• Napolitano asserts DHS cybersecurity leadership

    Cybersecurity should be led by DHS and not left to the market or the military, DHS secretary Janet Napolitano said; this year, DHS has expanded partnerships with private industry and worked to build up liaisons with private sector industries it deems to be “critical”; DHS has also improved its partnerships with military and military intelligence this year; in October, DHS and the Department of Defense signed a cybersecurity pact to improve collaboration between the agencies and boost DHS’s encryption and decryption capabilities by co-mingling National Security Agency (NSA) cryptologic analysts and DHS cybersecurity leadership in a move that signaled progress in a sometimes uneasy relationship with the military

  • WikiLeaks exposes tensions between "need to know" and "need to share"

    The WikiLeaks posting of stolen classified information has highlighted the tension between the strategy of “share to win” and the necessity to enforce “need to know”; share to win refers to the idea of getting information and intelligence out to the personnel who need it; need to know is about how information is shared, who has the information, for what purposes and for what period of time

  • Lawmakers urge Obama to expand State Department's cybercrime reach

    Lawmakers call President Obama to expand the U.S. State Department’s foreign policy mechanisms to address crime and security on the Internet; Senator Kirsten Gillibrand (D-New York) joined with Senator Orrin Hatch (R-Utah) to author the International Cybercrime Reporting and Cooperation Act; this bill will hold foreign countries accountable for cybercrime committed on their soil

  • Senate bill would require minimum cybersecurity standards for Internet

    Senator Benjamin Cardin (D-Maryland) has introduced a bill that would require the U.S. government to work with the private sector to propose minimum standards for internet and cybersecurity safety; “Just as automobiles cannot be sold or operated on public highways without meeting certain minimum safety standards, we also need minimum Internet and cybersecurity safety standards for our information superhighway,” Cardin said

    • view counter

  • China's Huawei sets up U.K. cybersecurity center

    China’s top telecommunications equipment maker Huawei Technologies has seen its plans for global expansion crimped by national security concerns among foreign governments; the company hopes that its Cyber Security Evaluation Center, opened last month in Britain’s Banbury, will allay those fears

  • DHS slowly moving government's Internet traffic to secure networks

    It will take several more years for the U.S. government fully to install high-tech systems to block computer intrusions, a drawn-out timeline that enables criminals to become more adept at stealing sensitive data, experts say; DHS is responsible for securing government systems other than military sites, and the department is slowly moving all the government’s Internet and e-mail traffic into secure networks — known as Einstein 2 and Einstein 3 — which eventually will be guarded by intrusion detection and prevention programs

    • view counter

  • U.S. State Department disconnects its computers from government-wide network

    In response to the leaks published by WikiLeaks, the U.S. Department of States disconnected its computer files from the government’s classified network; by temporarily pulling the plug, the United States significantly reduced the number of government employees who can read important diplomatic messages; the network the Department has disconnected itself from is the U.S. Defense Department’s Secret Internet Protocol Router Network (SIPRNet), a system of dedicated and encrypted lines and servers set up by the Pentagon in the 1990s globally to transmit material up to and including “secret,” the government’s second-highest level of classified information; “Top secret” information may be shared electronically via the Joint Worldwide Intelligence Communications System (JWICS), another group of interconnected computer networks used by Defense and State to securely transmit classified information.

  • Defeating detector blinding attacks on quantum cryptography

    Quantum cryptography is a method to distribute digital encryption keys across an optical fiber; the protocol has been proven to be perfectly secure from eavesdropping; any differences between the theoretical protocol and its real-world implementation, however, can be exploited to compromise the security of specific systems; one form of attack on quantum cryptography is called a detector blinding attack — but Toshiba researchers show how such attacks can be rendered ineffective

  • DHS to set cybersecurity standards for some private networks

    A new law — “The Homeland Security Cyber and Physical Infrastructure Protection Act of 2010” — will empower DHS to set cybersecurity standards for some private networks that are considered critical infrastructure

  • Symantec: Stuxnet targeted Iran's uranium enrichment program

    Symantec says Stuxnet worm aimed to disrupt electrical motor controls, like those used by gas centrifuges to enrich uranium; Stuxnet, considered by many security researchers to be the most sophisticated malware ever, targeted Windows PCs that managed large-scale industrial-control systems in manufacturing and utility companies

  • Cybersecurity standard published to protect global critical infrastructure

    With industrial networks being increasingly connected to the hostile IT world, and the frequency and sophistication of malware growing exponentially, industrial stakeholders must act today to protect their critical systems; the International Instrument Users Association (WIB) releases comprehensive cybersecurity standard to protect critical industrial computers;

  • The time for cybersecurity contracting is now

    It is not just a fad: cybersecurity represented the largest request for funds in last year’s intelligence budget; it is an area for expansion government contractors cannot afford to pass up

  • Second round of CyberPatriot competition sees 80 teams advance

    CyberPatriot, an education initiative produced by AFA to inspire students to consider science, technology, engineering, and mathematics fields in their studies, completed a second round of competition; nearly 400 teams registered in the All-Service Division, and approximately 80 teams scored high enough to compete again come 4 December; teams raced against time and their opponents quickly to find and effectively correct vulnerabilities in a virtual network

  • Cybersecurity bill not likely to pass this year

    In an effort to give the president the power to combat any pending or existing cyber threat that could threaten critical infrastructure around the country, some lawmakers are looking to pass a new legislation that would give the president power to shut down some sections of the Internet during an attack or under the threat of an attack; the bill is not likely to pass in the Congress

  • Cybersecurity only bright spot among disappointing administration privacy grades

    The Electronic Privacy Information Center (EPIC) gave the Obama administration a “B” grade on its cybersecurity efforts; the 2010 report card shows declining grade — relative to 2009 — for the administration efforts in the cyber privacy areas; EPIC gave President Obama a dismal “D” on civil liberties in 2010, compared to a “C+” in 2009