometrics—using people's fingerprints, voices, and faces to unlock devices instead of using memorized passcodes—aren't new. What is new is the timing: The rapid demise of the conventional password in this year alone means digital biometrics can be "cool" again.
The Russian cyber espionage and cybercrime worlds once again have collided in a newly discovered cyberspying campaign that uses a zero-day flaw found in all supported versions of Microsoft Windows. Among the targets of so-called Sandworm cyberespionage team are NATO, the Ukrainian government, a U.S. think tank specializing in Russian issues, Polish government and energy entities, a French telecommunications firm, and a Western European government agency.
DHS: Attackers hacked critical manufacturing firm for months
DHS has disclosed that an unnamed manufacturing firm vital to the U.S. economy recently suffered a prolonged hack. The event was complicated by the fact that the company had undergone corporate acquisitions, which introduced more network connections, and consequently a wider attack surface. The firm had more than 100 entry and exit points to the Internet.The case contains a lesson for civilian and military agencies, both of which are in the early stages of new initiatives to consolidate network entryways.
FDIC to banks: Prep for “urgent” threat of cyberattacks
JD Supra - Business Advisor
Financial institutions are facing an “urgent” threat of hacks and cyberattacks causing regulators to take a closer look at banks’ efforts to combat such concerns, the Federal Deposit Insurance Corporation (FDIC) Chairman recently cautioned.At the American Banker Regulatory Symposium, FDIC Chairman Martin Gruenberg told attendees that the rise of cyberattacks targeting banks has triggered a need for regulators to assess the efforts of institutions to fight back or prevent such attacks.
Obama said to warn of crippling cyber attack potential
President Obama reportedly believes cyber terrorism is one of the biggest threats to national security and says the White House is bracing for a possible doomsday scenario if hackers can successfully penetrate government and business computer systems.
Washington wants to become a hub for cybersecurity companies. Can it be done?
The Washington Post
This fast-growing field of civil cybersecurity presents a multibillion-dollar business opportunity for technology companies and a powerful new economic development engine for the jurisdictions where those companies establish their headquarters.Few parts of the country are as flush with potential as the Washington region, but the region must also overcome certain deficiencies if it is to become a cybersecurity hotbed. A growing number of public and private sector initiatives have taken shape to address those shortcomings.
Cleveland Indians' IT team hits a grand slam with new analytics platform
Security Info Watch
The Cleveland Indians baseball team, like every enterprise organization, faces omnipresent cybersecurity threats.The team’s network, not only at the home ballpark, but at the out-of-state training facility and for the scouts on the road, must be fast and secure. Customer data and the Indians’ brand must be protected.The club has chosen virtual appliance software that monitors security, performance and compliance in cloud and virtualized infrastructures – all from a single screen.
Wearables and IoT among top tech trends for 2015
IT research firm Gartner has published its list of top 10 technology trends to watch next year as businesses draw up their strategic IT plans.The list includes mobile computing, wearables, Internet of Things (IoT) solutions, 3D printing, context-aware systems, autonomous smart devices, mobile-friendly cloud applications, software-defined applications and infrastructure, Web-scale IT and self-protecting, security-aware applications.
Why colleges should stop splurging on buildings and start investing in software
The Washington Post
For decades, America’s colleges and universities have been on a massive spending spree, building new dorms, student centers, sports complexes, and academic buildings, but key educational performance metrics have not greatly improved.What if the leaders of our colleges and universities had channeled just a fraction of this edifice-complex capital into technology improvements -- especially software -- instead?
Cloud computing is forcing a reconsideration of intellectual property
The New York Times
We’ve used ideas to sculpt the globe since the Industrial Revolution, thanks largely to the way we handle intellectual property. Now, according to people involved in the business of protecting ideas, all of that is set to change. Software, lashing together thousands of computer servers into fast and flexible cloud-computing systems, is the reason. Clouds, wirelessly connected to more software in just about everything, make it possible to shift, remix and borrow from once separate industrial categories.
Is it time for fresh procurement reform or just a rereading of existing law?
Federal News Radio
The 1996 Information Technology Management Reform Act (Clinger-Cohen) wasn't purely a procurement reform.But it did supersede prior law under which IT procurement became the province of the GSA, which had the power to delegate purchase authority to agencies, and it instituted a new way for federal agencies to do IT investments strategically.The Clinger- Cohen era bolstered the idea of IT and all strategic procurements as investments that must relate to missions.So what's needed for the future?
Governmentwide cloud contracting efforts missing key ingredients, IGs find
Federal News Radio
The Council of Inspectors General analyzed 77 commercial cloud contracts across 19 civilian agencies and found most failed to implement federal guidance and best practices.Additionally, 59 cloud systems reviewed did not meet the requirement to become compliant with the Federal Risk Authorization and Management Program (FedRAMP) by June 5, 2014, even though the requirement was announced on December 8, 2011.
Wolfe brings the cloud to the intelligence community
Doug Wolfe, the chief information officer of the Central Intelligence Agency, has embarked on a mission to guide the development of cloud computing for the whole of the intelligence community, knock down barriers between silos of data and analysis, introduce speedy IT and software development to traditionally slow-moving organizations and help make the intelligence sector a beacon of innovation for the rest of government.
