Dan Doney, the new chief innovation officer at the Defense Intelligence Agency, talks about the agency's plan to change the way it interacts with industry and brings innovation to government.
NIST and the National Cybersecurity Center of Excellece (NCCoE) want to facilitate public-private collaborations surrounding cybersecurity solutions by creating a new research-and-development center.
All agencies are fighting cyber-attacks. The FBI Director of Cyber Security believes there are two groups of organizations: those whose systems have been attacked and those who do not know they have been attacked. In the federal space, the velocity and variety of attacks has dramatically increased. With Advanced Persistent Threats (APT), the time it can take to comprise a system ranges from hours to days, yet the time it takes for its discovery averages 6 months. The cyber security solution has shifted from the perimeter (firewall) or how to stop the attacks to how to deal with the attacks after they occur. The emphasis is now on the controls and minimizing what the attacker is doing once he gets in. The cost of the attacks is down time and data loss. With a 200% to 300% increase in attacks on agency's systems, it is imperative the federal government implements a holistic solution including hardware, software, training and compliance.
Earlier this year information security firm Mandiant identified a previously unknown group hackers thought to be in China. "People referred to China or Chinese hackers, but there was plenty of wiggle room there to assume it could be a collection of guys working in someone's basement without a tie to the government," Richard Behtlich chief security officer for Mandiant. The group the identified is called Unit 61398. Bejtlich says, "we showed pretty conclusively that at least this one group is part of the PLA" AKA The Chinese People's Liberation Army.
As the cybersecurity workforce gets older and closer to retirement age, the Office of Personnel Management is trying to help agencies find new talent. It's creating a new database of cyber positions that it hopes will help agencies identify the cyber skill sets needed to meet their missions. The Obama administration has made reducing critical cyber workforce gaps one of its top "cross-agency" goals.
Law enforcement and first responders have been put on notice --their mobile phones are targets for hackers. They've been informed in roll call bulletins that hackers, by compromising mobile technology and exploiting vulnerabilities in portable operating systems, application software, and hardware. Compromise of a mobile device can have an impact beyond the device itself; malware can propagate across interconnected networks.
Alex Grohmann and John Dyson from the Northern Virginia Chapter of the Informations Systems Security Association, join host John Gilroy to talk about what you can do to make your agency more secure. July 9, 2013
Department will move away from DoD-specific approaches to cybersecurity, lean more toward informing and relying on governmentwide efforts.
The Commerce Department's Economic Development Administration spent almost $3 million to remediate a cyber attack that really didn't happen. Commerce's inspector general found the attack infected only two outgoing email servers and not more than half of EDA's systems. Two cybersecurity experts say other agencies can learn from EDA's year-long unnecessary and expensive recovery.
Chase Garwood, the SBA acting CIO, said the agency is working with DHS and Justice to improve the security of its internal and external customer-facing systems. July 4, 2013
DHS, DISA and GSA are heading down similar but different paths to ensure mobile apps are secure before being allowed on devices or networks. NIST is developing voluntary guidelines to improve mobile software security based on work done in other industry sectors.
Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the 2013 Cyber Symposium will engage the key players, including the U.S. government, the international community, industry and academia, to discuss the development of robust cyberspace capabilities and partnerships.
U.S. CERT said in an email to organizers the current budgetary environment wouldn't support the annual cybersecurity conference
Greg Garcia, the director of the Army's IT Agency, said the organization has been piloting a virtualized desktop initiative and almost is ready to move into full production.
House Veterans Affairs Committee Chairman Jeff Miller (R-Fla.) and ranking member Michael Michaud (D-Maine) sent Secretary Eric Shinseki a letter asking for an explanation on why VA didn't tell the committee about multiple nation state attacks. The lawmakers call for VA to offer credit monitoring services to tens of millions of veterans.