Cloud Computing, Cyber Security, IT Security, Security, Technology

Proposed U.S. Cyber-Security Legislation Worries Researchers

Changes proposed by the Obama Administration to a variety of laws used to prosecute cyber-crime have raised concerns among security professionals and vulnerability researchers, who worry that activities meant to improve security could lead to criminal charges.

cyber-security legislation

 

In a document published on Jan. 13, the White House presented its legislative proposals to amend a variety of laws, including the Computer Fraud and Abuse Act (CFAA) and the Racketeering Influenced and Corrupt Organizations (RICO) Act, to crack down on what the administration called “an unprecedented threat from rogue hackers as well as organized crime and even state actors.”

The proposed changes could make accessing public documents illegal, if the owner would not have approved; creates stricter punishments for anyone convicted of a cyber-crime; and allows the government to seize assets linked to cyber-crimes, security researchers said.

Read More

 

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Industry backing Obama’s cybersecurity agenda

Cybersecurity will be a focal point of President Barack Obama’s State of the Union address Tuesday, including a proposal to standardize how private companies share and report information on cyber crime.

Many states already have legislation on the books requiring companies to report breaches in which sensitive customer information is leaked. Legislation being proposed by the administration would create a single federal statute governing how and when information on cyber attacks must be released, intended to ease confusion in the private sector.

635572643407294955-Obama

The administration is also planning to create private-sector Information Sharing and Analysis Organizations (ISAOs) to manage threat reporting and disseminate important information and offer limited liability protection to companies that participate.

“It’s very important that this legislative proposal moves forward,” said Mike Brown, vice president and general manager of global public sector for RSA. “A legislative proposal is necessary to bring clarity,” particularly to information sharing and breach notifications.

Read More

Standard
Business, Cloud Computing, Cyber Security, Data Breach, Defense, Finance, IT Security, Security, Technology

North Korea boosts cyber army to 6,000 troops to cause ‘physical and psychological paralysis’

North Korea has boosted its “cyber army” in a bid to cause “physical and psychological paralysis” in the South.

According to the South Korean Defence Ministry’s latest white paper, the hermit state’s military unit, which is dedicated to cyber activities, is now double that of South Korea’s.

“North Korea is currently running its 6,000 (member) workforce for cyber warfare and performing cyberattacks for physical and psychological paralysis inside South Korea such as causing troubles formilitary operations and national infrastructures,” said the South Korean Defence Ministry.

In 2013, South Korea blamed Pyongyang for the raft of crippling cyber attacks on its banks and broadcasters.

Standard
Business, Cloud Computing, Cyber Security, Cybersecurity, Data Breach, Defense, Finance, IT Security, Security, Technology

North Korea is doubling its skilled cyber security staffers

NORTH KOREA IS REPORTEDLYdoubling the number of its highly skilled cyber soldiers while still denying claims that it ever maliciously hacked anyone.

In case you missed it, North Korea has been accused of hacking like a dry cough. The country has had more fingers pointed at it than a button, and has got rather comfortable with denyingaccusations that it has done things like tear apart Sony Pictures Entertainment.

Now it is accused of doubling its cyber warfare posse, called Bureau 121, which the last time anyone checked was made up of some 3,000 skilled staffers.

Today, according to reports, including this one on Reuters, that number is 6,000 if South Korea is to be believed.

A white paper from the South Korean Defence Ministry said that the enlarged unit will be used to bring mischief on the South, and possibly other countries and their utilities.

Standard
Business, Cloud Computing, Cyber Security, Cybersecurity, Data Breach, Defense, Finance, Government, IT Security, Security, Technology

SONY HACK SIGNALS ‘NEW NORMAL’ IN CYBERSECURITY

The Sony hack copied a multinational company’s financial documents, its employees’ personally identifiable information and years’ worth ofembarrassing – and poorly written, it must be said – emails from high-level executives and released them all for the world to see.

But for many cybersecurity observers, the real eye opener was how the hack illustrates today’s cyber landscape: It’s likely to get worse before it gets better.

A growing collection of high-level computer security experts believe evidence points to aninsider-orchestrated attack, while the U.S. government quickly blamed and sanctioned North Korea, whose leader, Kim Jong-un, is portrayed in an unflattering fashion in the Sony-backed film, The Interview.

Meanwhile, as Sony’s image continues to tarnish with each leaked, scandalous revelation, the company experienced an added layer of suffering other data-breached companies — Target, Neiman Marcus and Home Depot — had avoided.

