June 2009 Archives

Acting Assistant Secretary for Cybersecurity and Communications Michael Brown said a range of proposals are being considered by the White House and the department as cybersecurity plans unfold. The administration is considering asking Congress for regulatory changes to create "far-reaching incentives" for prioritizing cybersecurity in the private sector, which controls much of the nation's critical IT infrastructure.  READ MORE

A panel of cybersecurity experts hosted by Harris Corporation concluded that President Barack Obama should name a White House cyber coordinator with the notoriety and clout to build consensus and direct cybersecurity policy, even with limited powers. The panel emphasized that the cyber coordinator ought to be "a person of prominent name recognition" in the cybersecurity industry.  READ MORE

You can replay this panel discussion on the Harris Corporation site, GO THERE

Government agencies must develop methods to make sure the commercial software they purchase isn't secretly loaded with viruses that could expose sensitive information stored on government networks, federal and industry technologists advised.

In the last decade, agencies have migrated from writing their own software programs to purchasing more commercial off-the-shelf software. COTS can be deployed quickly, typically costs less, and is easier to integrate with other computer applications.  READ MORE

The challenge for "risk-based planning" and "all-hazards preparedness is how to prioritize risks from the nearly infinite panoply of potential hazards.

A new paper from the Rand Corporation, Emerging Threats and Security Planning: How Should We Decide What Hypothetical Threats to Worry About? attempts to unpack some of these complexities, offering a model for assessing terrorist risk scenarios.  READ MORE

For the first time, the Federal Trade Commission has terminated operations of an internet service provider it alleges, "recruits, knowingly hosts, and actively participates in the distribution of illegal, malicious and harmful electronic content".

According to the FTC affidavit the company, doing business as 3fn.net and APS Telecom, "actively recruited" to its hosting service thousands of "rouge" and "black hat" web sites.  The cached web site of  3fn.net (Triple Fiber Network) indicates it had a major server farm providing "Managed Virtual Hosting" in San Jose, CA.  READ MORE

Security specialists are working to make sure the plans to develop a smart electric grid that relies on the Internet to supply and monitor power across the country will include security standards for reducing vulnerabilities to cyberattack.  READ MORE

We had a good introduction to smart grid security at our Spring 2009 Quarterly chapter meeting.  Tom Kropp's presentation is now posted on the Member's pages, MORE INFO

The NIST EISA Domain Expert Working Group is hosting a WIKI in support of the NIST mandate to facilitate Smart Grid standards interoperability, MORE INFO

After CardSystems Solutions suffered one of the largest credit card data breaches at the time, the company reached for its security auditor's report.  CardSystems' auditor, Savvis Inc, had just given them a cyber clean bill of health three months before.

Savvis has now been pulled into court in a novel lawsuit that legal experts say could force increased scrutiny on credit card security practices.  The case raises increasingly important questions about the liability of companies that handle card data and the liability of third parties that audit and certify the trustworthiness of those companies.  READ MORE

The FBI confirmed on May 29, 2009 that it had shut down its Internet-facing unclassified network, but disputed a report that the incident had left the agency unable to e-mail counterparts in other intelligence and law enforcement agencies. READ MORE

FBI Press Release