Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars
AFCEA logo
 

Cybersecurity

Resolving the Critical Infrastructure Cybersecurity Puzzle

March 1, 2014
By George Kamis

The nation’s critical infrastructure and industrial-control systems have become such potential high-value targets for terrorists that their vulnerability threatens the fabric of society. And, as they increase in both importance and vulnerability, these systems cannot be protected using conventional information security measures.

The targets are electrical grids, transportation networks, water systems, oil/gas pipeline operations and other vital resources that serve in the interests of the U.S. economy and the public good—not to mention public safety—every day. Concerns are rising about reported increases in compromise incidents within these systems, coupled with advancements in the “sophistication and effectiveness of attack technology,” according to the Government Accountability Office (GAO). The number of incidents reported by federal agencies to the U.S. Computer Emergency Response Team has surged 782 percent from 2006 to 2012, the GAO reports.

Such attacks can “cause major economic losses, contaminate ecological environment and, even more dangerously, claim human lives,” according to a research report from the University of California, Berkeley. And, industrial control systems (ICS) lie at the heart of this vulnerability.

Global events have triggered the cautionary warnings. Among the most notorious was Stuxnet in 2010, which damaged uranium-enrichment centrifuges in Iran by infecting the country’s nuclear ICS network. In 2012, the Shamoon virus attacked Saudi Arabia’s state oil company, Saudi Aramco, replacing crucial system files with an image of a burning U.S. flag and overwriting essential data with what then-U.S. Defense Secretary Leon Panetta described as “garbage data.” Panetta added that the incident was the most destructive attack the business sector has seen to date, as more than 30,000 computers were rendered useless.

Cybersecurity Framework Offers New Ways for Firms to Look at Security

October 28, 2013
By Henry S. Kenyon

Information technology and communications companies doing business with the federal government may want to look at the Preliminary Cybersecurity Framework being released for public comment on October 29. The framework, which is a part of President Obama’s executive order for Improving Critical Infrastructure, outlines a series of voluntary steps that organizations can take to improve their network security. While contractors can rely on complying with existing rules and regulations for cybersecurity, federal officials said that enterprises may want to see how different sectors are approaching network security, as described in the framework.

Although the main goal of the executive order’s voluntary process is to engage the participation of companies in different industry sectors whose assets comprise the nation’s critical infrastructure, the steps and processes outlined in the framework can help enhance individual firm’s network security, and by extension, the national infrastructure as well. The framework focuses on creating an overarching set of voluntary standards for critical infrastructure firms, but many parts of the security picture are already in place in the form of existing regulations, laws and policies, Adam Sedgewick, senior information technology policy adviser for the National Institute of Standards and Technology (NIST), says.

Social [Media] Security

October 10, 2013
By Dr. Scott A. Wells

Dr. Scott Wells, co-founder and chief architect of the Social Media Security Professional (SMSP) certification, Ultimate Knowledge Institute, shares some little-known facts about the threats social media pose to organizations and individuals.

How Cyber Savvy Are You?

October 10, 2013

Think you know your way around the internet?  Even the most seasoned web surfer makes mistakes, and new phishing and linkjacking techniques pop up all the time. This quiz will help you identify and address your own security weaknesses.

5 Tips for Cyber Safety on the Road

October 10, 2013
By Patrick J. Kelly, CISSP

You may be away from the office, but you should never take a vacation from cybersecurity. Keep these tips from Patrick J. Kelly in mind on your next trip.

Budget Constraints Top Cyber Attacks as Biggest Threat to IT Infrastructure

October 3, 2013
By Rachel Lilly

Would you rather be stuck in an elevator for 24 hours or have your network hacked? According to a new survey, 71 percent of government information technology decision makers think the elevator is a more appealing choice. But improving security still ranks second to the most important technology goal in the coming year—reducing costs.

The survey, conducted for Cisco by Clarus Research Group in early September, involved 400 decision makers from federal, state and local government. It’s little surprise in the current fiscal environment that a majority of respondents identified budget constraints as the greatest threat to their organization’s information technology infrastructure, topping cyber attacks, employee personal devices on the network, an increased demand for constituent services and limited network bandwidth. And 22 percent volunteered an “all of the above” statement, pointing to a combination of threats.

Despite budget reductions, 59 percent of information technology decision makers plan to amp up investments in cybersecurity with 45 percent increasing investments in the cloud. The increase in cybersecurity and cloud funding was expected, especially on the federal side, says Larry Payne, area vice president, U.S. federal sales, Cisco. In the state and local sector, investments in networking are expected to increase more rapidly than other areas.

