Cyber Security Summit Blog

More than 400 teams are already registered for the 2014-2015 season of CyberPatriot, a competition that began in 2009 to motivate students to consider careers in cyber security and other science, technology, engineering, and mathematics disciplines. The current season, known as CyberPatriot VII, boasts participation from 40 states as well as Puerto Rico, Canada, and U.S. Department of Defense Dependent Schools in Germany. Each team consists of a coach and two to six students from the same middle school, high school, or other approved educational organization. The competition is structured as a tournament where the highest scoring teams advance until the top 28 teams are identified. The ...
Read More
In remarks delivered earlier today at the American Enterprise Institute in Washington, D.C., FCC Chairman Tom Wheeler outlined his organization's philosophy on cyber security. Stressing the importance of network security, Wheeler noted that today information networks don't just support the economy, they essentially are the economy. "As such, information networks aren’t ancillary; they are integral," he said. "And their security is vital." Wheeler said that given the dynamic nature of the threats we face today, the new security paradigm must be based on private sector innovation and the alignment both public and private interests. “Companies must have the capacity to assure themselves, their ...
Read More
Following a year of continued Congressional division, sequestration, a government shutdown and the troubled rollout of Healthcare.gov, IT industry association TechAmerica last week released its annual survey of federal government CIOs. TechAmerica surveys federal government CIOs each year to gauge their ongoing priorities and concerns. In this year's 24th annual report, that group was expanded slightly to include CISOs. The No. 1 priority identified this year was again cyber security/IT security, which sixty-three percent of respondents identified as one of their top three priorities (more than twice as much as any other priority mentioned). In addition, two-thirds of respondents said threats to ...
Read More
White House Cybersecurity Coordinator Michael Daniel shared his thoughts on existing cyber security regulations earlier today on the White House blog. In his post, he highlights Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which among other things directs Executive Branch departments and agencies that regulate the security of private-sector critical infrastructure to assess whether, based on the Cybersecurity Framework, existing regulatory authority is sufficient to address cyber risks. Reports were produced by the Environmental Protection Agency, Department of Health and Human Services and the Department of Homeland Security. The degree to which they regulate for cyber security ranges from high-level requirements to voluntary guidance; however, ...
Read More
Earlier today, we learned details of the latest cyber attack to affect a major online retailer when eBay reported that a database containing encrypted passwords and other non-financial data had been compromised. The company is asking its users — all 128 million of them — to change their passwords as a precautionary measure, joining others who have recently been required to issue large-scale password resets including Yahoo, AOL and Evernote. EBay says extensive network tests have so far found no evidence of any unauthorized activity for users or unauthorized access to financial or credit card information (which is stored separately). As ...
Read More
TeleCommunication Systems, which specializes in secure mobile communication technology, today reported it has entered into a contract with E-volve Technology Systems to provide training services to the U.S. Air Force for its Cyber Operations Training Program. The subcontract includes a base award term of five months and two one-year option terms for a total possible value of $3.3 million. The Air Force is funding the Cyber Operations Formal Training Support contract awarded to E-volve Technology Systems, and TeleCommunication Systems will provide training services including course planning, design and development; training, instruction and administration; technical analysis and courseware maintenance. Additionally, TeleCommunication Systems will provide ...
Read More
Post-resession, partnering with third-party vendors and outsourcing tasks that were once handled in-house has become a common cost-saving strategy. Unfortunately, many organizations aren't prepared to address the information technology and security risks that can emerge from outsourcing, according to a new survey by the Shared Assessments Program and consulting firm Protiviti. The survey, which asked companies about their current vendor risk management programs, found a general lack of mature vendor risk management practices as well as insufficient resources and staff to meet current best practice standards. "Managing the risks associated with outsourced services and vendor relationships is one of the many challenges facing ...
Read More
Retailers were among the hardest hit and most talked about victims of cyber crime in 2013. Now they are doing their best to fight back. Just yesterday, the Retail Industry Leaders Association and key retailers from around the country launched the Retail Cyber Intelligence Sharing Center, otherwise known as R-CISC. The center is an independent organization whose key feature is a "Retail Information Sharing and Analysis Center," which is designed to do exactly what its name suggests. According to RILA, the center will allow retailers to share cyber threat information both among themselves and with others, including the U.S. Department ...
Read More
At a presentation at the University of Minnesota this morning, National Institute of Standards and Technology Fellow Ron Ross announced the publication of a new set of systems security engineering guidelines designed to help improve information security. NIST Special Publication 800-160 was released in draft form and is now available for public comment. You can download the publication here: "Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems." Ross said the announcement was made at the university to highlight where the skills needed to combat tomorrow's cyber security challenges will come from. He said the University of Minnesota's Technological Leadership Institute represents a model ...
Read More
Ron Ross, a fellow at the National Institute of Standards and Technology and leader of the Federal Information Security Management Act Implementation Project, will announce new draft cyber security guidelines at the University of Minnesota on Tuesday. The guidelines are contained within "Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems." They were written to help both private- and public-sector officials build more resilient IT infrastructures. Ross is the principal architect of the NIST Risk Management Framework and leads the Joint Task Force Transformation Initiative Working Group, an effort to develop a unified information security framework for the federal ...
Read More