Cloud Computing, Cyber Security, IT Security, Security, Technology

Anthem cyberattack renews calls for info sharing

Anthem Inc., one of the country’s biggest health insurers, has been hit by a major cyberattack that could affect millions of its customers and employees. As news of the large-scale hack broke late Feb. 4, it was already having a ripple effect on Capitol Hill, with a top lawmaker calling on Congress to pass information-sharing legislation in response.

Hackers stole personal information from current and former Anthem members, including Social Security numbers, street and email addresses, and income data, the insurer said a statement that described the hack as “very sophisticated.” The firm said it had seen no evidence that credit card or medical information was compromised.

The hackers penetrated an Anthem database housing the personal information of 80 million Anthem customers and employees, the Wall Street Journal reported.

In a statement, the FBI said it was investigating the Anthem hack and praised the company’s swift response.

 

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Army CIO unveils new IT strategy

Army CIO Lt. Gen. Robert Ferrell has released a set of ambitious IT modernization plans that seek to accelerate progress in key areas such as cybersecurity and cloud computing for the service’s more than 1.4 million network users.

The strategy includes bolstering the throughput of Army networks and delivering voice-over-IP technology, and it establishes a clear IT road map for the Army through the end of the decade. In unveiling the strategy at an AFCEA NOVA conference for defense IT executives on Feb. 4, Ferrell sought industry help on specific technological challenges, such as distributed cloud nodes and mobile solutions, and offered a timeline for vendors to follow.

The strategy, which stretches through fiscal 2021 and is dubbed the Army Network Campaign Plan, has five broad goals:

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Army turns to commercial partners to keep ISR edge

Facing both shrinking research and development budgets and a need to adopt faster and more flexible ISR network technologies, such as software-defined networks (SDNs), the Army is now looking to its commercial partners for assistance in developing innovative solutions.

“We work closely with both internal — Army and [Department of Defense] — research facilities, as well as contractors from multiple fields supporting cyberspace,” said Lt. Col. Jackie Jones, a spokesman for the Advanced Concepts and Technology Directorate (ACTD) of Army Cyber Command in Fort Belvoir, Virginia. Jones said the decision to work in closer collaboration with commercial partners is being made out of necessity. “While DoD research facilities may expand the number of technologies they develop and evaluate, they are not growing in capacity at the same rate as the civilian marketplace.”

Jones noted that by forming close ties with industry, academic and other external R&D organizations, the Army hopes to achieve and maintain a thorough understanding of all emerging ISR network technologies. “Currently, not all cyberspace capability requirements from commanders can be accomplished with existing technologies,” he said. “As operations being conducted in and through cyberspace become more integrated within military operations … research and development into new capabilities will be necessary for the Army to stay at the leading edge of technology with respect to our adversaries.”

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Defense nominee: US ‘not where it should be’ on cybersecurity

The Defense Department’s network security “is not where it should be,” said Ashton Carter, the nominee for Defense secretary, during his Wednesday nomination hearing.

“We’re not anywhere near where we should be as a country,” Carter said before the Senate Armed Forces Committee. “Not only is our civilian infrastructure susceptible to cyberattack, but we have to be concerned about our military infrastructure.”

While the Islamic State in Iraq and Syria (ISIS) and Russian aggression in Ukraine dominated much of Carter’s hearing, the Pentagon pick also fielded questions on cybersecurity.

“A number of countries out there, including Russia, China, North Korea, probably many others, have very sophisticated means of attacking networks,” said Sen. Joni Ernst (R-Iowa).

Russia and China are both widely suspected of ongoing cyber campaigns to steal U.S. military secrets. Moscow is believed to be behind a 2008 cyberattack on the DOD. The government also recently blamed North Korea for a massive cyberattack on Sony Pictures.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Commerce OIG seeks compliance tool for email

WHAT: The Office of the Inspector General at the Department of Commerce is looking for a records management function for email.

WHY: Federal agencies are facing deadlines for managing email that qualifies as federal records in electronic format. By the end of 2016, the government will require email records to be stored electronically. Mindful of this requirement, the OIG at the Department of Commerce is looking for a compliance solution. Commerce OIG currently runs Outlook on an Exchange platform with a Blackberry mobile version, but it is planning a move to a FedRAMP approved cloud email by the end of September. The OIG wants a records management product that works with its cloud product, and is either cloud-hosted or stored locally at OIG. The office is looking for information on a system that can automate some aspects of records management, including capturing records on a schedule, grouping related email chains, retaining attachments, and holding content that is potentially needed in litigation.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Stopping the Next Cyber-Attack

Chances are, your company’s computers will come under attack sometime soon. The perpetrators may want to steal personal information. They may want trade secrets or intellectual property. They may simply want to annoy you.

Whatever their motives, by one estimate cybercrime is already costing the global economy more than $400 billion a year. After years of unproductive debate, the U.S. government finally looks ready to get serious. A big cybersecurity bill is likely to be introduced soon.

