Collaborate Disseminate
Its already massive facial recognition databases have ballooned, and government watchdog GAO found that the FBI isn’t checking accuracy. Continue reading The FBI is sitting on more than 641m photos of people’s faces
This is your Shared Security Weekly Blaze for October 15th 2018 with your host, Tom Eston. In this week’s episode: Google+ shutdown, weapons systems vulnerabilities, and new data on voice phishing scams. Silent Pocket is a proud sponsor of the Sh… Continue reading Google+ Shutdown, Weapons Systems Vulnerabilities, Voice Phishing Scams – WB38
A new government report reveals that it took hackers just one hour to gain access to a weapon system, and the Pentagon didn’t change the default password on “multiple” systems. Continue reading The Pentagon’s Weapons Are ‘Easily Hacked’ With ‘Basic Tools’
Competition among U.S. weapons makers keeps them from collaborating on cybersecurity problems, and it’s causing new and lasting vulnerabilities for the military, a senior U.S. official said Tuesday. Col. Tim Brooks, the mission assurance division chief in the Department of Army Management Office, said a lack of dialogue between contractors is causing headaches as the military looks to harden its systems. Broadly speaking, most weapons systems often overlay multiple different hardware and software products that are not all made by the same company. “With our weapons assessment program, there’s been a lot of time spent trying to break down organizational boundaries and to think about systems of systems,” Brooks said at the Security Through Innovation Summit presented by McAfee and produced by CyberScoop and FedScoop. “That’s compounded by the fact that all these systems of systems are produced by subprime contractors and everyones got non-disclosure agreements and no one wants to disclose their […]
The post Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says appeared first on Cyberscoop.
Among the many things the Department of Homeland Security is required to report on from time to time is its cybersecurity workforce challenges. Yet, according to the Government Accountability Office, it has failed to do so in a timely manner. GAO says DHS did not complete efforts to identify and assign codes to all its cybersecurity positions. In August 2017, DHS reported to Congress that it had coded 95 percent of the department’s cybersecurity positions but in fact, it was discovered that the department only coded 79 percent of the cybersecurity positions, the report states. GAO is not denying that DHS has taken some steps to identify the gaps but in a new the report, the office is calling out DHS for falling short on reporting these cybersecurity efforts regularly. These specialized codes help define roles and tasks for specific cybersecurity areas. The codes have not been fully assigned since September […]
The post GAO dings DHS for failing to share info on cybersecurity workforce efforts appeared first on Cyberscoop.
Continue reading GAO dings DHS for failing to share info on cybersecurity workforce efforts
The top Democrat on the Senate Energy and Natural Resources Committee is calling on two government agencies to review current policies that guide how America’s power grids and pipelines defend against cyberattacks. The request comes in the form of two letters demanding a review of U.S. energy infrastructure by the Government Accountability Office and Transportation Security Administration from Maria Cantwell, D-Wash., the ranking member of the Senate Energy and Natural Resources Committee. The GAO is the investigative office of Congress, and the TSA has oversight over pipelines in addition to its core transportation responsibilities. The requests come amid reports that Russian hackers have organized phishing email campaigns targeted at U.S. energy providers within the private sector, including at least one nuclear plant. “There have been multiple attacks on all of our grids,” said Ret. Brig. Gen. Stephen Cheney, who leads the nonpartisan American Security Project, during a committee hearing Tuesday. “And if we just put our heads in […]
The post Senator calls for review of energy infrastructure cybersecurity policy appeared first on Cyberscoop.
Continue reading Senator calls for review of energy infrastructure cybersecurity policy
Democratic Sen. Mark Warner has written to federal officials asking for details about how agencies patched their systems to protect them against the fast-spreading WannaCry ransomware. White House homeland security adviser Thomas Bossert told reporters during the daily briefing Monday that no federal systems had been infected, but Warner noted in his letter that despite a National Institute of Standards and Technology recommendation that security-related software updates “be installed within a defined timeframe (in many cases seven to 30 days for critical patches),” the Government Accountability Office last year found “numerous instances where agencies failed to comply with those deadlines.” Microsoft included a fix for the vulnerability in a regularly scheduled patch in mid-March. Over the weekend, the company took the unprecedented step of releasing a patch for several discontinued but still widely used software products, including Windows XP. In the letter, released Monday afternoon, the Virginia senator asks Homeland Security Secretary John Kelly and Office of […]
The post Sen. Warner wants action on WannaCry patching from DHS, OMB appeared first on Cyberscoop.
Continue reading Sen. Warner wants action on WannaCry patching from DHS, OMB
Democratic Sen. Mark Warner has written to federal officials asking for details about how agencies patched their systems to protect them against the fast-spreading WannaCry ransomware. White House homeland security adviser Thomas Bossert told reporters during the daily briefing Monday that no federal systems had been infected, but Warner noted in his letter that despite a National Institute of Standards and Technology recommendation that security-related software updates “be installed within a defined timeframe (in many cases seven to 30 days for critical patches),” the Government Accountability Office last year found “numerous instances where agencies failed to comply with those deadlines.” Microsoft included a fix for the vulnerability in a regularly scheduled patch in mid-March. Over the weekend, the company took the unprecedented step of releasing a patch for several discontinued but still widely used software products, including Windows XP. In the letter, released Monday afternoon, the Virginia senator asks Homeland Security Secretary John Kelly and Office of […]
The post Sen. Warner wants action on WannaCry patching from DHS, OMB appeared first on Cyberscoop.
Continue reading Sen. Warner wants action on WannaCry patching from DHS, OMB
The Office of Personnel Management appears to be overpaying for an identity theft insurance program it rolled out to protect more than 20 million current and former U.S. government employees whose personal information was exposed in the agency’s massive 2015 data breach, a government watchdog said. A newly released report by the Government Accountability Office notes that OPM is providing coverage at a level that is “likely unnecessary” because “claims paid rarely exceed a few thousand dollars.” Exasperating costs further is also the fact that the government know how many affected individuals might have signed up for two different government identify theft monitoring programs that essentially offer the same thing. Shortly after the breach was first publicly acknowledged, OPM contracted two firms, Winvale Group and ID Experts, to protect government employees that had their personal information exposed in the personnel records breach and separate breach of background investigation data. “OPM has estimated […]
The post After 2015 breach, OPM overpaid for identify theft protections, report finds appeared first on Cyberscoop.
Continue reading After 2015 breach, OPM overpaid for identify theft protections, report finds
Around half of all Americans are in the FBI’s database, and most don’t have any criminal history at all Continue reading Lawmakers scathing over FBI’s facial recognition database