January 2009 Archives

Within 90 minutes of being told he was terminated and several hours before his access to the Fannie Mae network was disabled later that evening a contract employee embedded a malicious script in a legitimate script that ran on Fannie Mae's network every morning.

If the malicious script had gone undiscovered, it would have disabled monitoring alerts and all log-ins, deleted the root passwords to the approximately 4,000 Fannie Mae servers, then erased all data and backup data on those servers by overwriting with zeros.  READ MORE

We will be discussing issues like this at our Winter 2009 Quarterly meeting on February 19th MORE...

The next Multi-State Information Sharing and Analysis Center and the U.S. Department of Homeland Security's National Cyber Security Division next session of the National Webcast will cover PCI Data Security Standards, compliance guidelines, consequences of non-compliance, steps for PCI compliance validation, what organizations are doing now, and best practices and practical tips to help educate the entire PCI community.  ON-LINE REGISTRATION IS NOW AVAILABLE

In a Media Round Table outgoing Director of National Mike McConnel said ..."We've got a good (cyber) program, we've got funding, we've got the attention of the Congress, we've got the attention of the current administration, we've got the attention of the incoming administration," ... "But cybersecurity is the soft underbelly of this country." READ MORE

Media Round Table transcript: READ 

The U.S. federal government is accelerating its efforts to secure the Internet's routing system, with plans this year for DHS to quadruple its investment in research aimed at adding digital signatures to router communications. READ MORE

Speaking at the recent International conference of Cybersecury Computer, Shawn Henry, assistant director of the FBI's cyber division said attacks pose the biggest risk "from a national security perspective, other than a weapon of mass destruction or a bomb in one of our major cities.  He went on to say terrorist groups aim for an online 9/11, "inflicting the same kind of damage on our country, on all our countries, on all our networks, as they did in 2001 by flying planes into buildings."

At the same conference Deputy U.S. Attorney General Mark Filip talked about how "The cyber infrastructure of the U.S. government is closely linked to the national cyber infrastructure that we all know and use and that infrastructure is largely made up of privately owned networks and even if the government wanted to devise cyber security policies without private input, these policies would have limited reach, and would not reach many of the most critical potential vulnerabilities in the U.S."  READ MORE

To read the remarks by Deputy U.S. Attorney General Mark Filip, Click here.

UPDATE:  FBI Press Room - Combating Cyber Crime.  READ MORE

Finally got around to updating the RESOURCES web page on the SF Bay InfraGard web site.  Thanks to those who provided suggestions and we are always looking for more resources to share. 

Featured speaker, Dr. Whitfield Diffie (Vice-President, Sun Fellow, and Chief Security Officer at Sun Microsystems), is an internationally renowned pioneer in public-key cryptography.  His work underlies today's internet commerce and all modern secure communication systems.  At the meeting, you will be able to hear this bona fide visionary discuss, "Where is Information Security Going?"   

Where:  Computer History Museum / Mountain View

When:  January 15, 2009 / 5 PM

DOWNLOAD EVENT FLYER

Experts from more than 30 US and international cyber security organizations have jointly released the consensus list of the 25 most dangerous programming errors.

Most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale.

The impact of these errors is far reaching. Just two of them led to more than 1.5 million web site security breaches during 2008 - and those breaches cascaded onto the computers of people who visited those web sites, turning their computers into zombies.

READ MORE

The FBI is looking to hire over 2,100 professional staff employees and 850 Special Agents in one of the largest hiring blitzes in the 100-year history of the Bureau.  MORE INFO

The Bureau' is especially looking for critically skilled professionals, specifically those fluent in at least one of several foreign languages, including Arabic, Chinese, Farsi, Korean, Pashto, Russian, Spanish and Vietnamese. The Bureau is also targeting individuals with skills in information technology, engineering, intelligence, law, military and physical sciences.

Presentations at a recent Washington Institute Special Policy Forum stressed that the gravest terrorism threat right now is from "terrorist organizations acquiring weapons of mass destruction and using them against us, our homeland, or our allies.  Biological weapons are considered to be the most likely terrorist WMD threat right now.  READ MORE

Presentation by Assistant to the President for Homeland Security and Counterterrorism Ken Wainstein, TEXT / AUDIO

The January 1, 2009 on-line issue of SC Magazine has a good article on how the InfraGard National Members Alliance (INMA) is evolving.  READ MORE

Registration for the RSA 2009 Conference is now open.  The annual RSA conference is always one of the years largest security events and it occurs right here in our own back yard. Early Bird registrations ends January 23, 2009. MORE INFO

The Department of Homeland Security (DHS) intends to hold public meetings in Washington D.C. in January and February 2009 to solicit feedback on a voluntary preparedness program for the private sector.

The department is setting up a voluntary private sector preparedness accreditation and certification program known as "PS-Prep," DHS announced in a Dec. 24, 2008 notice in the Federal Register.

READ MORE

Voluntary Private Sector Preparedness Accreditation and Certification Program Resource Center

The December 31, 2008 issue of Time.com has an interesting article on the application of the military for disaster response in the U.S.  Current plans are that by 2011 the Department of Defense will have 20,000 uniformed troops expressly trained to assist in national disaster rapid response. READ MORE

OPINION:  This is a very complex and important issue and concerns much more than the application of military personnel.  For example, the implementation of the DHS National Applications Office continues to be stalled because of Congressional concerns over privacy and civil liberties.  Although recent changes in policy are primarily the result of the events of September 11, 2001 and the failures during the Hurricane Katrina response the issues involved date back to the Posse Comitatus Act, a 130-year-old law that specifically bars the President from using the U.S. military for law enforcement in the United States.  It is interesting to note that some of these technology policy issues were addressed over ten years ago in the Disaster Information Task Force report whose recommendations included the "Formulation of a policy environment that fosters interagency cooperation through integrated strategic planning and coordination of disaster information budget initiatives and promotes public/private partnerships. Develop a sustainable plan for timely access to classified data and derived products."