Cyber

April 21, 2015
By Sandra Jontz

We couldn’t be in California today for Department of Homeland Security (DHS) Secretary Jeh Johnson’s address at the largest cybersecurity conference, so we’re bringing you news from the next best thing—his prepared remarks.

“My message to you today is this: Government does not have all the answers or all the talent,” Johnson said at the RSA Conference 2015 in San Francisco. “Cybersecurity must be a partnership between government and the private sector. We need each other, and we must work together. There are things government can do for you, and there are things we need you to do for us.”

April 16, 2015
By Glenn Kesselman

It seems every week we read about a cyber breach that involves millions of records at risk of compromise. Why can’t the big boys get it right? After all, they have large information technology departments and many layers of protection. From the opposite perspective, what did you do today to protect personally identifiable information (PII)?

Do you have unique personal identification numbers (PINs) for all of your passwords? If you answered no, create a priority “to do” and investigate password vaults, accessible from your mobile devices and Web browser.

April 15, 2015
By Ed Bender

Government information technology administrators long have been trained to keep an eye out for the threats that come from outside their firewalls. But what if the greatest threats actually come from within?

April 15, 2015
By Sandra Jontz
Image courtesy of nokhoog_buchachon at FreeDigitalPhotos.net

Modern commercial airliners could be at risk of in-flight cybersecurity attacks through a vulnerability posed by passengers using planes’ wireless systems, warns a federal watchdog agency.

The U.S. Government Accountability Office (GAO) reviewed the Federal Aviation Administration’s (FAA's) transition to the Next Generation Air Transportation System (NexGen) and pointed out in a 56-page report several cybersecurity challenges, including protecting air-traffic control information systems, protecting aircraft avionics used to operate and guide the aircraft, and clarifying cybersecurity roles and responsibilities.

April 8, 2015
By Sandra Jontz

On the same day that news headlines implicated Russian hackers in a significant cyber attack and breach on the White House, officials attending a cybersecurity summit Tuesday in the nation’s capital warned of the uptick in the number of nation-state sponsored cyber attacks against the U.S. government and businesses.

The amplification could be worrisome because cybersecurity experts already cannot keep up with, much less get ahead of, the cyber activities that pose a national threat and have risen to the level of a national emergency.

April 1, 2015
By Sandra Jontz

New methods of teaching cybersecurity might be the best hope for providing the necessary security experts to turn the tide against malicious cybercriminals who have launched constant battles against vital networks. In purely quantitative terms, the number of available information technology security experts falls critically short of what is necessary, while the number of hackers and cyber adversaries grows larger.

April 1, 2015
By George I. Seffers
Maj. Gen. LaWarren Patterson, USA, the U.S. Army Cyber Center of Excellence and Fort Gordon commander, and Col. Jennifer Buckner, USA, Army Cyber School commandant, unveil a sign during a ribbon-cutting ceremony for the school.

The U.S. Army’s newly created cyber school is prepared to accept its first class of second lieutenants this summer followed by enlisted personnel and warrant officers. The historic first class signifies a significant first step toward building the service’s new cyber branch.

Army Secretary John McHugh and Chief of Staff Gen. Raymond Odierno approved the creation of the cyber branch in September 2014 as one of the first official steps in establishing a 17-series career field dedicated to managing the careers and professional development of officers. The remainder of the 17-series career field management program is expected to be implemented by October, with both enlisted and warrant officer career paths.

April 1, 2015
By Sandra Jontz
U.S. Army engineers expose high school students to science-related career paths through advanced classroom instruction and hands-on experiments as part of the Gains in the Education of Mathematics and Science program, which highlights power, energy and cyber curriculums.

Cybersecurity is not one of the attractive career fields that tend to draw job seekers in droves to job fairs, especially among today’s young people now entering the work force, experts say. It has been a fairly ill-defined occupation, and that has led to the creation of a U.S. government office to work to codify requirements and job descriptions. It also has prompted a discourse about whether to professionalize the line of work as the United States struggles with a critical shortage of experts qualified to keep safe the networks that handle the cornucopia of personal, government and business information in the booming digital world.

March 19, 2015
By Sandra Jontz
From left to right, Jason Healey, Suzanne Schwartz, Joshua Corman and Pat Calhoun discuss the impact of lack cybersecurity on the Internet of Things and health care.

Experts today trumpet the very same warnings voiced two years ago, when then Vice President Dick Cheney’s heart implant drew public attention and fervor to the mounting warnings of lax cybersecurity on wireless medical devices, some worn and some implanted inside the body. Few improvements have been developed to protect implanted insulin pumps, for example, from hackers who can then dispense lethal doses or to safeguard pacemakers from breaches delivering deadly shocks.

“This could be a new wave of terrorism that we see,” U.S. Rep. Diana DeGette (D-CO), whose daughter wears an implanted insulin pump, said this week at a panel discussion hosted by the Atlantic Council on the issue.

