• Call for creating a U.S. cybersecurity emergency response capability

    Lawmakers call for the creation of a cybersecurity emergency response capability to help businesses under major cyber attacks; “Who do you call if your CIO is overwhelmed, if you’re a local bank or utility?” Senator Sheldon Whitehouse (D-Rhode Island) asked; “How can we preposition defenses for our critical infrastructure, since these attacks come at the speed of light?”

  • Demand for gov. cybersecurity specialists outstrips supply

    The demand for IT personnel continues to grow, but there has been a subtle shift with regard to the qualifications most sought after; new studies found that professionals with the right IT skills and an active government security clearance earned 12 percent more than non-cleared personnel; in the Washington, D.C., area, the pay bump is 20 percent

  • Senator seeks to end wasteful government cybersecurity spending

    Senator Tom Carper (D – Delaware) is actively seeking ways to end wasteful government cybersecurity spending; Carper believes that the government can spend its money more efficiently on IT security; he believes that too many government programs are expensive, inefficient, and do not actually secure government networks; Carper was careful to note that he was not advocating for budget cuts, but rather more efficient spending; Carper has proposed mandating that all agencies only purchase technology that is preconfigured with encryption or other security measures; he is currently working with Senators Joseph Lieberman (I-Connecticut) and Susan Collins (R-Maine) on the Cybersecurity and Internet Freedom Act of 2011, which contains many of his proposals

  • Keeping digital data safe

    The recent Epsilon data leak incident was serious, as it exposed a large number of people to an attack called “spear phishing,” in which an attacker targets specific users or organizations with attempts to steal personal information; this incident could have been much worse: many third-party organizations have aggregated large amounts of our personal information in one place, making us increasingly vulnerable to the type of attack we saw with Epsilon — and attack in which a single breach can result in the compromise of a large amount of user data

  • Internet threat landscape offers a grim picture

    A new Symantec report paints a grim picture of the Internet threat landscape; Symantec detected more than three billion malware attacks from 286 million malware variants in 2010 — up 93 percent on 2009; 49 percent of malicious sites found through Web searches were pornographic; in 2010, 6,253 software vulnerabilities were reported, higher than in any previous year; fourteen vulnerabilities were used in zero-day attacks, including four different Windows zero-days used in the Stuxnet attack; the bad guys also demonstrated a firm grasp of new technology: social networking sites are a huge target, and hackers are exploiting the boom in URL shortening services such as bit.ly; smartphones are also beginning to attract malware

  • RSA explains how hackers stole critical SecurID data

    Cyber security giant RSA detailed how hackers recently infiltrated its systems and stole critical data related to its SecurID two factor authentication products which are used by the Department of Defense, major banks, and other government agencies around the world; hackers used a “spear-phishing attack,” fake emails containing malicious code, to first gain access to its networks; once inside the network, hackers were able to target high-level RSA employees with access to sensitive information and copy their data; experts warn that these types of attacks primarily exploit people, so educating employees to not open these types emails that may contain malicious code is critical

  • U.S. industrial processes vulnerable to Stuxnet-like attack

    Cyber security experts recently warned that U.S. manufacturing plants and critical infrastructure were vulnerable to a Stuxnet-like attack; industrial plants, transportation systems, electrical grids, and even nuclear plants could be crippled by new cyber weapons that target specialized control core processes; concern has spread after the Stuxnet virus targeted these systems and created physical damage; experts have likened Stuxnet to “the arrival of an F-35 into a World War I battlefield”

  • OMB reports on 2010 cybersecurity attacks

    A new report on U.S. government cybersecurity says that in 2010 there were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team;the number represented a 39 percent increase over 2009, when 30,000 incidents were reported by the feds of 108,710 attacks overall

  • Android and Windows 7 phone confound hackers in competition

    Android smartphones and the Windows 7 phone foiled hackers at the recent Pwn2Own hacking competition, while the Apple iPhone and Blackberry were successfully broken into; the results do not necessarily mean that Android and Windows 7 phones are more secure; several factors determine the relative protection a device has against hackers including the security of the software itself and the amount of research that has already been conducted on the device’s weakness; observers were surprised to see the Android repel attacks, but were not shocked when the iPhone was hacked

  • DHS struggles with IT hiring

    DHS has actively sought to recruit more employees with critical cyber security skills, but has struggled with internal obstacles that have slowed hiring; in 2010 DHS set a goal of hiring 1,000 employees with cyber security skills in three years, but so far has only managed to hire roughly 200 in 2010 and it plans to hire 100 this year; the new employees will focus on network and systems engineering, incident response, and risk and strategic analysis; obstacles to hiring include lengthy security clearance processing times, noncompetitive pay, and an outdated job classification system

  • Northrop awarded $1.1 billion DHS contract

    Northrop Grumman Corp. recently announced that it was awarded a government contract worth up to $1.1 billion to “operate, maintain, and enhance” classified networks for DHS; Northrop will build and maintain a classified network that will transmit data, voice, and video to over 15,000 users; the system is designed using a proprietary cloud-based computing model that can be accessed remotely

  • Cyber security firm victim of cyber attacks, Pentagon networks potentially compromised

    RSA, a major cyber security firm that helps defend the Pentagon’s networks as well as thousands of others around the world, has been the subject of a cyber attack; valuable information was stolen that could comprise the Department of Defense’s networks as well as Lockheed Martin’s; the attack has been identified as an advanced persistent threat; hackers stole information related to the company’s SecurID two factor authentication products; RSA’s SecureID customers include major banks, healthcare providers, and even state governments; RSA has been working with the U.S. government to secure networks against any potential security breaches

  • Major increase in cyber attacks on China's government

    China recently reported that last year its government websites experienced a 68 percent increase in cyber attacks; a total of 35,000 Chinese websites, including 4,635 government sites, were hit by hackers in 2010; attacks on non-government websites decreased 22 percent in 2010, while attacks on government websites had increased; in response to the increased number of cyber attacks, the report urged local regulators to step up efforts to police the Internet and deter these hackers by imposing stricter penalties; five million Chinese IP addresses had been infected with a trojan horse or corpse virus

  • Feds forced to get creative to bypass encryption

    As increasingly sophisticated encryption technology becomes widely available, federal authorities have been forced to find new ways to conduct surveillance against suspected criminals or terrorists; when federal authorities try to gather evidence on suspects, they frequently encounter PGP encrypted documents that they cannot hack into; authorities are experimenting with several methods to bypass encryption including keystroke logging spyware, seizing the computer while it is still on, and forcing an individual to turn over their passwords to federal authorities; the FBI recently floated a proposal that would force Web-based e-mail servers and social networks to build backdoors so that federal authorities could conduct surveillance, but quickly backed down

  • Paris G20 files stolen in cyber attack

    The French government recently confirmed that hackers have stolen sensitive files from the February G20 summit in Paris; in targeted attacks aimed at stealing specific files, more than 150 of the French Budget Ministry’s 170,000 computers were affected; officials say this was the first attack of this size and scale against the French government; circumstantial evidence points to China, but there is no clear indication to suggest the attacks were government sponsored; the most recent attack against the French government is the latest in a string of cyber attacks on companies and governments around the world with evidence pointing to China