News & Events and Other Interesting Stuff

FBI Director says Cyber Attacks Becoming Top Terror Threat

2012-02-03T17:57:54Z

Cyber attacks against government agencies and businesses in the United States continue to rise, and cyber threats will one day surpass the danger of terrorism to the United States, FBI Director Mueller reported today in a recent open hearing of the Senate select intelligence community. READ MORE

Iran spies are actively hacking the U.S.

2012-01-31T20:41:46Z

"Russia and China are aggressive and successful purveyors of economic espionage against the United States," and "Iran's intelligence operations against the United States, including cyber capabilities, have dramatically increased in recent years in depth and complexity." ... testimony by Director of National Intelligence James Clapper in his prepared testimony (.pdf) to the Senate Select Committee on Intelligence. READ MORE

Director Clapper's prepared statement (.pdf)...

SEC Cyberthreat Disclosure Mandate

2012-01-27T17:16:07Z

The Security and Exchange Commission has now mandated that cyber-incident related disclosures must be made in securities filings. Now, every company under the watchful eye of the agency must disclose its analysis of exposure to a data breach or attack, discussion of material cyber-incidents, description of related legal proceedings and the implications for the firm's financials. READ MORE

SEC Disclosure Guidance

Books of interest ...

2012-01-24T16:27:31Z

America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare

Joel Brenner, a former Director of Counterintelligence in the office of the Director of National Intelligence. goes behind the headlines to explore America's next great battleground: digital security. An urgent wake-up call that identifies our foes; unveils their methods; and charts the dire consequences for government, business, and individuals. MORE at Amazon.com ...

Auditing Cloud Computing: A Security and Privacy Guide

The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources. The book includes a chapter written by SF Bay InfraGard member and Member of the chapter's Board of Directors, Jeff Fenton! MORE at Amazon.com

Confusing reports concerning possible rail system "hacking" ...

2012-01-24T16:10:07Z

A recent article in Nextgov.com reports that in late 2011 a Pacific Northwest transportation entity observed a potential "cyber incident" and reported the incident to DHS/TSA and the FBI. READ MORE

UPDATE: Jan 26, 2012

Railroad Association Says Hack Memo Was Inaccurate

A government memo saying a railway was hacked in a targeted attack was incorrect, according to a spokeswoman for the Association of American Railroads.

"There was no targeted computer-based attack on a railroad," according to spokeswoman Holly Arthur. "The memo on which the story was based has numerous inaccuracies." READ MORE

NOTE: This is the second recent "false alarm" concerning attacks on CI/KR. I am reminded of the comment by the astronomer Carl Sagan ...

"Extraordinary Claims Require Extraordinary Evidence" ...

I was hoping to see some discussion on this on the secure InfraGard site but alias, nothing!

Researchers Release Exploits for Programmable Logic Controllers

2012-01-20T21:03:40Z

DigitalBond, a SCADA security company that led the research, said ... "We felt it was important to provide tools that showed critical infrastructure owners how easy it is for an attacker to take control of their system with potentially catastrophic results," .Vulnerabilities were reported in widely used programmable logic controllers (PLCs) made by General Electric, Rockwell Automation, Schneider Modicon, Koyo Electronics and Schweitzer Engineering Laboratories. READ MORE

RELATED:

What me worry? A security researcher was able to locate and map more than 10,000 industrial control systems hooked up to the public internet, including water and sewage plants, and found that many could be vulnerable to easy hack attacks. READ MORE

SF Bay InfraGard Winter 2012 Quarterly Meeting...

2012-01-19T18:34:51Z

Once again RSA is providing the chapter meeting space during the RSA Conference 2012 event at Moscone Center in San Francisco, CA.

Thursday / March 1, 2012
05:30PM - 07:00 PM

To attend you will need to register for the RSA event. Registration is FREE but you do need to register for at least the RSA Conference 2012 EXPO Pass. This pass will provide access to the InfraGard meeting, the EXPO exhibit floor and Keynote addresses.

You can register for the conference through a variety of ways. RSA has provided the SF Bay InfraGard chapter FREE EXPO passes, MORE INFO ...

