Cybersecurity Update 10.01.2014.


Rep. Walorski Co-Sponsors Cybersecurity Bill to Strengthen Protections

In an effort to strengthen cybersecurity and protect consumers, Congresswoman Jackie Walorski co-sponsored the Health Exchange Security and Transparency Act (H.R. 3811) which requires the Department of Health and Human Services (HHS) to notify individuals if their personally identifiable information is stolen or unlawfully accessed through the health care exchanges. is currently highly susceptible to data breaches due to inadequate oversight and security.

“As Hoosiers attempt to enroll in the health care exchange, they deserve to know their most personal information is safe from identity theft and security breaches,” said Walorski.  “Security measures for this national online health care program should have been the Administration’s top priority before opening enrollment.  Passage of this straightforward bill will safeguard consumers, ensuring their personal information is adequately protected.”

Cyber attack biggest threat to US, say security heads in new poll

Washington – Cyber-warfare is the most significant threat to the United States, say almost half the respondents, all leaders in the field of US national security, in a new poll, carried out by specialist defense publication Defense News.

Also in the poll, the first of its kind among those with responsibility for the nation’s security, respondents said leaks to The Washington Post and The Guardian newspapers by NSA whistle-blower Edward Snowden had, on the whole, shone a light on the debate concerning widespread surveillance.

IT briefs: Md. eyes bigger tax credit for cybersecurity jobs

Maryland lawmakers will look at the possibility of expanding a tax credit aimed at boosting jobs in the growing cybersecurity industry around the nation’s capital, House Speaker Michael E. Busch said.

Busch (D-Anne Arundel) said in an interview that a work group is due to submit recommen-d­ations soon on how to meet the growing demand for workers in the field. The task force is headed by William E. Kirwan, chancellor of the University System of Maryland, and Robert Hannon, a former head of the Anne Arundel County Economic Development Corp.

Maryland lawmakers approved a small tax credit last year for the industry.

Double threat: US grid vulnerable on two fronts

Consensus is growing that the U.S. electricity grid is vulnerable to both hacking and physical attacks, but protecting it remains a work in progress—especially given the spending that would be necessary by financially stretched utilities.

The risks have heightened the calls for officials to address potential threats before they become reality. In November, the North American Energy Reliability Corp. staged a simulated attack on the grid; meanwhile, House Energy and Commerce Committee ranking member Rep. Henry Waxman, D.-Calif., flagged the grid as “not adequately protected” from either cyber or physical attacks at a hearing in December.

U.S. military needs capabilities developed by NSA

Even if a recommendation by the White House panel on electronic surveillance to have separate directors for the National Security Agency and the military’s Cyber Command is approved, the two agencies must still work closely together, intelligence analysts said Wednesday.

Currently both organizations are under an Army general, Keith Alexander, and are located together at Fort Meade, Md. In military parlance, Alexander is “dual-hatted.”

The two have separate missions, but the capabilities they need to do their jobs are similar. “Neither one can be successful without the other,” said Dickie George, a former NSA official.

NIST invites comment on RFP to support cybersecurity center of excellence

The National Cybersecurity Center of Excellence (NCCoE) is inviting comments on a Partial Draft Request for Proposals (RFP) for a contractor to operate a Federally Funded Research and Development Center (FFRDC) to support the mission of the NCCoE. The FFRDC will be the first solely dedicated to enhancing the security of the nation’s information systems.

A NIST release reports that the NCCoE was established in partnership with the state of Maryland and Montgomery County in February 2012. The center is a public-private entity that helps businesses secure their data and digital infrastructure by bringing together experts from industry, government, and academia to find practical solutions for today’s most pressing cybersecurity needs.

americas-private sector

The Future Of Global Cyber-Security Is In The Cloud

Both hackers and antivirus makers were put on notice last week when two shining stars in the $67 billion worldwide cyber-security universe announced their merger. Milpitas, Calif.-based global network security company FireEye has acquired Washington, D.C.-based cyber-security firm Mandiant, which released a famous report last year about a Chinese military unit that allegedly pilfered data from at least 115 companies across major U.S. industries.

“There is an accelerating awareness that just wasn’t there a year ago,” FireEye CEO David G. DeWalt said in FT last week, citing NSA surveillance and Chinese hacking. “A lot of companies, organizations and governments said ‘look how pervasive these superpowers are in monitoring and stealing from these companies.’”

The corporate key to agility — and cybersecurity

In a rapidly evolving security landscape, the next critical decision for many organizations is whether to deploy next-generation risk management solutions in the cloud or in traditional data centers. But disparities between operational and board level attitudes to cloud adoption could prolong this decision and heighten the cyber security threat.

Frontline operational staff and the boardroom have their eyes on different prizes. Board level decision makers tend to set objectives based on business agility. Operational teams are more interested in cost-efficiency. IT teams are focused on bulletproof security. A recent global survey conducted by NTT Com Security revealed disparities prior to cloud adoption hindering business and extending vulnerabilities.

