If you have a credit card, an account with a health care provider or your personal identifiable information (PII) stored with a vendor, your PII probably has been compromised. What if there was another way to allow commerce and government to use your PII without storing it?
The Defense Department, facing an increase in defensive cyber operations, now has the command and control it needs to wage those actions on its information network. The Joint Force Headquarters Department of Defense Information Network consolidates efforts that previously were dispersed among the services and organizations.
My hope is that the general public at last is beginning to develop a basic understanding of the vulnerabilities the nation faces in cybersecurity. My fear is that, while these vulnerabilities affect the public at large, this developing understanding has not yet integrated itself into the culture and broad practice of cybersecurity. People still tend to view cyber attacks and scams as isolated incidents with little impact. They don’t seem to grasp the pervasiveness of the threat and its accompanying short- and long-term consequences. The result is a continuation of a cavalier attitude toward cyber hygiene on the part of many individuals as well as government, industry and academia.
The U.S. Transportation Command, in charge of providing land, sea and air mobility to U.S. forces worldwide, now finds itself tasked with its own form of conflict in the cyber domain. Its use of commercial assets has opened it to foreign cyber intrusions that could potentially threaten U.S. military operations in a time of conflict as they depend heavily on mobility for force projection and logistics support.
Much to their credit, Congress and the president are on the verge of passing and enacting legislation that will facilitate improved sharing of cyberthreat information between government and industry. The question becomes … what is next?
Although cybersecurity has been getting a lot of well-deserved attention lately, 90 percent of companies recently surveyed admit that their organizations have invested in a security technology that was ultimately discontinued or scrapped before or soon after deployment. The survey also revealed that the most important metrics are the least reliable. For example, although 70 percent of respondents said return on investment and total cost of ownership are critical metrics for investment and measurement of a technology’s economic benefits, the same number said it is difficult to calculate these metrics.
No less than five pieces of cyber legislation recently have been proposed in Congress. Yet, if history is any judge, none is likely to be signed into law. The only legislation that seems to make it over the hurdles are safe acts that do not break new ground but instead reinforce existing policy.
The Pentagon’s new cybersecurity strategy for the first time publicly addresses the department’s option to resort to offensive cyberwarfare tactics as a means to safeguard the military’s information networks.
The Department of Defense Cyber Strategy, the second in four years, guides the development of the military’s cyber forces toward a strengthened cyber defense and cyber deterrence posture—and plans to hold in its arsenal offensive cyber capabilities.
We couldn’t be in California today for Department of Homeland Security (DHS) Secretary Jeh Johnson’s address at the largest cybersecurity conference, so we’re bringing you news from the next best thing—his prepared remarks.
“My message to you today is this: Government does not have all the answers or all the talent,” Johnson said at the RSA Conference 2015 in San Francisco. “Cybersecurity must be a partnership between government and the private sector. We need each other, and we must work together. There are things government can do for you, and there are things we need you to do for us.”
It seems every week we read about a cyber breach that involves millions of records at risk of compromise. Why can’t the big boys get it right? After all, they have large information technology departments and many layers of protection. From the opposite perspective, what did you do today to protect personally identifiable information (PII)?
Do you have unique personal identification numbers (PINs) for all of your passwords? If you answered no, create a priority “to do” and investigate password vaults, accessible from your mobile devices and Web browser.
Government information technology administrators long have been trained to keep an eye out for the threats that come from outside their firewalls. But what if the greatest threats actually come from within?
Modern commercial airliners could be at risk of in-flight cybersecurity attacks through a vulnerability posed by passengers using planes’ wireless systems, warns a federal watchdog agency.
The U.S. Government Accountability Office (GAO) reviewed the Federal Aviation Administration’s (FAA's) transition to the Next Generation Air Transportation System (NexGen) and pointed out in a 56-page report several cybersecurity challenges, including protecting air-traffic control information systems, protecting aircraft avionics used to operate and guide the aircraft, and clarifying cybersecurity roles and responsibilities.
On the same day that news headlines implicated Russian hackers in a significant cyber attack and breach on the White House, officials attending a cybersecurity summit Tuesday in the nation’s capital warned of the uptick in the number of nation-state sponsored cyber attacks against the U.S. government and businesses.
The amplification could be worrisome because cybersecurity experts already cannot keep up with, much less get ahead of, the cyber activities that pose a national threat and have risen to the level of a national emergency.
New methods of teaching cybersecurity might be the best hope for providing the necessary security experts to turn the tide against malicious cybercriminals who have launched constant battles against vital networks. In purely quantitative terms, the number of available information technology security experts falls critically short of what is necessary, while the number of hackers and cyber adversaries grows larger.
The U.S. Army’s newly created cyber school is prepared to accept its first class of second lieutenants this summer followed by enlisted personnel and warrant officers. The historic first class signifies a significant first step toward building the service’s new cyber branch.
Army Secretary John McHugh and Chief of Staff Gen. Raymond Odierno approved the creation of the cyber branch in September 2014 as one of the first official steps in establishing a 17-series career field dedicated to managing the careers and professional development of officers. The remainder of the 17-series career field management program is expected to be implemented by October, with both enlisted and warrant officer career paths.
Cybersecurity is not one of the attractive career fields that tend to draw job seekers in droves to job fairs, especially among today’s young people now entering the work force, experts say. It has been a fairly ill-defined occupation, and that has led to the creation of a U.S. government office to work to codify requirements and job descriptions. It also has prompted a discourse about whether to professionalize the line of work as the United States struggles with a critical shortage of experts qualified to keep safe the networks that handle the cornucopia of personal, government and business information in the booming digital world.
Experts today trumpet the very same warnings voiced two years ago, when then Vice President Dick Cheney’s heart implant drew public attention and fervor to the mounting warnings of lax cybersecurity on wireless medical devices, some worn and some implanted inside the body. Few improvements have been developed to protect implanted insulin pumps, for example, from hackers who can then dispense lethal doses or to safeguard pacemakers from breaches delivering deadly shocks.
“This could be a new wave of terrorism that we see,” U.S. Rep. Diana DeGette (D-CO), whose daughter wears an implanted insulin pump, said this week at a panel discussion hosted by the Atlantic Council on the issue.
As if cybersecurity of late has not been tough enough, the emergence of a ubiquitous network consisting of billions of Internet connections and smart gadgets presents an alarming security threat that has failed to draw a concerted effort by experts—both in the government and industry—to address the weaknesses and protect users, experts say.
Cyber attacks originate from the outside or the inside. Is there "low hanging fruit" that you can harvest to reduce an insider attack?
You can reduce the probability of an attack from a disgruntled employee by becoming more mindful of your command climate or employee attitudes and by making a commitment to spend more time with your employees/members of your command. Take an employee to lunch and learn about his or her world. Schedule a breakfast with a subordinate and listen to his or her concerns.
Recruiting for a qualified military and civilian workforce for the U.S. Defense Department's cybersecurity mission has proven successful so far, but retaining the force remains to be seen, cyber commanders told Congress during a hearing.