National Institute of Standards and Technology (NIST) – Page 5

DHS memo: ‘Significant’ security risks presented by online voting

Posted on May 11, 2020 by Sean Lyngaas

The Department of Homeland Security has told election officials and voting vendors that internet-connected voting is risky to the point that ballots returned online “could be manipulated at scale” by a malicious attacker. The advisory that DHS’s Cybersecurity and Infrastructure Security Agency sent states on Friday is perhaps the federal government’s sternest warning yet against online voting. It comes as officials weigh their options for conducting elections during a pandemic and as digital voting vendors see an opportunity to hawk their products. While the risk of election officials delivering ballots to voters via the internet can be managed, the return of those ballots by voters “faces significant security risks to the confidentiality, integrity, and availability of voted ballots,” CISA said in the guidance, which CyberScoop reviewed. “These risks can ultimately affect the tabulation and results and, can occur at scale.” The guidance, which is marked “For Official Use Only” and […]

The post DHS memo: ‘Significant’ security risks presented by online voting appeared first on CyberScoop.

Continue reading DHS memo: ‘Significant’ security risks presented by online voting→

Crypto-Risk: Your Data Security Blind Spot

Posted on March 23, 2020 by Rick Robinson

Start thinking about what your organization can do to manage crypto-risk before today’s encryption and security measures fall prey to tomorrow’s attackers and advanced computing tools.

The post Crypto-Risk: Your Data Security Blind Spot appeared first on Security Intelligence.

Continue reading Crypto-Risk: Your Data Security Blind Spot→

Election commission hires cybersecurity expert to help states with 2020 infrastructure

Posted on March 12, 2020 by Sean Lyngaas

The federal agency that oversees funding for states to secure their election equipment is hiring a cybersecurity expert versed in voting technology as it prepares for the 2020 election. Joshua Franklin will start in the coming weeks in a top cybersecurity position at the Election Assistance Commission, according to multiple people familiar with the matter. It is an effort by the EAC, a tiny agency with a big responsibility, to bolster the cybersecurity expertise it has on staff. Franklin, who spent six years as an engineer at the National Institute of Standards and Technology, is expected to protect EAC networks from hacking threats and support the commission’s cybersecurity work with state and local election officials. Franklin has been working as an election security advocate for years, drawing attention to the issue at hacking conferences. In 2018, Franklin presented research at DEF CON comparing the vulnerabilities in the websites of House and Senate candidates for the […]

The post Election commission hires cybersecurity expert to help states with 2020 infrastructure appeared first on CyberScoop.

Continue reading Election commission hires cybersecurity expert to help states with 2020 infrastructure→

How Do You Secure a Smart City?

Posted on September 27, 2019 by Mark Stone

Cybersecurity investments are rarely discussed during a smart city’s strategic process. As smart cities become more complex, governments may be forced to play a continuous game of catch-up.

The post How Do You Secure a Smart City? appeared first on Security Intelligence.

Continue reading How Do You Secure a Smart City?→

NSA-approved cybersecurity law and policy course now available online

Posted on August 27, 2019 by Shannon Vavra

Anyone who is interested in cybersecurity law and policy can now take an online course that was partly shaped by National Security Agency. The course, which can be accessed through Penn State University’s Clark Center, touches on international and domestic cybersecurity law, cyber risk and technical details like how smartphones function, according to Anne McKenna, a Penn State professor who organized the course. James Houck, director of Penn State’s Center for Security Research and Education, told CyberScoop that program will serve as a primer to the legal and technical details of offensive and defensive cyber-operations. “What we’re trying to do … is create a framework for people who are trying to be introduced to cyber law, to offensive, defensive cyber operations, and for them to learn the fundamentals, the framework — and in our case legal authorities for how these work,” Houck said. Houck clarified that although the NSA put out […]

The post NSA-approved cybersecurity law and policy course now available online appeared first on CyberScoop.

