Archive for September, 2015
Cyber-attack targets on govt officials, telco company revealed by GCSB
From: New Zealand Herald
A powerful cyber-attack has targeted certain officials in a government department in a possible effort to access sensitive information.
Another major IT firm received help from the Government Communications Security Communications Bureau (GCSB) after it was discovered their computer network had been compromised for some time.
GAO: Small businesses working with DoD need cybersecurity guidance
By Dibya Sarkar
The Defense Department office that oversees small business defense contractors should provide cybersecurity resources to help them protect their networks, but other priorities are delaying DoD’s efforts, congressional investigators said in Sept. 24 report.
While the Office of Small Business Programs, or OSBP, within the Defense Department isn’t required to educate small businesses on cybersecurity, the Government Accountability Office said in its report (pdf) that officials there recognize that cybersecurity is “an important and timely issue.”
DHS working with FedRAMP, CIO Council to boost agency use of cloud computing services
By Dibya Sarkar
A Homeland Security Department official testified Sept. 22 that the department is stepping up efforts to help federal civilian agencies increase their use of cloud computing services beyond just email and website management collaboration tools.
Mark Kneidinger, who is the federal network resilience director within DHS’s cybersecurity and communications office, said the department is currently working with the Federal Risk and Authorization Management Program, or FedRAMP, and Federal Chief Information Officers Council on two activities to help agencies move mission-critical legacy applications into the cloud so they can save money, become more efficient and enhance security.
Despite major breaches, new report gives government cybersecurity high marks
A new report finds that, despite recent high-profile breaches, the federal government has the second highest cybersecurity performance rating when compared to private sector industries.
According to Bitsight’s third annual “Insights Industry Benchmark Report”, even though federal government breaches have splashed across the headlines recently, they are not as numerous nor as severe as those affecting other spaces, like education and energy. In fact, the only private sector space performing at a higher level than the government is finance.
DHS infosec chief: We should pull clearance of feds who fail phish test
From: ars technica
Repeat offenders “should not be holding a TS SCI with the federal government.”
In the wake of the Office of Personnel Management hack this year, which reportedly took advantage of a phishing attack to steal credentials used to gain access to highly sensitive personnel records, US federal agencies have been increasing their security training and employee testing around phishing. In addition to the employee awareness campaign launched by the National Counterintelligence and Security Center, more agencies are using security auditing tools that simulate phishing attacks against employees to test whether the employees abide by their information security training. Those who fall for phishing tests are generally either required to take a security refresher class or at worst are publicly called out for their errors in agency e-mails.
National Cyber Security Hall of Fame Announces 2015 Inductees
From: National Cyber Security Hall of Fame Press Release
BALTIMORE, Sept. 14, 2015 /PRNewswire/ — The National Cyber Security Hall of Fame has released the names of five innovators who will be inducted into the Hall of Fame at its award ceremony on Thursday, October 29, at the Four Seasons Hotel in Baltimore, Maryland.
The National Cyber Security Hall of Fame is composed of individuals who collectively invented the technologies, created awareness, promoted and delivered education, developed and influenced policy, and created businesses to begin addressing the cyber security problem.
Legacy IT, legacy acquisition compound cyber risk
By Adam Mazmanian
The way the government buys technology can constrain efforts to protect federal systems from cybersecurity threats, says Michael Daniel, the top White House advisor on cybersecurity.
Federal agencies continue to rely on legacy systems that are vulnerable to intrusions and hard to secure. “The burden of legacy in government is a huge one,” Daniel said at the Billington Cybersecurity Conference in Washington, D.C., on Sept. 17. Government is struggling with the problem of how to move off of old systems. “We have architectures and hardware and software in places that is indefensible, no matter how much money and talent we put on it. We don’t have a good process for moving off,” Daniel said.
Sens. Seek Update on Auto Cybersecurity, Privacy
From: Multichannel News
Cite Recent Successful Hacking Test of Brakes, Steering
By: John Eggerton
Two powerful Senators have expanded their investigation into the Internet of really fast moving things, in this case connected cars.
Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.), who launched their investigation into automotive cybersecurity and privacy in 2013, said Wednesday (Sept. 16) that they have just sent letters to 18 (http://www.markey.senate.gov/imo/media/doc/2015-09-16-Manufacturers-Lett…) automakers asking for an update on protecting computer systems and vehicle-to-vehicle communications from potentially deadly hacks or invasions of privacy.
Partnerships key to confronting cybersecurity challenges, say NSF and NIST officials
The National Science Foundation and the National Institute of Standards and Technology separately have contributed much to improve the cybersecurity of federal agencies and the nation as a whole, but officials at a recent hearing say the credit and responsibility are shared.
“Why is the cybersecurity challenge so hard? In general, it’s hard because attacks and defenses evolve together: a system that was secure yesterday might no longer be secure tomorrow,” said Jeremy Epstein, lead program director for NSF’s secure and trustworthy cyberspace program.
Records: Energy Department struck by cyber attacks
From: USA Today
Attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, a review of federal records obtained by USA TODAY finds.
Cyber attackers successfully compromised the security of U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, according to a review of federal records obtained by USA TODAY.
Incident reports submitted by federal officials and contractors since late 2010 to the Energy Department’s Joint Cybersecurity Coordination Center shows a near-consistent barrage of attempts to breach the security of critical information systems that contain sensitive data about the nation’s power grid, nuclear weapons stockpile and energy labs.