FISMA News

Editor’s Note: The State of Maryland, in partnership with Montgomery County, MD and the National Institute for Standards and Technology, is a sponsor of the National Cybersecurity Center of Excellence.

State hosts convention, competition and recognition during National Cyber  Security Awareness Month in October.

Baltimore, MD (PRWEB) July 31, 2012

Governor Martin O’Malley today announced that during National Cybersecurity  Awareness Month in October 2012, Maryland will host CyberMaryland  2012, a three-pronged conference, competition and celebration designed to  showcase industry innovations, recognize cyber pioneers and groom the next  generation of cyber experts. Scheduled October 16 and 17, 2012, at the Baltimore  Convention Center and Four Seasons Hotel, CyberMaryland 2012 will connect  educators, innovators, employers and students and further demonstrate the  state’s reputation as the nation’s epicenter for information security innovation  and excellence.

From: JD Supra

While several states – and the federal government – consider strengthening legislation to protect consumers against data breaches, identity theft, and other privacy violations, California is taking action.

Earlier this month, California Attorney General Kamala Harris created a new “Privacy Enforcement and Protection Unit.” From law firm Morrison & Foerster:

“The Privacy Enforcement and Protection Unit will be organized under the state’s new eCrime Unit, which was formed in August, 2011 and will centralize a number of existing California Justice Department programs intended to enforce privacy laws, combat identity theft, educate consumers, and create partnerships with private industry under one umbrella.”

From: AOL Government

By Sydney J. Freedberg, Jr.

As the Senate reconvenes to debate the Lieberman-Collins cybersecurity bill, President Obama himself has set the stakes in terms of preventing a future catastrophic attack. But some say the real and present danger is what’s happening under our noses right now, in an online theft of intellectual property that Cyber Command chief Gen. Keith Alexander called “the greatest transfer of wealth in history.”

“Don’t wait for something to go boom. It’s happening and it’s happening quietly right now,” said David Smith, director of the Potomac Institute’s Cyber Security Center in an interview with AOL Defense. “I don’t think they’re nibbling around the edges; I think the rat’s eating your sandwich.”

From: Dark Reading

Def Con talk on bugs, tools for hacking power plants replaced with another talk on HMI flaws

By Kelly Jackson Higgins

DEF CON 20 — Las Vegas, NV — A pair of Russian researchers poised to reveal new research and release free tools for breaking into power plants were no-shows here today.

The much-anticipated “SCADA Strangelove: How I Learned To Start Worrying And Love The Nuclear Plants” talk was quietly replaced a week ago with another presentation by researcher Wesley McGrew on HMI interface vulnerabilities in process control systems, much to the surprise of attendees.

Editor’s Note:  The ENISA “Flash Note” ”Password security: a joint effort between end-users and service providers” is attached here. 

From: ENISA – European Network and Information Security Agency

In the cyber world our identity is reflected by our usernames and passwords. For users, keeping their passwords safe is vital to avoid security incidents such as identity theft. But online service providers (who store usernames and passwords) are expected to do the same. Problems arise when security is compromised at either end of the chain.

Editor’s Note: For more information about NACo’s cybersecurity activities, please see FISMA Focus here.

From: Today’s News-Herald (havasunews.com)

by JAYNE HANSON

National Association of Counties named Mohave County Supervisor Buster Johnson, R-Dist. 3, as vice-chairman of a newly formed national Cyber-security Task Force, which will help protect government agencies and residents from online computer crimes.

NACo President Chris Rodgers, of Douglas County, Neb., made the announcement pertaining to the launch of the task force July 23. The task force is a public/private partnership.
“With the role that county governments play in homeland security, we know that county governments are increasingly becoming target for hackers and viral attacks that could shut down airports, water systems, electrical grids and courthouses,” Rodgers said in a prepared statement.

From: IPPmedia.com

By James Gashumba

East Africa is fast-tracking the implementation of joint initiatives to combat the rising challenge of cross-border cyber crimes that threaten peace and stability in the region.

Government officials say the region is vulnerable to a range of online criminal activities, including financial fraud, drug and human trafficking, and terrorism.

“There is need to develop a common platform to address cyber security. As a region, we must begin to cooperate to deal with cyber threats at national and regional level,” Kenya’s Permanent Secretary in the Information Ministry Dr Bitange Ndemo said at an East African Internet Governance Forum in Nairobi, Kenya .

Julius Businge/All Africa Global Media

In a bid to expand Internet access, the government is considering to introduce “cloud computing,” which will act as a data centre where the public can access all the information from government ministries, agencies, departments whenever they need it.

Cloud computing refers to the delivery of computing and storage capacity as a service to a heterogeneous community of end-recipients. The solution entrusts services with a user’s data, software and computation over a network. The National Information Technology Authority (NITA-U) is spearheading the initiative, which the body says promises more affordability, security, features and accessibility in a sea of devices.

Joseph Menn and Jim Finkle

LAS VEGAS (Reuters) – The head of the government’s secretive National Security Agency took the unprecedented step on Friday of asking a convention of unruly hackers to join him in an effort to make the Internet more secure.

In a speech to the 20th annual Def Con gathering in Las Vegas, four-star General Keith Alexander stressed common ground between U.S. officials and hackers, telling them privacy must be preserved and that they could help by developing new tools.

“You’re going to have to come in and help us,” Alexander told thousands of attendees.

From: Bloomberg

By Michael Riley and Dune Lawrence

The hackers clocked in at precisely 9:23 a.m. Brussels time on July 18 last year, and set to their task. In just 14 minutes of quick keyboard work, they scooped up the e-mails of the president of the European Union Council,Herman Van Rompuy, Europe’s point man for shepherding the delicate politics of the bailout for Greece, according to a computer record of the hackers’ activity.

Over 10 days last July, the hackers returned to the council’s computers four times, accessing the internal communications of 11 of the EU’s economic, security and foreign affairs officials. The breach, unreported until now, potentially gave the intruders an unvarnished view of the financial crisis gripping Europe.