Continue reading NSA-approved cybersecurity law and policy course now available online→

NIST is preparing guidance on how to share .zip files in a more secure way

Posted on August 1, 2019 by Shannon Vavra

Do you ever wonder if the files you’re sending over the internet are safe from hackers’ prying eyes? The search for how to share files in a more secure way could soon be over. The U.S. National Institute of Standards and Technology is now preparing to instruct the public, as well as government agencies, on the best ways to protect .zip files sent over the internet, according to a letter obtained by CyberScoop. While there’s no timeline for when the final advice could be made public, NIST says its motivation is to produce “easy-to-understand guidance” on how to compress many files into a single place while protecting all of that data with strong encryption. James Schufedier, director of the Congressional and Legislative Office at NIST, explained more in a July 22 letter to Sen. Ron Wyden, D-Ore. “The need to improve practices for securing sensitive data that is shared over the Internet is one of […]

The post NIST is preparing guidance on how to share .zip files in a more secure way appeared first on CyberScoop.

Continue reading NIST is preparing guidance on how to share .zip files in a more secure way→

NIST Says Preparation Is Key to the Risk Management Framework

Posted on July 22, 2019 by Christophe Veltsos

The addition of the Prepare step helps elevate the value of the Risk Management Framework from tactical and operational to organizational and strategic.

The post NIST Says Preparation Is Key to the Risk Management Framework appeared first on Security Intelligence.

Continue reading NIST Says Preparation Is Key to the Risk Management Framework→

The Expiration Date on Passwords Has Expired

Posted on July 17, 2019 by Bob Sullivan

Changing your passwords frequently sounds like commonsense advice. However, just because something is common doesn’t mean it makes sense.

The post The Expiration Date on Passwords Has Expired appeared first on Security Intelligence.

Continue reading The Expiration Date on Passwords Has Expired→

Need more evidence that IoT security is a big deal? Here’s what NIST has to say

Posted on June 27, 2019 by Shannon Vavra

If your organization isn’t thinking about internet of things (IoT) security, it could soon face a rude awakening, according to the influential agency that sets cybersecurity standards for the federal government. The widespread adoption of internet-connected devices will make it more difficult to patch security vulnerabilities, open new avenues for cyberattacks and muddle the visibility into security incidents when they do occur, researchers at the National Institute of Standards and Technology warn in a paper published Wednesday. The agency recommends that organizations identify the IoT capabilities of the devices on their networks and adjust their risk management processes accordingly. NIST guidance, while expressly aimed at federal agencies, also is widely adopted throughout the private sector. The new document adds to work that the agency did in its globally popular Cybersecurity Framework. NIST notes that some of the advantages of IoT technology are also vulnerabilities. While automatic patching, for instance, is generally considered essential for traditional IT, that strategy could “have far […]

The post Need more evidence that IoT security is a big deal? Here’s what NIST has to say appeared first on CyberScoop.

Continue reading Need more evidence that IoT security is a big deal? Here’s what NIST has to say→

How secure is that .zip file? One senator is urging NIST to weigh in

Posted on June 19, 2019 by Shannon Vavra

Federal workers and the public in general might be mistaken about the security of .zip files, Sen. Ron Wyden says, and he’s asking the National Institute of Standards and Technology to issue guidance on the best way to send sensitive files over the internet. “Many people incorrectly believe password-protected .zip files can protect sensitive data. Indeed, many password-protected .zip files can be easily broken with off-the-shelf hacking tools,” the Oregon Democrat writes in a letter obtained by CyberScoop. “This is because many of the software programs that create .zip files use weak encryption algorithms by default.” Part of Wyden’s concerns stem from the fact that although there are two common types of encryption options available for .zip files, people may be using the weaker option without realizing it. Those files are more vulnerable to password crackers, Wyden says, such as Advanced Archive Password Recovery. “Given the ongoing threat of cyber attacks by foreign state actors […]

The post How secure is that .zip file? One senator is urging NIST to weigh in appeared first on CyberScoop.

Continue reading How secure is that .zip file? One senator is urging NIST to weigh in→