Network security

  • Government launches cybersecurity plan

    Last week the Obama administration unveiled its plan to secure federal computer networks, critical industries, and consumers from cyberattacks; under the proposed plan, DHS will lead government efforts to secure networks with “primary responsibility within the executive branch for information security” ; DHS would also be empowered to set policies and activities for government systems; the plan would require critical infrastructure operators like electric companies and large financial firms to present cybersecurity plans to DHS for approval; DHS auditors would review the plans with the operators, discuss any shortcomings and “take other action as may be determined appropriate”

  • Memphis flood fear eases, Louisiana and Mississippi brace for worst

    Residents living near the Mississippi River have been battling a record surge of water that is slowly making its way south sending a deluge of water beyond the river’s banks and into nearby communities; on Tuesday, the river’s crest made its way through Memphis hitting near record levels of 47.8 feet; so far the levees along the river have been holding up; residents of Louisiana and Mississippi are bracing for similar record water levels as the crest winds southward; to help ease the pressure on the levee system, the Army Corps of Engineers opened up several spillways on Monday including parts of the Bonnet Carre spillway; the region has received 600 percent more rain than usual for this time of year

  • DOJ report finds FBI agents lacks critical cyber security skills

    A recent government report found that the FBI’s cybersecurity experts are incompetent and overly focused on investigating child pornography; the study, conducted by the Department of Justice (DOJ), said that many of the FBI agents trained in cyber security lacked the ability to investigate national security related intrusions and threats; out of the thirty-six agents interviewed, only 64 percent said they had the expertise to handle national security related cyber investigations; the remaining 36 percent “lacked the networking and counterintelligence expertise to investigate national security intrusion cases” ; five agents even admitted that they “did not think they were able or qualified to investigate national security intrusions effectively”

  • Dramatic increase in critical infrastructure cyber attacks, sabotage

    A new study by McAfee and CSIS reveals a dramatic increase in cyber attacks on critical infrastructure such as power grids, oil, gas, and water; the study also shows that that many of the world’s critical infrastructures lacked protection of their computer networks, and revealed the staggering cost and impact of cyberattacks on these networks

  • Firm pushes for open wireless sensor data

    As wireless sensors are becoming increasingly ubiquitous in electrical grids, homes, and businesses, electronic enthusiasts and programmers believe that this data could be used to create a host of new devices with practical uses; making sensor data freely available allows engineers to build software and apps that monitor data in real time for things like local radiation levels, water quality, or even your home’s energy consumption; leading the push for open sensor data is U.K. based Pachube (pronounced “patchbay”) which has developed a network of sensors that collect six million points of data per day; the majority of sensor information is currently encrypted and therefore inaccessible

  • Siemens, McAfee team up to defend against critical infrastructure attacks

    McAfee and Siemens will work together to help secure critical infrastructure against cyber attacks that target industrial control processes like the Stuxnet worm which destroyed nuclear centrifuges at an Iranian nuclear enrichment facility; the two companies are targeting Advanced Persistent Threats aimed at the manufacturing and process industry; this new security product could help ease security fears for critical infrastructure operators who rely on industrial control programs for nearly every automated process; McAfee says it’s Application Control system product would have protected Iran’s centrifuges from the Stuxnet virus that caused them to spin out of control

  • Joint EU and U.S. cyber security exercise to be held this year

    The United States and the European Union (EU) recently announced that they will hold joint cyber war exercises by the end of 2011; the exercise comes as part of a broader agreement to expand efforts to jointly defend against cyber security threats; the two sides agreed to share best practices, engage the private sector, and increase global cyber incident response capabilities; in particular, the agreement will focus on fighting botnets, securing industrial control systems, and enhancing the resilience and stability of the internet

  • Call for creating a U.S. cybersecurity emergency response capability

    Lawmakers call for the creation of a cybersecurity emergency response capability to help businesses under major cyber attacks; “Who do you call if your CIO is overwhelmed, if you’re a local bank or utility?” Senator Sheldon Whitehouse (D-Rhode Island) asked; “How can we preposition defenses for our critical infrastructure, since these attacks come at the speed of light?”

  • Demand for gov. cybersecurity specialists outstrips supply

    The demand for IT personnel continues to grow, but there has been a subtle shift with regard to the qualifications most sought after; new studies found that professionals with the right IT skills and an active government security clearance earned 12 percent more than non-cleared personnel; in the Washington, D.C., area, the pay bump is 20 percent

  • Senator seeks to end wasteful government cybersecurity spending

    Senator Tom Carper (D – Delaware) is actively seeking ways to end wasteful government cybersecurity spending; Carper believes that the government can spend its money more efficiently on IT security; he believes that too many government programs are expensive, inefficient, and do not actually secure government networks; Carper was careful to note that he was not advocating for budget cuts, but rather more efficient spending; Carper has proposed mandating that all agencies only purchase technology that is preconfigured with encryption or other security measures; he is currently working with Senators Joseph Lieberman (I-Connecticut) and Susan Collins (R-Maine) on the Cybersecurity and Internet Freedom Act of 2011, which contains many of his proposals

  • U.S. industrial processes vulnerable to Stuxnet-like attack

    Cyber security experts recently warned that U.S. manufacturing plants and critical infrastructure were vulnerable to a Stuxnet-like attack; industrial plants, transportation systems, electrical grids, and even nuclear plants could be crippled by new cyber weapons that target specialized control core processes; concern has spread after the Stuxnet virus targeted these systems and created physical damage; experts have likened Stuxnet to “the arrival of an F-35 into a World War I battlefield”

  • OMB reports on 2010 cybersecurity attacks

    A new report on U.S. government cybersecurity says that in 2010 there were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team;the number represented a 39 percent increase over 2009, when 30,000 incidents were reported by the feds of 108,710 attacks overall

  • DHS struggles with IT hiring

    DHS has actively sought to recruit more employees with critical cyber security skills, but has struggled with internal obstacles that have slowed hiring; in 2010 DHS set a goal of hiring 1,000 employees with cyber security skills in three years, but so far has only managed to hire roughly 200 in 2010 and it plans to hire 100 this year; the new employees will focus on network and systems engineering, incident response, and risk and strategic analysis; obstacles to hiring include lengthy security clearance processing times, noncompetitive pay, and an outdated job classification system

  • Northrop awarded $1.1 billion DHS contract

    Northrop Grumman Corp. recently announced that it was awarded a government contract worth up to $1.1 billion to “operate, maintain, and enhance” classified networks for DHS; Northrop will build and maintain a classified network that will transmit data, voice, and video to over 15,000 users; the system is designed using a proprietary cloud-based computing model that can be accessed remotely

  • Cyber security firm victim of cyber attacks, Pentagon networks potentially compromised

    RSA, a major cyber security firm that helps defend the Pentagon’s networks as well as thousands of others around the world, has been the subject of a cyber attack; valuable information was stolen that could comprise the Department of Defense’s networks as well as Lockheed Martin’s; the attack has been identified as an advanced persistent threat; hackers stole information related to the company’s SecurID two factor authentication products; RSA’s SecureID customers include major banks, healthcare providers, and even state governments; RSA has been working with the U.S. government to secure networks against any potential security breaches