Cybersecurity
Senators Send Letter to Obama
Senate leadership sent <a href=http://www.govexec.com/pdfs/070210cr1.pdf>a letter</a> to President Obama Thursday asking for his help in passing comprehensive cybersecurity legislation, though there was no specific mention of the bills currently moving through Congress.
Cybersecurity
Cybersecurity Bill's Partnership
It was good to see the Homeland Security and Governmental Affairs Committee unanimously pass <a href="http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=111_cong_bills&docid=f:s3480is.txt.pdf">Senate bill 3480</a> out of committee on Tuesday. There were some <a href="http://cybersecurityreport.nextgov.com/2010/06/mccains_dirty_cyber_politics.php">concerns</a> raised at the initial hearing by Sens. John McCain, R-Ariz., and Roland Burris, D-Ill., about creating a National Center for Cybersecurity and Communications within the <a href="http://topics.nextgov.com/Homeland+Security+Department/">Homeland Security Department</a> (DHS) to implement cybersecurity policies. However, the provision remained in the bill.
Cybersecurity
Security and Russian Spies
The FBI arrested 10 people this week <a href="http://www.washingtonpost.com/wp-dyn/content/article/2010/06/29/AR2010062901057.html?hpid=topnews">accused</a> of being Russian spies, an investigation that stretches back to the Clinton White House. According to the FBI, the operation was aimed at placing spies in nongovernmental jobs where they could get insider information without being easily identified. Interestingly enough, the FBI's arrest was aided by its ability to infiltrate the group's computers. Turns out these alleged spies weren't as careful about their cybersecurity as they should have been. So what did they do wrong?
Cybersecurity
Obama Can't Turn Off the Internet
The sweeping cybersecurity bill from Sens. Joe Lieberman, I-Conn., Susan Collins, R-Maine, and Tom Carper, D-Del., has come under unfounded fire for giving government the authority to shut down Internet services during emergencies. For the life of me, I can't find where it says this in <a href="http://thomas.loc.gov/cgi-bin/query/z?c111:S.+3480:">the bill</a>.
Cybersecurity
iPad Security Solutions
Earlier this month, Apple's iPad 3G suffered a <a href="http://www.nextgov.com/web_headlines/wh_20100614_1207.php">major breach</a> that possibly exposed thousands of high profile email addresses. The news made <a href="http://cybersecurityreport.nextgov.com/2010/06/feds_caught_up_in_ipad_security_breach.php">major headlines</a>, and the FBI opened an <a href="http://online.wsj.com/article/SB10001424052748704312104575299111189853840.html">investigation</a>.
Cybersecurity
Bill Puts Contractors Out of Work?
For the past couple months I've written about <a href="http://cybersecurityreport.nextgov.com/2010/04/white_house_heroes.php">continuous monitoring</a>, its <a href="http://www.nextgov.com/nextgov/ng_20100421_5175.php">importance</a> and the <a href="http://cybersecurityreport.nextgov.com/2010/04/state_dept_success_revealed.php">steps</a> that must be taken to change the security culture in Washington. Today we are a lot closer to breaking down barriers and implementing near-real-time situational awareness. But there are still things slowing down the transition aside from the Federal Information Security Management Act (FISMA). Sometimes the best way to find out about those barriers is to sift through the written testimonies submitted to Congress.
Cybersecurity
Obama Cuts, But Not Security
If you had reservations about the importance of cybersecurity to President Obama, his fiscal 2012 budget guidance ought to give you some relief. The president has requested a five percent cut in discretionary spending, but only to all non-security agencies.
Cybersecurity
McCain's Dirty Cyber Politics
Sens. John McCain, R-Ariz., and Roland Burris, D-Ill., are playing politics with the Senate's new cybersecurity legislation. The mostly positive <a href="http://hsgac.senate.gov/public/index.cfm?FuseAction=Hearings.Hearing&Hearing_ID=f56ace2f-7ac6-49ff-80e3-652371bb6fa6">hearing</a> was momentarily turned into McCain's personal soapbox to espouse the Homeland Security Department's alleged mishandling of the Christmas Day terrorist attack with DHS' ability to head a newly created center for cybsecurity and communication, as proposed in the bill. As currently written, the new center would be patterned after the country's National Counterterrorism Center.
Cybersecurity
A Senate Hearing Preview
In preparation for today's hearing on the Protecting Cyberspace as a National Asset Act (background <a href="http://www.nextgov.com/nextgov/ng_20100518_3081.php?oref=search">here</a> and <a href="http://www.nextgov.com/nextgov/ng_20100610_9392.php?oref=search">here</a>), here's a video of Sen. Joe Lieberman's, I-Conn., public comments at a presser last week. Today's panel includes:
Cybersecurity
Lessons From A Software Revolution
There are a lot of bad stories out there about government failure when it comes to cybersecurity. They certainly serve a purpose, and in many respects, they note the truthful fact that the U.S. has largely failed in its attempt to secure its computing infrastructure. But there also are good stories floating around. The one I'm going to tell shows how the U.S. Air Force stepped up to the plate long ago, even before the Navy, which I've praised in earlier posts.
