Author Archives: Shaun Waterman

Microsoft exec gets new cyber job at DHS

Posted on by

Christopher Krebs, a cybersecurity policy executive for Microsoft and vice-chair of the National Cyber Security Alliance, started work this week as a senior counselor to Homeland Security Secretary John Kelly, the first major cyber-policy appointment at the department. Krebs “started at [the Department of Homeland Security] this week, as a senior counselor, and he’s generally working cyber issues,” DHS Spokesman David Lapan told CyberScoop via email. Krebs, who has no relation to security blogger Brian Krebs, worked at the department as a policy advisor during the George W. Bush administration, according to his LinkedIn profile. A former colleague said Krebs worked for Bob Stephan, when the retired Air Force colonel — now an executive with Alexandria, Va-based homeland security consultants CRA, Inc. — was DHS assistant secretary for infrastructure protection. Krebs’ appointment, first reported by Politico, is one of a slew of new job announcements at DHS this week. Monday, the White House said President […]

The post Microsoft exec gets new cyber job at DHS appeared first on Cyberscoop.

Continue reading Microsoft exec gets new cyber job at DHS

Android security better, but still dependent on manufacturers, carriers

Posted on by

The variegated state of the Android ecosystem has always been a problem for users seeking to ensure their smartphone is patched up to date against the latest publicly disclosed cybersecurity flaws — and new figures show it’s still a huge issue, despite some progress. Updates produced by Android have to be customized by the handset manufacturer. Samsung alone offers 13 models of Android phone, each one sold by up to 200 different telecom carriers, all of whom customize their operating system to different degrees — meaning they might have to tweak the updates as well, before finally distributing them to phone users. The users, of course, then have to install them. Figures released by Google’s Android last week suggest that more users are getting regular updates than ever before — but still show only half of the 1.4 billion Android devices in circulation got an update of any kind during 2016. Updates are crucial […]

The post Android security better, but still dependent on manufacturers, carriers appeared first on Cyberscoop.

Continue reading Android security better, but still dependent on manufacturers, carriers

Accused $100M business email grifter arrested in Lithuania

Posted on by

A Lithuanian man charged with running a two year, $100 million email banking con against two unnamed U.S. tech multinationals was arrested last week by authorities in his home country, federal prosecutors in New York said. The 12-page indictment provides few details of the scam, which prosecutors say netted Evaldas Rimasauskas more than $100 million. The funds wired to Latvian and Cypriot banks, where he had opened accounts posing as “an Asian-based manufacturer of computer hardware.” The victims are identified only as “a multinational technology company” and “a multinational online social media company,” both headquartered in the U.S. This much is clear: Though the case involved spoofed email, this was a way more complicated scam than your common business email compromise scheme — an increasingly pervasive species of online fraud that relies on hacking executive or c-suite email addresses and then using them to socially engineer subordinates to make fraudulent payments. By contrast, prosecutors said in […]

The post Accused $100M business email grifter arrested in Lithuania appeared first on Cyberscoop.

Continue reading Accused $100M business email grifter arrested in Lithuania

NSA deputy says U.S. cyberattack responses must improve

Posted on by

The way that U.S. government agencies respond to cyberattacks against the private sector from nation-state or other high-level adversaries is “fundamentally flawed” and needs to change, outgoing NSA Deputy Director Rick Ledgett said Tuesday. Ledgett, the latest addition to a growing list of cybersecurity officials and former officials who have called for the nation’s cyber responses to be overhauled, mocked existing response plans at an Aspen Institute luncheon roundtable hosted by former Justice Department senior official John Carlin. “The analogy a colleague of mine uses,” Ledgett explained, “is … if your house catches on fire, you have to call the mayor to see if he’ll let you call the water department to ask them to turn the water on. And then you call the city council to see if you can get funding for the fire department to send a truck. And by the time that’s all happened, your cyber house has burned to […]

The post NSA deputy says U.S. cyberattack responses must improve appeared first on Cyberscoop.

Continue reading NSA deputy says U.S. cyberattack responses must improve

NSA deputy says U.S. cyberattack responses must improve

Posted on by

The way that U.S. government agencies respond to cyberattacks against the private sector from nation-state or other high-level adversaries is “fundamentally flawed” and needs to change, outgoing NSA Deputy Director Rick Ledgett said Tuesday. Ledgett, the latest addition to a growing list of cybersecurity officials and former officials who have called for the nation’s cyber responses to be overhauled, mocked existing response plans at an Aspen Institute luncheon roundtable hosted by former Justice Department senior official John Carlin. “The analogy a colleague of mine uses,” Ledgett explained, “is … if your house catches on fire, you have to call the mayor to see if he’ll let you call the water department to ask them to turn the water on. And then you call the city council to see if you can get funding for the fire department to send a truck. And by the time that’s all happened, your cyber house has burned to […]

The post NSA deputy says U.S. cyberattack responses must improve appeared first on Cyberscoop.