Read More

Standard
Business, Cloud Computing, Cyber Security, Data Breach, Defense, Finance, IT Security, Security, Technology

Air Force evolves its cybersecurity as JIE comes into focus

The Air Force is moving beyond requiring airmen to use smart identification cards to log onto its computer network. The service now is making its network security even stronger.

Lt. Gen. Bill Bender, the Air Force’s chief of information dominance and chief information officer, said the use of role-based authentication should be “baked- into” its IT systems in the future.

Read More

Standard
Business, Cloud Computing, Cyber Security, Data Breach, Defense, Finance, IT Security, Security, Technology

Ex-Federal Cybersecurity Director Gets 25 Years for Child Porn

A former cybersecurity chief at the Department of Health and Human Services Timothy DeFoggi was sentenced to 25 years in prison on child pornography charges Monday, according to the Department of Justice. “Using the same technological expertise he employed as Acting Director of Cyber Security at HHS, DeFoggi attempted to sexually exploit children and traffic in child pornography through an anonymous computer network of child predators,” Assistant Attorney General Leslie Caldwell said in a statement.

A federal jury in the District of Nebraska convicted DeFoggi of child exploitation and conspiracy to distribute child pornography on Aug. 26. The 56-year-old was a member of a pornography website on the Tor network — a web browser that helps users remain anonymous online — from May 2012 until December 2012 when it was taken down by the FBI, according to the statement. He is the sixth person to be convicted in an ongoing federal investigation into three Tor-network-based child pornography websites, according to the DOJ.

Read More

Standard
Business, Cloud Computing, Cyber Security, Cybersecurity, Data Breach, Defense, Finance, IT Security, Security, Technology

White House cyber czar: Even non-critical infrastructure vulnerable – Top Sony Corp. exec condemns hack at CES

WHITE HOUSE CYBER CZAR: EVEN NON-CRITICAL INFRASTRUCTURE VULNERABLE — The Sony hack demonstrated that attacks on non-critical infrastructure can still implicate fundamental American values, White House Cybersecurity Coordinator Michael Daniel tells Dave in a Q&A out this morning. The hack also means the Obama administration might need to expand its cybersecurity outreach to the private sector, Daniel said.

“Obviously, part of the issue with Sony is … the fact that it was aimed at, effectively, suppressing speech,” Daniel said. “While that’s not critical infrastructure, that’s a value the U.S. holds pretty dear.” As a result, the devastating Thanksgiving week attack on the studio “raises a very interesting question about exactly how broadly we have to cast the net” in cybersecurity information sharing and other policy areas, he said.

Daniel’s 2015 prognosis: “One of the things you can look for from us is continued effort to identify places where we can take executive action…We will be looking for all the cases where we can potentially take some executive action to further things like information sharing and improving cybersecurity. Another big area you should look for us to do is continue pressing on legislation…like information sharing, and there’s still the issue of getting a national data breach law.

Read More

Standard
Business, Cloud Computing, Cyber Security, Data Breach, Defense, Finance, IT Security, Security, Technology

Three Boardroom Questions Every Cybersecurity Entrepreneur Must Answer

The resignation of Target’s CEO last May, after cyber attackers accessed the payment records of 40 million shoppers and Q4 profit declined 46 percent from the year before, was a watershed moment. Corporate officers and directors now had a concrete example of how cyber threats can hit the bottom line – and of how they will be held accountable.

As cyber threats increase – a recent study noted that attacks rose 48 percent this year, with more than 100,000 cybersecurity incidents every day – company directors have responded. Security reviews by the board are becoming standard practice. CEOs are becoming fluent in the language of cybersecurity. CISOs – Chief Information Security Officers – are in high demand and may become directors themselves.

Read More

Standard
Business, Cloud Computing, Cyber Security, Cybersecurity, Data Breach, Defense, Finance, Government, IT Security, Security, Technology

Ex-Sony Employees Echo Cybersecurity Company’s Suspicion That Hack Was An Inside Job

WASHINGTON — A Silicon Valley cybersecurity firm is doubling down on its claim that at least one former Sony employee was involved in hacking Sony. Some former employees of the company are expressing that sentiment as well, even as the U.S. government stands by its conclusion that North Korea orchestrated the massive cyberattack.

Kurt Stammberger, senior vice president at Norse, which provides cyber intelligence to customers in financial services, technology and government, told The Huffington Post that the company remains “pretty confident” that “at least one ex-employee was involved, probably more” in the Sony hack.

As evidence, Stammberger said that Norse has samples of malware used in the Sony hack that existed as early as July, “completely in English with no Korean whatsoever.” Sony credentials, server addresses and digital certificates were already built into the malware, he added.

Read more

Standard