Cyber attacks against government agencies and businesses in the United States continue to rise, and cyber threats will one day surpass the danger of terrorism to the United States, FBI Director Mueller reported today in a recent open hearing of the Senate select intelligence community. READ MORE
"Russia and China are aggressive and successful purveyors of economic espionage against the United States," and "Iran's intelligence operations against the United States, including cyber capabilities, have dramatically increased in recent years in depth and complexity." ... testimony by Director of National Intelligence James Clapper in his prepared testimony (.pdf) to the Senate Select Committee on Intelligence. READ MORE
Director Clapper's prepared statement (.pdf)...
Director Clapper's prepared statement (.pdf)...
The Security and Exchange Commission has now mandated that cyber-incident related disclosures must be made in securities filings. Now, every company under the watchful eye of the agency must disclose its analysis of exposure to a data breach or attack, discussion of material cyber-incidents, description of related legal proceedings and the implications for the firm's financials. READ MORE
SEC Disclosure Guidance
SEC Disclosure Guidance
America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare
Joel Brenner, a former Director of Counterintelligence in the office of the Director of National Intelligence. goes behind the headlines to explore America's next great battleground: digital security. An urgent wake-up call that identifies our foes; unveils their methods; and charts the dire consequences for government, business, and individuals. MORE at Amazon.com ...Auditing Cloud Computing: A Security and Privacy Guide
The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources. The book includes a chapter written by SF Bay InfraGard member and Member of the chapter's Board of Directors, Jeff Fenton! MORE at Amazon.com
A recent article in Nextgov.com reports that in late 2011 a Pacific Northwest transportation entity observed a potential "cyber incident" and reported the incident to DHS/TSA and the FBI. READ MORE
UPDATE: Jan 26, 2012
Railroad Association Says Hack Memo Was Inaccurate
"Extraordinary Claims Require Extraordinary Evidence" ...
I was hoping to see some discussion on this on the secure InfraGard site but alias, nothing!
UPDATE: Jan 26, 2012
Railroad Association Says Hack Memo Was Inaccurate
A government memo saying a railway was hacked in a targeted attack was incorrect, according to a spokeswoman for the Association of American Railroads.
"There was no targeted computer-based attack on a railroad,"
according to spokeswoman Holly Arthur. "The memo on which the story was
based has numerous inaccuracies." READ MORE
"Extraordinary Claims Require Extraordinary Evidence" ...
I was hoping to see some discussion on this on the secure InfraGard site but alias, nothing!
DigitalBond, a SCADA security company that led the
research, said ... "We felt it was important to provide tools that showed critical
infrastructure owners how easy it is for an attacker to take control of
their system with potentially catastrophic results," .Vulnerabilities were reported in widely used programmable logic controllers (PLCs) made by General Electric, Rockwell Automation, Schneider Modicon, Koyo Electronics and Schweitzer Engineering Laboratories. READ MORERELATED:
What me worry? A security researcher was able to locate and map more than 10,000 industrial control systems hooked up to the public internet, including water and sewage plants, and found that many could be vulnerable to easy hack attacks. READ MORE
Once again RSA is providing the chapter meeting space during the RSA Conference 2012 event at Moscone Center in San Francisco, CA.Thursday / March 1, 2012
05:30PM - 07:00 PM
To attend you will need to register for the RSA event. Registration is FREE but you do need to register for at least the RSA Conference 2012 EXPO Pass. This pass will provide access to the InfraGard meeting, the EXPO exhibit floor and Keynote addresses.
You can register for the conference through a variety of ways. RSA has provided the SF Bay InfraGard chapter FREE EXPO passes, MORE INFO ...
We will be meeting in the same general vicinity where we met last year, look for the InfraGard banner. Don't forget to provide yourself enough time to complete the RSA registration and badging process. The meeting is open to all, InfraGard member or not.
DHS is taking over control of the Pentagon project that shared classified intelligence with select military contractors and their communications providers, DIB Cybersecurity Pilot.
The new arrangement puts DHS, the civilian agency responsible for facilitating the protection of private critical infrastructure, in charge of communicating with private Internet service providers. The Defense Department will continue to be the point of contact for contractors, officials said. MORE INFO
DHS Joint Cybersecurity Services Pilot (JCSP)
The new arrangement puts DHS, the civilian agency responsible for facilitating the protection of private critical infrastructure, in charge of communicating with private Internet service providers. The Defense Department will continue to be the point of contact for contractors, officials said. MORE INFO
DHS Joint Cybersecurity Services Pilot (JCSP)
QuakeSmart is an initiative that was developed by FEMA NEHRP to help businesses in 
at-risk seismic communities start and maintain earthquake mitigation efforts. The QuakeSmart Toolkit (www.fema.gov/plan/prevent/earthquake/qstoolkit) provides actionable and scalable basic guidance and tools to the private sector about the importance of earthquake mitigation and the simple things that they can do to reduce the potential of earthquake damages, injuries, and financial losses. Information contained in this toolkit walks you through a three-step process: 1) identify your risk; 2) make a plan; and 3) take action. The toolkit is not intended to be all-inclusive of available FEMA guidance related to earthquake mitigation and businesses should address all hazards they are exposed to. This toolkit was specifically developed to encourage businesses to incorporate earthquake mitigation in their decision making and planning process to enhance their all-hazards resilience, particularly from an earthquake event. MORE INFO
If your company is located in the Bay Area you are at risk. The SF Bay InfraGard chapter is interested in working with your company to help you better understand your risk, Contact: davies@sfbay-infragard.org
The U.S. Department of Energy has announced an initiative to further protect the electrical grid from cyber attacks. The "Electric Sector Cybersecurity Risk Management Maturity" project, a White House initiative led by the Department of Energy in partnership with the Department of Homeland Security (DHS), will leverage the insight of private industry and public sector experts to build on existing cybersecurity measures and strategies to create a more comprehensive and consistent approach to protecting the nation's energy delivery system. MORE INFO
White House Blog - Protecting the Nation's Electric Grid from Cyber Threats...
White House Blog - Protecting the Nation's Electric Grid from Cyber Threats...
