The United States will continue to develop a bilateral relationship with China regarding cybersecurity issues. In fact, the two countries will meet again in Washington, D.C., on July 8th, according to Maj. Gen. John Davis, USA, senior military advisor to the undersecretary of defense—policy for cyber, Office of the Secretary of Defense. Gen. Davis, the luncheon keynote speaker on the first day of the July 24-27 AFCEA International Cyber Symposium in Baltimore, said the United States recognizes China as a rising power and a major voice in the cyber arena.
U.S. government officials are traveling the country warning companies about a new round of cyberattacks that have targeted 27 companies, compromised seven and may ultimately affect up to 600 asset owners, according to Neil Hershfield, deputy director, control systems security program (CSSP), Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), Homeland Security Department.
Hershfield made the comments while taking part in a critical infrastructure protection panel discussion as part of the July 25-27 AFCEA International Cyber Symposium, Baltimore.
The National Institute of Standards and Technology (NIST) has released the most comprehensive update to the government’s computer security guide since 2005. The fourth revision of “Security and Privacy Controls for Federal information Systems and Organizations” (SP 800-53) addresses issues such as mobile and cloud computing, applications security, supply chain risks and privacy concerns. It also calls for maintaining routine best practices to reduce information security risks while applying state-of-the-practice architecture and engineering principles to minimize the impact of threats such as cyber attacks.
The malware that infiltrated computer systems across South Korea’s banking and television broadcast industries on March 20 shares similarities with the Shamoon program used last year to wipe clean the hard drives of 30,000 Saudi Aramco workstations, according to experts at General Dynamics Fidelis Cybersecurity Solutions. Investigators at the company’s newly-opened cyber forensics laboratory in Columbia, Maryland, say the malware is not a Shamoon variant, but that the two programs share some characteristics.
The U.S. National Nuclear Security Administration (NNSA) began working on its Yourcloud solution about two years ago and expects to have the cloud computing solution in place by year's end. You can read more about this in "U.S. Nuclear Agency Enhances Cybersecurity With Cloud Computing ."
Despite continued budget crunching, U.S. Defense Department officials are continuing to implement a three-phase plan to equip the department’s 600,000 mobile-device users with secure classified and protected unclassified mobile solutions that leverage commercial products. In conjunction with the Defense Information Systems Agency, the department’s chief information officer is establishing a basic multivendor mobility capability with the Defense Department for assessment. This first phase, which continues through April, deploys voice and data services over a commercial wireless network, and a contract will be awarded for the department’s initial enterprise mobile device management (MDM) and mobile application store (MAS).
The recently signed executive order on cybersecurity and the presidential directive on critical infrastructure protection are not separate documents. In fact, they are part of the same overall effort to protect the nation, said Rand Beers, undersecretary for the National Protection and Programs Directorate, U.S. Department of Homeland Security. Beers discussed the effort on Thursday at the AFCEA Homeland Security Conference in Washington, D.C.
Gen. Michael Hayden, USAF (Ret.), former director of the CIA, indicated an astounding extent of Chinese cyber espionage and said he believes the Iranians are attacking U.S. banks with unsophisticated but pervasive cyber attacks.
The Air Force Space Command expects to be directed to add 1,000 new people, mainly civilians, to its base of about 6,000 cyber professionals for the 2014 fiscal year. According to the U.S. Defense Department blog “Armed With Science,” Gen. William L. Shelton, USAF, who leads Air Force Space Command, said direction for the hires would come from the Office of the Secretary of Defense, fueled by the U.S. Cyber Command.
The (ISC)2 Foundation’s information security 2013 scholarship program application process will open on January 1, 2013, and it offers a total of $120,000 in awards to women, graduate students, young professionals and faculty. The foundation will award up to two scholarships totaling $40,000 to women pursuing an education in information security. In addition, it will give seed funding for up to eight grants of $3,000 each to assist graduate students conducting special research. One of the foundation’s other undergraduate scholarship winners will receive the Harold F.
The U.S. Department of State is hosting its first-ever Youth TechCamp in the Pacific region later this month. Coordinated in conjunction with Pasifika Nexus and the University of the South Pacific, Youth TechCamp Fiji will offer six days of training to as many as 300 youths from various Pacific islands. Local and international technology experts from the fields of digital content creation, mobile applications and social activism will participate as well. Organizers aim to enable future leaders from the region to contribute to policy development, encourage local content creation and leverage connection technologies in positive ways.
Although fiscal year 2015 is the target time frame for full operational capability, personnel from the U.S. Army's 780th Military Intelligence Brigade--the service's first-ever cyber brigade--already are helping to secure the Defense Department's networks against cyber attacks. While the unit was officially activated on December 1, prep work for the group has been ongoing since at least 1998, according to Technology Editor George I. Seffers in his article, "Historic Cyber Unit Begins Daily Action," in this issue of SIGNAL Magazine. Seffers speaks with Col.
President Barack Obama has put the cybersecurity ball into Congress’ court, seeking legislation that pushes what some industry experts have clamored for in the quest to better protect the nation’s information network. The president unveiled details Tuesday for new laws toward better cybersecurity, which include a heavy focus on increased information sharing between government and industry. Some experts have said cybersecurity lacks a robust information-sharing plan between the private sector and government and the related safeguards to protect companies that share from prosecution. It's a good start, but not quite enough, some experts say.
Researchers at the Georgia Institute of Technology are investigating so-called side channel signals, low-level emissions from a computer that could allow savvy cyber attackers to illegally access information. By learning more about the signals, researchers may be one day be able to help mitigate the threat.
The Georgia Tech team has developed an algorithm for measuring the strength of the leaks, which will help prioritize security efforts. They now are studying smartphone emissions, which they say may be even more vulnerable. So far, they have looked only at Android devices.
While a more secure cyberspace will emerge through an evolutionary process, the U.S. government must take immediate action to influence the rate of change. With a series of government actions, the nation can simultaneously address the increasing sophistication of cyberthreats and impediments to public-private information sharing.
The Internet of Things, the latest iteration of the overarching dream of an omnipresent network architecture, offers an uncertain future in both opportunities and challenges. That uncertainty is growing as the network concept itself expands in scope and reach.
The perpetual quest for convenience and expedience brought about technology that has connected billions of devices that produce and share vast amounts of information, from an infant’s sleeping habits to space mission data. What happens to the data, how it is managed, by whom and with whom, and how it might be safeguarded pose privacy and safety concerns for security experts and government officials.
For the U.S. Defense Department, the Internet of Things means that everything—battlefield uniforms, office thermostats and major weapon systems, for example—are networked, providing tremendous amounts of data for situational awareness while also preventing challenges for cybersecurity and data storage and analysis.
The National Institute of Standards and Technology (NIST) has published for public review draft recommendations to ensure the confidentiality of sensitive federal information residing on the computers of contractors and other nonfederal organizations working for the government.
The U.S. Army has established a Cyber Chief Information Officer Focal within the acquisition community, responding to the ever-expanding role cyber now has in the service branch.
Run by the Office of the Assistant Secretary of the Army for Acquisition, Logistics and Technology, or ASA(ALT), its efforts will not duplicate work done by the Chief Information Officer (CIO)/G-6—which is a key stakeholder that is establishing some guidelines—but rather take on new cybersecurity and information assurance responsibilities. Personnel in the focal will coordinate activities among various stakeholders in the Army cyber community, improving communications while making work more efficient.