Draft NIST Guidance on Mobile Device Security (SP 800-164)

Editor’s Note: NIST has released for public comment, the draft of NIST Special Publication 800-164, “Guidelines on Hardware-Rooted Security in Mobile Devices.”  The document is attached here.

Comments are due by December 14th to the email address below.

From: NIST

Hacker Gained Access to Data Using Employee Credentials

Editor’s Note: The following article is an update on this story.

From: WLTX.com (Columbia, SC)

by Tim Smith, The Greenville News

COLUMBIA – South Carolina’s identity theft nightmare has grown to include some businesses, and officials have disclosed for the first time that the hacker was able to crack the system by somehow obtaining the credentials of a Department of Revenue employee.

Jim Etter, director of the Revenue Department, disclosed after repeated questioning from senators Monday about the possible impact of the breach on small businesses that an unspecified number of state identity numbers used for corporations had been “compromised” at the same time as 3.6 million Social Security numbers and 387,000 mostly encrypted credit or debit card numbers.

DHS to hire 600 cyber professionals

From: Federal Times

by Nicole Johnson

The Department of Homeland Security is following through on recommendations to hire at least 600 cybersecurity experts, DHS Secretary Janet Napolitano said Wednesday.

Speaking at a Washington Post cybersecurity forum, Napolitano said the department is looking to hire cyber experts, analysts, IT specialists and people who are familiar with coding.

In June, DHS Secretary Janet Napolitano directed a newly formed CyberSkills task force to develop recommendations for growing DHS’s cyber workforce and expanding the pipeline of cyber talent nationwide, which includes hiring at least 600 cyber professionals.

NSA and the Future of Big Data

From: Smart Data Collective

The National Security Agency of the United States (NSA) has seen the future of Big Data and it doesn’t look pretty.  With data volumes growing faster than the NSA can store, much less analyze, if the NSA with hundreds of millions of dollars to spend on analytics is challenged, it raises the question; “Is there any hope for your particular company”?

By now, most IT industry analysts accept the term “Big Data” is much more than data volumes increasing at an exponential clip. There’s also velocity, or speeds at which data are created, ingested and analyzed. And of course, there’s variety in terms of multi-structured data types including web logs, text, social media, machine data and more.

Problems at a cyber security conference highlight the difficulties in information sharing

From: InfoSecurity-Magazine.com

The 12th ICS Cyber Security Conference was held Oct 22-25 at the Old Dominion University’s Virginia Modeling Analysis and Simulation Center – but did not quite go to plan…

Organizer and security expert Joe Weiss has blogged about the conference on the Control Global Unfettered blog. Although he discusses the conference in general, including observations such as “I found it disconcerting that more than 5 years after the Aurora [powergrid cyber-vulnerability] test very few of the critical infrastructure attendees understood the technical issues with Aurora,” most interest is nevertheless focusing on his comments on information sharing.