Comment: Cybersecurity Lessons from the Financial Sector

Creating a cybersecurity policy is hard, largely because it’s so difficult to define success. A national cybersecurity initiative should define the goals we want to achieve and provide incentives for the private and public sector to cooperate. According to Matthew Cohen of NT OBJECTives, once that is done, the private sector can do what it does best: compete to provide the most robust and cost-effective solutions to the problem

One of the common themes across IT security, investment banking and finance is how to reduce risk. Now that President Obama has named cybersecurity a national defense issue, it’s important to review our nation’s security framework in a holistic manner. How can we reduce risk? What types of policies work? And what doesn’t work? Interestingly, we can examine our nation’s financial regulation, and the policies put in place to reduce monetary and investment risk, for some valid insights about what makes a good cybersecurity policy.

Cost of Cybersecurity: Cyber-Insurance, New Laws and a New Approach

As we discuss the various costs of cybersecurity, this series comes to a close with cyber-insurance. It’s something many businesses have never considered or even heard of as little as five years ago. Today, cyber-insurance has been described as the next boom and one of the fastest growing segments in the insurance industry.

It makes sense. Cybercrime is booming as well, so it’s only natural that people will want to mitigate that risk. Throughout this series as we’ve discussed the rampant confusion, the easy low-level solutions, the approach of securing the breach, and the disaster that comes from a long-term breach, one theme emerges: a lot of good can be done to stop attackers, but you will never be 100 percent secure. That’s not something many business owners want to hear, and it’s a fear many insurance companies are willing to alleviate.

Yahoo’s malware-pushing ads linked to larger malware scheme

A deeper look by Cisco Systems into the cyberattack that infected Yahoo users with malware appears to show a link between the attack and a suspicious affiliate traffic-pushing scheme with roots in Ukraine.

Yahoo said on Sunday that European users were served malicious advertisements, or “malvertisements,” between Dec. 31 and last Saturday. If clicked, the advertisements directed users to websites that tried to install malicious software.

Cisco discovered that the malicious websites victims landed on are linked to hundreds of others that have been used in ongoing cyberattacks, said Jaeson Schultz, a threat research engineer.

McAfee Prediction Report Forecasts Rise in Mobile Attacks

As tablets and smartphones become increasingly integrated into our daily work and personal lives, cybercriminals are ramping up their efforts to attack mobile devices. And for small businesses, protecting mobile data is more important than ever.

McAfee Labs 2014 Predictions Report forecasts a rise in ransomware, in particular, as virtual currencies like Bitcoin gain popularity. The report also predicts that hackers and other online miscreants will continue to aggressively mine social networks for personal information in order to commit ID fraud or steal intellectual property.


Cyber attackers prey on 28 embassies in Tehran

Twenty-eight embassies in the capital city of Iran were affected by a brand new cyber-attack. Emails regarding the conflict in Syria included data-mining malware which no defenses had been programmed in to combat this sort of attack.

The virtual attack was executed during the month of November, according to a report by Japanese firm Trend Micro. Even though the report did not specifically point out which Middle Eastern nation the attack took place in, sources with insider knowledge suggest that it was Iran.

Claimed cyberattack on Israeli Airports Authority dismissed as ‘psychological warfare’

Iranian claims that hackers broke into servers belonging to the Israeli Airports Authority (IAA) and stole sensitive data including flight plans have been dismissed by a local security expert as part of a bogus attempt to conduct “psychological warfare”.

On Wednesday, the pro-Government FARS news agency quoted claims made by the shadowy Islamic Cyber Resistance Group (ICRG) on its website (not currently available) that it had breached servers for several months, extracting enough important data to, if the group so wished, crash aircraft in the care of the Authority’s system.

E.U. cyber security agency recommends greater power outage resilience

National regulatory authorities and electronic communications service providers should analyze the frequency and impact of network and service outages caused by power outages, the European Union’s cyber security agency said in a report released Tuesday.

The report by the Herkalion, Greece-based European Network and Information Security Agency also recommends that national regulatory authorities form liaisons with providers, energy regulators and other national regulatory authorities to “collect good practices that could be used to increase resilience against power cuts” to be considered as part of a cost-benefit analysis.

2013 was the year of cybersecurity

Cybersecurity came up so many times in 2013 that it was easy to miss how quickly and completely it became a central feature of how we think about U.S. foreign policy and national security. Partly, this was an inevitable result of technology becoming more pervasive. And partly it was just an extension of things that had begun in earlier years, such as the U.S. use of cyberattacks on the Iranian nuclear program, which started in 2010.

But there was something more than that. Cybersecurity was everywhere in 2013. It played an unusually significant role in big, important stories such as the U.S.-China relationship and the Syrian civil war. At times, it was the story: the rise of the “hack back” industry or, most famously, the revelations of National Security Agency snooping leaked by Edward Snowden. Countries are trying to figure out how to navigate a world in which hacking plays an increasingly important role — and so, for that matter, are regular Internet users around the world. You might say that 2013 was the year that cybersecurity became, like it or not, an enduring and major feature of foreign policy and national security writ large.

This entry was posted in Weekly Brief. Bookmark the permalink.

Comments are closed.