In the News

 

Image removed.

 

  • “HP offers secure, private cloud for government”, GCN, 29 May 2014. HP Enterprise Services announces HP Helion Managed Private Cloud for Public Sector, which allows government, defense, civilian, and other organizations to securely manage a dedicated, private cloud to monitor resources over multiple departments. It is designed to meet the government’s “unique certification and regulatory compliance needs” while providing improved security. (ID#:14-1535) See http://gcn.com/articles/2014/05/29/hp-public-sector-cloud.aspx?admgarea=TC_SecCybersSec
  • “Heartbleed begets headaches in perfecting encryption”, GCN, 09 May 2014. Following the Heartbleed bug, the NIST released an update of its Special Publication 800-52, a guideline on implementing TLS protocols, to reflect the IETF’s work on revising TLS from version 1.0 to 1.1 and 1.2. The IETF TLS 1.3 working group is working on increasing the safety of TLS by replacing and/or improving dated, vulnerable techniques like the RSA key transport cipher suites, upon which TLS ‘handshakes” are based. (ID#:14-1536) See http://gcn.com/blogs/cybereye/2014/05/tls-heartbleed.aspx
  • “Cyber defense consortium formed to share ‘fresh’ malware”, SC Magazine, 30 May 2014. A consortium has been formed between Fortinet and Palo Alto Networks to share intelligence on malware and cyber threats. This will allow the two companies, along with other security companies that are expected to join, to “stop advanced threats at the network level” through collaboration and sharing of fresh malware samples and threat intelligence. (ID#:14-1537) See http://www.scmagazine.com/cyber-defense-consortium-formed-to-share-fresh-malware/article/349257/
  • “Senate committee OKs bill to give DHS broader security hiring authority”, SC Magazine, 23 May 2014. After swiftly passing through a Senate committee, Bill S. 2354, if passed into law, will put the Department of Homeland Security’s hiring ability of cyber security personnel on par with that of the DoD and the NSA. The increased authority and flexibility should allow the DHS to be better prepared to respond quickly to cyber threats. (ID#:14-1539) See http://www.scmagazine.com/senate-committee-oks-bill-to-give-dhs-broader-security-hiring-authority/article/348427/
  • “Gameover Zeus Botnet Disrupted by multinational effort”, Cyber Defense Magazine, 04 June 2014. A joint effort between the FBI, DoJ, and foreign agencies announced a joint effort to disrupt a dangerous, long-lived botnet called Gameover Zeus, which responsible for an estimated $100 million or more in losses. The alleged administrator of Gameover, Russian citizen Evgeniy Mikhailovich Bogachev has been charged with conspiracy, computer hacking, and bank fraud, among other charges. (ID#:14-1543) See http://www.cyberdefensemagazine.com/gameover-zeus-botnet-disrupted-by-multinational-effort/
  • “A Case for Opportunistic Encryption on the Web”, Ivan Ristic, Director of Engineering, Qualsys, SC Magazine, News, Opinions   5 Feb 14:  The author suggests that websites that use no encryption can deploy “opportunistic encryption” to deter passive attacks.  This approach is not sophisticated enough to defeat a determined targeted attacker, but it is good enough to defeat passive attacks. After all, most communications are not being actively intercepted, which means that opportunistic encryption provides sufficient protection.  According to the author, all the required technologies already exist to start deploying opportunistic encryption tomorrow. What remains is that final step where the web browser and server vendors agree to use it. If accomplished, after a few short years of waiting for the new technology to spread,  the web will be much safer, and one that is robustly safe from mass surveillance.  (ID#:14-1232) Available at:  http://www.scmagazine.com/a-case-for-opportunistic-encryption-on-the-web/article/332653/
  • “ The Challenge for Cybersecurity is to find leadership”, Jarno Limnell, Director of Cybersecurity, Intel Security, SC Magazine UK, News, Opinions, 10 Mar 14.  The author reports that at the Cyberstrat14 event in Helsinki, cybersecurity was repeatedly said to have three key needs: leadership, drive and trust. To begin, leadership and drive must lead to action and not merely to more discussion. The discussions taking place within organisations and corner offices now needs to be translated into strategies and action plans. He further suggests that with respect to cybersecurity, international politics is in need of cooperation that goes across national boundaries and that the ways forward are leadership, cooperation, and resilience.  (ID#:14-1233) Available at:  http://www.scmagazineuk.com/the-challenge-for-cybersecurity-is-to-find-leadership/article/337596/
  • “American Express Warns California Residents of Data Breach”, Infosecurity Magazine, 04 June 2014. In March 2014, Hacktivist group Anonymous released over 7 million payment card records as part of a protest. Experts say, however, that the data appears to be “recycled”, having been previously disclosed, and is not part of a new breach. American Express is the only one of four affected credit card company currently notifying its customers. (ID#:14-1515) See http://www.infosecurity-magazine.com/view/38693/american-express-warns-california-residents-of-data-breach/
