Shaun Waterman – Page 5 – WindowsTechs.com

‘Sherpa’ leading Nielsen DHS confirmation effort is lobbyist tied to agency contractors

Posted on November 6, 2017 by Shaun Waterman

A former lobbyist representing companies with business before the Department of Homeland Security is leading the confirmation preparation for DHS secretary nominee Kirstjen Nielsen, assigning government staffers to prepare policy memos and coordinating her paperwork submissions to the Senate — an unprecedented role that’s causing consternation among some administration officials. “I’ve never seen someone from outside the government play that role,” said one senior official, who was granted anonymity since they were not authorized to talk to the press. “It’s shocking that someone with business before the department would be in that role.” “That is highly unusual,” agreed Chris Lu, a former Senate-confirmed official at the Department of Labor who is now a senior fellow at Virginia University’s Miller Center for Public Affairs. “Has this been cleared by the DHS ethics counsel?” Lu asked. “What procedures were followed to ensure that he doesn’t get access to non-public information that might benefit his clients?” Thad Bingel, a consultant with the Command Group, […]

The post ‘Sherpa’ leading Nielsen DHS confirmation effort is lobbyist tied to agency contractors appeared first on Cyberscoop.

Continue reading ‘Sherpa’ leading Nielsen DHS confirmation effort is lobbyist tied to agency contractors→

Latest ‘cyber moonshot’ idea is a national DDoS defense system

Posted on November 3, 2017 by Shaun Waterman

Phil Quade, formerly the NSA’s top cyber official and White House liaison, calls himself “an Apollo guy” — a big fan of the huge Saturn V rockets which took Americans to the moon in the 1960s. So he rears back when people use the term “moonshot” to lend credibility to a vague idea like “making the internet safe.” “You have to define it,” he says, echoing other critics who’ve suggested that the term “cyber moonshot” lacks the clarity and simplicity of the original lunar mission — to get a man to the moon and bring him back safely. But Quade’s own moonshot — one of a couple of ideas he and other White House staff developed in the waning days of the Obama administration — is very clear and simple, he says: To build a national capacity to counter distributed denial-of-service (DDoS) attacks. “You need to get the carriers, the solution providers and […]

The post Latest ‘cyber moonshot’ idea is a national DDoS defense system appeared first on Cyberscoop.

Continue reading Latest ‘cyber moonshot’ idea is a national DDoS defense system→

Before being picked to lead DHS, Nielsen waffled on the department’s top cyber job

Posted on November 2, 2017 by Shaun Waterman

Long before she was unexpectedly tapped to run the Department of Homeland Security, Kirstjen Nielsen was picked to be DHS’ top cyber official. But Nielsen was apparently unable to decide whether to take that job — effectively blocking any appointment to the nation’s top cyberdefense post for months. “It was her,” said one senior official, “She was what blocked it.” According to numerous officials who spoke with CyberScoop, Nielsen’s nomination as DHS undersecretary for the National Protection and Programs Directorate should have been part of a flurry of swift decisions early in the year about who was to lead key DHS agencies — including the Federal Emergency Management Agency, U.S. Citizenship and Immigration Services and Customs and Border Protection. Critics say her waffling left the NPPD, the DHS agency in charge of the federal government’s cyberdefenses, rudderless — casting a pall over the department’s leading role in defending the nation against online aggression from criminals and […]

The post Before being picked to lead DHS, Nielsen waffled on the department’s top cyber job appeared first on Cyberscoop.

Continue reading Before being picked to lead DHS, Nielsen waffled on the department’s top cyber job→

Congress told ‘the market can’t fix’ poor cybersecurity at credit companies

Posted on November 1, 2017 by Shaun Waterman

The day after Halloween, lawmakers at a hearing on the Equifax breach heard scary stories of an under-regulated industry that collects and analyzes vast quantities of data about consumers without their knowledge or consent, stores it insecurely and sells it to the highest bidder. Representatives of the credit reporting industry told the House Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection that those were all campfire tales to frighten children and that searching for a legislative solution would be the governmental equivalent of a snipe hunt. And Republican lawmakers sought to tamp down industry concerns by saying they were still in the information-gathering phase of their work. The hearing, said subcommittee Chairman Bob Latta, R-Ohio, “is an important step toward answering the many questions that consumers are asking.” But the overall tone of proceedings, even from the credit reporting industry’s traditional allies in the GOP, was not at all friendly. “Consumers are getting […]

The post Congress told ‘the market can’t fix’ poor cybersecurity at credit companies appeared first on Cyberscoop.

