Cyber Security, Data Breach, Defense, IT Security, Security, Technology

U.S. Central Command’s Accounts Hacked

U.S. Central Command’s Twitter and YouTube accounts were hacked Jan. 12, reportedly by ISIS sympathizers. Both accounts were suspended.

The account compromises came the same day President Obama proposed new cybersecurity measures, including a national data breach notification law.

U.S. Central Command's Accounts Hacked

CENTCOM is one of nine unified commands in the U.S. military, with responsibility for 20 countries, including Afghanistan, Iraq and Syria.

“We can confirm that the U.S. Central Command Twitter and YouTube accounts were compromised earlier today,” Elissa Smith, a U.S. Defense Department spokeswoman told Information Security Media Group the afternoon of Jan 12. “We are taking appropriate measures to address the matter.”

Read More

Standard
Cyber Security, Data Breach, Defense, IT Security, Security, Technology

PENTAGON: HACKERS DIDN’T GET CLASSIFIED INFORMATION

Monday’s hack of Twitter and YouTube accounts belonging to U.S. Central Command was embarrassing, but it doesn’t appear to have compromised any classified information.

“CENTCOM’s operational military networks were not compromised and there was no operational impact to U.S. Central Command,” said Navy Commander Elissa Smith, a Pentagon spokeswoman.

Smith said the military is viewing the incident “purely as a case of cybervandalism.” But, she said, the Pentagon has notified law enforcement about “the potential release of personally identifiable information.”

Read More

Standard
Cyber Security, Data Breach, Defense, IT Security, Security, Technology

DISA To Defend DoD Networks In New Role

he Pentagon is standing up a new headquarters within the Defense Information Systems Agency (DISA) that will assume responsibility for defending military networks and will reach initial operating capability this week.

disa-dodin-defense

This joint force headquarters will assume roughly a dozen tasks from US Cyber Command, and will have authority to secure, operate and defend the Department of Defense Information Network (DoDIN), said US Air Force Brig. Gen. Robert Skinner, DISA chief of staff.

“The end result is to provide unity of command and unity of effort across the entire DoDIN,” Skinner told reporters after his remarks at an industry conference here Monday. “We’re going to take this off US Cyber Command’s plate because there has been this vacuum at the operational level for command and control.”

Read More

Standard
Cyber Security, Data Breach, Defense, IT Security, Security, Technology

New DoD cloud security requirements coming Tuesday

The Defense Information Systems Agency (DISA) is poised to release final security guidance for purchasing cloud services on Tuesday as the Defense Department shifts to commercial providers.

635566771355225809-FED-Mark-Orndoff

After receiving more than 800 comments on the draft guidelines, DISA reorganized the security levels to allow certain work areas to exist in virtual private networks while still keeping the most sensitive data physically separated on DoD networks.

The final draft also tweaks the authorization requirements to track closer to the Federal Risk and Authorization Management Program (FedRAMP) except in specific areas where greater security assurance is needed.

Read More

Standard
Cyber Security, Data Breach, Defense, IT Security, Security, Technology

Florida Senator Pushes for Greater Consumer Data Protection

Sen. Bill Nelson, D-Orlando, of the Senate Commerce Committee said he wants Congress to pass legislation requiring companies to quickly notify consumers of data breaches.

Nelson said he intends to file legislation to do just that.

Nelson, the ranking member on the Commerce Committee, announced his intentions a day after the president called on Congress to take such action.

The renewed push for consumer notification requirements comes in the wake of recent high-profile data breaches at large companies such as Sony, Target, Home Depot and Staples and years of congressional inaction to tackle data security lapses.

Read More

Standard
Cyber Security, Data Breach, Defense, IT Security, Security, Technology

On heels of Obama privacy talk, senator to reintroduce breach notification bill

Soon after the president’s call for federal data breach legislation, a senator announced that he is penning a bill that carries a 30-day notification requirement for breached entities.

Diluted Freedom Act passes House to privacy advocates' dismay

The 30-day requirement, which President Obama also proposed in a Monday speech at the Federal Trade Commission (FTC), would prevail over state data security and breach notification laws, according to a draft summary of the bill sent to SCMagazine.com.

