Collaborate Disseminate
AttackIQ’s Security Optimization Platform gives an agency a proactive—rather than a reactive—security posture. It enables continuous validation of security controls to definitively establish the effectiveness of key initiatives, to include zero-trust c… Continue reading GAO Finds Gaps in DoD Cyberdefenses, Highlights Importance of Breach and Attack Simulation Tools
The US blocked internet access to Russian trolls who, they say, were trying to spread FUD. Continue reading US pushed Russian troll factory offline during US midterm elections
The departments of Defense and Homeland Security have agreed to a framework that more clearly articulates the agencies’ roles and responsibilities in defending U.S. networks from advanced cyberthreats, officials told lawmakers Wednesday. A joint memo recently signed by Defense Secretary James Mattis and Homeland Security Secretary Kirstjen Nielsen “is a major step forward in fostering closer cooperation and marks a sea change in the level of collaboration between our departments,” Kenneth Rapuano, an assistant secretary of Defense, said at House Armed Services subcommittee hearing. Under the agreement, the departments will jointly prioritize a list of civilian assets that are critical to the U.S. military’s “ability to fight and win wars and project power,” and work to protect them, said Jeanette Manfra, DHS’s top cybersecurity official. That will shape a common understanding of threats at the agencies, which in turn can help the private and public sectors defend their networks, she added. DHS will […]
The post Pentagon, DHS agree to framework for joint cyberdefense appeared first on Cyberscoop.
Continue reading Pentagon, DHS agree to framework for joint cyberdefense
The Pentagon is dealing with a breach of Department of Defense travel records that exposed the personally identifiable information of defense personnel, a department spokesman said Friday evening. Pentagon officials on Oct. 4 identified a breach of the personally identifiable information (PII) of DOD personnel “that requires congressional notification,” Lt. Col Joe Buccino, a Pentagon spokesman, said in a statement. “The department is continuing to assess the risk of harm and will ensure notifications are made to impacted personnel whose PII may have been compromised,” Buccino said. The breach involves one commercial vendor — the name of which was not released — that provides DOD with a small percentage of travel services, he added. The Associated Press, which was first to report the news, reported that the breach could have affected up to 30,000 DOD workers and that the number could grow as the investigation proceeds. Buccino told CyberScoop that […]
The post Breach of Pentagon travel records exposes defense personnel PII appeared first on Cyberscoop.
Continue reading Breach of Pentagon travel records exposes defense personnel PII
US is the most vulnerable nation to attacks; White House working on executive order for agency CIOs Enterprises are not the only ones at risk when it comes to cyberattacks. Government institutions can also fall victim to a nation-state attack at any ti… Continue reading US is the most vulnerable nation to attacks; White House working on executive order for agency CIOs
The Department of Defense’s latest bug bounty program exposed more than 100 security vulnerabilities worth $80,000 to the hackers who looked through the department’s travel booking system, officials said. HackerOne, a company that has supported bug bounty programs for the Air Force, Army and the Pentagon at large, ran Hack the DTS (Defense Travel System), which lasted 29 days and concluded April 29, 2018. DTS is used by millions of Pentagon employees around the world making it one of the wide-reaching pieces of enterprise software in the U.S. government. “Securing sensitive information for millions of government employees and contractors is no easy task,” Reina Staley, Chief of Staff and Hack the Pentagon program manager at Defense Digital Service, said in a statement. “No system is infallible, and this assessment was the first time we employed a crowd-sourced approach to improve the security aspect of DTS.” Just 19 vetted hackers took part in the program. They found 65 unique vulnerabilities including 28 ranking high […]
The post Pentagon’s latest bug bounty program pays out $80,000 appeared first on Cyberscoop.
Continue reading Pentagon’s latest bug bounty program pays out $80,000
A government-backed hacking group tried to breach the Department of Defense via the exact same software vulnerability that was used to breach Equifax, an official with the National Security Agency said Tuesday during a speech at the 2018 RSA conference. “The vulnerability that took down Equifax last year when it was released in March, we had a nation-state actor within 24 hours scanning looking for unpatched servers within the DoD,” said David Hogue, a senior technical director for the NSA’s Cybersecurity Threat Operations Center (NCTOC). The malicious activity caught by NSA shows how most attackers, regardless of skill or available resources, will first rely on simplistic and easily accessible methods to compromise their victims. In this case, the attackers relied on a known vulnerability in the Apache Struts software framework to target the DoD. Hogue said that most data breach incidents that are analyzed by his team are caused by phishing […]
The post Nation state hackers attempted to use Equifax vulnerability against DoD, NSA official says appeared first on Cyberscoop.
The Department of Defense’s attraction to bug bounty programs continues with a contest to find security flaws in its travel booking system. The Pentagon is again pairing with HackerOne, a private company that has run similar programs for the Air Force, Army and the DoD at large, with hackers reporting hundreds of valid vulnerabilities and the Pentagon paying out hundreds of thousands of dollars. The latest program is focused on the Defense Travel System (DTS), an enterprise system that DoD personnel use to book things like airline and hotel reservations when they travel for DoD business. Because DTS is used by millions of people and maintains sensitive information, hardening its security is a priority for DoD, said Reina Staley, the chief of staff for the Defense Digital Service (DDS), which oversees the military’s bug bounty contests under the “Hack the Pentagon” program. “The quick, positive reception of the [Hack the Pentagon] program has been a major win; inviting hackers to uncover vulnerabilities in […]
The post The Pentagon’s latest bug bounty target is its travel booking system appeared first on Cyberscoop.
Continue reading The Pentagon’s latest bug bounty target is its travel booking system
The U.S. government’s ability to collaborate with the private sector on cybersecurity matters has improved in recent years in part because of better relations with the “next generation” of Silicon Valley leaders, according to former Defense Secretary Ashton Carter. Carter, who spoke Friday as part of a panel at the World Economic Forum conference in Davos, Switzerland, said in broad terms that the federal government had been stifled from creating a safer internet because of a poor relationship with technology companies. He seemed to suggest, however, that the complex relationship between national security agencies and the private sector has turned a corner in recent years after a prolonged period of heightened tension spurred by Edward Snowden’s 2013 disclosures of classified U.S. surveillance programs. “The cyber world grew up in what we now call the tech environment, which was militantly independent of government. And that was a great culture in a lot of ways. I am […]
The post ‘Next generation’ of Silicon Valley leaders more willing to work with feds, former Pentagon chief says appeared first on Cyberscoop.
Buried deep in President Donald Trump’s decision to elevate U.S. Cyber Command to a full-fledged unified combatant command is a detail that will eventually herald important changes to the way its military cyber personnel are going to be trained — and one that helps illuminate how the U.S.’ understanding of cyber war is changing. The elevation announcement earlier this month was mandated by Congress was widely anticipated for months, if not years. According to current and former Pentagon officials, Adm. Michael Rogers, the four-star commander of Cyber Command, already has pretty much the same authorities the commanders of the other nine UCCs enjoy, including the highest profile ones — a direct line to the Secretary of Defense and a seat at the budget deliberations table. “On paper, the chain of command goes through U.S. Strategic Command,” the UCC to which Cyber Command is currently subordinate as it awaits elevation, explained former Acting Deputy Assistant Secretary of Defense […]
The post Elevation of Cyber Command will make it more like its elite brethren appeared first on Cyberscoop.
Continue reading Elevation of Cyber Command will make it more like its elite brethren