  • “ISPs urged to quarantine infected computers”, Computerworld, 03 June 2014. In the wake of security threats like the Gameover Zeus botnet, plans are being implemented to have ISPs notify victims of cyber attacks. However, some experts think that ISPs should not just notify victims, but actually quarantine their computers from the network to minimize the impact of cyber attacks. (ID#:14-1524) See http://www.computerworld.com/s/article/9248812/ISPs_urged_to_quarantine_infected_computers
  • “The cost of compliance”, FCW, 04 June 2014. In the face of growing concerns over data breaches, limited manpower, and loss of productivity due to reactiveness, GRC (Governance, Risk management and Compliance) software is being used to allow IT departments ”to focus on mission-critical activities rather than focusing resources on security and compliance”. (ID#:14-1529) See http://fcw.com/articles/2014/06/04/critical-read-cost-of-compliance.aspx
  • “Mueller: Cyber experts need offline investigative skills”, FCW, 22 May 2014. Former FBI director Robert Mueller reinforced the importance of having well-qualified cyber experts, while pointing out the need for agents to be able to employ “traditional skills” in fighting cyber crime both online and offline. (ID#:14-1530) See http://fcw.com/articles/2014/05/22/mueller-cyber-investigative-skills.aspx
  • “Vendors getting mixed messages on cybersecurity”, FCW, 22 May 2014. As rules on federal acquisitions of cybersecurity IT are becoming more logistically demanding, NIST’s new cyber framework and a report by the GSA and Pentagon, “Improving Cybersecurity and Resilience through Acquisition”, are being cited as being potentially useful for simplifying acquisition rules.(ID#:14-1531) See http://fcw.com/articles/2014/05/22/cyber-aquisition.aspx
  • “Infrastructure cyber intrusion: A cautionary tale”, FCW, 21 May 2014. The Department of Homeland Security released details of two separate cyber attacks on critical infrastructure providers as a warning to other companies that provide power, water, and electricity. ICS-CERT, which performed analysis on the attacks, said that both incidents “point to the increasing need for critical infrastructure providers to keep up with perimeter security, remote access authentication and security monitoring capabilities…” (ID#:14-1532) See http://fcw.com/articles/2014/05/21/utility-cyber-breaches.aspx
  • “Sandia exploring ephemeral biometrics for insider threat monitoring”, GCN, 05 June 2014. By using individual biological data to create “monitor-able and controllable identities”, Sandia National laboratories is hoping to increase security and reduce the risk of insider threats. Sandia is currently seeking partners to aid in the research and development of the program. (ID#:14-1533) See http://gcn.com/blogs/pulse/2014/06/ephemeral-biometrics.aspx?admgarea=TC_SecCybersSec
  • The Federal Communications Commission recently took steps to move the country's traditional circuit-based telephone network to an Internet-based system.  At the agency's January meeting, commissioners will consider an order that outlines how best to make that transition without disrupting the existing telephone network. (ID#:14-1001)  See http://www.pcmag.com/article2/0,2817,2427386,00.asp
  • “The Lessons of Bletchley Park”, SC Magazine (Opinion), 20 Jan 2014, Dan Shugrue, director of product marketing, Akamai Web Security Solutions.  The author suggests that  counteracting current cyber threats requires a fundamental shift in the way we approach cyber defense and notes the levels of cooperation and resources provided to Bletchley Park could serve as a model.  (ID#:14-1003) See   http://www.scmagazine.com/the-lessons-of-bletchley-park/article/329342/
  • “What Everyone Needs to Know About Today’s Cyberthreats”,  NPR Interview on 14 January with P.W. Singer, Co-Author of Cybersecurity and Cyberwar, a book which looks at cybersecurity issues faced by the military, government, businesses and individuals, and what happens when you try to balance security with freedom of speech and the ideals of an open internet. (ID#:14-1004)  See  http://www.npr.org/2014/01/14/262387292/what-everyone-needs-to-know-about-todays-cyberthreats
  • "Cybersecurity challenges in developing nations", Tagert, Adam, ProQuest, UMI Dissertations Publishing, 2010. 3445893. Nations are deploying information and communications technology without a full understanding of the security challenges. (ID#:14-1006) See http://www.datacenter.com/
  • “Cybersecurity “failure” could result in next major terrorism attack” SC Magazine UK, 22 January; Doug Drinkwater, Senior Reporter, reported on the views at the sixth International Forum on Cyber Security, of  a panel comprising futurologists, former police investigators, industry vendors and privacy advocates who looked at the state of cyber security and the challenges facing CIOs, CISOs and other IT managers.  (ID#:14-1007) See http://www.scmagazineuk.com/cyber-security-failure-could-result-in-next-major-terrorism-attack/article/330532/
  • “Fuzzy Math:  The need for a national cybersecurity breach notification standard” SC Magazine, (Opinion) 31 January; Stephen Boyer, BitSight Technologies, suggests that current data collection on security breaches, while proving  analysis and insight based on their unique vantage points, do not provide, individually or collectively, ground truth into the number of security incidents and data breaches. The inconsistency of the data illustrates the need for comprehensive and consistent standards around the notification of security incidents and data breaches. (ID#:14-1008) See  http://www.scmagazine.com//fuzzy-math-the-need-for-a-national-cyber-breach-notification-standard/article/331478/

 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.