March 2010 Archives

The DHS inspector general (IG) recently reported that the Department of Homeland Security has made significant progress on strategic plans for only half of US National Planning Scenarios.

The fifteen National Planning Scenarios, which collectively depict the broad range of natural and man-made threats facing our nation and guide overall homeland security planning efforts at all levels of government and with the private sector. They form the basis for national planning, training, investments and exercises needed to prepare for emergencies of all types.

READ MORE

DHS IG Report

 

A recent report prepared by the Congressional Research Service (CRS) concluded that effective Intelligence support is one of the biggest challenges for the Department of Homeland Security.

The first area where additional Congressional oversight is critical is Joint Fusion Center, Program Management Office sustained funding.  READ MORE

REPORT:  The Department of Homeland Security Intelligence Enterprise: Operational Overview and Oversight Challenges for Congress

Of the 50 U.S. cities examined in a recent Symantec analysis, Detroit came in as the least risky online city. Detroit's residents were less likely to participate in risky online behavior compared to other cities in the study, and it also ranked low in cybercrime, access to the Internet, expenditures on computer equipment, and wireless Internet access.  San Francisco was #5, Oakland was #18 and San Jose was #20 ...PRESS RELEASE

By early 2008, top U.S. military officials had become convinced that extremists planning attacks on American forces in Iraq were making use of a Web site set up by the Saudi government and the CIA to uncover terrorist plots in the kingdom.

Elite U.S. military computer specialists, over the objections of the CIA, mounted a cyberattack that dismantled the online forum.  That is when the lawyers and politicians got involved, READ MORE

The San Francisco Bay Area chapter of ISSA is offers its annual CISSP Study group. The CISSP Study group is a chapter-sponsored activity to support members in achieving certifications in the security industry. It is a review-style study group tracking to the 10 domains identified in the ISC2 CISSP guidelines. This 13-week series covers all the domains including a mock exam.

Sessions will be held on Thursday evenings from 5:30- 8:30 p.m. March 25th - June 3rd at the State Fund building; 1275 Market Street, San Francisco, CA 94103.

Registration deadline to sign up is Monday, March 22, 2010

Download event flyer...

Mar 11, 2010
FOLLOW-UP

Cyber ShockWave exposed missing links in U.S. security.  Former DHS Chief's perspective of what was learned.  READ MORE

    * First, the United States does not have well-defined responsibilities for maintaining common situational awareness of emerging critical operational developments in cyberspace.
    * In a cyber crisis, our nation lacks an effective decision-making framework below the Cabinet level for coordinating the government's response and recovery from a devastating cyber event.
    * There is not in place a user-friendly process to allow government cyber defenders to effectively collaborate with the private sector to take advantage of their expertise and knowledge during the response to a cyberattack.
    * Current policy, legal and organizational constraints drive us to only a binary response: the traditional domestic-focused law enforcement approach on one hand and, at the other extreme, the compulsion to respond internationally to neutralize the attack.


Feb 16, 2010
FOLLOW-UP

Simulation shows government lacks policies needed to respond to cyberattack

The Cyber Shockwave exercise of a widespread cyberattack against the nation's critical infrastructure on demonstrated the cascading effects an attack can have on networks and the difficulty the government would have in quickly responding, including dealing with civil liberties and how to work with corporations.  READ MORE



The Bipartisan Policy Center's (BPC) upcoming Cyber ShockWave, a simulated cyber attack on the United States, will take place on Tuesday, February 16, 2010. Cyber ShockWave will provide an unprecedented look at how the government would develop a real-time response to a large-scale cyber crisis affecting much of the nation.  READ MORE

PRESS RELEASE

MORE INFO

Senior Intelligence Community officials, who testified at a recent Senate Homeland Security and Governmental Affairs Committee hearing, that the main obstacles to searching and matching information contained in government databases, including those containing information on American citizens, on suspected terrorists are policy and privacy related, as opposed to technological.  READ MORE

OPINION:  Read this article carefully, it's scary!

A recent survey performed by the National Governors Association says that fusion centers and information sharing were two top state priorities in 2009.  READ MORE

National Governors Association Press Release...

National Governors Association Survey ...

CrisisCampSiliconValley will be hosted by Carnegie Mellon Silicon Valley in the NASA Ames Research Park, Moffett Field, California from March 26th through March 28th, 2010, as part of the Carnegie Mellon Silicon Valley Disaster Management Initiative. 

CrisisCampSiliconValley will be a goal-oriented bar-camp - bring your demos/data and be ready to communicate. CrisisCamps bring together domain experts, developers and first responders around improving technology and practice for humanitarian crisis; CrisisCampSiliconValley will focus on the Bay Area and beyond. Prizes for further development of technology and collaboration (e.g., prototype testing, funding roadmaps) will be awarded.

MORE INFO

The National Cybersecurity Awareness Campaign Challenge invites cyber professionals and anyone who is interested to submit ideas for improving the public's security awareness and literacy.  READ MORE

DHS National Cybersecurity Awareness Campaign Challenge web site ...

A report released by security firm McAfee during this week's RSA security conference in San Francisco provides a couple of new details about the "Operation Aurora" attacks that affected some 34 U.S. companies.  Hackers targeted source code management systems manipulating a little-known trove of security flaws that would allow easy unauthorized access to the intellectual property it is meant to protect.  READ MORE

The White House has declassified part of the government's cybersecurity plan, publishing parts of it that discuss intrusion detection systems for federal computer networks and the government's role in securing critical infrastructure.  READ MORE

Another viewpoint...Few details in White House summary of cyber plan - The decision to publish a summary of the cyber initiative on the White House blog came just a month after the Washington-based Electronic Privacy Information Center (EPIC) filed a lawsuit in federal court seeking release of the computer security document.  The EPIC's executive director.
added, however, that the entire document still needs to be made public, including the legal authorities the government operates under and the privacy safeguards it employs when scrutinizing Internet traffic for cyber threats. READ MORE

Yet another viewpoint...Critics not satisfied with partial revelation of secret cybersecurity plan, READ MORE


The Comprehensive National Cybersecurity Initiative

Transparent Cybersecurity

As the most wired nation on Earth, the US offers the most targets of significance, yet our cyber-defenses are woefully lacking.  The problem is not one of resources; even in our current fiscal straits, we can afford to upgrade our defenses. The problem is that we lack a cohesive strategy to meet this challenge.  So says Michael McConnell, the former director of national intelligence. READ MORE

Another viewpoint...  Is all the Cyberwar Hype Going to Destroy the Open Internet, READ MORE

Yet another viewpoint ...  White House Cyber Czar: 'There Is No Cyberwar', READ MORE