Archive for May, 2015

Bruce Schneier on Privacy and the Data Free-for-All

From: Wired

Caleb Garling 

Over the past two decades, few voices have shouted louder from the rooftops about global cybersecurity and digital privacy concerns than Bruce Schneier. He’s the CTO of  Resilient Systems, a board member of the Electronic Frontier Foundation (EFF) and has authored 14 books—his latest, Data and Goliath, was published in March.


Right now, the companies that follow your every virtual movement on the Internet, or your every physical movement, can do whatever they want with that data.

Read Complete Article

Financial Firms Grapple With Cyber Risk in the Supply Chain

From: Wall Street Journal

By Rachael King

In a connected world, business survival depends on communicating with partners. But increasingly those same partners, which include technology services providers and suppliers, can prove to be a company’s downfall if the systems they share are compromised. With large financial firms often retaining hundreds or thousands of such connections, federal and state financial services regulators are now looking more closely at this issue, requiring firms to better understand and test the security of third-party providers.

Time to move beyond ‘medieval’ cyber security approach, expert says


The nation’s approach to cyber security has much in common with medieval defense tactics, and that needs to change, says a cyber security expert at Missouri University of Science and Technology.

“Most of our cyber defenses are modeled after medieval perimeter security – a is much like a castle moat – and the idea of ‘keeping the bad guys out’,” says Dr. Bruce M. McMillin, professor of computer science and associate dean of the College of Engineering and Computing at Missouri S&T. “We live inside modern systems that are both physical and computational, and, in such a smart living environment, attacks can come from multiple different sources, some even inside what we consider protected.”

1.1 million CareFirst members in D.C.-area potentially breached

From: USA Today

Elizabeth Weise

As many as 1.1 million Washington, D.C., BlueCross BlueShield members may have had their information accessed in a cyber-breach that occurred in June of 2014.


The fact that the health care company’s members are primarily based in Northern Virginia, Maryland and Washington D.C. is not lost on people in the security community.

Read Complete Article

U.S. indicts 6 Chinese citizens on charges of stealing trade secret

From: The Washington Post

A federal grand jury has indicted six Chinese citizens for what authorities say was a long-running conspiracy to steal valuable technology from two U.S. firms for the benefit of the Chinese government.

The indictment, unsealed Monday, highlights the threat posed by insiders who use their position to steal sensitive information on behalf of a foreign government or for financial gain and is part of a larger trend by the U.S. government to step up efforts to deter Chinese theft of trade secrets.

Read Complete Article

IACP Launches Law Enforcement Cyber Center

From: The International Association of Chiefs of Police

Today, the International Association of Chiefs of Police (IACP) officially launched the Law Enforcement Cyber Center: The IACP developed the Center in partnership with the Bureau of Justice Assistance, RAND Corporation, and the Police Executive Research Forum (PERF), and with funding from the Program Manager, Information Sharing Environment.

The Center is an online portal that educates and builds the capacity of justice and public safety agencies to prevent, investigate, prosecute, and respond to cyber threats and cyber crimes. The Center is designed to address three principal areas: cyber crime investigation, digital forensics, and information systems security. As you browse the Law Enforcement Cyber Center, you will find dedicated resources for chiefs, investigators, and line officers, as well as prosecutors.

Belgium targets Facebook tracking

From: Politico

Social network could face lawsuit if it doesn’t comply, but claims lack of jurisdiction

Facebook should limit the amount of information that it collects about its users as they surf the web, the Belgian Privacy Commission said Friday.

The regulator, which has banded together with its counterparts in the Netherlands, Germany, France and Spain in order to tackle Facebook, said the company must be more transparent about its use of so-called cookies — small pieces of software that it installs in people’s browsers in order to track them around the web.

Read Complete Article

Who should agency CISOs report to?

From: Federal Times

Aaron Boyd, Federal Times

Agency IT departments and CIO offices are in charge of developing and deploying IT solutions in an organization but don’t always take the lead on cybersecurity. Many agencies have a chief information security officer (CISO) to take the lead, however deciding where this position fits in the organizational structure can be hard to pin down.

Rafael Diaz, CIO at HUD, has spent time on both sides of the fence — as a CIO in the private and public sectors and a CISO with the state of Illinois — and has had a different perspective on who a security official should report to at different stages of his career.

CyCon Registration Closes Soon

From: NATO Cooperative Cyber Defence Centre of Excellence

CyCon, the annual conference on cyber conflict, starts in two weeks. Registration will close shortly and some sessions have already reached their maximum capacity. Currently, registration is open at

The annual NATO Cooperative Cyber Defence Centre of Excellence conference will focus on the construction of the Internet and its potential future development. The topic “Architectures in Cyberspace” asks what cyberspace is and will be in the coming years as well as how it relates to cyber security. Issues debated will vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety of policy discussions and technical trainings. Confirmed speakers at CyCon 2015 include Estonian president Toomas Hendrik Ilves, and Assistant Secretary General of NATO Ambassador Sorin Ducaru as well as numerous academics, industry leaders and cyber experts.

Men in Black: NATO`s Cybermen


There are six men. All dressed in black like the ones in the famous movie. They have black cases too but they are not using their technology to erase your memory. Their name: NATO Rapid Reaction Team, or RRT. Their aim: to provide assistance to NATO nations or facilities suffering a cyber attack.

“The RRT can act on very short notice to deal with an attack that affects the operational capability of a NATO system during a crisis or to assist a member state, at its request, in the event of a significant cyber attack at national level,” says Jean-François Agneessens, a cyber security expert at the NATO Communications and Information Agency (NCIA) in Mons, Belgium.