BAE Systems works with government and commercial clients to collect and manage information to provide intelligence, maintain security, manage risk and strengthen resilience in today's complex operating environment.
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
National Cybersecurity Awareness Month
What is National Cybersecurity Awareness Month?
October is National Cybersecurity Awareness Month and it is an opportunity to engage public and private sector stakeholders - especially the general public - to create a safe, secure, and resilient cyber environment. Everyone has to play a role in cybersecurity. Constantly evolving cyber threats require the engagement of the entire nation — from government and law enforcement to the private sector and most importantly, the public.
Cyberspace is woven into the fabric of our daily lives and the world is more interconnected today than ever before. We enjoy the benefits and convenience that cyberspace provides as we shop from home online, bank using our smart phones, and interact with friends from around the world through social networks. The Department of Homeland Security is committed to raising cybersecurity awareness across the nation and to working across all levels of government, the private sector, and internationally to protect against and respond to cyber incidents.
This year marks the tenth anniversary of National Cybersecurity Awareness Month sponsored by the Department of Homeland Security in cooperation with the National Cybersecurity Alliance and the Multi-State Information Sharing and Analysis Center.
The major credit bureau Experian has sold sensitive consumer data to an identity theft service. That's according to a lengthy investigation by security reporter Brian Krebs. Members of a Vietnamese identity theft group posed as a US private investigator. They tricked Experian into selling them social security numbers, birthdays and financial information on millions of Americans. The group then resold this information to underground cyber crime sites, like super get dot info.
Jason Healey, the director of the Cyber Statecraft Initiative for the Atlantic Council, endorsed an approach that would turn how government and the private sector work together to battle cyber threats on its head.
Health IT professionals reveal some of their biggest concerns in keeping networks and personal health records secure. The SANS Institute conducted their inaugural health care information security survey. 373 health care IT professionals say negligent colleagues and a lack of investment in the end user about security issues are the main reasons for health information at risk. Despite these concerns, organizations are accepting the risks for the convenience of mobile and cloud technologies in delivering care to patients. According to the survey, the biggest driver for information security is regulatory compliance. Full survey results will be released during the SANS HealthCare Cyber Security Summit in San Francisco this week.
Documents leaked by former National Security Agency contractor Edward Snowden show the NSA swept up 70 million French phone records over a 30 day period. The report published in the French newspaper, Le Monde, found that when certain numbers were used, the conversations were automatically recorded. The surveillance operation also swept up text messages based on key words according to what Le Monde reported. The report was based on records from December 10th to January 7th. The French government has summoned the US ambassador to explain why the Americans spied on one of their closest allies. Similar programs have been revealed in Britain and Germany.
The government shutdown delays final cybersecurity guidelines for nuclear power plants and other critical infrastructure providers. The National Institutes of Standards and Technology deadline to submit guidance for cybersecurity framework was October 10th. Cyber experts tells FierceGovernment IT the missed deadline is unlikely to be a problem. In late September, NIST told Federal News Radio the document was essentially finished. The framework came about through President Obama's February executive order on cybersecurity. It embodies the administration's view that private sector infrastructure operators are critical to the nation's well-being and should live up to a minimal level of cybersecurity practices.
IBM scientists have developed a new mobile authentication security technology based on a radio standard. It's known as near-field communication or NFC and enables so-called two-factor authentication to secure mobile transactions, such as accessing an Intranet or private cloud. Two-factor authentication is already common when using a computer. Think password and verification code. IBM scientists now say they can apply the same concept using a personal identification number and a contactless smartcard like an employer-issued identity badge. The IBM technology is based on end-to-end encryption between the smartcard and the server using the National Institute of Standards and Technology's Advanced Encryption Standard scheme.
Federal employees are eligible for a free one-day training session in early November on implementing continuous monitoring. The goal is to help agencies make good use of the continuous diagnostics and monitoring contract DHS awarded in August.