The question that springs to mind is whether that remedy might be more harmful than the disease. When it comes to digital security, the government — to put it mildly — can no longer take the country’s trust for granted. A systematic assault on cybercrime is necessary, but the policy must have safeguards and oversight built in from the start, not tacked on as afterthoughts.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

CyberGIS: infrastructure for massive geospatial data, processes

CyberGIS is geospatial-specific infrastructure that manages, processes and visualizes massive, complex geospatial data while performing associated analysis and simulation.

A consortium of government, academic and private-sector partners has come together to build the National CyberGIS Facility at the University of Illinois, Urbana-Champaign. With funding from the National Science Foundation, the group aims to build a high-performance computing system optimized to handle geospatial data. The platform will be equipped with more than 7 petabytes of raw disk storage, solid-state drives, advanced graphics processing units, a high-speed network and dynamically provisioned cloud computing resources.

“There are critical problems that cyberGIS can assist in, from mapping water resources across local, regional and global scales to managing the preparation and response to disasters and emergencies,” said Shaowen Wang, the founding director of the CyberGIS Center. “But to date, no one has created the cyber infrastructure that is really needed to solve such problems.”

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Scan Finds ‘Ghost’ Haunting Critical Business Applications

Ghost is alive and well in many critical business applications, suggesting the vulnerability may be more pervasive than originally thought, new data shows.

Application security vendor Veracode found in its cloud-based scanning service that 41% of its customers’ enterprise applications that use the GNU C library, aka glibc, call the Ghost-ridden gethostbyname function.

Ghost–CVE-2015-0235–is a serious buffer overflow vulnerability affecting various Linux systems. The flaw in Linux’s glibc could allow an attacker to remotely wrest control of a system without authenticating to it to insert malware, or to wage distributed denial-of-service attacks, for instance. It’s found in various Linux appliances and affects Debian 7, Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7, and Ubuntu 12.04, as well as other Linux implementations. Glibc versions 2.2 through 2.17 are vulnerable to Ghost. All of the known affected Linux systems now have patches available.

Veracode says some 80% of those applications it analyzed using glibc were rated as highly business-critical by the organizations, which indicates they may be financial transaction applications or others that access sensitive databases.

“The pervasiveness [of Ghost, we found] was kind of surprising,” says Chris Wysopal, CTO of Veracode. When the bug was first revealed last month by Qualys, the good news was that it was an “old function,” so newer systems were likely safe, he says.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Security For Startups

David Cowan is a partner at Bessemer Venture Partners, co-founded VeriSign, Good Technology and Defense.net, and co-authored several cybersecurity patents. He is currently a director of Lifelock, iSight, Endgame, Reputation, GetInsured, Rocket Lab, Smule and Zoosk.

In the past two years, cyberspace has clearly changed in ways that threaten every online business, big or small. Startups now use the cloud infrastructure that mature companies do, and quickly aggregate large, juicy caches of private user data and payment credentials. As malware infestations scale to scour the “long tail” of targets, they don’t discriminate between the Fortune 50 and the TechCrunch 50.

In fact, some increasingly common attacks — like DDoS extortion — specifically target smaller, more vulnerable businesses, whose loose cowboy cultures, shallow security expertise, fragile infrastructure and fresh capital make for easy pickings.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard
Cloud Computing, Cyber Security, IT Security, Security, Technology

Why Cybersecurity Will Suffer the Same Fate in 2015 as it Did in 2014

2015 is nearly three weeks young and I am afraid we are going to see more of the same exposures as we did in 2014. Not much has changed in organizations. They are fundamentally following the same tactics and techniques to ‘defend’ against adversaries as they have for the past several years. There are 12 areas that continue to cause problems for the CISO and information security as a whole. Here they are:

1. The CISO still reports to the CIO in most organizations seeing security still as a technical issue. CISOs battle the CIO quietly trying to move security to the forefront only to be pushed to the back of the pack in the name of features and functionality.

2.  CISOs continue to beg for financial table scraps and the scraps they do get are used to double down on existing technology.

The same technology that is failing them now but with a new twist or new buzzwordsdescribing really what they cannot do. And since organizations still see the issue as a technology problem, the CISO gets a budget that is a single digit percentage of the overall IT budget.

Read More

Cyber Security World Conference 2015 New York City, July 10, brings together information security experts and senior executives focused on protecting today’s enterprises from internal and external cyber attacks; the list of firms just keeps growing: Adobe, ADP, Citigroup, E*Trade, Fidelity, Home Depot, HSBC, JPMorgan Chase, Nasdaq, Neiman Marcus, Target and Wal-mart. Our experts will discuss strategies to strengthen corporate defenses, the cybersecurity framework, risks brought by mobile computing, lessons for the boardroom and protecting national infrastructure against foreign attacks. More information at http://cybersecurityworldconference.com.

Standard