Collaborate Disseminate
The White House has reached consensus between State and Defense on how to pare back NSPM-13’s precedent-setting delegation of authority to the DOD.
The post State to gain more ability to monitor DOD cyber ops under White House agreement appeared first on CyberScoop.
Continue reading State to gain more ability to monitor DOD cyber ops under White House agreement
Cybersecurity and homeland security experts are split on the wisdom of scaling back broad authorities that DOD has to launch cyber operations.
The post Debate erupts at news the White House may scale back DOD cyber-ops authorities appeared first on CyberScoop.
Continue reading Debate erupts at news the White House may scale back DOD cyber-ops authorities
Over nearly a decade, cybersecurity-related philanthropic giving has constituted a fraction of one percent of the billions of dollars devoted to peace and security causes. An open letter Friday signed by trade associations, non-profits, charitable foundations, think tanks and well-known cybersecurity professionals aims to change that trend as part of what could be a series of future steps. “We believe that private philanthropy is ideally suited to support the development of an emerging field of theorists and practitioners across cybersecurity domains,” reads the letter. “Anyone who cares about national security, innovation, economic development, personal privacy, or civil liberties should care about cybersecurity. Private philanthropy is a critical missing piece to meet this urgent need.” The William Flora and Hewlett Foundation, Craig Newmark Philanthropies, and Gula Tech Foundation led the effort to organize the letter, signed by 30 different organizations and individuals. They include former White House cyber coordinator and current […]
The post A push for cybersecurity philanthropic giving launches appeared first on CyberScoop.
Continue reading A push for cybersecurity philanthropic giving launches
Although the aftershocks of COVID-19 will last for years, one result is already clear — shifting more activity online has increased our society’s digital dependence even faster than expected. The federal government’s cybersecurity capabilities need to keep pace. Although some Federal agencies, particularly the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS), have made significant improvements over the last few years, at least three factors impede government-wide progress. First, cybersecurity’s cross-cutting nature does not fit with the U.S. government’s bureaucratic structure. Second, agencies are not incentivized to sustain the degree of coordination required for effective cybersecurity. Third, a lack of central leadership hinders effective incident response. No single policy action will solve these problems, but creating a National Cyber Director along the lines of what the Cyberspace Solarium Commission recommends would be a good start. Bureaucracies prefer issues that fit neatly into one organization’s mission. […]
The post The case for a National Cyber Director appeared first on CyberScoop.
You know what’s worse than trying to share cybersecurity information? Writing about it. Everyone has read over and over again about how important information sharing is for cybersecurity. The idea is certainly not new. It’s definitely not cool. It’s also hard. No one has completely nailed it even after talking about it for decades. Why is information sharing so hard and why are we still working on it? We’ve identified plenty of barriers and worked to address them. In many cases, we’ve addressed them quite well. For example, information sharing is tough from a technical perspective because the volume and speed of data continues to increase. So the community developed standards like STIX (Structured Threat Information eXchange) as a common language to share indicators and context at machine speed, TAXII (Trusted Automated eXchange of Intelligence Information) to provide a protocol for the transfer of information, and MITRE’s ATT&CK framework for […]
The post Trust us, information sharing can work. Here’s how we’re doing it. appeared first on CyberScoop.
Continue reading Trust us, information sharing can work. Here’s how we’re doing it.
Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic. Continue reading Sipping from the Coronavirus Domain Firehose
The Coronavirus has prompted thousands of information security professionals to volunteer their skills in upstart collaborative efforts aimed at frustrating cybercriminals who are seeking to exploit the crisis for financial gain. Whether it’s helping hospitals avoid becoming the next ransomware victim or kneecapping new COVID-19-themed scam websites, these nascent partnerships may well end up saving lives. But can this unprecedented level of collaboration survive the pandemic? Continue reading COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?
Fifteen major companies, including the Apple, Facebook, Google, IBM, and PwC, announced Wednesday they are joining together to change their cybersecurity job descriptions and requirements to attract more talent to the 3 million cybersecurity job openings that are expected to be available over the next two years. Specifically, the companies — which are part of the Aspen Cybersecurity Group — are focused on nixing requirements that candidates have four-year bachelor’s degrees and gender-biased job descriptions. “A bachelors degree is actually not a good proxy for whether you have the talent,” Chair of the Aspen Institute’s Cyber & Technology Program John Carlin told CyberScoop. “There’s plenty of talented people out there but we need to figure out better ways to identify them and train them.” The group, which also includes AIG, Cloudflare, the Cyber Threat Alliance, Duke Energy, IronNet, Johnson & Johnson, Northrop Grumman, Symantec, Unisys, and Verizon, came together over […]
The post 15 major companies announce effort to tackle cybersecurity workforce recruitment issues appeared first on CyberScoop.
Microsoft and the Hewlett Foundation are preparing to launch a nonprofit organization dedicated to exposing the details of harmful cyberattacks and providing assistance to victims in an effort to highlight their costs, CyberScoop has learned. Known to its organizers as the “Cyber Peace Institute,” the nonprofit is expected to debut in the coming weeks, according to multiple sources who have discussed it with the organizers. The institute aims to investigate and provide analytical information on large-scale attacks against civilian targets, assess the costs of these attacks and give security tools to both individuals and organizations that will help them become more resilient, according to a description of the nonprofit provided during a session at the 2019 B-Sides Las Vegas cybersecurity conference. “We have a shared global responsibility to prevent the Internet from becoming ‘weaponized’ by increasing attacks by criminal groups and state actors alike,” the description reads. “We already have global organizations to tackle […]
The post Microsoft, Hewlett Foundation preparing to launch nonprofit that calls out cyberattacks appeared first on CyberScoop.
The Good Guys from the Cyber Threat Alliance just published a report to help you keep the Bad Guys out of your network Continue reading Securing edge devices – how to keep the crooks out of your network