Showing posts with label United States. Show all posts
Showing posts with label United States. Show all posts

Wednesday, December 14, 2011

America the Vulnerable

Posted by
Interesting approach to computer security
Image by formalfallacy @ Dublin (Victor) via Flickr

During my commute to and from work I recently began listening to the audiobook, "America the Vulnerable: New Technology and the Next Threat to National Security" by Joel Brenner, narrated by Lloyd James. The audiobook was downloaded from Audible.com.

I’m currently half-way through the unabridged audio and am enjoying it. The book is an eye-opening reminder of what many of us within the InfoSec industry are already aware of as we analyze security events on a daily basis. American national security, our economy, physical and energy infrastructure, financial system and our own privacy are at risk and that if security isn't built into our systems, our systems won't be secure. From what I’ve listened to so far, Brenner does a good job of laying out the cyber-threat facing the United States.

I hope to finish the audiobook by the end of this week as I’m interested in hearing what Brenner has to prescribe as a solution to the problem. Though I have yet to finish the audiobook, I recommend it as a must read for anyone interested or with career in cybersecurity.

Related articles
No comments:
Labels: , , , , ,

Thursday, December 8, 2011

Free Security Awareness Training - Part 4 of 5

Posted by
A U.S. Coast Guardsman searches for survivors ...
Image via Wikipedia
This week I'm sharing with you links to 25 security awareness training sites. The training links are being broken up into groups of five, published within five separate postings. Today we reach the forth set of training links for an accumulative total of 20.

The 2008 information security survey by Pricewaterhouse Coopers revealed that investment in security technologies had increased but “the acute focus on technology over the last year has not been matched by an equally robust commitment to other critical drivers of security’s value, such as: (1) many of the critical business and security processes that support technology, and (2) the people who administer them.” Security awareness training helps address the second item.
"The security discipline has so far been skewed toward technology - firewalls, ID management, intrusion detection - instead of a risk analysis and proactive intelligence gathering. Security investment must shift from the technology-heavy, tactical operation it has been to date to an intelligence-centric, risk analysis and mitigation philosophy. We have to start addressing the human element of information security, not just the technological one; it i only then that companies will stop being punching bags." - PricewaterhouseCoopers
Below is the next set of security awareness training links.
  1. The History of Bio-Terrorism (Center for Disease Control and Prevention)
  2. Detecting Bio-Terror (Center for Public Health Preparedness)
  3. Radiological Terrorism: Just in Time Training for Hospital Clinicians (Center for Disease Control and Prevention)
  4. Nuclear Terrorism: Pathways & Prevention (Center for Public Health Preparedness)
  5. Preparedness & Community Response to Pandemics (Center for Public Health Preparedness)

Related articles
No comments:
Labels: , , , , , ,

Wednesday, December 7, 2011

Free Security Awareness Training - Part 3 of 5

Posted by
The flood in Pirna.
Image via Wikipedia
This week I'm passing on to you links to 25 free security awareness training sites. Why is security awareness training important? Fundamentally, security is about people. Having worked within the information security world for the past 15 years, it's become very clear that the best defense to internal and external threats is not technology by itself. Rather, people need to have the mindset that helps them to automatically take actions that support security, not circumvent or undermine it. Security awareness training helps raise awareness so as to begin making this a natural mindset that influences behavior.
"No one wants security; they want the benefits of security. A homeowner does not want the finest deadbolt on the front door because of the excellence of its engineering; they want a comfortable, happy place in which to live." - Steve Hunt
Below are the next five training links. This now brings us to a total of 15 trainings out of the 25 I promised to give you by the end of this week.
  1. OPPSEC (United States Marine Corps)
  2. Intelligence Analysis Web-based Training (Anacapa Sciences)
  3. SAEDA (553G-NG0001-A) (Espionage Awareness) (United States Army)
  4. Are You Ready? An In-depth Guide to Citizen Preparedness FEMA/EMI Course IS-22 (FEMA)
  5. Personal Preparedness (Center for Public Health Preparedness)

Related articles
No comments:
Labels: , , , , , , , ,

Tuesday, December 6, 2011

Cyber Intelligence Sharing and Protection Act of 2011 (HR 3523)

