Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says

Competition among U.S. weapons makers keeps them from collaborating on cybersecurity problems, and it’s causing new and lasting vulnerabilities for the military, a senior U.S. official said Tuesday. Col. Tim Brooks, the mission assurance division chief in the Department of Army Management Office, said a lack of dialogue between contractors is causing headaches as the military looks to harden its systems. Broadly speaking, most weapons systems often overlay multiple different hardware and software products that are not all made by the same company. “With our weapons assessment program, there’s been a lot of time spent trying to break down organizational boundaries and to think about systems of systems,” Brooks said at the Security Through Innovation Summit presented by McAfee and produced by CyberScoop and FedScoop. “That’s compounded by the fact that all these systems of systems are produced by subprime contractors and everyones got non-disclosure agreements and no one wants to disclose their […]

The post Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says appeared first on Cyberscoop.

Continue reading Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says

Inside the U.S.’ new state-of-the-art cyberwarfare bunker

The command post for any future U.S.-backed cyberwar is now officially open. Last week, NSA and U.S. Cyber Command leaders posed together and smiled for pictures during a ribbon-cutting ceremony to celebrate the completion of a new, state-of-the-art spy bunker named the “Integrated Cyber Center,” or ICC. Bland in name alone, the groundbreaking facility located inside Fort Meade in Maryland represents the latest step taken by the federal government to equip U.S. spies and a growing force of “cyberwarriors” with the physical infrastructure necessary to combat foreign threats online. Hackers linked to Russia, China, North Korea and Iran have each respectively penetrated important U.S. political groups, government agencies, entertainment studios and U.S. energy companies in recent years. These types of breaches have led lawmakers to openly question whether the federal government is doing enough to deter hackers. “Today we are at the dawn of a new era, facing the reality of wars […]

The post Inside the U.S.’ new state-of-the-art cyberwarfare bunker appeared first on Cyberscoop.

Continue reading Inside the U.S.’ new state-of-the-art cyberwarfare bunker

Pentagon orders military exchanges to pull Chinese smartphones over security risks

Huawei and ZTE are already telephones non gratae, tied too close for comfort to the Chinese Communist Party and People’s Liberation Army back home. Continue reading Pentagon orders military exchanges to pull Chinese smartphones over security risks

Pentagon bars Huawei, ZTE devices from sale on military bases

The Department of Defense is telling vendors on military bases to stop selling smartphones and other devices made by Chinese companies Huawei and ZTE, citing security concerns, according to a Pentagon statement. The news comes as the U.S. government scrutinizes the two companies for potentially enabling Chinese espionage through their technology. “Huawei and ZTE devices may pose an unacceptable risk to Department’s personnel, information and mission,” Pentagon spokesperson Major David Eastburb said in a statement. “In light of this information, it was not prudent for the Department’s exchanges to continue selling them to DoD personnel.” Pentagon-affiliated news outlet Stars and Stripes reported last month that Huawei phones were being sold by a TKS, a vendor to U.S. military bases in Germany. The company markets telecommunications services and devices to U.S. service members abroad. Eastburn says the order to stop selling Huawei-made phones, modems and other devices went out on Friday and the […]

The post Pentagon bars Huawei, ZTE devices from sale on military bases appeared first on Cyberscoop.

Continue reading Pentagon bars Huawei, ZTE devices from sale on military bases

The NSA now officially has a new chief

Gen. Paul Nakasone, an experienced military leader with a unique background in cyber-operations and intelligence gathering, has been approved to take over the National Security Agency and U.S. Cyber Command. The Senate confirmed Nakasone, who currently leads Army Cyber Command, by voice vote Tuesday morning. The promotion was expected for months and faced little opposition, but like most things in the Senate, it took some time to schedule. President Donald Trump nominated Nakasone for the job on Feb. 13. The previous NSA chief, Adm. Michael Rogers, is expected to officially retire soon after having served for four years at the top of the spy agency. During his tenure, the NSA attempted a massive reorganization effort known as “NSA21,” which combined certain components of the NSA’s defensive and offensive cyber teams for the first time. The current hierarchy, approved by Congress, prescribes that the leader of NSA is also simultaneously the head of U.S. Cyber Command, a still-nascent cyberwarfare […]

The post The NSA now officially has a new chief appeared first on Cyberscoop.

