Archive for May, 2015
Bruce Schneier on Privacy and the Data Free-for-All
May 27th
From: Wired
Caleb Garling
Over the past two decades, few voices have shouted louder from the rooftops about global cybersecurity and digital privacy concerns than Bruce Schneier. He’s the CTO of Resilient Systems, a board member of the Electronic Frontier Foundation (EFF) and has authored 14 books—his latest, Data and Goliath, was published in March.
***
Right now, the companies that follow your every virtual movement on the Internet, or your every physical movement, can do whatever they want with that data.
Financial Firms Grapple With Cyber Risk in the Supply Chain
May 26th
From: Wall Street Journal
By Rachael King
In a connected world, business survival depends on communicating with partners. But increasingly those same partners, which include technology services providers and suppliers, can prove to be a company’s downfall if the systems they share are compromised. With large financial firms often retaining hundreds or thousands of such connections, federal and state financial services regulators are now looking more closely at this issue, requiring firms to better understand and test the security of third-party providers.
Time to move beyond ‘medieval’ cyber security approach, expert says
May 22nd
From: phys.org
The nation’s approach to cyber security has much in common with medieval defense tactics, and that needs to change, says a cyber security expert at Missouri University of Science and Technology.
“Most of our cyber defenses are modeled after medieval perimeter security – a firewall is much like a castle moat – and the idea of ‘keeping the bad guys out’,” says Dr. Bruce M. McMillin, professor of computer science and associate dean of the College of Engineering and Computing at Missouri S&T. “We live inside modern systems that are both physical and computational, and, in such a smart living environment, attacks can come from multiple different sources, some even inside what we consider protected.”
1.1 million CareFirst members in D.C.-area potentially breached
May 21st
From: USA Today
As many as 1.1 million Washington, D.C., BlueCross BlueShield members may have had their information accessed in a cyber-breach that occurred in June of 2014.
***
The fact that the health care company’s members are primarily based in Northern Virginia, Maryland and Washington D.C. is not lost on people in the security community.
U.S. indicts 6 Chinese citizens on charges of stealing trade secret
May 19th
From: The Washington Post
A federal grand jury has indicted six Chinese citizens for what authorities say was a long-running conspiracy to steal valuable technology from two U.S. firms for the benefit of the Chinese government.
The indictment, unsealed Monday, highlights the threat posed by insiders who use their position to steal sensitive information on behalf of a foreign government or for financial gain and is part of a larger trend by the U.S. government to step up efforts to deter Chinese theft of trade secrets.
IACP Launches Law Enforcement Cyber Center
May 18th
From: The International Association of Chiefs of Police
Today, the International Association of Chiefs of Police (IACP) officially launched the Law Enforcement Cyber Center: www.iacpcybercenter.org. The IACP developed the Center in partnership with the Bureau of Justice Assistance, RAND Corporation, and the Police Executive Research Forum (PERF), and with funding from the Program Manager, Information Sharing Environment.
The Center is an online portal that educates and builds the capacity of justice and public safety agencies to prevent, investigate, prosecute, and respond to cyber threats and cyber crimes. The Center is designed to address three principal areas: cyber crime investigation, digital forensics, and information systems security. As you browse the Law Enforcement Cyber Center, you will find dedicated resources for chiefs, investigators, and line officers, as well as prosecutors.
Belgium targets Facebook tracking
May 15th
From: Politico
Social network could face lawsuit if it doesn’t comply, but claims lack of jurisdiction
Who should agency CISOs report to?
May 14th
From: Federal Times
Agency IT departments and CIO offices are in charge of developing and deploying IT solutions in an organization but don’t always take the lead on cybersecurity. Many agencies have a chief information security officer (CISO) to take the lead, however deciding where this position fits in the organizational structure can be hard to pin down.
Rafael Diaz, CIO at HUD, has spent time on both sides of the fence — as a CIO in the private and public sectors and a CISO with the state of Illinois — and has had a different perspective on who a security official should report to at different stages of his career.
CyCon Registration Closes Soon
May 12th
From: NATO Cooperative Cyber Defence Centre of Excellence
CyCon, the annual conference on cyber conflict, starts in two weeks. Registration will close shortly and some sessions have already reached their maximum capacity. Currently, registration is open at www.cycon.org.
The annual NATO Cooperative Cyber Defence Centre of Excellence conference will focus on the construction of the Internet and its potential future development. The topic “Architectures in Cyberspace” asks what cyberspace is and will be in the coming years as well as how it relates to cyber security. Issues debated will vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of policy discussions and technical trainings. Confirmed speakers at CyCon 2015 include Estonian president Toomas Hendrik Ilves, and Assistant Secretary General of NATO Ambassador Sorin Ducaru as well as numerous academics, industry leaders and cyber experts.
Men in Black: NATO`s Cybermen
May 12th
From: theSOP.org
There are six men. All dressed in black like the ones in the famous movie. They have black cases too but they are not using their technology to erase your memory. Their name: NATO Rapid Reaction Team, or RRT. Their aim: to provide assistance to NATO nations or facilities suffering a cyber attack.
“The RRT can act on very short notice to deal with an attack that affects the operational capability of a NATO system during a crisis or to assist a member state, at its request, in the event of a significant cyber attack at national level,” says Jean-François Agneessens, a cyber security expert at the NATO Communications and Information Agency (NCIA) in Mons, Belgium.