Posted by
United States House Permanent Select Committee...
Image via Wikipedia

The House Intelligence Committee held a closed-door markup of a bill (HR 3523) with the intention to improve cybersecurity through enabling the federal government to share classified cyber threat information with businesses. To quote two of the primary proponents:
"There is an economic cyber war going on today against US companies." ... "There are two types of companies in this country, those who know they've been hacked, and those who don't know they've been hacked. Economic predators, including nation-states, are blatantly stealing business secrets and innovation from private companies. This cybersecurity bill goes a long way in helping American businesses better protect their networks and their intellectual property." -- Chairman of The Permanent Select Committee on Intelligence, Congressman Mike Rogers (R-MI)
"We simply can't stand by if we have the ability to help American companies protect themselves. Sharing information about cyber threats is a critical step to preventing them. This bill is a good start toward helping the private sector safeguard its intellectual property and critical cyber networks, including those that power our electrical, water and banking systems. The bill maintains vital protections for privacy and civil liberties without any new federal spending, regulations or unfunded mandates." -- The committee's ranking member, Congressman Dutch Ruppersberger (D-MD)

Related articles

No comments:
Labels: , , , , , ,

Free Security Awareness Training - Part 2 of 5

Posted by
A graphic representation of the four phases in...
Image via Wikipedia
This week my goal is to pass along to you links to 25 free security awareness trainings. The trainings are being divided up into groups of five and published in a series of five separate postings. The first set of training links was published yesterday.

As promised, below is the second set of five trainings.

  1. Anti-Terrorism Awareness Level-1 (Defense Technical Information Center - US DoD)
  2. The Seven Signs of Terrorism (Michigan State Police via YouTube)
  3. AWR-187 Terrorism and WMD Awareness in the Workplace (Rural Domestic Preparedness Consortium)
  4. Kentucky Terrorism Response & Preparedness (University of Kentucky)
  5. Prevention and Deterrence of Terrorist Acts (National Center for Biomedical Research and Training)

Related articles
No comments:
Labels: , , , , , , , , ,

Monday, November 21, 2011

Water System Attack on City Water Station Destroys Pump

Posted by
Clean drinking water...not self-evident for ev...Image via Wikipedia

Last week a disclosure was made about a public water district SCADA system hack. There have been several reports in the press concerning the attack on control system of the city water utility in Springfield, Illinois and the resulting burn-out of a pump. Law enforcement is investigating.

[UPDATE] 11/29/2011 - Department of Homeland Security officials are now saying that the water-pump failure in Illinois wasn't cyberattack after all. READ MORE

ICS-CERT Report - (ICSB-11-327-01—ILLINOIS WATER PUMP FAILURE REPORT)

Related articles
Enhanced by Zemanta
No comments:
Labels: , , , , , , ,

Friday, November 18, 2011

Operation Ghost Click

Posted by
The FBI is seeking victims in a DNS Malware Investigation for the case of UNITED STATES v. VLADIMIR TSASTSIN, ET AL. Specifically, the FBI is seeking information from individuals, corporate entities and Internet Services Providers who believe that they have been victimized by malicious software related to the defendants. As you know form the news blurbs that I've been sending out, this malware modifies a computer’s Domain Name Service settings, and thereby directs the computers to receive potentially improper results from rogue DNS servers hosted by the defendants. 

On your own systems, and the systems you manage, it's recommend you check the DNS settings and register as a victim of the DNSChanger malware if the DNS entries have been modified to point to the defendants' DNS servers. Complaints can be filed here: https://forms.fbi.gov/dnsmalware

For more information, including steps on how to check your DNS settings, go to http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf.


Related articles
Enhanced by Zemanta
No comments:
Labels: , , , , , , ,

Wednesday, November 16, 2011

Department of Defense Cyberspace Policy Report

Posted by
The Pentagon, looking northeast with the Potom...Image via Wikipedia
The Pentagon published their most explicit cyberwarfare policy to date. The report states that, if directed by the president, the DoD will launch "offensive cyber operations" in response to hostile acts. Hostile acts may include "significant cyber attacks directed against the U.S. economy, government or military,".

Here's a link to the report:
http://www.defense.gov/home/features/2011/0411_cyberstrategy/docs/NDAA%20Section%20934%20Report_For%20webpage.pdf

Enhanced by Zemanta
No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)