Shows & Panels
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- American Readiness: Renewable Power and Efficiency Technologies
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Delivering the Digital Government Mission
- Federal Executive Forum
- Federal News Radio's National Cyber Security Awareness Month Special Panel Discussion
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- The New Generation of Database
- Reimagining the Next Generation of Government
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Search Tags: cyber security
The "persistent threat" is becoming the hallmark of how government and industry deal with cybersecurity concerns, particularly threats to the nation's electrical grid and critical infrastructure. Plus: how is industry and government training and retaining top cybersecurity professionals? On this edition of "AFCEA Answers", we'll explore these topics with Dr. Ernest McDuffie from NIST; Mike Peterson, Vice President with URS, former Air Force CIO; and Tom Conway, Director of Federal Business Development with McAfee.
Recent revelations about secret U.S. surveillance programs could significantly impede progress on negotiations over new laws and regulations meant to beef up the country's defenses against the growing threat of cyber-attacks. Current and former cyber security officials say they worry the ongoing disclosures about secret National Security Agency spying programs by former NSA contractor Edward Snowden could trigger knee-jerk reactions by Congress or the private sector.
How does DHS detect and respond to malicious cyber activity. DHS also operates a cyber-information coordination center, the National Cybersecurity and Communications Integration Center (NCCIC), and several operational units. These units respond to incidents and provide technical assistance to information system operators. The NCCIC coordinates the information collected through these channels to create a common operating picture for cyber communities across all levels of government and the private sector.
How do you know if your computer is vulnerable to cyber-attack? USCERT The U.S. Computer Emergency Readiness Team. says many computers are sold with software already loaded. Whether installed by a computer manufacturer, operating system maker, Internet Service Provider, or by a retail store, USCERT says the first step in assessing the vulnerability of your computer is to find out what software is installed and how one program will interact with another. Unfortunately, it is not practical for most people to perform this level of analysis.
What is DHS's role in cyber security. DHS uses intrusion detection tools to monitor .gov network traffic for malicious activity and uses this resulting data to address cyber vulnerabilities. In addition, DHS issues bulletins and alerts that provide information on potential cyber threats. Last year, DHS issued more the 5,000 alerts and advisories, which it shared with various government, private sector, and critical infrastructure stakeholders; as well as the public.
Cyber criminals --what's their M.O.? USCERT says Attackers focus on exploiting client-side systems (your computer) through various vulnerabilities. They use these vulnerabilities to take control of your computer, steal your information, destroy your files, and use your computer to attack other computers. A low-cost way attackers do this is by exploiting vulnerabilities in web browsers. An attacker can create a malicious web page that will install Trojan software or spyware that will steal your information.
To promote cyber security practices and develop these core capabilities, DHS says it is working with critical infrastructure owners and operators to create a Cyber security Framework - a set of core practices to develop capabilities to manage cyber security risk. These are the known practices that many firms already do, in part or across the enterprise and across a wide range of sectors. The draft Framework will be complete in October.
How strong is your password? Cyber criminals are running a wide-ranging password-guessing attack against some of the most popular blogging and content management systems on the net. The Fort Disco cracking campaign began in late May this year and is still going on. The UK based Register reports Four strains of Windows malware are associated with the campaign, each of which caused infected machines to phone home to a hard-coded command and control domain
Techweek has been reporting that two large botnets have targeted various content management systems, including WordPress and Joomla. The most recent attacks were labeled as Fort Disco, which began in late May 2013, according to Arbor Networks. Arbor has found six command and control servers, running over 25,000 infected Windows machines that were used to attack CMS systems using brute force or basically running through large lists of possible passwords.
Web page addresses can be disguised or take you to an unexpected site. Many web browsers are configured to provide increased functionality at the cost of decreased security. New security vulnerabilities may have been discovered since the software was configured and packaged by the manufacturer. Computer systems and software packages may be bundled with additional software, which increases the number of vulnerabilities that may be attacked.