Agencies are staring at one of the biggest breaches of federal cybersecurity right in the face. The Federal Times reports, a new study found 49 percent of security breaches at agencies are caused by federal employees themselves who bypass security measures while surfing online and accessing email. It's according to a report from public-private IT partnership MeriTalk. 69 percent of feds who were surveyed say their work takes longer because of additional cybersecurity measures they face. Two-thirds of federal network users also say security practices at their agency are "burdensome." (Federal Times)
Americans are more concerned about the state of the nation's cybersecurity in shutdown mode, a new survey from Cyber Talk says. 54 percent of those surveyed say they felt slightly more concerned about cyber threats under the shutdown. USA Today reports the shutdown will give hackers and cyber spies more time to find ways to breach national cyber security, even after the shutdown ends. (USA Today)
The future federal workforce is lax about cyber risks according to a recent study conducted by defense contractor Raytheon. The study notes that high school students are not very interested in filling cybersecurity jobs, which are in increasing demand within the federal government. Milllennials online habits are more risky than other generations because of their use of public wi-fi networks and high social media engagement. According to the study, millennials are also more likely to share their passwords with people outside of their family.
A new security advisory from Mocana includes update information for its Nano-Crypto embedded security engine. Leaked documentation from Edward Snowden reveals the algorithm could be exploited by the NSA. Earlier this month, NIST warned against using the previously approved standard until the full extent of its vulnerability is determined.
Americans are more concerned about the state of the nation's cyber security in shutdown mode, a new survey from Cyber Talk says. 54 percent of those surveyed say they felt slightly more concerned about cyber threats under the shutdown. USA Today reports the shutdown will give hackers and cyber spies more time to find ways to breach national cyber security, even cyber attacks that occur after the shutdown ends.
Agencies are staring at one of the biggest breaches of federal cybersecurity right in the face. The Federal Times reports, a new study found 49-percent of security breaches at agencies are caused by federal employees themselves who bypass security measures while surfing online and accessing email. It's according to a report from public-private IT partnership MeriTalk. 69 percent of feds who were surveyed say their work takes longer because of additional cybersecurity measures they face. Two-thirds of federal network users also say security practices at their agency are burdensome.
Gen. Keith Alexander, head of the U.S. Cyber Command and the National Security Agency, said the greatest impact of the ongoing government shutdown on cybersecurity is on the morale of the cyber workforce.
Half of Agency cyber security professionals expect to be victim of a denial of service attack within a year. And more than sixty five percent of respondents don't think their agency can handle it, or other malicious attacks against their networks. The data comes from a Meritalk survey of one hundred cyber professionals in August.
The National Security Agency has been gathering contact lists from private e-mail accounts and sifting through them, looking for hidden connections. The collecting occurs overseas, but end up scooping information from some Americans' accounts. The Washington Post reports, NSA has collected hundreds of millions of lists. The new revelation comes from documents leaked by Edward Snowden. In one day, the NSA gathered more than 700 thousand contact lists from Yahoo, Hotmail, Facebook, and Gmail. It also collects millions of buddy lists from live chat services. The Post quotes an NSA spokesman saying the program targets terrorists, human traffickers and drug dealers.
For those of you who used Yahoo to get your email, good news: it's catching up to its competitors in making a common security setting the default. The Washington Post reports, Yahoo users will automatically use the SSL encryption standard beginning in January. Google made it the default for GMail web users back in 2010. Microsoft soon followed suit with Hotmail. Even Facebook and Twitter use it now.
Brazil is moving forward with the creation of a secure email platform after revelations of cyber surveillance techniques used by other governments. BBC reports the country's Federal Data Processing Service will develop the system to interact with encrypted services in attempt to "prevent possible espionage."
Former National Security Agency systems analyst Edward Snowden speaks to America in videos posted to the Wikileaks web site. The videos are the first to show Snowden talking since he fled the country for Russia in July. Snowden says says National Security Agency surveillance programs make people less safe, put them in conflict with the government, and hurt the economy. The clips show Snowden in an ornate room just after receiving an award in Moscow from the Sam Adams Associates for Integrity in Intelligence.
The Army Computer Crime Investigation Unit is warning people about mobile apps that let users access the myPay system. MyPay is operated by the Defense Finance and Accounting Service. Third party mobile apps aren't sponsored by the Defense Department. The Army says the apps leave users vulnerable to identity theft and loss of their money. It cites an app called MyPal DFAS LES. Free on the Google Play app store, the application has been downloaded 15 thousand times. The app lets user change passwords, update security questions and review payroll information.