11:37 am, May 23, 2015

National Cybersecurity Awareness Month

What is National Cybersecurity Awareness Month?

October is National Cybersecurity Awareness Month and it is an opportunity to engage public and private sector stakeholders - especially the general public - to create a safe, secure, and resilient cyber environment. Everyone has to play a role in cybersecurity. Constantly evolving cyber threats require the engagement of the entire nation from government and law enforcement to the private sector and most importantly, the public.

Cyberspace is woven into the fabric of our daily lives and the world is more interconnected today than ever before. We enjoy the benefits and convenience that cyberspace provides as we shop from home online, bank using our smart phones, and interact with friends from around the world through social networks. The Department of Homeland Security is committed to raising cybersecurity awareness across the nation and to working across all levels of government, the private sector, and internationally to protect against and respond to cyber incidents.

This year marks the tenth anniversary of National Cybersecurity Awareness Month sponsored by the Department of Homeland Security in cooperation with the National Cybersecurity Alliance and the Multi-State Information Sharing and Analysis Center.

October 3rd Cybersecurity Update - Silk Road Takedown

The FBI has arrested an alleged hacker and online purveyor of illicit goods. Ross Ulbricht was the owner and operator of Silk Road, an underground website officials say generated nearly 1 point 2 billion in sales. Computerworld reports, law enforcement also seized 26 thousand Bitcoins. Ulbricht was arrested in San Francisco and was to be arraigned yesterday. His site was taken down last month. It listed 13 thousand controlled substances. Plus a trove of hacker tools including key loggers, banking Trojans, and remote access tools. Silk Road also connected gun and ammunition buyers and sellers. It offered fake passports and Social Security cards.

Thursday - 10/03/2013, 03:16pm EDT

October 3rd Cybersecurity Update - NSA Technology Test

Top intelligence officials say the National Security Agency has tried to track Americans' cell-phone locations. It was part of a two-year pilot to test the technology. NSA chief General Keith Alexander says the agency did not actually track Americans' movements. He spoke before the Senate Judiciary Committee. The panel is considering legislation to restrict the surveillance programs. Alexander denied reports that the NSA dug into American's social media networks. And he says the agency has discliplined all but one of the dozen employees who have used the agency's technology for unauthorized purposes...including spying on their girlfriends.

Thursday - 10/03/2013, 03:15pm EDT

October 2nd Cybersecurity Update - Furloughed Federal IT Employees

So many federal IT employees are on furlough, those left on duty will have a job on their hands when it comes to cybersecurity. ComputerWorld reports, several agencies have issued contingency plans for keeping their systems operating. Most will be in maintenance mode, with a special eye on cyber. VA will furlough 40 percent of its eight thousand IT workers. Others, like the Federal Trade Commission, will have in place only a skeletal staff of six people. Housing and Urban Development will have 13 on the job. The Social Security Administration is leaving 10 percent of its three thousand IT staff in place.

Wednesday - 10/02/2013, 02:07pm EDT

October 2nd Cybersecurity Update - Computer network security issues at Guantanamo Bay

Computer network security issues at Guantanamo Bay won't stop proceedings against suspects in the September 11th terror attacks. A military judge has decided to let pretrial hearings continue while the Pentagon works on the cybersecurity issues. Security fears had prompted defense attorneys to stop using government email and servers for confidential legal work. They said some data disappeared. Emails mistakenly went to the prosecutors...and their private legal research was subject to monitoring. The Pentagon has agreed to address the complaints.

Wednesday - 10/02/2013, 02:06pm EDT

October 1st Cybersecurity Update - Government Shutdown

A Senate panel approved a key cybersecurity pick just hours before a government shutdown. The Senate Homeland Security and Governmental Affairs Committee reported out the nomination of Suzanne Spaulding. The president has tapped her to be the permanent Homeland Security undersecretary for national protection and programs. She now serves in an acting capacity. As such...she is responsible for securing critical infrastructure...federal facilities...and advancing identity management initiatives. Spaulding also has worked on the Hill for the intelligence committees. She was also an attorney for the C-I-A. Her nomination now goes to the full Senate.