March 10, 2015
By Sandra Jontz

As if cybersecurity of late has not been tough enough, the emergence of a ubiquitous network consisting of billions of Internet connections and smart gadgets presents an alarming security threat that has failed to draw a concerted effort by experts—both in the government and industry—to address the weaknesses and protect users, experts say.

March 4, 2015
By Glenn Kesselman

Cyber attacks originate from the outside or the inside. Is there "low hanging fruit" that you can harvest to reduce an insider attack?

You can reduce the probability of an attack from a disgruntled employee by becoming more mindful of your command climate or employee attitudes and by making a commitment to spend more time with your employees/members of your command. Take an employee to lunch and learn about his or her world. Schedule a breakfast with a subordinate and listen to his or her concerns.

March 5, 2015
By Sandra Jontz
U.S. military Information Assurance runs proxies to protect Joint Task Force Guantanamo servers from malicious websites.

Recruiting for a qualified military and civilian workforce for the U.S. Defense Department's cybersecurity mission has proven successful so far, but retaining the force remains to be seen, cyber commanders told Congress during a hearing.

March 1, 2015
By George I. Seffers

U.S. Department of Homeland Security Science and Technology Directorate officials are helping other nations create cyber testbeds that can be linked, forming one large, international virtual laboratory for cyber systems. In addition, they already have in place bilateral agreements with a number of countries and are in discussions with France, Spain, Germany, Mexico and South Korea, which ultimately could expand international cooperation on cybersecurity research and development.

March 1, 2015
By Lt. Gen. Robert M. Shea, USMC (Ret.)

The topic of critical infrastructure protection has been around for decades. In May 1998, President Bill Clinton issued Presidential Decision Directive (PDD)-63 on the subject of critical infrastructure protection. This represented a decision formally recognizing that key elements of our national infrastructure were critical to national security, the economic vibrancy of the United States and the general well-being of our citizenry. The PDD further highlighted the necessary actions to preserve and ensure the continuity of these critical infrastructures. In the wake of the terrorist attacks of September 11, 2001, President George W.

March 1, 2015
By Sandra Jontz

The U.S. Department of Homeland Security’s Continuous Diagnostics and Mitigation program is beginning a new thrust in which it addresses a growing concern of cybersecurity: identity management. The program aims to drive the overhaul of cyber risk management across federal, state, local, tribal and territorial governments and to do so cost-effectively by leveraging the technology acquisition processes­—essentially buying in bulk.

February 25, 2015
By Sandra Jontz
Example of McAfee phishing quiz, determined to be among the most successful phishing email sample to compromise victims' computers through a malicious URL.

The European Union faces the same formidable increase in cyber attacks perpetrated by adversaries with improved scope and sophistication as the United States—but comes up against issues compounded by disparate national laws and cybersecurity expertise, experts say.

February 24, 2015
By Maryann Lawlor

The National Security Agency’s third annual Best Scientific Cybersecurity Paper competition is now open. Scientific papers must have been published during 2014.

The papers will be judged on scientific merit and the the strength and significance of the work reported. In addition, the paper must exemplify the performance and reporting of cybersecurity scientific research.

February 12, 2015
By Robert K. Ackerman

The three sea services are facing different challenges with cyber operations, but they are adopting some similar solutions as they wrestle with the newest warfighting domain. In some cases, the services are affected by events that are out of their physical areas of responsibility but omnipresent in cyberspace.

Three sea service leaders described their cyber issues during the Thursday luncheon panel at West 2015, being held in San Diego, February 10-12. All panelists emphasized the importance of their people in cyber, but they also offered different perspectives on how their services are addressing cyber.

February 12, 2015
By Sandra Jontz
NIST's Cybersecurity Framework of protective guidelines was released February 12, 2014.

The U.S. government-backed cybersecurity framework for the nation’s federal agencies and critical infrastructure sector—released one year ago today—has received a general thumbs up of approval from industry experts. The structured guideline, presented by the Department of Commerce’s National Institute of Standards and Technology (NIST), is proving a successful advent toward a better understanding of cyber risks and organizations’ vulnerabilities, and the development of security programs to protect networks.

February 12, 2015
By Robert K. Ackerman

The U.S. Navy is exploiting its own assets and other capabilities to defend and protect against cyberthreats. Some of these internal assets include automated triggers in networks as well as advanced intelligence sources.

Vice Adm. Jan Tighe, USN, commander, Fleet Cyber Command and commander, Tenth Fleet, described some of these measures to the Thursday morning audience at West 2015, being held in San Diego, February 10-12. These efforts are built around her vision, which is to conduct operations through cyberspace and the electromagnetic spectrum to guarantee Navy operations while denying the same to adversaries.

Pages