Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars  Apps     EBooks
   AFCEA logo
 

Cybersecurity

Forum Gives Small Businesses Tips to Combat Cybersecurity Threats

October 16, 2014
By Sandra Jontz

Might the recurring data breaches plaguing one large retailer after another be a dress rehearsal for a catastrophic attack that could cripple, if not destroy, the United States and its critical infrastructure? The doomsday rhetoric presented by cybersecurity experts at an issue forum Thursday hosted by the Fairfax County Chamber of Commerce, while not so calamitous, served as a wake-up call to the enduring cybersecurity vulnerabilities.

Passwords Are Killing Us

September 17, 2014
By Rita Boland

Strong credentials that people trust will unlock new government and private sector activities. That was the message this morning from Jeremy Grant, senior executive adviser, National Strategy for Trusted Identities in Cyberspace (NSTIC).

Guest Blog: A Brief Look into the Cybersecurity Framework

April 23, 2014
By Matthew Smith

Whether a well-established company or one just getting started with cybersecurity risk management programs, those in the industry often can use a little help navigating the cumbersome and technical systems. This snapshot features pointers to clarify existing guidance and help organizations manage cybersecurity risk.

Resolving the Critical Infrastructure Cybersecurity Puzzle

March 1, 2014
By George Kamis

The nation’s critical infrastructure and industrial-control systems have become such potential high-value targets for terrorists that their vulnerability threatens the fabric of society. And, as they increase in both importance and vulnerability, these systems cannot be protected using conventional information security measures.

The targets are electrical grids, transportation networks, water systems, oil/gas pipeline operations and other vital resources that serve in the interests of the U.S. economy and the public good—not to mention public safety—every day. Concerns are rising about reported increases in compromise incidents within these systems, coupled with advancements in the “sophistication and effectiveness of attack technology,” according to the Government Accountability Office (GAO). The number of incidents reported by federal agencies to the U.S. Computer Emergency Response Team has surged 782 percent from 2006 to 2012, the GAO reports.

Such attacks can “cause major economic losses, contaminate ecological environment and, even more dangerously, claim human lives,” according to a research report from the University of California, Berkeley. And, industrial control systems (ICS) lie at the heart of this vulnerability.

Global events have triggered the cautionary warnings. Among the most notorious was Stuxnet in 2010, which damaged uranium-enrichment centrifuges in Iran by infecting the country’s nuclear ICS network. In 2012, the Shamoon virus attacked Saudi Arabia’s state oil company, Saudi Aramco, replacing crucial system files with an image of a burning U.S. flag and overwriting essential data with what then-U.S. Defense Secretary Leon Panetta described as “garbage data.” Panetta added that the incident was the most destructive attack the business sector has seen to date, as more than 30,000 computers were rendered useless.

Cybersecurity Framework Offers New Ways for Firms to Look at Security

October 28, 2013
By Henry S. Kenyon

Information technology and communications companies doing business with the federal government may want to look at the Preliminary Cybersecurity Framework being released for public comment on October 29. The framework, which is a part of President Obama’s executive order for Improving Critical Infrastructure, outlines a series of voluntary steps that organizations can take to improve their network security. While contractors can rely on complying with existing rules and regulations for cybersecurity, federal officials said that enterprises may want to see how different sectors are approaching network security, as described in the framework.

Although the main goal of the executive order’s voluntary process is to engage the participation of companies in different industry sectors whose assets comprise the nation’s critical infrastructure, the steps and processes outlined in the framework can help enhance individual firm’s network security, and by extension, the national infrastructure as well. The framework focuses on creating an overarching set of voluntary standards for critical infrastructure firms, but many parts of the security picture are already in place in the form of existing regulations, laws and policies, Adam Sedgewick, senior information technology policy adviser for the National Institute of Standards and Technology (NIST), says.

Social [Media] Security

October 10, 2013
By Dr. Scott A. Wells

Dr. Scott Wells, co-founder and chief architect of the Social Media Security Professional (SMSP) certification, Ultimate Knowledge Institute, shares some little-known facts about the threats social media pose to organizations and individuals.

How Cyber Savvy Are You?

October 10, 2013

Think you know your way around the internet?  Even the most seasoned web surfer makes mistakes, and new phishing and linkjacking techniques pop up all the time. This quiz will help you identify and address your own security weaknesses.

5 Tips for Cyber Safety on the Road

October 10, 2013
By Patrick J. Kelly, CISSP

You may be away from the office, but you should never take a vacation from cybersecurity. Keep these tips from Patrick J. Kelly in mind on your next trip.

Budget Constraints Top Cyber Attacks as Biggest Threat to IT Infrastructure

October 3, 2013
By Rachel Lilly

Would you rather be stuck in an elevator for 24 hours or have your network hacked? According to a new survey, 71 percent of government information technology decision makers think the elevator is a more appealing choice. But improving security still ranks second to the most important technology goal in the coming year—reducing costs.

The survey, conducted for Cisco by Clarus Research Group in early September, involved 400 decision makers from federal, state and local government. It’s little surprise in the current fiscal environment that a majority of respondents identified budget constraints as the greatest threat to their organization’s information technology infrastructure, topping cyber attacks, employee personal devices on the network, an increased demand for constituent services and limited network bandwidth. And 22 percent volunteered an “all of the above” statement, pointing to a combination of threats.

Despite budget reductions, 59 percent of information technology decision makers plan to amp up investments in cybersecurity with 45 percent increasing investments in the cloud. The increase in cybersecurity and cloud funding was expected, especially on the federal side, says Larry Payne, area vice president, U.S. federal sales, Cisco. In the state and local sector, investments in networking are expected to increase more rapidly than other areas.

Ask the Expert: The Current Cybersecurity Work Force

October 1, 2013
By Dr. Ernest McDuffie

This is an important question for a number of reasons. Popular media often talk about the growing shortage of skilled cybersecurity workers needed to fill critical open positions both in government and the private sector. This is true, but employers need specific details on the work force so they can make informed decisions about whom to hire and potential employees need to know what to study to position themselves to be hired. The problems of a lack of common language and terms, a complex new field and the ever-changing technology that enables much of cybersecurity combine to make analysis of this work force particularly difficult.

For the past few years, the federal government, by way of its National Initiative for Cybersecurity Education (NICE), has been hard at work on these and many other issues related to cybersecurity education, training, awareness and work force development. A major achievement of NICE has been the creation of the National Cybersecurity Workforce Framework (NCWF). This document was developed to provide a common understanding of and lexicon for cybersecurity work. Defining the cybersecurity population consistently using standardized terms is an essential step in ensuring that our country is able to educate, recruit, train, develop and retain a highly qualified work force.

In designing the framework, “Categories” and “Specialty Areas” were used as organizational constructs to group similar types of work. The categories, serving as an overarching structure for the framework, group related specialty areas together. Within each specialty area, typical tasks and knowledge, skills and abilities are provided. In essence, specialty areas in a given category typically are more similar to one another than to specialty areas in other categories.

Pages

Subscribe to RSS - Cybersecurity