We will be meeting in the same general vicinity where we met last year, look for the InfraGard banner. Don't forget to provide yourself enough time to complete the RSA registration and badging process. The meeting is open to all, InfraGard member or not.

The Defense Industrial Base Cybersecurity Program transitions from DoD to DHS management ...

2012-01-18T16:03:17Z

DHS is taking over control of the Pentagon project that shared classified intelligence with select military contractors and their communications providers, DIB Cybersecurity Pilot.

The new arrangement puts DHS, the civilian agency responsible for facilitating the protection of private critical infrastructure, in charge of communicating with private Internet service providers. The Defense Department will continue to be the point of contact for contractors, officials said. MORE INFO

DHS Joint Cybersecurity Services Pilot (JCSP)

QuakeSmart Toolkit

2012-01-13T17:52:34Z

QuakeSmart is an initiative that was developed by FEMA NEHRP to help businesses in at-risk seismic communities start and maintain earthquake mitigation efforts. The QuakeSmart Toolkit (www.fema.gov/plan/prevent/earthquake/qstoolkit) provides actionable and scalable basic guidance and tools to the private sector about the importance of earthquake mitigation and the simple things that they can do to reduce the potential of earthquake damages, injuries, and financial losses. Information contained in this toolkit walks you through a three-step process: 1) identify your risk; 2) make a plan; and 3) take action. The toolkit is not intended to be all-inclusive of available FEMA guidance related to earthquake mitigation and businesses should address all hazards they are exposed to.

This toolkit was specifically developed to encourage businesses to incorporate earthquake mitigation in their decision making and planning process to enhance their all-hazards resilience, particularly from an earthquake event. MORE INFO

If your company is located in the Bay Area you are at risk. The SF Bay InfraGard chapter is interested in working with your company to help you better understand your risk, Contact: davies@sfbay-infragard.org

Electric Sector Cybersecurity Risk Management Maturity project ...

2012-01-10T15:57:38Z

The U.S. Department of Energy has announced an initiative to further protect the electrical grid from cyber attacks. The "Electric Sector Cybersecurity Risk Management Maturity" project, a White House initiative led by the Department of Energy in partnership with the Department of Homeland Security (DHS), will leverage the insight of private industry and public sector experts to build on existing cybersecurity measures and strategies to create a more comprehensive and consistent approach to protecting the nation's energy delivery system. MORE INFO

White House Blog - Protecting the Nation's Electric Grid from Cyber Threats...

The ongoing saga of cybersecurity legislation ...

2012-01-04T18:55:24Z

There are several versions of proposed cybersecurity legislation still working their way through congress, MORE INFO ...

Jan 13, 2012 / UPDATE : Concerns growing that draft cyber bill gives DHS controversial authorities, MORE INFO

Blueprint for a Secure Cyber Future

2011-12-15T18:39:15Z

DHS has released a new cybersecurity strategy document with a two-pronged approach: protecting critical infrastructure today and building a more secure cybersecurity ecosystem for the future. READ MORE

Blueprint for a Secure Cyber Future (.pdf)

New CA eCrime Unit

2011-12-15T18:32:59Z

CA Attorney General Harris has announced the creation of a new eCrime Unit to investigate and prosecute technology crime, MORE INFO

CA Department of Justice Cybersafety Web Site

Federal Cybersecurity R&D Strategic Plan Released

2011-12-07T18:50:37Z

The White House Office of Science and Technology Policy has released the Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program--a road map to ensuring long-term reliability and trustworthiness of the digital communications network that is increasingly at the heart of American economic growth and global competitiveness. OSTP Press Release, DOWNLOAD REPORT (.pdf)

National Information Sharing Organization

2011-12-07T15:36:52Z

A House Homeland Security Committee has drafted a bill that would create a nonprofit entity to share information on cyber threats. This concept is competing with a bill already passed by the House Intelligence Committee. See our post on Equal Opportunity Info Sharing

The proposed National Information Sharing Organization, or NISO, would be guided by a board of directors composed of two privacy advocates and 10 representatives from critical infrastructure sectors, including the banking, communications, defense contracting, energy and health care industries. MORE INFO