Archive for November, 2016

NIST Focuses on Cybersecurity of Connected Devices

From: EDM Digest

The NIST is concerned about the IoT, too

A popular trend in recent weeks is to address issues with cybersecurity of connected devices across the U.S. The National Institute of Standards and Technology (NIST) joined the IoT-security chorus this month by publishing a detailed report on security of Internet of Things (IoT) devices.

According to the NIST, “engineering-based solutions are essential to managing the growing complexity, dynamicity, and interconnectedness of today’s systems.” In a 257-page document, the measurement standards laboratory took an in-depth look at what should be done to bolster cybersecurity of connected devices.

Personal data for more than 130,000 sailors hacked: U.S. Navy

From: Reuters

Hackers gained access to sensitive information, including Social Security numbers, for 134,386 current and former U.S. sailors, the U.S. Navy said on Wednesday.

It said a laptop used by a Hewlett Packard Enterprise Services employee working on a U.S. Navy contract was hacked. Hewlett Packard informed the Navy of the breach on Oct. 27 and the affected sailors will be notified in the coming weeks, the Navy said.

Read Complete Article

Pentagon expands white-hat hacker challenge to all comers

From: 1500 am

By Jared Serbu

The Defense Department undertook a significant expansion of its new crowdsourced approach to cybersecurity Monday, opening its “Hack the Pentagon” challenge to literally anyone and providing them a legal route to report any security holes they find.

The program differs somewhat from other ongoing hacking challenges in which the Defense Department offered bounties to groups of pre-vetted white hat hackers in penetration tests against specific DoD systems. The new, broader initiative doesn’t include any financial rewards, but does include a centralized portal to report security flaws on publicly-accessible Defense networks and sets out a new policy under which hackers can feel free to prod live systems for bugs without fear of prosecution.

Cognitive Hack: The New Battleground In Cybersecurity

From: Forbes


From: Bloomberg/BNA


Janet Yellen, chair of the Board of Governors of the Federal Reserve System told Congress that cybersecurity “is one of the most significant risk our country faces.” Yellen called on financial institutions to make sure internal controls are in place to effectively respond to cybersecurity threats.

Cybersecurity issues pervade many industries across the U.S. and that data breaches and other hacking incidents directly impact industries from financial services to the technology sector. But hearing a warning from the top monetary policy official for the U.S. is still scary.

Read Complete Article

Two Big Moves at FDA

From: Medical Device + Diagnostic Industry

FDA launched two major initiatives in 2016—cybersecurity requirements and a national system for real-world device monitoring.

Jim Dickinson

The last year of the Obama Administration will likely be remembered by FDA-watchers for two major agency initiatives affecting medical device regulation: cybersecurity requirements and CDRH’s establishment of a National Evaluation System for “real world” device monitoring, one of three strategic priorities for the 2016-2017 timeframe.

Each of these has been under congressional scrutiny, something that both the Trump Administration and the reinvigorated Republican majorities on Capitol Hill seem likely to continue.

The 7 Types Of Security Jobs, According To NIST

From: DarkReading

NIST’s Cybersecurity Workforce Framework gives the security industry a way to classify specific specialty areas and work roles and identify a path for career growth.

Making sense of the complex. That’s what NIST’s National Initiative for Cybersecurity Education (NICE) aims to do in developing the draft NICE Cybersecurity Workforce Framework (NCWF).

Bill Newhouse, NICE deputy director and lead author of the draft document, said in developing the NCWF, NIST synthesized the diverse field of cybersecurity by identifying seven categories of job functions for security professionals.

Read Complete Article

Recent DDoS attacks shine light on sub-standard vendors, says DarkMatter

From: CPI Financial

IoT device manufacturers need to account for sub-standard cybersecurity, the UAE-based cybersecurity company said.

by Sarah Owermohle


Harshul Joshi is Senior Vice President of Cyber Governance, Risk and Compliance at DarkMatter, said that the weapon used in the October Dyn attack, the Mirai botnet, was particularly effective because it harnessed infected, internet-connected devices, or so-called ‘Internet of Things’ devices, which, ominously from an expanding cyber threat landscape standpoint, are finding their way into more households around the world.

NIST out with cyber workforce ‘dictionary’

From: CyberScoop

Written by

Federal scientists Wednesday published a draft “dictionary” aiming to help businesses figure out whom they should hire, with the guide describing every kind of cybersecurity job and cataloging the knowledge and skills needed to do them well.

The draft framework says it aims to provide American companies with a “common, consistent lexicon to categorize and describe cybersecurity work.” Additionally, it will be used by every federal agency to catalog the U.S. government’s own cyber workforce by the end of next year.

Read Complete Article

Law enforcement agencies around the world collaborate on international Darknet marketplace enforcement operation

From: U.S. Immigration and Customs Enforcement

 WASHINGTON – A globally coordinated law enforcement action against the buyers and sellers of illicit drugs and other illegal activities using Darknet global marketplaces was conducted Oct. 22 to 28.

“Operation Hyperion” was initiated by U.S. federal law enforcement, the Five Eyes Law Enforcement Group (Australia, Canada, New Zealand, the United Kingdom and the United States) and members of Europol, the European Union’s law enforcement agency, as the first step in developing a more unified global law enforcement response to the growing usage of the Darknet by individuals seeking to buy and sell illicit drugs and other illegal goods and services.