Is FedRAMP toothless? Rogue cloud systems abound at agencies, IGs say
Many agencies blew past a deadline this summer to make sure their cloud computing systems met baseline security standards. And it appears they’ll face little reproof for doing so. Among the potential problems uncovered by the Council of Inspectors General on Integrity and Efficiency are a mostly toothless process for ensuring agencies’ cloud systems meet basic security standards and fuzzy service-level agreements between agencies and commercial cloud providers.
White House working around cyber bill impasse
As time runs out for Congress to pass cyber legislation before next year, White House officials are looking for ways around Capitol Hill’s inability to enact policies to secure government networks and critical infrastructure. The executive branch is accelerating efforts to implement cybersecurity within federal agencies and in the sectors responsible for critical infrastructure, including the financial and energy industries.
Pentagon needs to build cybersecurity into the acquisition process
At the confluence of cybersecurity, acquisition and the sometimes small but always vital electronic components that make up battlefield systems lies a serious vulnerability. The gist of the issue is simple: Our weapons platforms and systems are subject to potential compromise if we fail to secure them. And unless and until we embed cybersecurity into system architecture and design, we are handing our adversaries -- who are many and varied -- an advantage that they have not earned.
Army seeks industry partner for geospatial tech R&D
Gov Con Wire
The U.S. Army Corps of Engineers is looking for potential vendors who can provide research, development, engineering, assessment and validation support to the USACE Geospatial Center in Virginia. It is looking to award up to $200 million over five years for a partner who will help the organization build platforms intended to exploit GEOINT, full motion videos, wide area motion imagery and C4ISR data, and explore methods of disseminating geospatial information from mobile devices to data analytics and management systems being used by other military and civilian agencies.
COTS devices gain a tactical edge
C4ISR & Networks
Commercial off-the-shelf (COTS) technologies, once viewed with skepticism by the Defense Department and military services, are rapidly becoming mainstream tactical communication devices as well as trailblazing new form factors, functionalities and procurement processes.
AUSA: Army to require open-source intel training
C4ISR & Networks
The Army is formalizing its growing emphasis on open-source intelligence, or OSINT, including requiring soldiers to get at least some basic training in how it works, according to Army officials. In the coming weeks the service will launch a distance-learning package that will be required for all soldiers so that they have at least a basic understanding of how OSINT works.
MILCOM: Is enterprise IT mindset taking root at DoD?
C4ISR & Networks
The calls for streamlined technology and processes, shared services and enterprise-wide IT at the Defense Department usually are quickly followed with demands less tangible than servers and data centers. To truly enable real reform in defense IT, it’s the people that need to undergo a shift in thinking as well.
How WiFi makes a command post agile
C4ISR & Networks
The advantages of mobile technologies for soldiers are often readily apparent, but there are some important capabilities on the command-post side too, according to COL Ed Swanson, project manager for the Army's Warfighter Information Network-Tactical (WIN-T) program. In particular, the Army is working with “very nascent” commercial technologies, including 4g LTE and WiFi, Swanson said.
Air Force to step up recruiting, shorten training for cyber airmen
Air Force Times
The Air Force may shorten the training time for cyber airmen to move them into their jobs faster — and airmen with existing cyber certifications would get a head start.
AUSA: Army wrestles with talent amid cyber force build-up
C4ISR & Networks
As the Army assembles a 6,000-person-strong cyber mission force in the next two years, officials are trying to determine the best way to attract, organize and maintain the cyber talent required to secure Defense Department networks. The creation of a new Army branch dedicated to cyber means that leaders are learning how to recruit, train, retain and equip cyber forces. It’s been an ongoing effort over the past two years, one that the Army Cyber Command’s chief says is nearly halfway finished.
Detecting cyber attacks in a mobile and BYOD organization
Help Net Security
Many organizations understand that traditional perimeter security defenses are not effective at identifying attacks on mobile devices. This application note sets out to explore the challenges, understand the needs, evaluate mobile device management as an approach to detecting attacks and offer a flexible and high efficacy solution for detecting any phase of an ongoing attack on mobile devices regardless of device type, operating system or applications installed.
'Internet of Things' a risk-reward proposition for security professionals
Security Info Watch
We live in a highly connected world, with smartphone, tablets and other devices that all contain not only a multitude of data-producing sensors, but also a variety of software applications that may require Internet connectivity.And it is not just smartphones that are connected to the Internet.Momentum has been increasing to connect more and more devices of every type to the Internet, resulting in an Internet of Things (IoT).But despite numerous benefits, connected devices still present a myriad of threats.
Cyber security failing in execution, says ex-US cyber czar
Former White House cybersecurity coordinator Howard Schmidt says “The cybersecurity strategies we have are all excellent... but we are still failing in execution."Schmidt believes software developers should do more to ensure users are not faced with security decisions they aren't qualified to make, and he called for greater effort to develop threat scenarios for all software developers, particularly in the critical sectors of energy, telecommunications and financial services.
Report: Rising cybersecurity budgets still not enough
The 2014 Deloitte-NASCIO Cybersecurity study shows what many state chief information security officers already know -- the landscape is fraught with evolving challenges -- and it makes at least two clear conclusions: cybersecurity is the primary concern of many state CIOs and state CISOs, and also that the concerns of CIOs and CISOs are well-founded.While over 47 percent of organizations showed a year over year budget increase, 75 percent cited budget constraints as a challenge.