Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
National Security Correspondent J.J. Green has traveled three continents covering intelligence, terrorism, and security issues. From Afghanistan to Africa, Iraq to Ireland, there isn't anywhere J.J. won't go, nor anyone he won't talk with, to get the stories affecting the cyber security community.
CYPTOLOCKER is a type of Ransomware that restricts access to infected computers and requires victims to pay a ransom in order to rescue their computers from criminals who take them over. It's so sophisticated that one US police force was hit by the virus and forced to pay a ransom using a new virtual currency called bit coins. Pfishing emails --which look legitimate, with subject lines like "payroll or package delivery" are the usual method of delivery.
Every day it seems there's a new Cyber Security threat. Everything from ransom ware to zero day issues. Cyber security insurance has been the way that companies have tried to offset the risk of online attacks and data loss, but the insurers were missing the information they needed to convince potential clients to buy their products. But now threat intelligence is helping them gauge the risk that potential customers might encounter.
A self-described "hacktivist" will spend 10 years in prison for illegally accessing computer systems of law enforcement agencies and government contractors. Before hearing his sentence, an unrepentant Jeremy Hammond told a federal judge that his goal was to expose injustices by the private intelligence industry when he joined forces with Anonymous. "Yes I broke the law, but I believe sometimes laws must be broken in order to make room for change," he said. The Chicago computer whiz and college dropout insisted his hacking days are over but added, "I still believe in hacktivism as a form of civil disobedience."
Google is warning U.S. lawmakers that U.S. spying operations risk fracturing the open Internet into a "splinter net" that could hurt American business. In the first public testimony before Congress by a major technology company since former National Security Agency contractor Edward Snowden disclosed top secret surveillance programs, Google said it should be allowed to provide the public more information about government demands for user data.
Adobe Systems Inc. says that the scope of a cyber-security breach disclosed nearly a month ago was much worse than initially reported. They now say attackers obtained data on more than 38 million customer accounts. The software maker also said that hackers had stolen part of the source code to Photoshop editing software that is widely used by professional photographers.
Singapore's government is on heightened alert for cyber-attacks after threats from claiming to be from international hacking collective Anonymous defaced several web sites in the city-state and threatened further action. "Government agencies have been on heightened vigilance and have enhanced the security of their IT systems in response to the declared threats against the government's ICT infrastructure," the Infocommunications Development Authority of Singapore (IDA) said in a statement.
Israel's military chief Lt. Gen. Benny Gantz says computer sabotage is a major concern and he warned a sophisticated cyber-attack could one day bring the nation to a standstill. In fact, a month before his address, a major artery in Israel's national road network in the northern city of Haifa was shut down because of a cyber-attack by a Trojan horse. Key operations were knocked out of commission for two days causing hundreds of thousands of dollars in damage.
A British man has been arrested in England and charged by the United States and Britain with infiltrating U.S. government computer systems, including those run by the military, to steal confidential data and disrupt operations, the Associated Press reports. U.S. prosecutors said the alleged hacker, Lauri Love, infiltrated thousands of computer systems including those of the Pentagon's Missile Defense Agency, the U.S. Army Corps of Engineers, the U.S. space agency NASA and the U.S. Environmental Protection Agency.
Russian authorities have arrested a man believed to be responsible for distributing a notorious software kit known as "Blackhole" that is widely used by cyber criminals to infect PCs, according to a person familiar with the situation. A former Russian police detective in contact with Russia's federal government told Reuters that the suspect, who is known in hacking circles as "Paunch," had been arrested.
The U.S. National Security Agency swept up 70.3 million French telephone records in a 30-day period, according to a newspaper report Monday that offered new details of the massive scope of a surveillance operation that has angered some of the country's closest allies. The French government summoned the U.S. ambassador for an explanation on Monday and renewed demands for talks on protection of personal data, as well as pledges that the surveillance would cease.
Homeland Security News is reporting that if hackers can steal a company's top-secret data, they can just as easily destroy a company's network. Richard Bejtlich, chief security officer for Mandiant, a cyber-security company, said not only are hackers getting into networks to steal huge amounts of intellectual property but they can also permanently erase data.
Cyber security advocates are frustrated that new legislation is caught between a rock and a hard place. It's stuck in contentious debates over government surveillance and the government shutdown. NSA's highly skilled cyber workers have been told to stay home, weakening the nation's ability to protect critical cyber infrastructure. Thousands of people with PHDs and math whizzes and thousands of computer scientists have been sitting idly at home.
Kelly Jackson Higgins wrote in her "Hacking The Adobe Breach" column, "At first glance, the massive breach at Adobe that was revealed last week doesn't neatly fit the profile of a pure cybercrime attack." She said not only did the bad guys steal customer data and payment info, but they also got ahold of the company's source code for Adobe's ColdFusion, Acrobat, and Reader software. Criminal investigators are looking into whether it was an accident or they deliberately went after the source code.
Officials say that an advertising firm must immediately stop using its network of high-tech trash cans to track people walking through London's financial district. The City of London Corporation says it has demanded Renew pull the plug on the program, which measures the Wi-Fi signals emitted by smartphones to follow commuters as they pass the garbage cans.
Recent revelations about secret U.S. surveillance programs could significantly impede progress on negotiations over new laws and regulations meant to beef up the country's defenses against the growing threat of cyber-attacks. Current and former cyber security officials say they worry the ongoing disclosures about secret National Security Agency spying programs by former NSA contractor Edward Snowden could trigger knee-jerk reactions by Congress or the private sector.
How does DHS detect and respond to malicious cyber activity. DHS also operates a cyber-information coordination center, the National Cybersecurity and Communications Integration Center (NCCIC), and several operational units. These units respond to incidents and provide technical assistance to information system operators. The NCCIC coordinates the information collected through these channels to create a common operating picture for cyber communities across all levels of government and the private sector.
How do you know if your computer is vulnerable to cyber-attack? USCERT The U.S. Computer Emergency Readiness Team. says many computers are sold with software already loaded. Whether installed by a computer manufacturer, operating system maker, Internet Service Provider, or by a retail store, USCERT says the first step in assessing the vulnerability of your computer is to find out what software is installed and how one program will interact with another. Unfortunately, it is not practical for most people to perform this level of analysis.
What is DHS's role in cyber security. DHS uses intrusion detection tools to monitor .gov network traffic for malicious activity and uses this resulting data to address cyber vulnerabilities. In addition, DHS issues bulletins and alerts that provide information on potential cyber threats. Last year, DHS issued more the 5,000 alerts and advisories, which it shared with various government, private sector, and critical infrastructure stakeholders; as well as the public.
Cyber criminals --what's their M.O.? USCERT says Attackers focus on exploiting client-side systems (your computer) through various vulnerabilities. They use these vulnerabilities to take control of your computer, steal your information, destroy your files, and use your computer to attack other computers. A low-cost way attackers do this is by exploiting vulnerabilities in web browsers. An attacker can create a malicious web page that will install Trojan software or spyware that will steal your information.
To promote cyber security practices and develop these core capabilities, DHS says it is working with critical infrastructure owners and operators to create a Cyber security Framework - a set of core practices to develop capabilities to manage cyber security risk. These are the known practices that many firms already do, in part or across the enterprise and across a wide range of sectors. The draft Framework will be complete in October.