February 2009 Archives

The National Institute of Standards (NIST) have released revised guides providing advice for protecting the wide variety of private and mobile devices from threats.  Together with the preponderance of dangerous malware on the Web, the vulnerability of wireless transmissions from mobile devices has created dramatic new security challenges. READ MORE

"In terms of remote access security, everything has changed in the last few years. Many Web sites plant malware and spyware onto computers, and most networks used for remote access contain threats but aren't secured against them," says Karen Scarfone of NIST's Computer Security Division. "However, even if teleworkers are using unsecured networks, the guide shows the steps organizations can take to protect their data."

Among these steps is the recommendation that an organization's remote access servers--the computers that allow outside hosts to gain access to internal data--be located and configured in ways that protect the organization. Another is to ensure that all mobile and home-based devices used for telework be configured with security measures so that exchanged data will maintain its confidentiality and integrity. Above all, Scarfone says, an organization's policy should be to expect trouble and plan for it.

"You should assume external environments contain hostile threats," she says. "This is a real philosophy shift from several years ago, when the attitude was essentially that you could trust the home networks and public networks used for telework."

The new guide provides recommendations for organizations. DOWNLOAD

A companion publication* offers advice for individual users on securing their own mobile devices. DOWNLOAD

"Enhanced Compliance and Reporting: Raising the Bar in 2009"
February 25, 26 & 27 / eBay Town Hall / San Jose, CA

ISACA Silicon Valley has been providing IT Audit, Security, and Governance Professionals with the training and networking opportunities they need to not just compete but to thrive since 1982. Continuing this tradition is their 2009 Winter Conference, at which they will be offering full day courses that move beyond theory to emphasize practical skills you can utilize at work or to improve your marketability.

EVENT FLYER   /   EVENT REGISTRATION

At the recent Black Hat DC conference Paul Kurtz's keynote address gave a sobering view of info sharing and deterrence in the cyber security world.

If there were a major failure of Internet infrastructure a "cyber-Katrina"--he said it simply isn't clear which government agency would be in charge of fixing it. "That's pretty darn scary," he added.  READ MORE

To see Dr. Kurtz's keynote at the Black Event and the Black Hat kickoff,  click here...

The U.S. Intelligence Communities' internal wiki Intellipedia has gotten glowing press reports and accolades, as well as input from thousands of analysts. However, the wiki still struggles to make a permanent home in the spy agencies, according to one of its evangelists.  READ MORE

OPINION:  This is not unusual, all too often technologies like this are a poor fit and/or hyped and implemented before they are sufficiently mature.

DHS has developed DHS Earth, a geospatial mapping and visualization application using Google Earth, to share data related to infrastructure protection and improve situational awareness. READ MORE

In a recent NY Times editorial Prof. John Arquilla from the Naval Postgraduate School discussed how swarming, smaller-scale terrorist violence appears to be an emerging threat.

The basic concept is that hitting several targets at once, even with just a few fighters at each site, can overwhelms counterterrorist forces that are often manpower-heavy, far away and organized to deal with only one crisis at a time. This approach worked in Mumbai, India, last November, where five two-man teams of Lashkar-e-Taiba operatives held the city hostage for two days, killing 179 people. The Indian security forces, many of which had to be flown in from New Delhi, simply had little ability to strike back at more than one site at a time. READ MORE

In a recent report to the Senate Select Committee on Intelligence the Director of National Intelligence outlined the key findings of the "Annual Threat Assessment of the Intelligence Community." 

Given that Al Qaeda and affiliated terrorist groups have made it clear that they would like to attack in a way that dramatically impacts America's economic stability, a catastrophic attack or attacks during this time of fiscal instability could be potentially devastating. READ MORE

Annual Threat Assessment of the Intelligence Community

The Winter 2009 Quarterly Meeting of the San Francisco Bay Area InfraGard chapter is Thursday / February 19th - "Managing in Times of Turmoil: IT, HR, and Legal Considerations in the Down Economy"

The meeting will be from 09:00 AM till noon with registration and networking starting at 08:15 AM.

The meeting will be at the NEW Federal building located at 90 7th Street on the corner of Mission and 7th Streets in South of Market in San Francisco.  This is the same location where we had our Spring 2008 Quarterly meeting.

More info is on the MEETINGS web page ...

The security of the global information infrastructure is becoming more important every day. The Department of Homeland Security (DHS) Science and Technology (S&T) Directorate invests in projects offering the potential for revolutionary changes in technologies that promote homeland security and accelerate the prototyping and deployment of technologies that reduce homeland vulnerabilities. CATCH is a technical forum for DHS researchers to present their results in several topic areas of cyber security.

The goal of CATCH is information exchange between researchers and information security practitioners across government and the private sector.

This 2-day conference includes:

    * Keynote speakers from government and industry
    * 30+ demonstrations of innovative new cyber security technologies
    * Proceedings containing complete research papers and project descriptions

March 3 - 4, 2009 / Walter E. Washington Convention Center / Washington, DC

MORE INFO 

President Obama has directed the National Security and Homeland Security Advisors to conduct an immediate 60-day review of the plan, programs, and activities underway throughout the government dedicated to cyber security. READ MORE

White House Brief

Areva Inc. - a Paris-based company that serves nuclear, wind, and fossil-fuel power companies - is warning customers that vulnerabilities affect multiple versions of Areva's e-terrahabitat package, which allows operators in power plants to monitor gas and electric levels, adjust transmission and distribution devices, and automate other core functions. MORE

The U.S. House of Representatives has passed a bill that seeks to reduce the over-classification of intelligence information and increase the amount that gets shared. "Though hard to believe, sheriffs and police chiefs can't readily access the information they need to prevent or disrupt a potential terrorist attack because those at the federal level resist sharing information," U.S. Representative Jane Harman said. "Over-classification and pseudo-classification -- stamping with any number of sensitive but unclassified markings -- remain rampant." READ MORE

BACKGROUND: The House Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment had a Hearing: "A Report Card on Homeland Security Information Sharing" in September 2008. Recommend folks read the testimony by John McKay.  He presents a good summary of the "real state" of information sharing programs. MORE

Public Corruption is investigated by the FBI of public officials who have broken the public trust through criminal activity. The subjects of these investigations are local, state and federal officials including judges, police officers, congressman, mayors and other public officials entrusted with serving the public. Most investigations focus on payoffs to these officials.

The Office of Director of National Intelligence has recently released the report An Overview of the United States Intelligence Community for the 111th Congress...

Wednesday / February 4th / 06:30PM / Palo Alto / MORE INFO

In its annual study the Ponemon Institute found the total cost of coping with the consequences of a data breach rose to $6.6 million per breach, up from $6.3 million in 2007 and $4.7 million in 2006. READ MORE

The annual "Report Card" produced by the American Society of Civil Engineers concludes the nation's infrastructure programs still stands at a D average. Deteriorating conditions and inflation have added hundreds of billions to the total cost of repairs and needed upgrades. ASCE's current estimate is $2.2 trillion, up from $1.6 trillion in 2005. READ MORE