Tuesday - 10/01/2013, 10:36am EDT

October 1st Cybersecurity Update - Botnet

A botnet infecting nearly two million computers has been hit hard by the good guys. ZeroAccess is one of the largest known botnets. Criminals use it for various frauds to the tune of tens of millions of dollars per year. Cybersecurity vendor Symantec found a way to disconnect 25 percent of the machines controlled by ZeroAccess. Computerworld reports, researchers were able to exploit a design weakness in the peer-to-peer architecture of the botnet. Before the cyber thieves could patch the flaw, Symantec performed a procedure called sinkholing. That prevented the owners from regaining control of the infected machines.

Tuesday - 10/01/2013, 10:36am EDT

NIST puts finishing touches on critical infrastructure cyber framework

The preliminary version of the framework will be published in mid-October, followed by several months of public comment. NIST plans a final release of the voluntary framework in February.

Monday - 09/30/2013, 06:38pm EDT

Serious doubts remain about VA's ability to secure veterans' data

A recent briefing between the House Veterans Affairs Committee, VA IT executives and DHS ended with the lead majority staff member walking out before the meeting ended. The rising tensions between the House Veterans Affairs committee's majority and VA come as a report surfaced showing veterans are at a higher risk of identity theft than the average citizen.

Monday - 09/30/2013, 06:37pm EDT

House lawmakers press VA for more details, assurances after cyber attacks

House Veterans Affairs Committee Chairman Jeff Miller (R-Fla.) and ranking member Michael Michaud (D-Maine) sent Secretary Eric Shinseki a letter asking for an explanation on why VA didn't tell the committee about multiple nation state attacks. The lawmakers call for VA to offer credit monitoring services to tens of millions of veterans.

Monday - 09/30/2013, 06:36pm EDT

Lawmakers, IG expose further vulnerabilities in VA's cybersecurity

The Veterans Affairs Department has been compromised by at least eight different nation state organizations that stole data from its systems, House lawmakers and other experts say. VA officials say there always are risks, but their computer security is better than ever before.

Monday - 09/30/2013, 06:36pm EDT

VA's security shortcuts put millions of veterans' data at risk, former VA cyber official alleges

The Veterans Affairs Department denies claims that systems or data are in danger. But Jerry Davis, the former deputy assistant secretary for information security in VA's Office of Information and Technology, asserts in documents that he was bullied into signing security certifications that were deficient as a condition of his departure from VA for a new job at NASA.

Monday - 09/30/2013, 06:35pm EDT

Understanding DHS's role in cyber security

What is DHS's role in cyber security. DHS uses intrusion detection tools to monitor .gov network traffic for malicious activity and uses this resulting data to address cyber vulnerabilities. In addition, DHS issues bulletins and alerts that provide information on potential cyber threats. Last year, DHS issued more the 5,000 alerts and advisories, which it shared with various government, private sector, and critical infrastructure stakeholders; as well as the public.

Monday - 09/30/2013, 06:22pm EDT

How does DHS respond to Cyber incidents?

How does DHS detect and respond to malicious cyber activity. DHS also operates a cyber-information coordination center, the National Cybersecurity and Communications Integration Center (NCCIC), and several operational units. These units respond to incidents and provide technical assistance to information system operators. The NCCIC coordinates the information collected through these channels to create a common operating picture for cyber communities across all levels of government and the private sector.

Monday - 09/30/2013, 06:22pm EDT

Security leaks could affect legislation

Recent revelations about secret U.S. surveillance programs could significantly impede progress on negotiations over new laws and regulations meant to beef up the country's defenses against the growing threat of cyber-attacks. Current and former cyber security officials say they worry the ongoing disclosures about secret National Security Agency spying programs by former NSA contractor Edward Snowden could trigger knee-jerk reactions by Congress or the private sector.

Friday - 09/27/2013, 10:44am EDT
  • 4