Business, Cloud Computing, Cyber Security, Cybersecurity, Data Breach, Defense, E commerce, Finance, IT Security, Security, Technology

Agencies fall short of White House targets for cybersecurity

The White House continues to see an upward trend in new cybersecurity practices governmentwide, but the Obama administration is finding that not all agencies are living up to the cyber standards it set forth in last year’s cross-agency priority goals.

Published with the 2015 budget, the cross-agency priority (CAP) goals focus on longstanding and critical issues affecting agencies across the federal government. Cybersecurity — one of the first mentioned of the White House’s 15 CAP goals — is a mission-based goal to “[i]mprove awareness of security practices, vulnerabilities, and threats to the operating environment, by limiting access to only authorized users and implementing technologies and processes that reduce the risk from malicious activity,” according to a goal statement. It says the president views cybersecurity as “one of the most serious national security, public safety, and economic challenges we face as a nation.”

Read More

Standard
Business, Cloud Computing, Cyber Security, Data Breach, Defense, Finance, IT Security, Security, Technology

North Korea boosts cyber army to 6,000 troops to cause ‘physical and psychological paralysis’

North Korea has boosted its “cyber army” in a bid to cause “physical and psychological paralysis” in the South.

According to the South Korean Defence Ministry’s latest white paper, the hermit state’s military unit, which is dedicated to cyber activities, is now double that of South Korea’s.

“North Korea is currently running its 6,000 (member) workforce for cyber warfare and performing cyberattacks for physical and psychological paralysis inside South Korea such as causing troubles formilitary operations and national infrastructures,” said the South Korean Defence Ministry.

In 2013, South Korea blamed Pyongyang for the raft of crippling cyber attacks on its banks and broadcasters.

Standard
Business, Cloud Computing, Cyber Security, Cybersecurity, Data Breach, Defense, Finance, IT Security, Security, Technology

North Korea is doubling its skilled cyber security staffers

NORTH KOREA IS REPORTEDLYdoubling the number of its highly skilled cyber soldiers while still denying claims that it ever maliciously hacked anyone.

In case you missed it, North Korea has been accused of hacking like a dry cough. The country has had more fingers pointed at it than a button, and has got rather comfortable with denyingaccusations that it has done things like tear apart Sony Pictures Entertainment.

Now it is accused of doubling its cyber warfare posse, called Bureau 121, which the last time anyone checked was made up of some 3,000 skilled staffers.

Today, according to reports, including this one on Reuters, that number is 6,000 if South Korea is to be believed.

A white paper from the South Korean Defence Ministry said that the enlarged unit will be used to bring mischief on the South, and possibly other countries and their utilities.

Standard
Business, Cloud Computing, Cyber Security, Cybersecurity, Data Breach, Defense, Finance, Government, IT Security, Security, Technology

SONY HACK SIGNALS ‘NEW NORMAL’ IN CYBERSECURITY

The Sony hack copied a multinational company’s financial documents, its employees’ personally identifiable information and years’ worth ofembarrassing – and poorly written, it must be said – emails from high-level executives and released them all for the world to see.

But for many cybersecurity observers, the real eye opener was how the hack illustrates today’s cyber landscape: It’s likely to get worse before it gets better.

A growing collection of high-level computer security experts believe evidence points to aninsider-orchestrated attack, while the U.S. government quickly blamed and sanctioned North Korea, whose leader, Kim Jong-un, is portrayed in an unflattering fashion in the Sony-backed film, The Interview.

Meanwhile, as Sony’s image continues to tarnish with each leaked, scandalous revelation, the company experienced an added layer of suffering other data-breached companies — Target, Neiman Marcus and Home Depot — had avoided.

Read More

Standard
Business, Cloud Computing, Cyber Security, Data Breach, Defense, Finance, IT Security, Security, Technology

Air Force evolves its cybersecurity as JIE comes into focus

The Air Force is moving beyond requiring airmen to use smart identification cards to log onto its computer network. The service now is making its network security even stronger.

Lt. Gen. Bill Bender, the Air Force’s chief of information dominance and chief information officer, said the use of role-based authentication should be “baked- into” its IT systems in the future.

Read More

Standard
Business, Cloud Computing, Cyber Security, Data Breach, Defense, Finance, IT Security, Security, Technology

Ex-Federal Cybersecurity Director Gets 25 Years for Child Porn

A former cybersecurity chief at the Department of Health and Human Services Timothy DeFoggi was sentenced to 25 years in prison on child pornography charges Monday, according to the Department of Justice. “Using the same technological expertise he employed as Acting Director of Cyber Security at HHS, DeFoggi attempted to sexually exploit children and traffic in child pornography through an anonymous computer network of child predators,” Assistant Attorney General Leslie Caldwell said in a statement.

