Shaun Waterman – Page 20 – WindowsTechs.com

DHS: More authority needed to secure mobile networks

Posted on May 4, 2017 by Shaun Waterman

The Department of Homeland Security lacks the authority it needs over mobile telephone networks to properly do its job of securing federal IT systems against hackers, according to a new report from DHS’ Science and Technology Directorate. The authors also recommend overhauling the standard reporting and information sharing formats for vulnerabilities and threats — like the National Vulnerability Database and the Common Vulnerability Enumeration — so they can include threats to mobile IT as well. The report also suggests that future IT security is endangered because the U.S. government, which for many years didn’t own any mobile networks, lacked a voice in global discussions about standards for cellular communications dominated by legacy state-owned national telcom companies from adversarial nations. The Study on Mobile Device Security was required by the Cybersecurity Act of 2015, also sometimes called CISA. The study was released Thursday after being presented to Congress. Consumer smartphones, after all, are basically powerful computers equipped with enormously sensitive cameras and microphones, plus multiple different ways […]

The post DHS: More authority needed to secure mobile networks appeared first on Cyberscoop.

Continue reading DHS: More authority needed to secure mobile networks→

Former DHS cyber official Schneck takes financial consulting job

Posted on May 3, 2017 by Shaun Waterman

Phyllis Schneck, the most senior official with a cybersecurity-specific job at the Obama-era Department of Homeland Security, has landed at Promontory Financial Group, one of Washington’s most powerful and best-connected banking consultancies. Schneck, who was deputy undersecretary for cybersecurity and communications in DHS’s National Protection and Programs Directorate, told friends that she started last week. The Promontory website lists her as “managing director and global leader of cyber solutions” in the company’s Washington, D.C., office. Neither Schneck nor a representative of the company immediately responded to an email requesting comment. Promontory is a behind-the-scenes powerhouse packed with former banking regulators and other ex-officials — from founder and former U.S. Comptroller of the Currency Eugene Ludwig to board member and former White House Chief of Staff Ken Duberstein. Indeed a large chunk of the company’s revenue comes from outsourced oversight. It’s hired by regulatory agencies, for example, to backstop overworked staff by monitoring punishment deals […]

The post Former DHS cyber official Schneck takes financial consulting job appeared first on Cyberscoop.

Continue reading Former DHS cyber official Schneck takes financial consulting job→

NIST urged to include multi-factor authentication in cyber framework

Posted on May 3, 2017 by Shaun Waterman

The U.S. government should specify some form of online identity security that goes beyond a username and password in the forthcoming update to its voluntary cybersecurity framework, advocates urged at an industry conference Tuesday. “Right now, you have a situation where Teen Vogue is recommending [two-factor identity authentication, or] 2FA and the [National Institute for Standards and Technology] Cybersecurity Framework isn’t,” pointed out Jeremy Grant, who headed up NIST’s effort to kick-start a market for identity security from 2011 to 2015. “Shouldn’t we take a look at that?” he asked the audience at the International Biometric Identity Association’s Connect:ID conference. NIST is preparing an update to its highly regarded Cybersecurity Framework and is in the midst of analyzing public comments on its initial draft ahead of a public workshop later this month. The article in cyber-savvy Teen Vogue was something of a high-water mark for popular awareness of 2FA, also called multi-factor authentication, or MFA. […]

The post NIST urged to include multi-factor authentication in cyber framework appeared first on Cyberscoop.

Continue reading NIST urged to include multi-factor authentication in cyber framework→

Intel chip vulnerability sends corporate cyber teams scrambling

Posted on May 2, 2017 by Shaun Waterman

Corporate IT departments across the globe were scrambling Tuesday to figure out if their networks were hit by a vulnerability in Intel processors that opened the chips up to hackers. Intel announced the existence of vulnerability CVE-2017-5689 in its Active Management Technology, or AMT, firmware on Monday, saying it had not been exploited in the wild. “An unprivileged network attacker could gain system privileges,” by remotely exploiting the vulnerability, the company said, revealing that it impacted chips shipped since 2008, but not ones used in consumer personal computers. “Yes, this is terrifying,” wrote security researcher Matthew Garrett on his blog. If hackers learned how to exploit the vulnerability — which Intel rated “critical”— they would have access to the powerful features of AMT, a technology designed to let the IT department of a company remotely manage large numbers of computers. “AMT provides a web [user interface] that allows you to do things like reboot a machine, provide […]

The post Intel chip vulnerability sends corporate cyber teams scrambling appeared first on Cyberscoop.

Continue reading Intel chip vulnerability sends corporate cyber teams scrambling→

Bill would launch cybersecurity grant program for state and local governments

Posted on May 1, 2017 by Shaun Waterman

Proposed legislation establishing a Department of Homeland Security grant program that would bolster cybersecurity for state and local government IT networks faces a steep climb in Congress, but its backers say the need is urgent. “There’s an acknowledgement that this is a real problem …[and that] things could get worse … As [former Defense Secretary] Leon Panetta has observed, we’re at something of a pre-9/11 point in cyber,” said Rep. Derek Kilmer, D-Wash., a co-sponsor of the State Cyber Resiliency Act, HR 1344. His GOP co-sponsor is Virginia Rep. Barbara Comstock. An identical companion bill in the Senate, S. 516, is sponsored by Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo. Cyber threats “aren’t aimed at red districts or blue districts — all of our communities are vulnerable … There is an obvious need and I hope that makes it more likely that this bill could move,” Kilmer told CyberScoop in an […]

The post Bill would launch cybersecurity grant program for state and local governments appeared first on Cyberscoop.