Continue reading NSA deputy says U.S. cyberattack responses must improve

Legacy IT makes federal agencies less secure, study says

Posted on by

Federal agencies that shift money from maintaining outdated legacy IT systems to modernizing them can expect to see fewer cybersecurity incidents — as can the agencies that migrate legacy systems to the cloud or implement strict data governance policies, according to a new academic study. On average, for each 1 percent of its spending that an agency shifts from maintaining legacy systems to buying new ones, it can expect a 5 percent reduction in the number of security incidents, found the authors of the study “Security Breaches in the U.S. Federal Government.” It was written by two academics from the Fox Business School at Temple University and the Red McCombs School of Business at the University of Texas at Austin and published last week by the Social Science Research Network. The study also found that federal agencies that migrate their legacy IT systems to the cloud suffer fewer security incidents of improper access. And […]

The post Legacy IT makes federal agencies less secure, study says appeared first on Cyberscoop.

Continue reading Legacy IT makes federal agencies less secure, study says

Definitions for cyberwar terms sought by House lawmakers

Posted on by

The Trump administration should publish definitions for key terms in cyberspace conflict as part of a comprehensive national policy to defend the country from online attack, says a resolution introduced in the House. “The United States should develop and adopt a comprehensive cybersecurity policy that clearly define acts of aggression, acts of war, and other related events in cyberspace, including any commensurate responses” by U.S. forces, states the bipartisan resolution, H. Res. 200. It is sponsored by Democrat C.A. “Dutch” Ruppersberger of Maryland, whose district includes the Fort Meade headquarters of the NSA and U.S. Cyber Command, and by Republican Scott Taylor of Virginia, who represents the  defense-facility heavy Newport News-Virginia Beach area. Such “sense of the House” resolutions are non-binding, but the sponsors said they wanted to use the document to start a conversation about properly preparing the nation to defend itself from hackers, cybercriminals and other online enemies. The two men […]

The post Definitions for cyberwar terms sought by House lawmakers appeared first on Cyberscoop.

Continue reading Definitions for cyberwar terms sought by House lawmakers

Top Women in Cybersecurity: Donna Dodson

Posted on by

 Donna Dodson, Associate Director and Chief Cybersecurity Adviser, NIST Donna Dodson has multiple roles at the National Institute of Standards and Technology — the U.S. government’s premier measurement and testing laboratory. In addition to being the chief cybersecurity adviser to Acting NIST Director Kent Rochford, she is associate director of the Information Technology Laboratory — one of six labs at NIST — and director of the National Cybersecurity Center of Excellence. The center was established in 2012 by NIST along with the state of Maryland and Montgomery County. NIST provides the technical leadership and direction, Dodson said, the nonprofit federal contractor MITRE Corp. provides the personnel and 26 partner companies have signed up to provide technology and expertise. “We take cybersecurity best practices and solutions out of the laboratory, we engineer them, apply them in practice and bring them to businesses out in the community,” she explained. What is the greatest challenge […]

The post Top Women in Cybersecurity: Donna Dodson appeared first on Cyberscoop.

Continue reading Top Women in Cybersecurity: Donna Dodson

Top Women in Cybersecurity: Donna Dodson

Posted on by

 Donna Dodson, Associate Director and Chief Cybersecurity Adviser, NIST Donna Dodson has multiple roles at the National Institute of Standards and Technology — the U.S. government’s premier measurement and testing laboratory. In addition to being the chief cybersecurity adviser to Acting NIST Director Kent Rochford, she is associate director of the Information Technology Laboratory — one of six labs at NIST — and director of the National Cybersecurity Center of Excellence. The center was established in 2012 by NIST along with the state of Maryland and Montgomery County. NIST provides the technical leadership and direction, Dodson said, the nonprofit federal contractor MITRE Corp. provides the personnel and 26 partner companies have signed up to provide technology and expertise. “We take cybersecurity best practices and solutions out of the laboratory, we engineer them, apply them in practice and bring them to businesses out in the community,” she explained. What is the greatest challenge […]

The post Top Women in Cybersecurity: Donna Dodson appeared first on Cyberscoop.

Continue reading Top Women in Cybersecurity: Donna Dodson

Top Women in Cybersecurity: Mischel Kwon

Posted on by

Mischel Kwon, President, MKA Cyber Over a three-decade career in security, Mischel Kwon held a succession of increasingly highly-ranked technical leadership positions in both the public and private sector before hanging her own shingle in 2010 and founding MKACyber, a security consulting firm that assesses and builds security operations centers and runs a managed SOC service. Prior to being made director of the U.S. Computer Emergency Readiness Team in 2008, she was the deputy CISO for the Department of Justice, in which job she built and deployed the Justice Security Operations Center to monitor and defend the department’s network against cyber threats. Kwon also worked as the vice president for public sector security solutions at RSA and ran the George Washington University Cyber Defense Lab. MKACyber, a privately held 40-strong company, is “growing very rapidly,” Kwon says, “with both federal and commercial customers all over the country.” Last year, she also founded the […]

The post Top Women in Cybersecurity: Mischel Kwon appeared first on Cyberscoop.

Continue reading Top Women in Cybersecurity: Mischel Kwon