More and more, U.S. federal agencies are seeing inappropriate Internet access breaches, rouge devices and denial of service attacks. A key reason why: federal agencies are hindered by budget constraints that prevent information technology (IT) improvements. Agencies also have to juggle competing priorities, complex internal environments and poor top-level decision-making when it comes to cyber management, asserts a recent study from Herndon, Virginia-based SolarWinds Worldwide. The company conducted a survey of 200 federal government IT professionals in July to assess their cybersecurity challenges during the past 12 months.
A team at the U.S. Army Research Laboratory has created four generalized linear models to predict the number of cyber intrusions a company or government will experience on its network. To design the models, the team used empirical data about successful cyber intrusions committed against a number of different organizations obtained from a cyber defense services provider that defended the organizations’ networks.
The U.S. Army has awarded a five-year, $182 million managed cybersecurity services contract to Fairfax, Va.-based InfoReliance LLC and Reston, Va.-based McAfee to enhance and modernize host based security and analytic technologies across the Army’s Endpoint Security System (AESS). The capabilities will be delivered under a managed platform as a service (PaaS) model for "near real-time situational awareness on a global basis," according to the companies. "The new platform will minimize the Army’s attack surface, increase endpoint protection and drive the automation of key reporting metrics to the U.S.
Booz Allen Hamilton, McLean, Virginia, is being awarded a $91,499,780 cost-plus-fixed-fee contract (including options) for advisory and assistance services for Ballistic Missile Defense System cybersecurity management (CSM) and computer network defense in support of technical, engineering, advisory and management support. This contract will ensure Missile Defense Agency (MDA) information technology services, management and resources are administered, acquired, managed and operated in compliance with the priorities set by the MDA director and the goals and directives of existing statutes and Department of Defense regulations. This procurement is managed by the MDA Consolidated Support Services Program office.
Cybersecurity solutions company Comodo has launched a new research service called Comodemia for university, government and nonprofit educators and researchers. It gives users access to the Comodo Threat Intelligence Laboratory's cybersecurity data repository, one of the largest in the world.
Comodo's threat data comes from millions of endpoints in more than 220 countries. In the first quarter of this year, the lab detected and cataloged more than 25 million malware incidents. By the second quarter, the total grew to 97 million incidents as the company expanded its research program.
In 2005, NBC News reported that the use of checks to pay bills was declining and that the majority of people writing them were old geezers such as me. That year, the Federal Reserve reported that an estimated 36 billion checks were written, with more than half of those paper checks written by consumers.
I’m a consumer and a baby boomer—an individual born between mid-1946 and mid-1964. Writing a check is something we boomers do. I was taught in 1965 in high school how to write checks, balance a checkbook and keep track of my bank account. It was a classroom activity.
Nearly everyone has heard a parent or grandparent refer to the good ol’ days. Tales usually begin either with, “When I was your age…” or “In my day, we didn’t have….”
While it seems appropriate that octogenarians and nonagenarians tell such stories, today they’re not the only generations sharing memories that begin with, “When I was young….” People in their 20s and 30s reflect on their youth wistfully because members of the younger generation—who, by the way, are only five or 10 years younger than they are—can communicate, play, buy and sell, and share life moments in ways that surprise even 20-somethings.
You’ve probably received a phone call that goes something like this: “Mr. Smith? I’m calling from ABC company, and there appears to be a security problem with XYZ operating systems. Are you at your computer right now? We can fix the problem for you. All you have to do open your computer, and I’ll take care of it.”
This article is the last in a two-part series on what Y2K can teach the world about cybersecurity. Read the first part here.
The Y2K event went out with a whimper and not a bang, but not because the issue wasn’t serious. The potential for massive data disruption was there, but government and industry rallied to address it before the January 1, 2000, deadline. The millennium bug was squashed because stakeholders with a lot to lose attacked it in a coordinated effort. That approach can serve as both a lesson and a model for the latest security challenge: the cyber bug.
