The malware that infiltrated computer systems across South Korea’s banking and television broadcast industries on March 20 shares similarities with the Shamoon program used last year to wipe clean the hard drives of 30,000 Saudi Aramco workstations, according to experts at General Dynamics Fidelis Cybersecurity Solutions. Investigators at the company’s newly-opened cyber forensics laboratory in Columbia, Maryland, say the malware is not a Shamoon variant, but that the two programs share some characteristics.
The U.S. National Nuclear Security Administration (NNSA) began working on its Yourcloud solution about two years ago and expects to have the cloud computing solution in place by year's end. You can read more about this in "U.S. Nuclear Agency Enhances Cybersecurity With Cloud Computing ."
Despite continued budget crunching, U.S. Defense Department officials are continuing to implement a three-phase plan to equip the department’s 600,000 mobile-device users with secure classified and protected unclassified mobile solutions that leverage commercial products. In conjunction with the Defense Information Systems Agency, the department’s chief information officer is establishing a basic multivendor mobility capability with the Defense Department for assessment. This first phase, which continues through April, deploys voice and data services over a commercial wireless network, and a contract will be awarded for the department’s initial enterprise mobile device management (MDM) and mobile application store (MAS).
The recently signed executive order on cybersecurity and the presidential directive on critical infrastructure protection are not separate documents. In fact, they are part of the same overall effort to protect the nation, said Rand Beers, undersecretary for the National Protection and Programs Directorate, U.S. Department of Homeland Security. Beers discussed the effort on Thursday at the AFCEA Homeland Security Conference in Washington, D.C.
Gen. Michael Hayden, USAF (Ret.), former director of the CIA, indicated an astounding extent of Chinese cyber espionage and said he believes the Iranians are attacking U.S. banks with unsophisticated but pervasive cyber attacks.
The Air Force Space Command expects to be directed to add 1,000 new people, mainly civilians, to its base of about 6,000 cyber professionals for the 2014 fiscal year. According to the U.S. Defense Department blog “Armed With Science,” Gen. William L. Shelton, USAF, who leads Air Force Space Command, said direction for the hires would come from the Office of the Secretary of Defense, fueled by the U.S. Cyber Command.
The (ISC)2 Foundation’s information security 2013 scholarship program application process will open on January 1, 2013, and it offers a total of $120,000 in awards to women, graduate students, young professionals and faculty. The foundation will award up to two scholarships totaling $40,000 to women pursuing an education in information security. In addition, it will give seed funding for up to eight grants of $3,000 each to assist graduate students conducting special research. One of the foundation’s other undergraduate scholarship winners will receive the Harold F.
The U.S. Department of State is hosting its first-ever Youth TechCamp in the Pacific region later this month. Coordinated in conjunction with Pasifika Nexus and the University of the South Pacific, Youth TechCamp Fiji will offer six days of training to as many as 300 youths from various Pacific islands. Local and international technology experts from the fields of digital content creation, mobile applications and social activism will participate as well. Organizers aim to enable future leaders from the region to contribute to policy development, encourage local content creation and leverage connection technologies in positive ways.
Although fiscal year 2015 is the target time frame for full operational capability, personnel from the U.S. Army's 780th Military Intelligence Brigade--the service's first-ever cyber brigade--already are helping to secure the Defense Department's networks against cyber attacks. While the unit was officially activated on December 1, prep work for the group has been ongoing since at least 1998, according to Technology Editor George I. Seffers in his article, "Historic Cyber Unit Begins Daily Action," in this issue of SIGNAL Magazine. Seffers speaks with Col.
President Barack Obama has put the cybersecurity ball into Congress’ court, seeking legislation that pushes what some industry experts have clamored for in the quest to better protect the nation’s information network. The president unveiled details Tuesday for new laws toward better cybersecurity, which include a heavy focus on increased information sharing between government and industry. Some experts have said cybersecurity lacks a robust information-sharing plan between the private sector and government and the related safeguards to protect companies that share from prosecution. It's a good start, but not quite enough, some experts say.
Researchers at the Georgia Institute of Technology are investigating so-called side channel signals, low-level emissions from a computer that could allow savvy cyber attackers to illegally access information. By learning more about the signals, researchers may be one day be able to help mitigate the threat.
The Georgia Tech team has developed an algorithm for measuring the strength of the leaks, which will help prioritize security efforts. They now are studying smartphone emissions, which they say may be even more vulnerable. So far, they have looked only at Android devices.
While a more secure cyberspace will emerge through an evolutionary process, the U.S. government must take immediate action to influence the rate of change. With a series of government actions, the nation can simultaneously address the increasing sophistication of cyberthreats and impediments to public-private information sharing.
The Internet of Things, the latest iteration of the overarching dream of an omnipresent network architecture, offers an uncertain future in both opportunities and challenges. That uncertainty is growing as the network concept itself expands in scope and reach.
The perpetual quest for convenience and expedience brought about technology that has connected billions of devices that produce and share vast amounts of information, from an infant’s sleeping habits to space mission data. What happens to the data, how it is managed, by whom and with whom, and how it might be safeguarded pose privacy and safety concerns for security experts and government officials.
For the U.S. Defense Department, the Internet of Things means that everything—battlefield uniforms, office thermostats and major weapon systems, for example—are networked, providing tremendous amounts of data for situational awareness while also preventing challenges for cybersecurity and data storage and analysis.
The National Institute of Standards and Technology (NIST) has published for public review draft recommendations to ensure the confidentiality of sensitive federal information residing on the computers of contractors and other nonfederal organizations working for the government.
The U.S. Army has established a Cyber Chief Information Officer Focal within the acquisition community, responding to the ever-expanding role cyber now has in the service branch.
Run by the Office of the Assistant Secretary of the Army for Acquisition, Logistics and Technology, or ASA(ALT), its efforts will not duplicate work done by the Chief Information Officer (CIO)/G-6—which is a key stakeholder that is establishing some guidelines—but rather take on new cybersecurity and information assurance responsibilities. Personnel in the focal will coordinate activities among various stakeholders in the Army cyber community, improving communications while making work more efficient.
The private and financial sectors are pressing for better governmental answers to the costly cybersecurity challenges still plaguing the nation. They want the White House to create, as a minimum first step, an interagency or oversight group to facilitate information sharing. This small step is seen as a critical link between industry and government to organizing the fragmented cybersecurity efforts needed to quash mounting attacks.
While federal efforts abound, they are coordinated haphazardly, with gaps and no overarching governance—in spite of a preponderance of existing documents, plans, regulations and actions, according to experts.
Cyber is becoming more critical in battle every day, and the U.S. Army is adjusting its Network Integration Evaluation to reflect that reality. The service branch is introducing new digital features to the training event from the laboratory to the field.
Adm. Michael Rogers, USN, who leads both the National Security Agency and U.S. Cyber Command, predicts a damaging attack to critical infrastructure networks within the coming years. If an attack happens, the agency and Cyber Command will coordinate a response along with other government agencies and potentially the private sector organizations that own many of the networks.