Ask the Expert: The Current Cybersecurity Work Force

October 1, 2013
By Dr. Ernest McDuffie

This is an important question for a number of reasons. Popular media often talk about the growing shortage of skilled cybersecurity workers needed to fill critical open positions both in government and the private sector. This is true, but employers need specific details on the work force so they can make informed decisions about whom to hire and potential employees need to know what to study to position themselves to be hired. The problems of a lack of common language and terms, a complex new field and the ever-changing technology that enables much of cybersecurity combine to make analysis of this work force particularly difficult.

For the past few years, the federal government, by way of its National Initiative for Cybersecurity Education (NICE), has been hard at work on these and many other issues related to cybersecurity education, training, awareness and work force development. A major achievement of NICE has been the creation of the National Cybersecurity Workforce Framework (NCWF). This document was developed to provide a common understanding of and lexicon for cybersecurity work. Defining the cybersecurity population consistently using standardized terms is an essential step in ensuring that our country is able to educate, recruit, train, develop and retain a highly qualified work force.

In designing the framework, “Categories” and “Specialty Areas” were used as organizational constructs to group similar types of work. The categories, serving as an overarching structure for the framework, group related specialty areas together. Within each specialty area, typical tasks and knowledge, skills and abilities are provided. In essence, specialty areas in a given category typically are more similar to one another than to specialty areas in other categories.

White House Cyber Policy Focuses on Internal Consolidation, External Engagement

August 21, 2013
By Henry Kenyon

As a part of its ongoing efforts to protect critical national infrastructure, the Obama administration has been actively working on making government computer networks more robust and resistant to cyber attack. To do this, the White House has looked internally at federal agencies to put into place new metrics and policies to improve their security stance and externally, reaching out to foreign governments to set up international accords on cyber espionage, a top administration official said.
 
The administration has several major priorities for its cyberspace policy: protecting critical infrastructure, securing the government, engaging internationally, and shaping the future, explained Andy Ozment, the White House’s senior director for cybersecurity.
 
Speaking at the USENIX Security Symposium in Washington D.C., on August 15, he said that as part of its overall cyberspace goals, the Obama administration is actively pursuing international engagement and cooperation. This is a necessity as most cyberspace intrusions come from overseas, he said, adding that it also touches on diplomatic issues. This is because the term “attack” has a number of political implications that can potentially lead to direct conflict with a nation. On the other hand, intrusions fall under the category of espionage, an area where there are well established protocols for working with other nations, he said.
 

NSA Director Defends Intelligence Workforce

June 27, 2013
By George I. Seffers

Cyber Symposium 2013 Online Show Daily, Day 3

Gen. Keith Alexander, USA, who directs the National Security Agency (NSA) and commands U.S. Cyber Command, wrapped up the final day of the AFCEA International Cyber Symposium with a strongly-worded defense of the U.S. intelligence community, which is under fire following recently-leaked documents concerning the collection of data on the online activities of ordinary citizens in the United States and abroad. The general deviated from the topic of cyber long enough to address the controversy.

The NSA director said intelligence community employees protect the nation and civil liberties simultaneously. “These leaks have inflamed and sensationalized for ignoble purposes the work the intelligence community does lawfully under strict oversight and compliance. If you want to know who who’s acting nobly, look at the folks at NSA, FBI, CIA, and the Defense Department who defend our nation every day and do it legally and protect our civil liberties and privacy. They take an oath to our constitution—to uphold and defend that constitution,” he said. “They’re the heroes our nation should be looking at.”

During the question and answer session, Gen. Alexander also praised contractors who work for the intelligence community. “From my perspective, we couldn’t do our job without the contractors or the help we get from industry. That’s been absolutely superb. One individual has betrayed our trust and confidence, and that shouldn’t be a reflection on everybody else,” he stated.

In fact, he said, the United States government is one of the best in the world at protecting data on individuals. “Most nations around the world collect signals intelligence just like we do. And they’re governments use lawful intercept efforts that require and compel companies to provide the requested information. I think our nation is among the best at protecting our privacy and civil liberties,” he opined.

Tracking the Wireless Menace

August 3, 2012
By Beverly Schaeffer

What you CAN'T see CAN hurt you. In this case, it's wireless intrusion by unauthorized devices. The U.S. Departments of Homeland Security and Defense are hot on the trail to ramp up detection and amp up protection.

Pages

Subscribe to RSS - Cybersecurity