Cloud Computing, Cyber Security, IT Security, Security, Technology

DHS WANTS TO PLUG HOLES IN CYBER DEFENSES WITH BIG DAT

The Department of Homeland Security has a new big idea for improving the cybersecurity of federal agencies and key private industries: big data.

A White House progress report released Feb. 5 detailing how the federal government is seizing big data opportunities said DHS is “working across government and the private sector to identify and leverage the opportunities big data analytics presents to strengthen cybersecurity.”

When queried by Nextgov, a DHS spokesman declined to provide details about the big data efforts outlined in the report.

But in a conference call with members of the President’s National Security Telecommunications Advisory Committee that same day, White House and DHS officials provided glimpses into a number of ongoing initiatives that aim to fuse traditional cyber-defense methods with the real-time intelligence rendered by robust data analytics.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Drones and cybersecurity Part 2: Solutions

Drones and cybersecurity part 1: The challenges we face and cybersecurity’s role,” we’ve heard of more incidents of drones flying around and near airports, discussions about the exploding use of drones for official, commercial, and private use, …and a private drone crashing on the White House lawn. Safe to say the sense of urgency has ratcheted up quite a bit.

Conventional methods to detect and mitigate threats from drones are limited; radars either don’t detect drones or characterize them incorrectly (i.e. migratory birds). Additionally, if radar does detect the drone, it cannot mitigate the threat or identify the source. Clearly a comprehensive solution that finds and IDs the drone platform, mitigates the threat safely, and provides forensic evidence to government and law enforcement officials is necessary whether you’re protecting the Super Bowl, an airport, or a government facility.

As I mentioned last time, drones have onboard logic and communications channels, therefore the use of advanced cybersecurity platform protection techniques can be employed. Defense contractors and technology companies alike are developing cybersecurity solutions to address the aforementioned challenges. One approach that has been developed creates a “cyber fence” that employs the use of cyber defense techniques found on traditional IT networks, except it uses those techniques against platforms such as drones. This cyber fence can be integrated into other physical, electronic, and cyber defense mechanisms to offer full protection against this threat.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Cyber-attacks rising in Utah, likely due to NSA facility

Utah state officials have seen what they describe as a sharp uptick in attempts to hack into state computers in the last two years, and they think it related to the NSA data center south of Salt Lake City.

The increase began in early 2013 as international attention focused on the NSA’s $1.7 billion warehouse to store massive amounts of information gathered secretly from phone calls and emails.

“In the cyber world, that’s a big deal,” Utah Public Safety Commissioner Keith Squires told a state legislative committee this week.

While most of the attempts are likely innocuous, cyber experts say it is possible low-level hackers, “hactivists” unhappy with the NSA’s tactics, and some foreign criminal groups might erroneously think the state systems are linked to the NSA.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

EXCLUSIVE: OPM MONITORING ANTHEM HACK; FEDS MIGHT BE AFFECTED

The Office of Personnel Management is keeping a close eye on details emerging about a hack at the second biggest U.S. health insurer, Anthem Inc., which provides coverage to 1.3 million federal employees.

Anthem runs the Blue Cross-Blue Shield Service Benefit Plan, better known as the Federal Employee Program, or FEP, in many states, including Virginia, California and New York.

“OPM is closely monitoring the situation,” an agency spokesman told Nextgov. “Anthem informed OPM that it shut down the network in question and is working to ensure the security of its systems as it investigates the extent of the breach.”

When contacted by Nextgov on Thursday, Anthem officials were not ready to discuss the potential ramifications of the incident for current or former federal employee members.

In a statement, officials said intruders perpetrated “a very sophisticated attack” to break into Anthem’s systems, and the offenders “have obtained personal information relating to consumers and Anthem employees who are currently covered, or who have received coverage in the past.”

The affected database housed records on roughly 80 million customers and tens of millions of records were copied, according to The Wall Street Journal, which first reported the incident.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Army turns to commercial partners to keep ISR edge

Facing both shrinking research and development budgets and a need to adopt faster and more flexible ISR network technologies, such as software-defined networks (SDNs), the Army is now looking to its commercial partners for assistance in developing innovative solutions.

“We work closely with both internal — Army and [Department of Defense] — research facilities, as well as contractors from multiple fields supporting cyberspace,” said Lt. Col. Jackie Jones, a spokesman for the Advanced Concepts and Technology Directorate (ACTD) of Army Cyber Command in Fort Belvoir, Virginia. Jones said the decision to work in closer collaboration with commercial partners is being made out of necessity. “While DoD research facilities may expand the number of technologies they develop and evaluate, they are not growing in capacity at the same rate as the civilian marketplace.”

Jones noted that by forming close ties with industry, academic and other external R&D organizations, the Army hopes to achieve and maintain a thorough understanding of all emerging ISR network technologies. “Currently, not all cyberspace capability requirements from commanders can be accomplished with existing technologies,” he said. “As operations being conducted in and through cyberspace become more integrated within military operations … research and development into new capabilities will be necessary for the Army to stay at the leading edge of technology with respect to our adversaries.”