Continue reading The NSA now officially has a new chief

Nation state hackers attempted to use Equifax vulnerability against DoD, NSA official says

A government-backed hacking group tried to breach the Department of Defense via the exact same software vulnerability that was used to breach Equifax, an official with the National Security Agency said Tuesday during a speech at the 2018 RSA conference. “The vulnerability that took down Equifax last year when it was released in March, we had a nation-state actor within 24 hours scanning looking for unpatched servers within the DoD,” said David Hogue, a senior technical director for the NSA’s Cybersecurity Threat Operations Center (NCTOC). The malicious activity caught by NSA shows how most attackers, regardless of skill or available resources, will first rely on simplistic and easily accessible methods to compromise their victims. In this case, the attackers relied on a known vulnerability in the Apache Struts software framework to target the DoD. Hogue said that most data breach incidents that are analyzed by his team are caused by phishing […]

The post Nation state hackers attempted to use Equifax vulnerability against DoD, NSA official says appeared first on Cyberscoop.

Continue reading Nation state hackers attempted to use Equifax vulnerability against DoD, NSA official says

U.S. Cyber Command chief calls for debate around hacking unit’s authorities

Lawmakers and Pentagon leadership are considering plans that could one day provide U.S. Cyber Command with additional authorities to more easily operate outside declared war zones, two senior U.S. officials acknowledged Wednesday during an open congressional hearing. The testimony confirms aspects of a story CyberScoop published Wednesday about a push inside the government to give more authority to the military’s top hacking unit. That story described concerns shared in the intelligence community about the potential impact of a spike in cyber warfare operations. Such a shift in policy may allow Cyber Command to offer more protection to private companies, including those that own and operate what the U.S. government considers “critical infrastructure.” When it comes to offensive measures, the shift could also open the door for soldiers to hack a much wider array of targets; beyond the Middle East, where the military is already engaged in firefights. Under existing authorities, U.S. […]

The post U.S. Cyber Command chief calls for debate around hacking unit’s authorities appeared first on Cyberscoop.

Continue reading U.S. Cyber Command chief calls for debate around hacking unit’s authorities

APT, MITRE, DoD, and Panera – Hack Naked News #167

This week, Drupal vulnerabilities, APT detection, DoD bug bounties, new DNS services and breaches galore from Under Armour, Saks, Lord and Taylor, and Panera! Jason Wood from Paladin Security joins us for expert commentary so stay tuned to this episode… Continue reading APT, MITRE, DoD, and Panera – Hack Naked News #167

The Pentagon’s latest bug bounty target is its travel booking system

The Department of Defense’s attraction to bug bounty programs continues with a contest to find security flaws in its travel booking system. The Pentagon is again pairing with HackerOne, a private company that has run similar programs for the Air Force, Army and the DoD at large, with hackers reporting hundreds of valid vulnerabilities and the Pentagon paying out hundreds of thousands of dollars. The latest program is focused on the Defense Travel System (DTS), an enterprise system that DoD personnel use to book things like airline and hotel reservations when they travel for DoD business. Because DTS is used by millions of people and maintains sensitive information, hardening its security is a priority for DoD, said Reina Staley, the chief of staff for the Defense Digital Service (DDS), which oversees the military’s bug bounty contests under the “Hack the Pentagon” program. “The quick, positive reception of the [Hack the Pentagon] program has been a major win; inviting hackers to uncover vulnerabilities in […]

The post The Pentagon’s latest bug bounty target is its travel booking system appeared first on Cyberscoop.

Continue reading The Pentagon’s latest bug bounty target is its travel booking system

Army pioneer heads to Army Cyber Command

Command Sgt. Maj. Sheryl Lyon hopes she’s eased the path for future female military leaders. After almost three years at U.S. Army Europe, Lyon is leaving for an assignment at Army Cyber Command in Virginia. Lyon was the army’s first female senior leader at a service component command. She will be the senior enlisted leader at Army Cyber Command, serving in the role of the command sergeant major. “I hope that I’ve been able to help pave the way, that it’s based on capability for positions instead of gender or ethnicity or anything like that,” Lyon told Stars and Stripes. Lyon, a trained intelligence analyst, believes she can “bring some knowledge and past experience that will help in that realm that will help advance it as well.” Founded in 2010, Army Cyber Command is the cyberwarfare unit tasked with protecting Army computer systems and using hacking tools to support soldiers […]

The post Army pioneer heads to Army Cyber Command appeared first on Cyberscoop.

Continue reading Army pioneer heads to Army Cyber Command