• EU issues new manual for defending ICS against cyberattacks

    ENISA, the EU’s cybersecurity agency, has issued a new manual for better mitigating attacks on Industrial Control Systems (ICS). ICS support vital industrial processes primarily in the area of critical information infrastructure such as the energy and chemical transportation industries, where sufficient knowledge is often lacking. As ICS are now often connected to Internet platforms, additional security preparations must be taken. ENISA says that the new guide provides the necessary key considerations for a team charged with ICS Computer Emergency Response Capabilities (ICS-CERC).

  • Federal IT spending to exceed $11 billion by 2018

    A new report from Delteks, contracted spending on cybersecurity will continue to grow from nearly $9 billion in FY2013 to $11.4 billion in FY2018, driven by multiple initiatives aimed at improving the overall cybersecurity posture of federal agencies. Persistent threats, complex and evolving policy issues, and changing technologies highlight ongoing cyber-workforce shortages to drive investments despite constrained federal IT funding.

  • Cybersecurity Manhattan Project needed

    On a daily basis, cyberattacks successfully steal U.S. intellectual property and military weapons plans, disrupt banking systems operations, and gain access to personal information which is supposed to be secure. The question: What it will take to harness America’s resources to push the country into developing effective national cyberdefense capabilities? Should it take another 9/11? Experts say that the whole must be greater than the sum of its parts. Power grid cyberattack exercises, increased cyberwarrior staffing at U.S. Cybercom, and the authorization of preemptive cyberattacks by Presidential Policy Directive 20 are individually good steps. But where is the whole? The unifying call to action? The United States may not be able to have another Manhattan Project, but it should be able to develop a Manhattan Project mentality, one which is orchestrated and executed by the U.S. cybersecurity czar or perhaps the DHS.

  • Cyber Gym in Israel trains cyber-defenders

    A group of IT and infrastructure companies in Israel have teamed up to launch Cyber Gym.The facility, inaugurated this month by Israel Electric Corp. (IEC), will train participants to defend against cyber attacks.When Sivan Shalom,  Israel’s Infrastructure and Energy Minister, was asked whether Israel was more concerned about a physical or a virtual attack, he said: “I think the future battle will be in cyberspace.”

  • NSA, DHS partner with academia to train next generation cyber specialists

    Universities across the United States have partnered with the NSA and DHS to prepare the next generation of cybersecurity professionals in anticipation of growing and more serious cyberattacks on the United States. Nearly 200 schools are designing new academic programs to attract more students to the growing field of cybersecurity, and with NSA and DHS as partners, the universities are preparing students for important roles in securing the nation’s digital infrastructure.

  • Cyberattacks more serious domestic threat to U.S. than terrorism: FBI

    The heads of the Federal Bureau of Investigation(FBI), Department of Homeland Security(DHS), and National Counterterrorism Center(NCTC) have declared cyber attacks as the most likely form of terrorism against the United States in the coming years. “That’s where the bad guys will go,” FBI director James Comey said about cyberterrorism. “There are no safe neighborhoods. All of us are neighbors [online].”

  • Hundreds of cyber specialists to compete at NetWars Tournament of Champions

    SANS Institute’s NetWars Tournament of Champions will be held in Washington, D.C., in mid-December. Hundreds of the brightest security professionals from around the world will compete with each other in order to determine who has the best skills in tackling cyber security challenges.

  • U.K. launches cyberwarfare reserve force

    U.K. defense secretary Philip Hammond announced that the Ministry of Defense (MoD) has begun this month to recruit the country’s top IT specialiststo join the Joint Cyber Reserve Unit (JCRU). “In response to the growing cyber threat, we are developing a full-spectrum military cyber capability, including a strike capability, to enhance the U.K.’s range of military capabilities,” Hammond said.

  • Cyberweapons likely to be an integral part of any U.S.-Syria clash

    A U.S.-led military attack on Syria may have been averted, at least for a while, by the Russian proposal to negotiate the transfer of Syria’s chemical weapons stocks to international control, but had the United States gone ahead with a strike, there is little doubt that cyberattacks would have been used by both sides. If the United States decides to attack Syria in the future, we should expect cyberweapons to be used.

  • U.S. “black budget” reveals unwieldy bureaucracy, misplaced priorities: expert

    Classified budget figures and successes and failures by American intelligence agencies, exposed for the first time this week by the Washington Post, show a massive bureaucracy with misplaced priorities, according to a cybersecurity and privacy expert. “The major failure identified in all of the post-9/11 assessments was a ‘failure to connect the dots,’” the expert said. “Nevertheless, the vast majority of the black budget is being spent on data acquisition — collecting more dots — rather than analysis.”

  • Lawmakers mull oversight of U.S. cyberattack capabilities and operations

    There has not yet been a public discussion of U.S. offensive cyberattack capabilities — and of actual U.S. cyberattacks — and the subject had been classified until a few years ago. Even after the subject came more into the open, only the fact that the United States had the capability to initiate offensive cyberattacks was acknowledged. With the growing attention to cyber operations – both defensive and offensive — the question of oversight is set to follow.

  • Former Pentagon No. 2 suspected of being source of Stuxnet leaks

    The Justice Department has informed Gen. (Ret.) James E. “Hoss” Cartwright that he is the target of an investigation into the leaking of a secret U.S.-Israeli cyber campaign to slow down Iran nuclear weapons program. The four-star Marine Corps general served as deputy chairman of the Joint Chiefs of Staff and was part of President Obama’s inner circle on many important national security issues before retiring in 2011.

  • Israel taps 10th graders’ cybersecurity skills to expand cybersecuity recruitment pool

    Israel has been subjected to a growing number of cyberattacks – and has itself used cyber-warfare against its adversaries. To make sure it stays ahead, Israel is accelerating its recruitment and development efforts in cybersecurity. Among other initiatives, the country is expanding the pool of potential cyberwarriors by going into high school classrooms to tap the cyber skills of tenth-graders.

  • FEMA issues annual National Preparedness Report

    Presidential Policy Directive 8: National Preparedness requires an annual National Preparedness Report (NPR) that summarizes national progress in building, sustaining, and delivering the thirty-one core capabilities outlined in the National Preparedness Goal. The 2013 NPR presents an opportunity to reflect on the progress that that has been made in strengthening national preparedness and to identify where preparedness gaps remain.

  • Obama orders U.S. intelligence to develop a list of targets for U.S. cyberattacks

    President Barack Obama last October has ordered U.S. intelligence agencies to develop a list of overseas targets for possible offensive cyberattacks by the United States. The directive says that “The secretary of defense, the DNI [Director of National Intelligence], and the director of the CIA … shall prepare for approval by the president through the National Security Advisor a plan that identifies potential systems, processes and infrastructure against which the United States should establish and maintain Offensive Cyber Effects Operations (OCEO) capabilities….”