As the Defense Department and other government agencies begin to recognize the benefits of working with smaller, innovative technology companies, the potential for insider threats and cyber attacks grows. And now, all federal contractors face a deadline to implement a step to protect against these outside cybersecurity risks and threats from the inside.
Beginning today, all cleared government contractors must complete insider threat employee awareness training prior to being granted access to classified information and every year thereafter. The mandate is part of NISPOM Change 2, a U.S. government regulation that requires insider threat programs for cleared federal contractors.
The increase in cyberthreats from both internal and external sources has put the onus on government agencies, particularly at the federal level, to implement strong cybersecurity architectures. While encryption is an essential component, without careful implementation, criminals easily can exploit its weaknesses, and the emerging power of quantum computing could compound the problem.
Society’s insatiable appetite for connecting objects in the physical world to the Internet has industry’s wheels turning to fuel the materializing disruptive ecosystem called the Internet of Things, or IoT. But the good of convenience goes hand in hand with the bad of cyber risks, experts warn, spurring the U.S. government’s search for the self-healing networks of the future based on the automation tools of today.
Lt. Gen. VeraLinn “Dash” Jamieson, USAF, is thankful that her ears bleed in unpressurized aircraft cabins.
She might not otherwise have become an intelligence officer, and now the deputy chief of staff for intelligence, surveillance and reconnaissance and the Air Force’s senior intelligence officer.
She entered the Air Force through the ROTC program at West Virginia University, and was awestruck by motivational leaders who helped her develop a yearning to become a pilot.
But her ears bled.
Enemy states and terrorist groups increasingly are developing the means to wage an attack on a nation’s power grid just as electric companies are relying more on automated information technology. Vulnerable supervisory control and data acquisition, or SCADA, systems offer access for attackers, who also are learning more devastating ways of bringing down a grid.
Small nation-states and organizations, in particular, are cultivating advanced methods of attacking electrical grids, and these groups may not be as inhibited about setting an attack in motion as the larger, well-known cyber superpowers. Many threats to the grid already may be in place, undetected and at work, ready for launching at will.
As the nation deals with intelligence reports of Russian hacks of the U.S. presidential election, some of us in industry are pondering how President Donald Trump will tackle cybersecurity issues.
He already has a good road map. In December, the Commission on Enhancing National Cybersecurity issued its “Report on Securing and Growing the Digital Economy.” Kudos are in order. It is high time the executive branch dug deeply into cybersecurity issues.
Do you work for a cyber company with federal government contracts? If so, hold onto your hat, because $210 billion in government information technology contracts will expire this year and be re-competed.
A repeat or expansion of the recent distributed denial of service (DDoS) attacks on Internet traffic firm Dyn could be prevented with just three simple security measures ranging from adoption of a secure network architecture down to basic cyber hygiene. These measures could forestall up to 99 percent of these types of cyber attacks, according to a Washington, D.C.-area chief information officer (CIO).
If you can’t beat the hackers, join them—or at least act like them. By hacking a system from within, security experts can identify vulnerabilities and try to stay one step ahead of increasingly sophisticated cyber criminals. Thinking like an attacker cultivates an offensive mindset that leads to streamlined systems that incorporate the best of human skills and automated capabilities to shore up defenses from the inside out.
Ushering in full-blown mobility for the U.S. Defense Department will require key technology advances, particularly in areas of automation and security management. With mobile no longer a fringe idea, troops want to avail themselves of all the bells, whistles and efficiencies the ecosystem has to offer. But security concerns continue to crimp the department’s migration to what is otherwise commonplace in the private sector, experts shared Wednesday during the day-long AFCEA DC Chapter Mobile Tech Summit.
The Internet of Things has gone mainstream. Home refrigerators are chattier than ever, and emerging virtual home assistants can order wings for dinner, turn on lawn sprinklers, start the car and purchase pounds of cookies—all without users ever rising from the couch. Yet behind the headlines of these gee-whiz cyber technologies lurks a shortcoming. It is one that poses significant threats to national security but could be remedied fairly easily, some experts offer.