Archive for November, 2016
NIST Focuses on Cybersecurity of Connected Devices
Nov 28th
From: EDM Digest
The NIST is concerned about the IoT, too
A popular trend in recent weeks is to address issues with cybersecurity of connected devices across the U.S. The National Institute of Standards and Technology (NIST) joined the IoT-security chorus this month by publishing a detailed report on security of Internet of Things (IoT) devices.
According to the NIST, “engineering-based solutions are essential to managing the growing complexity, dynamicity, and interconnectedness of today’s systems.” In a 257-page document, the measurement standards laboratory took an in-depth look at what should be done to bolster cybersecurity of connected devices.
Personal data for more than 130,000 sailors hacked: U.S. Navy
Nov 25th
From: Reuters
Hackers gained access to sensitive information, including Social Security numbers, for 134,386 current and former U.S. sailors, the U.S. Navy said on Wednesday.
It said a laptop used by a Hewlett Packard Enterprise Services employee working on a U.S. Navy contract was hacked. Hewlett Packard informed the Navy of the breach on Oct. 27 and the affected sailors will be notified in the coming weeks, the Navy said.
Pentagon expands white-hat hacker challenge to all comers
Nov 23rd
From: FederalNewsRadio.com 1500 am
By Jared Serbu
The Defense Department undertook a significant expansion of its new crowdsourced approach to cybersecurity Monday, opening its “Hack the Pentagon” challenge to literally anyone and providing them a legal route to report any security holes they find.
The program differs somewhat from other ongoing hacking challenges in which the Defense Department offered bounties to groups of pre-vetted white hat hackers in penetration tests against specific DoD systems. The new, broader initiative doesn’t include any financial rewards, but does include a centralized portal to report security flaws on publicly-accessible Defense networks and sets out a new policy under which hackers can feel free to prod live systems for bugs without fear of prosecution.
FEDERAL RESERVE CHIEF WORRIED ABOUT FINANCIAL SYSTEM CYBERSECURITY
Nov 18th
From: Bloomberg/BNA
by
Janet Yellen, chair of the Board of Governors of the Federal Reserve System told Congress that cybersecurity “is one of the most significant risk our country faces.” Yellen called on financial institutions to make sure internal controls are in place to effectively respond to cybersecurity threats.
Cybersecurity issues pervade many industries across the U.S. and that data breaches and other hacking incidents directly impact industries from financial services to the technology sector. But hearing a warning from the top monetary policy official for the U.S. is still scary.
Two Big Moves at FDA
Nov 16th
From: Medical Device + Diagnostic Industry
FDA launched two major initiatives in 2016—cybersecurity requirements and a national system for real-world device monitoring.
Jim Dickinson
The last year of the Obama Administration will likely be remembered by FDA-watchers for two major agency initiatives affecting medical device regulation: cybersecurity requirements and CDRH’s establishment of a National Evaluation System for “real world” device monitoring, one of three strategic priorities for the 2016-2017 timeframe.
Each of these has been under congressional scrutiny, something that both the Trump Administration and the reinvigorated Republican majorities on Capitol Hill seem likely to continue.
The 7 Types Of Security Jobs, According To NIST
Nov 9th
From: DarkReading
NIST’s Cybersecurity Workforce Framework gives the security industry a way to classify specific specialty areas and work roles and identify a path for career growth.
Making sense of the complex. That’s what NIST’s National Initiative for Cybersecurity Education (NICE) aims to do in developing the draft NICE Cybersecurity Workforce Framework (NCWF).
Bill Newhouse, NICE deputy director and lead author of the draft document, said in developing the NCWF, NIST synthesized the diverse field of cybersecurity by identifying seven categories of job functions for security professionals.
Recent DDoS attacks shine light on sub-standard vendors, says DarkMatter
Nov 7th
From: CPI Financial
IoT device manufacturers need to account for sub-standard cybersecurity, the UAE-based cybersecurity company said.
by Sarah Owermohle
***
Harshul Joshi is Senior Vice President of Cyber Governance, Risk and Compliance at DarkMatter, said that the weapon used in the October Dyn attack, the Mirai botnet, was particularly effective because it harnessed infected, internet-connected devices, or so-called ‘Internet of Things’ devices, which, ominously from an expanding cyber threat landscape standpoint, are finding their way into more households around the world.
NIST out with cyber workforce ‘dictionary’
Nov 3rd
From: CyberScoop
Written by Shaun Waterman
Federal scientists Wednesday published a draft “dictionary” aiming to help businesses figure out whom they should hire, with the guide describing every kind of cybersecurity job and cataloging the knowledge and skills needed to do them well.
The draft framework says it aims to provide American companies with a “common, consistent lexicon to categorize and describe cybersecurity work.” Additionally, it will be used by every federal agency to catalog the U.S. government’s own cyber workforce by the end of next year.
Law enforcement agencies around the world collaborate on international Darknet marketplace enforcement operation
Nov 1st
From: U.S. Immigration and Customs Enforcement
WASHINGTON – A globally coordinated law enforcement action against the buyers and sellers of illicit drugs and other illegal activities using Darknet global marketplaces was conducted Oct. 22 to 28.
“Operation Hyperion” was initiated by U.S. federal law enforcement, the Five Eyes Law Enforcement Group (Australia, Canada, New Zealand, the United Kingdom and the United States) and members of Europol, the European Union’s law enforcement agency, as the first step in developing a more unified global law enforcement response to the growing usage of the Darknet by individuals seeking to buy and sell illicit drugs and other illegal goods and services.