Call for Papers Announced for CyCon 2013

From: NATO

NATO Cooperative Cyber Defence Centre of Excellence has announced the call for papers for its fifth international conference on cyber conflict. The annual interdisciplinary conference takes place in June next year and focuses on use of automatic methods in cyber conflicts. The conference will be organised along a Strategic Track and a Technical Track with legal aspects incorporated in these two tracks.  Deadline for abstract submission is set for 1 November 2012


Got a data security policy? Chances are your IT bods don’t know it

From: The Register (UK)

Most data-blurt blunders are internal cockups, not hacks


Advisory firm Forrester Research questioned 2,383 IT workers from five countries for a report called Understand The State Of Data Security And Privacy: 2012 To 2013, but only 56 per cent of those surveyed in North America and Europe said that they were aware of their employers’ current data security policies, according to a media reports.

“It’s not simply just a matter of having the appropriate tools and controls in place,” the Forrester paper said, according to a report by PC World. “It’s worth noting that only 56 percent of information workers in North America and Europe say that they are aware of their organisation’s current security policies.”


In cyberattacks, hacking humans is highly effective way to access systems

From: The Washington Post

By Robert O’Harrow Jr.

Government and business leaders in the United States and around the world are rushing to build better defenses — and to prepare for the coming battles in the digital universe. To succeed, they must understand one of the most complex, man-made environments on Earth: cyberspace.

The e-mails arrived like poison darts from cyberspace.

Some went to the Chertoff Group, a national security consulting firm in Washington. Others targeted intelligence contractors, gas pipeline executives and industrial-control security specialists. Each note came with the personal touches of a friend or colleague.


Fighting FUD: cloud players try to make sense of European data laws

From: GigaOM

By Barb Darrow

Optimists hope that the EU’s expected cloud computing recommendations will resolve concerns around diverse data protection laws that slow cloud adoption. Realists hope for the best, but prepare for less. The reality is Europe remains a collection of countries, not a unified whole.

When the European Commission unveils its new cloud computing plan of action this week, the hope is it will reduce fear, uncertainty and doubt around Europe’s confusing welter of data protection laws that are impeding the broad adoption of cloud — especially public cloud — technologies. The European Cloud Computing Strategy is expected to push an array of standards for cloud computing and to help alleviate some of the legal hurdles to adoption.


U.S. Bank joins Wells Fargo, BofA, Chase in facing cyber attacks

From: South Florida Business Journal

by Kevin Gale, Editor in Chief

U.S. Bancorp is the latest major bank this week to face a cyber attack on its website, the Minneapolis St. Paul Business Journal is reporting.

Wells Fargo (NYSE: WFC), Bank of America (NYSE: BA) and J.P. Morgan Chase (NYSE: JPM) have already faced what is called denial of service attacks that is linked to a group called “the cyber fighters of Izz addin Al qassam.

All of those banks have a major presence in South Florida, but U.S. Bank apparently just has a trust office in Palm Beach, we previously reported.


Exec order on Cyber security coming, might include information sharing

From: Government Security News

By: Mark Rockwell

As congress recesses for the national election, the White House is close to issuing an Executive Order on Cyber security in the coming days that could include information sharing measures for infrastructure providers, according to reports.

Before congress adjourned for what is expected to be a seven-week long break for the November election, it failed to approve Cyber security legislation amid partisan squabbling. Some congressmen who had backed Cyber legislation urged president Obama to develop protections including information sharing procedures with private industry to blunt the threat.


(ISC)-2 Announces 2012 U.S. Government Information Security Leadership Award Finalists

PALM HARBOR, Fla., U.S.A. – (ISC)2 (‘ISC-squared’), the largest not-for-profit membership body of certified information security professionals and administrators of the CISSP, today announced the finalists for its 9th annual U.S. Government Information Security Leadership Awards (GISLA) program.

Sponsored by (ISC)2’s U.S. Government Advisory Board for Cyber Security (GABCS), the GISLA program was established in 2004 to spotlight federal information security leaders who are modeling excellence and achieving clear results as they help to build a more secure federal IT infrastructure and a highly qualified and ethical information security workforce. Awards are given to individuals or teams in five categories.


New cryptographic hash function not needed, Schneier says

From: CSO

Cryptographer Bruce Schneier says the upcoming SHA-3 cryptographic hash algorithm is not much better than the current one

By Lucian Constantin

As the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) prepares to announce the winner of its competition to find the next-generation cryptographic hash algorithm, renowned cryptographer Bruce Schneier doesn’t think that a new hash function is needed at this time.

“It’s probably too late for me to affect the final decision, but I am hoping for ‘no award,'” Schneier said Monday in a blog post. “It’s not that the new hash functions aren’t any good, it’s that we don’t really need one.”


Lieberman pushes for mandatory standards in White House cyber order

From: Hillicon Valley/The Hill’s Technology Blog

By Jennifer Martinez

The lead author of a failed cybersecurity bill in the Senate is urging President Obama to use his “executive authority to the maximum extent possible” to protect the nation’s critical infrastructure from cyberattacks–including giving regulators the authority to make new security standards mandatory.

In a letter sent to the White House on Monday, Sen. Joe Lieberman (I-Conn.) called on the president to direct the Department of Homeland Security (DHS) to identify security vulnerabilities in critical infrastructure and create voluntary cybersecurity standards for companies operating this infrastructure to follow. Lieberman also argued that the president should give regulatory agencies the authority to adopt the cybersecurity standards developed by DHS as new mandates for companies to meet — a move that would stoke the ire of business lobbying groups.


International law takes on cyber: significant challenges ahead

From: The Hill’s Congress Blog

By Ashley Boyle, adjunct fellow, American Security Project

Speaking at the U.S. Cyber Command Inter-Agency Legal Conference last week, U.S. State Department Legal Advisor Harold Koh confirmed the U.S. position that international law is applicable to the cyber environment.

In his speech, Koh outlined ten principles guiding U.S. efforts on cyber engagement in the international space, most of which align with key provisions of the Tallinn Manual on the International Law Applicable to Cyber Warfare. Released in early September by NATO’s Cooperative Cyber Defense Center of Excellence (CCD COE), the draft unofficial document was compiled from the opinions of legal and technical experts, and examines how existing international law, jus ad bellum and jus in bello, applies to the cyber environment.

Older posts «

» Newer posts