Sen. Bill Nelson, D-Fla., is in the final stages of drafting the Data Security and Breach Notification Act of 2015, a Tuesday release from the U.S. Senate Committee on Commerce, Science, and Transportation said.

Read More

Standard
Cyber Security, Data Breach, Defense, IT Security, Security, Technology

DOE to support cybersecurity ed at HBCUs with $25M in grants

On Thursday, Vice President Joe Biden will visit Norfolk, Va., to unveil White House plans to fund cybersecurity education in historically black colleges and universities (HBUCs).

According to a White House release, the Department of Energy will provide $25 million in grants to support 13 schools and two national labs, which are a part of a cybersecurity education consortium. The DOE funding will support cybersecurity initiatives presented by President Obama earlier this week.

Sen. Tim Kaine, D-Va., co-chair of the Senate Career and Technical Education (CTE) Caucus, in a statement released Tuesday, said, “With these new grants, Norfolk State and other HBCUs will be better equipped to provide students with the training and skills necessary to combat current and future cyber threats, as well as meet the growing demand for skilled cybersecurity professionals in Virginia and across the country.”

Read More

Standard
Cyber Security, Data Breach, Defense, IT Security, Security, Technology

Obama Cybersecurity Plan Seen Needing Company Incentives

President Barack Obama’s renewed push this week to protect U.S. computer networks from hacking was welcomed by industry leaders, though it lacks the financial incentives companies have been seeking.

Following corporate data breaches of companies including Sony Corp. (6758) and Target Corp., Obama today in a speech at the Federal Trade Commission outlined a cybersecurity and identity theft program he plans to highlight in his State of the Union address. The White House released a fact sheet today detailing the plans and saying most people in the U.S. think their personal data isn’t safe online.

“The notion that cybersecurity is going to be a prominent feature in the president’s State of the Union address is a big deal,” Larry Clinton, president of the Internet Security Alliance, which represents technology and manufacturing companies, said in a telephone interview today. “We think a lot more needs to be done.”

Read More

Standard
Cyber Security, Data Breach, Defense, IT Security, Security, Technology

Analyzing the White House’s New Cybersecurity Initiatives

The proposed bills were first outlined in a speech at the Federal Trade Commission on Monday, followed by a memo offering more details released by the White House on Tuesday.

Cybersecurity Legislation 2015

The President proposed a uniform national security standard requiring companies to inform their customers of a data breach within 30 days of discovering their information has been hacked.

The Personal Data Notification and Protection Act would protect consumers living in states which have yet to enact breach notification laws, or have fairly weak ones on the books. The federal breach notification law would simplify compliance for organizations operating in multiple states. Currently, organizations have to navigate a confusing patchwork of over 40 state regulations when dealing with a data breach or a security incident. The proposals—which have yet to be drafted into bills—would also extend protection to victims to cover incidents where the data compromised was not healthcare or financial-related.

Read More

Standard
Cyber Security, Data Breach, Defense, IT Security, Technology

Obama’s Calls for New Cybersecurity Laws a Good Start, but Nation Needs More

President Barack Obama has put the cybersecurity ball into Congress’ court, seeking legislation that pushes what some industry experts have clamored for in the quest to better protect the nation’s information network. The president unveiled details Tuesday for new laws toward better cybersecurity, which include a heavy focus on increased information sharing between government and industry. Some experts have said cybersecurity lacks a robust information-sharing plan between the private sector and government and the related safeguards to protect companies that share from prosecution. It’s a good start, but not quite enough, some experts say.

“First, we’re proposing new cybersecurity legislation to promote the greater information sharing we need between the government and the private sector,” Obama said during his visit to the National Cybersecurity and Communications Integration Center in Arlington, Virginia. “This builds and improves upon the legislation that we’ve put forward in the past. It reflects years of extensive discussions with industry. It includes liability protections for companies that share information on cyberthreats. It includes essential safeguards to ensure that the government protects privacy and civil liberties, even as we’re doing our job of safeguarding America’s critical information networks.”

Read More

Standard