Cybersecurity
Step Forward For Cyber Policy
The 2010 Protecting Cyberspace as a National Asset Act came out of the Senate Subcommittee on Federal Financial Management today, giving cybersecurity policy another push toward President Obama's desk.
Cybersecurity
Growth in Competitions
One of the many reasons to partake in a cybersecurity competition is to learn and grow a skill set. Threats and vulnerabilities change daily, so the more education the better. In fact, at SANS, we constantly are challenging our instructors to prove their knowledge is up to date. The minute they aren't the authority on a given topic, they no longer are invited to teach. But perhaps one of the most important reasons to engage in competitions is to quell your inner hacker. It's not much fun to have a skill set and not use it, and often, finding avenues to use it in a productive and legal way can be a challenge in itself.
Cybersecurity
Pass-the-Hash
In many ways, the advancement of hacking has truly come to the fore. Attack vectors are coalescing, evolving and advancing the breadth and scope of their impact. There's no better example of this than the pass-the-hash technique, considered by security expert Ed Skoudis to be one of 2010's most dangerous attack vectors.
Cybersecurity
CIOs Push New Software Settings
Two members of the <a href="http://www.cio.gov/">CIO council</a> have proposed baseline candidate settings for Windows 7 and Internet Explorer 8, an attempt to implement and secure new software without compromising existing security settings.
Cybersecurity
Cyber Legislation's Unnoticed Rise
National cybersecurity legislation jumped a <a href="http://www.nextgov.com/nextgov/ng_20100528_3390.php?oref=topnews">major hurdle</a> Friday in the House, but went mostly unnoticed. This is what happens when a big story drops on a Friday afternoon right before a holiday weekend. The House <a href="http://armedservices.house.gov/apps/list/press/armedsvc_dem/SkeltonPR0528102.shtml">passed</a> the fiscal <a href="http://thomas.loc.gov/cgi-bin/bdquery/z?d111:H.R.5136:">2011 National Defense Authorization Act</a>, which included an amendment from Reps. Jim Langevin, D-R.I., and Diane Watson , D-Calif. to update information security requirements for agencies, and establish a separate cybersecurity office in the White House.
Cybersecurity
USCC's Quest for Cyber Kids
Like the impetus behind the Science, Technology, Engineering, and Math (STEM) program, turning kids onto the jobs of the future is not only good for the kids but it's good for the industries, the same philosophy of the <a href="uscyberchallenge.org/">US Cyber Challenge</a>.
Cybersecurity
Bhalotra to the White House
White House Cybersecurity Coordinator Howard Schmidt is expected to name <a href="http://www.linkedin.com/ppl/webprofile?vmi=&id=9181008&pvs=pp&authToken=Nhvk&authType=name&locale=en_US&trk=ppro_viewmore&lnk=vw_pprofile">Sameer Bhalotra</a>, his deputy cybersecurity coordinator soon. According to sources, Bhaltora, a professional staffer at the U.S. Senate, sent out notes last night informing people of his move to the White House.
Cybersecurity
Cyber chief to name admired Senate staffer to deputy post, sources say
Cybersecurity experts praise the impending appointment of Sameer Bhalotra as a 'coup for Howard Schmidt.'
Cybersecurity
Security Common Sense Lost
The <a href="http://www.auscert.org.au/">Australian Computer Emergency Response Team</a> last week held a security conference that is making <a href="http://news.cnet.com/insecurity-complex/?tag=rb_content;overviewHead">headlines</a> for the wrong reasons. Apparently, organizers allowed IBM to hand out USB keys to conference participants, some of which contained malware. <a href="http://beastorbuddha.com/2010/05/21/ibm-letter-to-auscert-delegates-free-malware-giveaway/">Oh, the irony</a>.
Cybersecurity
FISMA Has To Change
And then there were two. <a href="http://www.nextgov.com/nextgov/ng_20100519_6677.php?oref=topnews">NASA</a> suspended its C&A activity for existing systems, joining the State Department in pushing forward continuous monitoring and starting what might become a domino effect. But is it right for individual agencies to be setting the tone like this? Moreover, if each agency pushes forward with <a href="http://cybersecurityreport.nextgov.com/2010/04/white_house_heroes.php">OMB's CyberScope</a> initiatives and an interpretation on how they relate to FISMA, will the country benefit from multiple models, or will it suffer from fractured leadership?
Almost There!
Help us tailor content specifically for you: