Category Archives: marine corps

As adversaries get craftier, Marine Corps cyber official touts appeal of zero-trust security

Posted on by

As the Department of Defense tries to be more proactive about preventing hackers from gaining access to its networks, the Marine Corps is working to implement zero-trust security, a top Marine Corps cybersecurity official said Tuesday. Under the approach, a network never trusts users or devices automatically, and they must meet certain security standards, such as multi-factor authentication, before connecting. For military agencies, zero trust could help reframe how they think about digital adversaries, said Renata Spinks, the cyber technology officer for the Marine Corps Forces Cyberspace Command. “In some cases today we’re very reactive. A breach occurs, we get an alert, and then we do incident response. Looking at user credentials … configuration policies, and procedures” could get the Pentagon one step ahead of would-be attackers, Spinks said at the Zero Trust Security Summit presented by Duo Security and produced by CyberScoop and FedScoop The Department of Defense has already begun working on implementing this […]

The post As adversaries get craftier, Marine Corps cyber official touts appeal of zero-trust security appeared first on CyberScoop.

Continue reading As adversaries get craftier, Marine Corps cyber official touts appeal of zero-trust security

How the Marine Corps thinks about beating adversaries in cyberspace

Posted on by

There are a whole host of products on the market purporting to be the best way to run defense against nation-state adversaries’ email spearphishing attempts — but there’s one part of defending against spearphishing in particular the U.S. Marine Corps Forces Cyberspace Command’s Chief Technology Officer endorses: context. For Renata Spinks, the goal is not to just make sure employees understand they should avoid clicking on what appear to be malicious links, but to make sure they understand the bigger picture of what they’re protecting, she said Tuesday. “Instead of just [test] phishing attempts, teach your employees why phishing attempts are so important and make it relatable,” Spinks said at the Fortinet Security Summit, produced by FedScoop and StateScoop. “Data is your most critical commodity, but people [are] the best asset you can have.” Spearphishing emails often seek to pilfer off passwords and credentials from victims who click on links or attachments that purport […]

The post How the Marine Corps thinks about beating adversaries in cyberspace appeared first on CyberScoop.

Continue reading How the Marine Corps thinks about beating adversaries in cyberspace

Cyber Command has cut hiring time for cybersecurity roles by nearly half, says DOD CISO

Posted on by

Cyber Command has recently cut down the average amount of time it takes to hire someone by approximately 40 percent — 111 days to 44 days — under the Cyber Excepted Service program, according to the Department of Defense CISO Jack Wilmer. The CES program, intended to speed up cybersecurity candidate recruitment in the DOD through initiatives like allowing hiring managers to make direct hires, was originally authorized in 2016 by Congress. The CES also establishes market-based pay scales and allows hiring with or without public notification or vacancy announcements, both intended to decrease red tape in the Pentagons’ hiring process. Wilmer said the decrease has given the Department of Defense a leg up on private sector cybersecurity hiring. Since implementing the CES program, the Pentagon has seen fewer cases of candidates leaving DOD jobs on the table for the private sector. “That is a huge win,” Wilmer said while speaking Thursday at the 2019 Workforce […]

The post Cyber Command has cut hiring time for cybersecurity roles by nearly half, says DOD CISO appeared first on CyberScoop.

Continue reading Cyber Command has cut hiring time for cybersecurity roles by nearly half, says DOD CISO

Cisco will pay $8.6 million to settle claims it sold US flawed surveillance software

Posted on by

Technology giant Cisco has agreed to pay $8.6 million to settle allegations it knowingly sold video surveillance equipment with security vulnerabilities to federal, state and local government agencies, according to court records unsealed Wednesday. A company whistleblower first informed Cisco in 2008 that a bug in its surveillance software could have enabled hackers to monitor video footage, delete footage and turn on or disable the systems. Government entities including the U.S. Secret Service, the Federal Emergency Management Agency and the New York Police Department had purchased the software, according to the Washington Post, which first reported the news. Cisco’s settlement appears to be the first whistleblower resolution of the False Claims Act, which prohibits defrauding the government, regarding cybersecurity issues. “The tech industry needs to fulfill its professional responsibility to protect the public from their products and services,” whistleblower James Glenn said in a statement. “There’s this culture that tends […]

The post Cisco will pay $8.6 million to settle claims it sold US flawed surveillance software appeared first on CyberScoop.

Continue reading Cisco will pay $8.6 million to settle claims it sold US flawed surveillance software

Marines 3D-Print Part to Repair Multi-Million Dollar Fighter

Posted on by

The good news: all you need to complete the repair you’re working on is one small part. The bad news: it’s only available in a larger, expensive assembly. The worst news: shipping time is forever. We’ve all been there, and it’s a hard pill to swallow for the DIYer. Seems like a good use case for 3D-printing.

Now imagine you’re a US Marine, and instead of fixing a dishwasher or TV remote, you’ve got a $123 million F-35 fighter in the shop. The part you need is a small plastic bumper for the landing gear door, but it’s only available …read more

Continue reading Marines 3D-Print Part to Repair Multi-Million Dollar Fighter

DoD unveils ‘Hack the Marine Corps’ bounty program

Posted on by

A new bug bounty program intended to find vulnerabilities in the Marine Corps’ public-facing websites was unveiled in Las Vegas Monday. The Hack the Marine Corps program, which was jointly created by the Department of Defense (DoD) and vulnerability disclosure platform company HackerOne, was announced on August 12 with a live hacking event. Hackers discovered 75 unique vulnerabilities during the event and were awarded over $80,000. During the event, nearly 100 “hand-selected” hackers worked for 9 hours to expose vulnerabilities in the Marine Corps’ websites and public services. The hackers were split into offensive and defensive teams, and worked alongside Marines from the U.S. Marine Corps Cyberspace Command (MARFORCYBER).  The bug bounty program will run until August 26.  “Success in cybersecurity is about harnessing human ingenuity,” said HackerOne CEO Marten Mickos. “There is no tool, scanner, or software that detects critical security vulnerabilities faster or more completely than hackers. The Marine […]

The post DoD unveils ‘Hack the Marine Corps’ bounty program appeared first on Cyberscoop.

Continue reading DoD unveils ‘Hack the Marine Corps’ bounty program