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

PENTAGON PROPOSES AT LEAST $27M TO GROW RANKS OF CYBER FORCES

The military services each want to bring on board an additional 20 to 60 computer security whizzes starting next fall to fill the ranks of a 6,000-person Cyber Command, according to President Barack Obama’s fiscal 2016 funding request.

Air Force Maj. Gen. James Martin earlier this week said that increases in the service’s operations and maintenance budget would create a total of 39 cyber teams. Those teams will include “200 military personnel in cyber operations and cyber warfare positions to counter growing worldwide cyber threats,” according to budget documents.

“We’re stopping the downsizing,” Martin told reporters on Tuesday, when the budget was released. “Support of this budget request is important, so that we can eliminate some stress on the force, that we can make sure we’re adding back money for the force structure that we have, as well as some billets that support and strengthen the nuclear enterprise, as well as new missions such as the cyber teams.”

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Obama budget pushes better decisions using open data

Included in the president’s 2016 budget proposal are several initiatives to increase access to data and improve the government’s evidence-based decision making.

“The administration is committed to continuing cost-effective investment in federal statistical programs in order to build and support agencies’ capacity to incorporate evidence and evaluation analyses into budget, management and policy decisions,” the budget reads. “The 2016 budget includes a package of proposals that would make additional administrative data from federal agencies and programs legally and practically available for policy development, program evaluation, performance measurement and accountability and transparency efforts.”

Overall, the president’s budget offers a 2.5 percent increase for statistical programs, rising from $4.2 billion in 2015 to $5.2 billion under the 2016 proposal.

One of the largest data-producers in the federal government, the Census Bureau, would get an additional $10 million to continue building out its collection of datasets and the infrastructure that allows users to collate, analyze and share that data.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

CyberGIS: infrastructure for massive geospatial data, processes

CyberGIS is geospatial-specific infrastructure that manages, processes and visualizes massive, complex geospatial data while performing associated analysis and simulation.

A consortium of government, academic and private-sector partners has come together to build the National CyberGIS Facility at the University of Illinois, Urbana-Champaign. With funding from the National Science Foundation, the group aims to build a high-performance computing system optimized to handle geospatial data. The platform will be equipped with more than 7 petabytes of raw disk storage, solid-state drives, advanced graphics processing units, a high-speed network and dynamically provisioned cloud computing resources.

“There are critical problems that cyberGIS can assist in, from mapping water resources across local, regional and global scales to managing the preparation and response to disasters and emergencies,” said Shaowen Wang, the founding director of the CyberGIS Center. “But to date, no one has created the cyber infrastructure that is really needed to solve such problems.”

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Scan Finds ‘Ghost’ Haunting Critical Business Applications

Ghost is alive and well in many critical business applications, suggesting the vulnerability may be more pervasive than originally thought, new data shows.

Application security vendor Veracode found in its cloud-based scanning service that 41% of its customers’ enterprise applications that use the GNU C library, aka glibc, call the Ghost-ridden gethostbyname function.

Ghost–CVE-2015-0235–is a serious buffer overflow vulnerability affecting various Linux systems. The flaw in Linux’s glibc could allow an attacker to remotely wrest control of a system without authenticating to it to insert malware, or to wage distributed denial-of-service attacks, for instance. It’s found in various Linux appliances and affects Debian 7, Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7, and Ubuntu 12.04, as well as other Linux implementations. Glibc versions 2.2 through 2.17 are vulnerable to Ghost. All of the known affected Linux systems now have patches available.

Veracode says some 80% of those applications it analyzed using glibc were rated as highly business-critical by the organizations, which indicates they may be financial transaction applications or others that access sensitive databases.

“The pervasiveness [of Ghost, we found] was kind of surprising,” says Chris Wysopal, CTO of Veracode. When the bug was first revealed last month by Qualys, the good news was that it was an “old function,” so newer systems were likely safe, he says.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Health Insurer Anthem Suffers Massive Data Breach

Anthem, Inc., one of the largest health care companies in the United States, reported late on Wednesday that its computer systems have been targeted in a “very sophisticated external cyber attack.”

According to Joseph R. Swedish, president and CEO of Anthem, the attackers gained access to names, dates of birth, medical IDs/social security numbers, addresses, email addresses, and employment information (including income data) belonging to current and former members.

Anthem hacked

There is no evidence to suggest that credit card details and medical information, such as claims, test results or diagnostic codes, have been accessed by the attackers. The company has taken steps to close the security hole exploited by the malicious actors, Swedish said in a statement.

Anthem, formerly known as WellPoint, serves nearly 69 million customers through its affiliated companies, according to the organization’s official website. The health insurer is still trying to determine precisely how many of its customers have been impacted, but it appears the breach affects all product lines.

The list of affected plans includes Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard