Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
National Security Correspondent J.J. Green has traveled three continents covering intelligence, terrorism, and security issues. From Afghanistan to Africa, Iraq to Ireland, there isn't anywhere J.J. won't go, nor anyone he won't talk with, to get the stories affecting the cyber security community.
Chinese President Xi Jinping, according to the Associated Press, "has put himself in charge of a new body to coordinate cyber security, in a sign of Beijing's concern over its vulnerability to online attacks and its desire to retain tight control over the Internet." AP says Chinese state media reports the central Internet security and information leading group will draft policy for boosting the country's defenses, as well as expanding and improving Internet access.
The Mt. Gox bitcoin exchange in Tokyo filed for bankruptcy protection Friday and its chief executive said 850,000 bitcoins, worth several hundred million dollars, are unaccounted for. The exchange's CEO Mark Karpeles appeared before Japanese TV news cameras, bowing deeply. He said a weakness in the exchange's systems was behind a massive loss of the virtual currency involving 750,000 bitcoins from users and 100,000 of the company's own bitcoins. That would amount to about $425 million.
U.S. banks and retail groups say they are joining forces to work on cyber security, getting past recent finger pointing for data breaches. The Financial Services Roundtable, Retail Industry Leaders Association and several other trade associations said the new partnership would focus on sharing more information on cyber threats.
Utah lawmakers are sending mixed messages to the National Security Agency, which runs a massive data-storage warehouse outside of Salt Lake City. One proposal is calling for legislators not to collect utility taxes from the center. Meanwhile, another lawmaker wants to cut off water to the center, which uses more than 1 million gallons daily to cool its computer processers.
The Financial Industry Regulatory Authority is looking at the measures that Wall Street's brokerages take to protect their businesses and customers from cyber security threats. FINRA, which conducts periodic "sweeps," or targeted checks on Wall Street brokerages, says it is conducting the review, in part, because of the growing threat to information technology systems from "a variety of sources.
App River email and security experts says Bank of America customers have been targeted by a new virus campaign they're calling a Bredo virus. It comes in the form of phishing email that claiming to be from BofA and asking the recipient of download a security file. The main goal of this virus is to steal information such as banking info or recording keystrokes. The software may also have abilities to further infect a system by downloading more malware on to the machine.
How can you tell if your system has been compromised? Internet security firm Mandiant says there are numerous signs. Included are evidence of unauthorized use of valid accounts, trace evidence & partial files, command and control activity, known and unknown malware, suspicious network traffic, valid programs used for other purposes and files that have obviously been accessed by attackers. IT managers are reminded that threats can slip in undetected and lay dormant for long periods of time before striking.
How do you shop securely online. The Center for Internet Security says you should "know your online merchants. Limit online shopping to merchants you know and trust. Only go to sites by directly typing the URL in the address bar. If you are unsure about a merchant, check with the Better Business Bureau or the Federal Trade Commission to ensure its legitimacy. Confirm the online seller's contact information in case you have questions or problems. Use a credit card, not a debit card. Credit cards are protected by the Fair Credit Billing Act and may reduce your liability if your information is used improperly.
Devices such as smartphones and tablets are being used more and more often for online shopping and the Center for Internet Security is warning that means the volume of attacks against them will increase as well. The "center" says every time you download an app, you open yourself to potential vulnerabilities. Their advice is to research those apps you plan to download to verify their legitimacy. Update all apps when notified and disable Bluetooth and Near Field Communications when not in use to reduce the risk of your data, such as a credit card number, being intercepted by a nearby device.
Recently several large U.S. companies were hacked online and like other victims of similar attacks, they were not aware until well after the attack happened. In some cases it was months. Online security firm Mandiant says, often attacks are blamed on malware, but they say 46% of compromised machines have no malware on them. Mandiant says hackers can navigate through conventional safeguards easily leaving little or no trace.
With so much gloom and doom about Cyber vulnerabilities, the Rand Corporation has some good news. In his book Cyberdeterrence and Cyber war, Martin Libicki puts it into perspective --suggesting Cyberspace has its own laws; for instance, it is easy to hide identities and difficult to predict or even understand battle damage, and attacks deplete themselves quickly. But the overall message is… cyber war is nothing so much as the manipulation of ambiguity.
What's the best thing you can do for your computer? Make sure that it's secure. Kaspersky Lab says you should don't invite bugs and malware in by allowing your computer systems to become outdated. The security company urges you to install operating system and application updates as soon as they're available. It also suggests using your software's built-in systems, and don't ignore the prompts they give you to update your computer security.
The Syrian Electronic Army (SEA) said hacked into Skype's social media accounts last week. Now the Internet calling service confirms it had been hit with a "cyber-attack" but said no user information was compromised. SEA posted a tweet posted on Skype's official Twitter feed that read: "Don't use Microsoft emails (hotmail, outlook). They are monitoring your accounts and selling the data to the governments. More details soon. #SEA"
Mandiant, the Virginia-based cyber-security firm than pinpointed a hacking unit in Shanghai that experts believe is part of the Chinese Army's cyber command has been sold. FireEye said that the purchase of privately held Mandiant would increase its ability to stop attacks in their early stages. The company valued the deal at nearly $1 billion.
Companies planning to bring aboard some new staff should rethink their secret use of social networking Web sites, like Facebook, to screen new recruits. William Stoughton of North Carolina State University, lead author of a study published in Springer's Journal of Business and Psychology, indicated in his work this practice is viewed by some as a breach of privacy and could create a negative impression of the company for potential employees. This type of spying could even lead to law suits.
Budget cuts notwithstanding, the U.S. Air Force plans to add 1,000 new personnel between 2014 and 2016 as part of its cyber security units. The 24th Air Force at Joint Base San Antonio-Lackland, Texas is home to the U.S. Air Force cyber command. With a budget of about $1 billion and a staff of roughly 400 military and civilian personnel, the command oversees about 6,000 cyber defense personnel throughout the Air Force.
You've heard of email and snail mail - but what about jail mail? It is something that will soon be on the way to some inmates at the Pasco County Jail in Florida. Sheriff Chris Nocco says 77 kiosks are being set up in the jail housing units. The set-ups will let inmates read and send email to those who have approved accounts. The sheriff says there will be no cost to taxpayers for the service. While inmates will be able to get email and photos, they will only be able to send email, not photos. And - as is the case with regular mail, deputies will be monitoring inmates email.
A longtime adviser to the U.S. Director of National Intelligence has resigned after the government learned he has worked since 2010 as a paid consultant for Huawei Technologies Ltd., the Chinese technology company the U.S. has condemned as an espionage threat. Theodore H. Moran, a professor at Georgetown University, had served since 2007 as adviser to the intelligence director's advisory panel on foreign investment in the United States. Moran also was an adviser to the National Intelligence Council, a group of 18 senior analysts and policy experts who provide U.S. spy agencies with judgments on important international issues.
National Security Advisor Susan Rice has sent a strong message to the Chinese. During a speech at Georgetown University, she said, "Cyber-enabled economic espionage hurts China as well as the U.S., because American businesses are increasingly concerned about the costs of doing business in China." U.S. Intelligence officials have been sounding alarms about China's high tempo of economic espionage for more than a decade.
You've heard of Stuxnet --the destructive computer virus unleashed on Iran's nuclear facilities. It was believed to be the world's first cyber weapon. But now we're learning that it has a twin --and the twin actually came first and started eating away at Iran's nuclear facility at Natanz years before the more public version we learned about in 2010. The bad news for Iran's nuclear programmers is that it's not really clear how broad the Stuxnet family is.