FISMA News

Editor’s Note:  The ENISA report, “Incentives and barriers of the cyber insurance market in Europe,” is attached below.

From: European Network and Information Security Agency

Europe’s citizens and businesses could benefit from better protection for their computer systems and data if the cyber insurance market can be kick started, says a new report from the European Network and Information Security Agency (ENISA).

The report, ‘Incentives and barriers to the cyber insurance market in Europe’  highlights the fact that while cyber security is an important concern for European and national policy makers, businesses and citizens, the traditional coverage offered by Europe’s insurance providers may, with some exceptions, not comprehensively address digital risk.

From: Retuers

United Technologies Corp and two of its subsidiaries sold China software enabling Chinese authorities to develop and produce their first modern military attack helicopter, U.S. authorities said June 28. At a federal court hearing in Bridgeport, Connecticut, United Technologies and its two subsidiaries, Pratt & Whitney Canada and Hamilton Sundstrand Corp, agreed to pay more than $75 million to the U.S. government to settle criminal and administrative charges related to the sales. As part of the settlement, Pratt & Whitney Canada agreed to plead guilty to two federal criminal charges — violating a U.S. export control law and making false statements. The charges were in connection with the export to China of U.S.-origin military software used in Pratt & Whitney Canada engines, which was used to test and develop the new Z-10 helicopter. Also as part of the deal, United Technologies and Hamilton Sundstrand admitted to making false statements to the U.S. government about the illegal exports. Hamilton Sundstrand and Pratt & Whitney Canada also admitted they failed to make timely disclosures, required by regulations, to the U.S. State Department about the exports.

by Chris Sullivan

Almost every company today is laboring under the material misconception that the role of “Information Security” is actually to secure the enterprise when, in fact, security (to free from danger or risk of loss) is an undesirable business goal.

This is why there is so much friction between business managers, who take risks to maximize shareholder value, and CISOs (that’s Chief Information Security Officers) with their security directors, security analysts and security administrators trying to eliminate risk all together.

From: Defense Systems

A cyber summer camp kicked off earlier the week of June 25 in Northern Virginia that will give 50 individuals who have scored well and demonstrated their proficiency in online cyber competitions a chance to learn skills that will prepare them for careers in cybersecurity, the U.S. Cyber Competition (USCC) said in a news release.

The camp curriculum includes in-depth workshops on a range of cyber topics, such as penetration testing, reverse engineering and forensics. The workshops are led by college faculty, SANS Institute senior instructors and various cybersecurity experts.

Posted by Paul Davis

The UK is under threat from an “astonishing” level of cyber attacks, the head of MI5 has revealed.

Speaking in a lecture in London earlier this week, Jonathan Evans said it is not just criminals who are threatening the nation, but the governments of other countries.

The director general of the Security Service went on to suggest that the modern world’s reliance on the internet has not only put government secrets at risk, but businesses and academic institutions too.

“[It] increases the potential for mischief and leads to risks of real-world damage as well as information loss,” he said.

by Snell & Wilmer L.L.P.

Recent data breaches at popular Internet sites, including the theft of millions of user passwords by hackers at business networking site LinkedIn and dating site eHarmony, are a timely reminder of the substantial financial and other consequences businesses potentially face from unauthorized access to private data. Although the exact costs for large breaches such as the theft of the 8 million LinkedIn and eHarmony passwords, allegedly obtained by Russian hackers, are difficult to determine, a recent study estimates that the average cost of breaches involving less than 100,000 records is $194 per capita, including costs of detecting and reporting the breach, notifying and assisting consumers, and opportunity costs such as turnover of existing customers. Not included in this estimate are the substantial legal costs required to defend class action lawsuits that are almost inevitable consequences of a major data breach and the non-monetary harm to reputation and goodwill. Indeed, LinkedIn was hit with a class action lawsuita little more than a week after the breach was reported.

From: Computer Weekly

by Warwick Ashford

Former White House cyber security coordinator Howard Schmidt is to join the board of security and compliance company Qualys.

Howard Schmidt announced he was to step down as White House cyber czar in May after two and a half years. Michael Daniel, former intelligence branch head of the White House budget office, succeeds Howard Schmidt in his White House role.

Schmidt was president of the Information Security Forum, based in the UK, when he was named US national cyber security coordinator in December 2009.

From: Federal Computer Week

By Amber Corrin

Cybersecurity consistently ranks as a top concern for federal IT leaders. But too often, surveys show, it may not be their top goal, and even when it is,  a lack of funding and the right workforce skills can make it difficult to achieve.

Budget cuts are pervasive, and the IT workplace is at a crossroads with a retiring generation of baby boomers and a limited supply of highly specialized talent. Industry experts say it’s a perfect storm of vulnerabilities.

From: ABC News

By AARON KATERSY, MARK CRUDELE, AND  RICHARD ESPOSITO

An international cyber sting led by the FBI attracted criminals from around the world and led to 37 arrests in what is believed to be a multi-million online financial fraud case, sources told ABC News and officials confirmed.

Three people were taken into custody in New York, several were nabbed in California, and the other arrests occurred in 12 countries on four continents. There were 37 arrests in total, federal law enforcement sources said. They said the sting was a cooperative effort by law enforcement officials across the globe.

From: PC Magazine

Picture this. Over the last few months your company’s engineers used AutoCAD to design a brand-new revolutionary device. You go to patent the final design… and find that someone in China already patented it. This cloak and dagger scenario is very real, according to researchers at ESET.  A worm they’re calling ACAD/Medre.A exists specifically to steal AutoCAD designs and send them to its masters in China. Worse, their analysis shows that it has already stolen tens of thousands of designs.