Archive for September, 2015

Cyber-attack targets on govt officials, telco company revealed by GCSB

From: New Zealand Herald

Nicholas Jones

A powerful cyber-attack has targeted certain officials in a government department in a possible effort to access sensitive information.

Another major IT firm received help from the Government Communications Security Communications Bureau (GCSB) after it was discovered their computer network had been compromised for some time.

Read Complete Article

GAO: Small businesses working with DoD need cybersecurity guidance

From: FierceGovernmentIT


The Defense Department office that oversees small business defense contractors should provide cybersecurity resources to help them protect their networks, but other priorities are delaying DoD’s efforts, congressional investigators said in Sept. 24 report.

While the Office of Small Business Programs, or OSBP, within the Defense Department isn’t required to educate small businesses on cybersecurity, the Government Accountability Office said in its report (pdf) that officials there recognize that cybersecurity is “an important and timely issue.”

Read Comlete Article

DHS working with FedRAMP, CIO Council to boost agency use of cloud computing services

From: FierceGovernmentIT


A Homeland Security Department official testified Sept. 22 that the department is stepping up efforts to help federal civilian agencies increase their use of cloud computing services beyond just email and website management collaboration tools.

Mark Kneidinger, who is the federal network resilience director within DHS’s cybersecurity and communications office, said the department is currently working with the Federal Risk and Authorization Management Program, or FedRAMP, and Federal Chief Information Officers Council on two activities to help agencies move mission-critical legacy applications into the cloud so they can save money, become more efficient and enhance security.

Despite major breaches, new report gives government cybersecurity high marks

From: FierceGovernmentIT


A new report finds that, despite recent high-profile breaches, the federal government has the second highest cybersecurity performance rating when compared to private sector industries.

According to Bitsight’s third annual “Insights Industry Benchmark Report”, even though federal government breaches have splashed across the headlines recently, they are not as numerous nor as severe as those affecting other spaces, like education and energy. In fact, the only private sector space performing at a higher level than the government is finance.

Read Complete Article

DHS infosec chief: We should pull clearance of feds who fail phish test

From: ars technica

Repeat offenders “should not be holding a TS SCI with the federal government.”


In the wake of the Office of Personnel Management hack this year, which reportedly took advantage of a phishing attack to steal credentials used to gain access to highly sensitive personnel records, US federal agencies have been increasing their security training and employee testing around phishing. In addition to the employee awareness campaign launched by the National Counterintelligence and Security Center, more agencies are using security auditing tools that simulate phishing attacks against employees to test whether the employees abide by their information security training. Those who fall for phishing tests are generally either required to take a security refresher class or at worst are publicly called out for their errors in agency e-mails.

National Cyber Security Hall of Fame Announces 2015 Inductees

From: National Cyber Security Hall of Fame Press Release

BALTIMORE, Sept. 14, 2015 /PRNewswire/ — The National Cyber Security Hall of Fame has released the names of five innovators who will be inducted into the Hall of Fame at its award ceremony on Thursday, October 29, at the Four Seasons Hotel in Baltimore, Maryland.

The National Cyber Security Hall of Fame is composed of individuals who collectively invented the technologies, created awareness, promoted and delivered education, developed and influenced policy, and created businesses to begin addressing the cyber security problem.

Legacy IT, legacy acquisition compound cyber risk

From: FCW

By Adam Mazmanian

The way the government buys technology can constrain efforts to protect federal systems from cybersecurity threats, says Michael Daniel, the top White House advisor on cybersecurity.

Federal agencies continue to rely on legacy systems that are vulnerable to intrusions and hard to secure. “The burden of legacy in government is a huge one,” Daniel said at the Billington Cybersecurity Conference in Washington, D.C., on Sept. 17. Government is struggling with the problem of how to move off of old systems. “We have architectures and hardware and software in places that is indefensible, no matter how much money and talent we put on it. We don’t have a good process for moving off,” Daniel said.

Sens. Seek Update on Auto Cybersecurity, Privacy

From: Multichannel News

Cite Recent Successful Hacking Test of Brakes, Steering

By: John Eggerton

Two powerful Senators have expanded their investigation into the Internet of really fast moving things, in this case connected cars.

Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.), who launched their investigation into automotive cybersecurity and privacy in 2013, said Wednesday (Sept. 16) that they have just sent letters to 18 (…) automakers asking for an update on protecting computer systems and vehicle-to-vehicle communications from potentially deadly hacks or invasions of privacy.

Read Complete Article


Partnerships key to confronting cybersecurity challenges, say NSF and NIST officials

From: FierceGovernmentIT


The National Science Foundation and the National Institute of Standards and Technology separately have contributed much to improve the cybersecurity of federal agencies and the nation as a whole, but officials at a recent hearing say the credit and responsibility are shared.


“Why is the cybersecurity challenge so hard? In general, it’s hard because attacks and defenses evolve together: a system that was secure yesterday might no longer be secure tomorrow,” said Jeremy Epstein, lead program director for NSF’s secure and trustworthy cyberspace program.

Read Complete Article


Records: Energy Department struck by cyber attacks

From: USA Today

Attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, a review of federal records obtained by USA TODAY finds.

Cyber attackers successfully compromised the security of U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, according to a review of federal records obtained by USA TODAY.

Incident reports submitted by federal officials and contractors since late 2010 to the Energy Department’s Joint Cybersecurity Coordination Center shows a near-consistent barrage of attempts to breach the security of critical information systems that contain sensitive data about the nation’s power grid, nuclear weapons stockpile and energy labs.