Continue reading Bill would launch cybersecurity grant program for state and local governments→

Malware sniffer is latest cyber technology to get DHS push toward marketplace

Posted on April 28, 2017 by Shaun Waterman

A new form of malware detection software that analyzes computer code to predict malicious behavior — but without actually running it — has been exclusively licensed to a Virginia startup from the Oak Ridge National Laboratory under a Department of Homeland Security program that helps get federally developed technology to the marketplace. Hyperion, as the software is called, was one of the first technologies selected for DHS’s Transition to Practice, or TTP, program — back in 2012 when it was launched. It was licensed to Manassas, Virginia-based Lenvio this month after the company was spun off from R&K Cyber last year. Hyperion had previously been non-exclusively licensed to R&K. “Obtaining an exclusive technology license … helps us secure a more competitive position to commercialize Hyperion as we grow our company,” said B.K. Gogia, Lenvio’s chief executive officer, in a statement. Conventional malware consists of a file that a user is tricked into downloading and running on their […]

The post Malware sniffer is latest cyber technology to get DHS push toward marketplace appeared first on Cyberscoop.

Continue reading Malware sniffer is latest cyber technology to get DHS push toward marketplace→

Verizon’s annual data breach report is depressing reading, again

Posted on April 27, 2017 by Shaun Waterman

The takeaway from the 10th annual Verizon Data Breach Investigations Report is depressingly familiar: Of the 1,935 breaches analyzed, 88 percent were accomplished using a familiar list of nine attack vectors, meaning they could probably have been prevented by a few simple cyber-hygiene measures. The DBIR, an analysis of breaches and incidents investigated by Verizon personnel or reported by one of their 65 partner organizations, is one of the most comprehensive reports in an industry that sometimes seems to specialize in thinly sourced surveys — marketing gussied up as research. So its release is closely watched by cybersecurity mavens every April. But in recent years, the DBIR has become a repetitive litany of attacks that exploit well-known and long patched vulnerabilities in familiar ways. The 2017 report released Thursday found, for example, that 81 percent of hacking-related breaches employ either reused/stolen passwords or weak/crackable ones. “There is no such thing as an impenetrable system, but doing the [cybersecurity] […]

The post Verizon’s annual data breach report is depressing reading, again appeared first on Cyberscoop.

Continue reading Verizon’s annual data breach report is depressing reading, again→

Former top spy says U.S. not positioned to fight information wars in cyberspace

Posted on April 26, 2017 by Shaun Waterman

When U.S. officials realized last year that Russian intelligence services’ hacking into the IT systems of the Democratic National Committee was just one part of a full-featured information warfare operation, they faced a number of immediate problems, a former White House insider said Wednesday. James Clapper, who was director of national intelligence under President Barack Obama, said the first dilemma was well-understood: how to warn the American people about the Russian effort to meddle with the election without appearing to put a thumb on the scale. There was a second and much less well-understood problem, though: how to fight back. “We don’t really have a good way to respond” to the efforts like those that were designed to damage Democratic candidate Hilary Clinton, Clapper said at Gigamon’s Public Sector Cybersecurity Summit. The information warfare created fake news as well as the real thing — like the stories that came out of the documents dumped from the DNC hack. […]

The post Former top spy says U.S. not positioned to fight information wars in cyberspace appeared first on Cyberscoop.

Continue reading Former top spy says U.S. not positioned to fight information wars in cyberspace→

Beyond concerns about AI, consumers see usefulness — particularly in cybersecurity, privacy

Posted on April 25, 2017 by Shaun Waterman

Almost two-thirds of American consumers welcome advances in artificial intelligence and machine learning, and cybersecurity is among the areas where assistance from AI has the most appeal, according to a new survey. Sixty-three percent of consumers agree AI will “help solve complex problems that plague modern societies,” according to the survey, published Tuesday by the accounting and consulting firm PwC. When respondents were asked about different kinds of issues that AI might help with, 68 percent highlighted cybersecurity and privacy, while 66 percent chose its importance in helping to solve cancer and other diseases and 71 percent agreed AI could provide educational help to disadvantaged schoolchildren. “Despite the doomsday scenarios painted by Hollywood and news media, most consumers are optimistic about AI’s potential for good,” states the report, titled “Bot.Me: A revolutionary partnership.” On the other hand, almost half of respondents — 46 percent — said they believe AI will harm people by taking away jobs. […]

The post Beyond concerns about AI, consumers see usefulness — particularly in cybersecurity, privacy appeared first on Cyberscoop.

Continue reading Beyond concerns about AI, consumers see usefulness — particularly in cybersecurity, privacy→

White House: Cyber executive order is close, will be ‘intertwined’ with federal IT modernization

Posted on April 24, 2017 by Shaun Waterman

The Trump administration is “close” to unveiling its cybersecurity executive order and is carefully aligning its policy in that area with plans for modernizing federal IT networks, White House Cybersecurity Coordinator Robert Joyce said Monday in his first public comments since taking office. “We must make sure that innovation and cybersecurity are intertwined,” Joyce told an international cybersecurity conference at Georgetown University. He said the president’s son-in-law, Jared Kushner, was working with White House tech policy aides Chris Lidell and Reed Cordish on “a major effort” in Kushner’s newly minted Office of American Innovation to develop “approaches for the president’s consideration to modernize federal IT systems, retire outdated systems and move to shared services.” White House staff would ensure that the two initiatives “are closely aligned,” Joyce said. “I get to participate in, my staff gets to participate in those meetings,” he said of the innovation office’s work on federal IT. Asked whether modernization policy […]

The post White House: Cyber executive order is close, will be ‘intertwined’ with federal IT modernization appeared first on Cyberscoop.

Continue reading White House: Cyber executive order is close, will be ‘intertwined’ with federal IT modernization→