Continue reading Congress told ‘the market can’t fix’ poor cybersecurity at credit companies→

Reaper authors Chinese, possibly linked to cyberspy group ‘Black Vine’

Posted on October 30, 2017 by Shaun Waterman

The authors of a sophisticated strain of malware that’s been attacking internet of things devices are almost certainly Chinese and could be connected to a Beijing-linked cyber-espionage group believed behind the Anthem health insurance hack, according to new research. Check Point Technologies — the Israeli cyber outfit that was the first to publicly identify the malware, known variously as Reaper or IoTroop — said in a technical report released this weekend that the malware authors and operators are operating out of China. “We have a very high degree of confidence about that judgement,” Yaniv Balmas, the firm’s security research group manager told CyberScoop. His conclusion comes from multiple independent factors. A unique feature of the malware, Balmas noted, was its use of a Lua environment. Lua is a lightweight, embeddable programming language designed to enable scripts to run. “We’ve never seen it [used in malware] before,” said Balmas, adding it made the malware “very agile … […]

The post Reaper authors Chinese, possibly linked to cyberspy group ‘Black Vine’ appeared first on Cyberscoop.

Continue reading Reaper authors Chinese, possibly linked to cyberspy group ‘Black Vine’→

Forget your fingerprint: New concept lets people pick their own two-factor token

Posted on October 30, 2017 by Shaun Waterman

Researchers at Florida International University have designed an app for Android phones that allows users to replace passwords with a photograph of an everyday object they own, like a watch, shoe or piece of jewelry. The app, known as Pixie, is a “proof-of-concept” that shows how two-factor identification — something more than just a password — can be implemented without special hardware or biometrics. It was described by the researchers in an article in the peer-reviewed journal of the Association of Computing Machinery. It works like this: The user takes a picture or pictures of some object they carry with them — the researchers call this object the “trinket.” These pictures form what’s called the reference image — the picture that the submitted image has to match for the user to successfully prove who they are. The user can then prove their identity and access an account by submitting another picture of the […]

The post Forget your fingerprint: New concept lets people pick their own two-factor token appeared first on Cyberscoop.

Continue reading Forget your fingerprint: New concept lets people pick their own two-factor token→

Don’t fear the Reaper: Botnet ‘easy to stop,’ says security researcher

Posted on October 27, 2017 by Shaun Waterman

The new Internet of Things botnet variously known as Reaper, IoT_Reaper or IoTroop should be easy to stop if it ever attacks, a security researcher says. Reaper uses fixed, hardcoded domain and internet addresses for its command and control, or C2, servers — meaning they can easily be cut off by service providers, Radware security researcher Pascal Geenens wrote earlier this week. “The control servers, the architecture and the methods of operation of the Reaper botnet have been uncovered and are known,” Geenens wrote. “It uses a fixed domain and IP addresses for its C2 servers, which should make blacklisting or blackholing effective to stop any attacks it might attempt.” Although the hacker that controls the botnet — the “herder” — has proved successful at building it up, the botnet has not yet been used for attacks. But there’s widespread concern nonetheless about how powerful a weapon it could be. The Mirai botnet brought the […]

The post Don’t fear the Reaper: Botnet ‘easy to stop,’ says security researcher appeared first on Cyberscoop.

Continue reading Don’t fear the Reaper: Botnet ‘easy to stop,’ says security researcher→

Democrats call for watchdog to probe ‘glitzy’ DHS nomination party

Posted on October 27, 2017 by Shaun Waterman

The inspector general at the Department of Homeland Security should investigate a “glitzy ceremony” held at the White House to celebrate the nomination of Kirstjen Nielsen as DHS secretary, says the top Democrat on the House Homeland Security Committee. “Cabinet officials and corporate lobbyists enjoyed several hours of cocktails and live entertainment,” wrote Rep. Bennie Thompson, D-Miss., in a letter dated Thursday. “I find it hard to understand how a cocktail reception with corporate lobbyists benefits DHS’s mission, particularly at a time when many parts of the country, especially Puerto Rico and the U.S. Virgin Islands, are reeling from the effects of deadly hurricanes,” he continued. Thompson asks Inspector General John Roth to investigate the Oct. 12 ceremony — for which the White House billed DHS $8,000, the lawmaker says — and “review the relevant policies for hosting events such as this, and the circumstances under which DHS may be charged.” The congressman also pronounces it “troubling” that […]

The post Democrats call for watchdog to probe ‘glitzy’ DHS nomination party appeared first on Cyberscoop.

Continue reading Democrats call for watchdog to probe ‘glitzy’ DHS nomination party→

When feds want to hire a cyber-ninja, time is more important than money

Posted on October 26, 2017 by Shaun Waterman

The time it takes to actually onboard a new federal employee is a much more significant problem than pay and benefits when it comes to hiring top cybersecurity talent for U.S. agencies, former federal officials and private sector executives said Thursday. Conventional wisdom holds that federal government jobs can’t compete with the private sector on remuneration, but money generally is not the issue for highly skilled cybersecurity workers, panel members said at the Dell Technologies Digital Transformation Summit produced by FedScoop. “The challenge on the government side is time to hire,” said Karen Evans, a former senior technology official with the Office of Management and Budget under President George W. Bush and now the national director of the U.S. Cyber Challenge. It generally takes months — sometimes more than a year — to complete the background check and other bureaucratic procedures to start someone as a federal employee. And that, explained Evans, is more of a problem […]

The post When feds want to hire a cyber-ninja, time is more important than money appeared first on Cyberscoop.

Continue reading When feds want to hire a cyber-ninja, time is more important than money→