A federal jury in the District of Nebraska convicted DeFoggi of child exploitation and conspiracy to distribute child pornography on Aug. 26. The 56-year-old was a member of a pornography website on the Tor network — a web browser that helps users remain anonymous online — from May 2012 until December 2012 when it was taken down by the FBI, according to the statement. He is the sixth person to be convicted in an ongoing federal investigation into three Tor-network-based child pornography websites, according to the DOJ.

Read More

Standard
Business, Cloud Computing, Cyber Security, Cybersecurity, Data Breach, Defense, Finance, IT Security, Security, Technology

White House cyber czar: Even non-critical infrastructure vulnerable – Top Sony Corp. exec condemns hack at CES

WHITE HOUSE CYBER CZAR: EVEN NON-CRITICAL INFRASTRUCTURE VULNERABLE — The Sony hack demonstrated that attacks on non-critical infrastructure can still implicate fundamental American values, White House Cybersecurity Coordinator Michael Daniel tells Dave in a Q&A out this morning. The hack also means the Obama administration might need to expand its cybersecurity outreach to the private sector, Daniel said.

“Obviously, part of the issue with Sony is … the fact that it was aimed at, effectively, suppressing speech,” Daniel said. “While that’s not critical infrastructure, that’s a value the U.S. holds pretty dear.” As a result, the devastating Thanksgiving week attack on the studio “raises a very interesting question about exactly how broadly we have to cast the net” in cybersecurity information sharing and other policy areas, he said.

Daniel’s 2015 prognosis: “One of the things you can look for from us is continued effort to identify places where we can take executive action…We will be looking for all the cases where we can potentially take some executive action to further things like information sharing and improving cybersecurity. Another big area you should look for us to do is continue pressing on legislation…like information sharing, and there’s still the issue of getting a national data breach law.

Read More

Standard
Business, Cloud Computing, Cyber Security, Data Breach, Defense, Finance, IT Security, Security, Technology

Three Boardroom Questions Every Cybersecurity Entrepreneur Must Answer

The resignation of Target’s CEO last May, after cyber attackers accessed the payment records of 40 million shoppers and Q4 profit declined 46 percent from the year before, was a watershed moment. Corporate officers and directors now had a concrete example of how cyber threats can hit the bottom line – and of how they will be held accountable.

As cyber threats increase – a recent study noted that attacks rose 48 percent this year, with more than 100,000 cybersecurity incidents every day – company directors have responded. Security reviews by the board are becoming standard practice. CEOs are becoming fluent in the language of cybersecurity. CISOs – Chief Information Security Officers – are in high demand and may become directors themselves.

Read More

Standard
Business, Cloud Computing, Cyber Security, Cybersecurity, Data Breach, Defense, Finance, Government, IT Security, Security, Technology

Ex-Sony Employees Echo Cybersecurity Company’s Suspicion That Hack Was An Inside Job

WASHINGTON — A Silicon Valley cybersecurity firm is doubling down on its claim that at least one former Sony employee was involved in hacking Sony. Some former employees of the company are expressing that sentiment as well, even as the U.S. government stands by its conclusion that North Korea orchestrated the massive cyberattack.

Kurt Stammberger, senior vice president at Norse, which provides cyber intelligence to customers in financial services, technology and government, told The Huffington Post that the company remains “pretty confident” that “at least one ex-employee was involved, probably more” in the Sony hack.

As evidence, Stammberger said that Norse has samples of malware used in the Sony hack that existed as early as July, “completely in English with no Korean whatsoever.” Sony credentials, server addresses and digital certificates were already built into the malware, he added.

Read more

Standard
Business, Cloud Computing, Cyber Security, Defense, Finance, IT Security, Security, Technology

As 2014 came to a close, we got a front row seat to the horror show that was the Sony hack.

As if we needed a case study to show us, we saw, with vivid clarity, what can happen when hackers run amok inside servers and start sharing confidential business content with the world — and we learned it gets ugly in a hurry.

We’re less than a week into the new year and already we’ve seen a major Bitcoin attack. You know that it’s only a matter of time before we hear about the next catastrophic system assault. It’s a bit like cybersecurity roulette. We keep spinning the wheel to find out who the next victim is.

The question is, why are we still so vulnerable, and why is the industry not banding together to solve this once and for all? Security matters to everyone from governments to finance to private sector companies of all sorts. Nobody wants to be the next JP Morgan, Home Depot or Sony. Yet everybody seems equally vulnerable. That’s why we must work together and put the best minds to bear on the problem to figure this out. The trouble is these are dreadfully difficult problems or we would have solved them by now.

Read More

Standard