Archive for November, 2015
Guess who doesn’t do cyber resilience testing? Yep, air traffic control [UK]
From: The Register
Analysis Although Chancellor George Osborne recently spoke of the National Grid, hospitals and air traffic control as being potential targets of online attacks in a recent high-profile speech at GCHQ, only the financial services sector runs comprehensive stress tests.
The lack of exercises designed to hone defences raised serious questions about the robustness of key components of the UK’s critical national infrastructure.
Terrorists seek to commit deadly ‘cyber attacks’ in UK, says Chancellor Osborne
From: The Register
‘We know they want it’ chimes George during GCHQ speech
Following Prime Minister David Cameron’s re-announcement of funding increases for UK security personnel, Chancellor George Osborne delivered a speech today to GCHQ workers explaining that the increase is necessary as ISIL is seeking to “develop the capability” to launch deadly cyber attacks against British infrastructure.
How such a capability could be developed is unclear, but Osborne will declare to GCHQ that although “ISIL [Islamic State of Iraq and the Levant, and often known as IS] has not been able to use [the internet] to kill people yet by attacking our infrastructure through cyber attack … we know they want it”.
Online Training: Law Enforcement Training Video on Safeguarding Children of Arrested Parents Released
From: Criminal Intelligence Coordinating Council
The International Association of Chiefs of Police (IACP) and the Bureau of Justice Assistance (BJA) recently released a new training video providing an introduction to law enforcement agencies on safeguarding children of arrested parents. The training outlines strategies to help law enforcement agencies implement a trauma-informed approach to safeguard children before, during, and after the arrest of a parent. The online delivery aligns with the IACP/BJA Safeguarding Children of Arrested Parents Model Policy, which identifies policies and procedures that law enforcement can develop to minimize trauma to children during a parental arrest.
How to deploy DNSSEC now
It is no secret that the federal government has become a target for cyberattacks. One need only look back to recent breaches at the Office of Personnel Management and the Social Security Administration to know that citizen data held by government agencies is an irresistible prize for hackers. As federal agencies seek to shore up their cybersecurity defenses, they need to recall the long-passed deadlines on mandates to secure their domain name system by implementing DNS Security Extensions (DNSSEC).
Firms step up cybersecurity practices as attacks rise
From: Crain’s New York Business
Eyes turn to test of financial sector this month as British and American officials will carry out a simulated attack on the financial centers in London and Wall Street.
By Judith Messina
A joint operation between the U.S. and Britain later this month to carry out a simulated cyberattack on Wall Street and London will test the resiliency of the world’s financial centers and regulators’ ability to communicate during an emergency.
Military Smartphones Are a Hacker’s Dream
From: The Daily Beast
Telecom carriers and manufacturers are holding back critical software updates to the Pentagon’s supposedly secure phones, putting classified information at risk.
By Jeff Larson, ProPublica
You would think the nation’s military would move with lightning speed to patch cell phones vulnerable to hackers, particularly after recent disclosures that Chinese hackers harvested the personal information of 21.5 million U.S. government employees and Iran’s Revolutionary Guard broke into the Obama Administration’s social media accounts.
Providing Accountability for Fusion Centers through a Shared RFI Solution
By Bryan Costigan, Supervisory Agent with the Montana Department of Justice; Director of the Montana Analysis and Technical Information Center; and Secretary of the National Fusion Center Association
The general mission of every fusion center is to enable information sharing and collaboration in support of homeland security. We do this by providing interdisciplinary expertise and helping maintain situational awareness to inform decision-making at all levels of government. The primary business process fusion centers use to obtain and share needed information is the RFI, the request for information.
Japan’s New Cybersecurity Strategy: Security Without Thwarting Economic Growth
From: Council on Foreign Relations
Mihoko Matsubara is a cyber security policy director at Intel K.K.
In September 2015, the Japanese Cabinet approved the second Japanese Cybersecurity Strategy, which outlines the country’s approach to cybersecurity for the next three years.
Unlike the previous strategy, this new one was approved by Japan’s cabinet. This additional step highlights the importance of cybersecurity to senior Japanese leaders. It also comes a year after the Japanese parliament passed a law formalizing the role of the National Center of Incident Readiness and Strategy for Cybersecurity (NISC). The Japanese Prime Minister had originally established the NISC ten years ago but the lack of legal authorization meant that it held little sway over other ministries and agencies. Thanks to the new law, NISC is responsible for developing national strategy and policy, ensuring the cybersecurity of ministries and agencies, and serving as a focal point for international cooperation.