Cyber Connections News Roundup: June 12

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 12, 2018

Has Brexit Put European Cybersecurity at Risk?

Sylvia Thompson of the Irish Times writes about the cybersecurity implications of Britain’s exit from the European Union. Britain, after all, historically has been the link between the intelligence network of the US, Canada, Australia and New Zealand and the European Union. So, the question remains: If Britain goes, does the link break? Read more.

New Study Outlines Recommendations for Preventing Identify Theft

The National Cybersecurity Society (NCSS), a national non-profit created to address small business cybersecurity, recently released a study focuses on business identity theft, how it is perpetrated and how we can prevent it. Titled “Business Identify Theft in the US,” the study was funded through a grant provided by the Identity Theft Resource Center and the Department of Justice, Office for Victims of Crime. Read more.

New Ridge Institute to Focus on Global Resiliency Against Cyber Threats

The Washington Business Journal reports that Tom Ridge, the first secretary of the Department of Homeland Security, has launched the Ridge Global Cybersecurity Institute. The organization’s mission is to advise and educate business leaders on navigating cybersecurity threats. Read more.

States and Counties Ramp Up Security Prior to Key Elections

As we get closer to key election dates, state and county governments across the country are intensifying their efforts to mitigate cyber threats in light of Russian attempts to meddle with the 2016 presidential election.

As reported on wnyt.com, for example, officials in New York are conducting cybersecurity drills in an effort to determine how vulnerable their state’s election system is to hacking. The exercises will simulate scenarios in which a hostile group seeks to tamper with voting systems, change election tallies or otherwise undermine voter confidence. Read more.

Meanwhile, in Collier County, Florida, Trish Robertson of the elections staff reports on www.hellowfl.com that the county has been ramping up preparations to prevent threats for the past few weeks, notably by installing a security networking monitoring system called “Albert.” Read more.

[Cyber] Securing the 2018 World Cup

On www.securityintelligence.com, Camille Singleton writes that security at the 2018 World Cup must move beyond the physical, which normally includes increased local police, physical barriers and identification checks. The widespread use of digital devices and social media warrant enhanced awareness and preventative measures to protect fans, foreign dignitaries and celebrities from malicious actors. Read more.

Cyber Connections News Roundup: May 22

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

May 22, 2018

Will Cybersecurity Be on the Table at the June Summit With North Korea?

As reported recently on http://www.newsmax.com, some members of Congress are lobbying to add cybersecurity to President Trump’s agenda for the June 12 North Korea summit in Singapore. Senator Cory Gardner (R-Colo.), who chairs the Senate subcommittee overseeing global cybersecurity and East Asia, and Senate Foreign Relations Chairman Bob Corker (R-Tenn.), believe the issue is something both parties need to talk about. Read more.

Department of Homeland Security Unveils New Strategy to Address Cyber Threats

The U.S. Department of Homeland Security on May 15 unveiled a new strategy to address the evolving threats to the nation’s cyber and critical infrastructure security. The announcement comes amid concerns about the security of the 2018 US midterm elections and numerous high-profile hacking incidents at US companies. The holistic approach to security calls for collaboration across the cybersecurity community, including partners in the federal government, state and local governments, industry, and the international community. Read more.

White House Eliminates Cybersecurity Coordinator Position

Meanwhile, the New York Times reports that the White House has eliminated the cybersecurity coordinator on the National Security Council. A memorandum circulated by an aide to the new national security adviser, John R. Bolton, said the post was no longer considered necessary because lower-level officials had already made cybersecurity issues a “core function” of the president’s national security team. Read more.

The State of Cybersecurity in Southeast Asia: Challenges Ahead

According to a survey conducted by Limelight Networks’s State of Cyber Security 2017 – Southeast Asia report, nearly 50 percent of businesses in Southeast Asia have suffered a cyber attack and more than 70 percent of businesses said they suffer financial losses as a result of hacking or data theft. A recent Techwireasia.com analysis of the Limelight Networks report suggests that the APAC region is particularly vulnerable to hackers given the speed and scope of digital transformation in that part of the world. Read more.

 

Cyber Connections News Roundup

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.


May 8, 2018


Iowa to Focus on Voting Cybersecurity

As reported on wcfcourier.com, the State of Iowa announced plans to form a multi-disciplinary group to the security of voting systems. The new Iowa Election Cybersecurity Working Group will include representatives from the U.S. and Iowa Departments of Homeland Security, the U.S. Elections Assistance Commission, the Iowa National Guard, Iowa’s Office of the Chief Information Officer, and others. Read more.

Cybersecurity to Become Ubiquitous In California

Statescoop.com reports that cybersecurity will become one of the key components of California’s Department of Technology’s vision moving forward. According to Peter Liebert, California’s chief information security officer, the state’s “Vision 2020” plan focuses on a goal of ensuring that all business conducted by the state will be delivered securely. Read more.

Leading Tech Companies Agree to Defend Customers Against Cyber Attacks

Microsoft, Facebook, Dell, LinkedIn, GitHub, among other leading tech firms, have signed the Cybersecurity Tech Accord, an agreement to defend their customers from cybercriminal and state-sponsored attacks. As reported on associationsnow.com, the group of 33 tech companies, led by Microsoft, who dubbed the effort a digital Geneva Convention. Read more.

The State of Colorado Turns to Military Veterans to Fill Cyber Jobs

As reported on forbes.com, the State of Colorado’s Governor’s Office of Information Technology is bridging the cyber skills gap by implementing a Veterans Transition Program in which veterans who are transitioning out of active duty can apply for a paid internship at the Governor’s Office of Information Technology where they can gain experience with the tools used in the public and private sectors, notably blockchain technology. Read more.

Global Telcos Establish Partnership to Combat Cyber Threats

Singtel, SoftBank, Etisalat, and Telefónica have formed a cybersecurity group to share data on threats. As reported on zdnet.com, the group, called the Global Telco Security Alliance, will offer a managed security services platform that supports customers across 60 countries in Asia-Pacific, Europe, the Middle East, and the Americas. Read more.

 

Five Misconceptions About Cybercrime

Take a look inside the new book by cyber expert and University of Maryland University College (UMUC) adjunct professor Richard A. White, PhD.

Reading “Cybercrime: The Madness Behind the Methods” by Richard White, adjunct professor, cybersecurity information assurance at UMUC, is like going on a wild ride-along with a seasoned police officer.

The book exposes the true nature of cybercrimes and takes the reader into the psychology and motivations of the criminal. Through in-depth interviews with real-life hackers, cyber-bullies and a former FBI special agent, White delivers a holistic view of perpetrator and victim behaviors, and the steps we need to take to reduce the menace presented by hacking.

The bottom line is that cybercrime not going away and many people beyond the intended victim are affected. Technology alone is neither the sole cause nor the solution.

To help better understand cybercrime, White offers these five common misconceptions:

  1. Cybercrime originates from disadvantaged or “third-world” countries.

Cybercrime is one of the most highly organized crime syndicates ever to exist. In reality, the majority of the world’s hacks originate in developed countries such as China, Russia, the U.S., Taiwan, Romania and Hungary. Many players fulfill many roles, each for a profit exacted from victims. Tools are sold and methods are discussed on the Internet. Often programmers sell their tools with a money-back guarantee. Money has no conscience and does not care who earns it or how it is earned. No matter the country of origin, cyber criminals will always put their top-earning talents to work.

  1. Cybercrime is victimless because it is nonviolent.

Cybercrime may be perceived as victimless because it fits into the category of white-collar crime. White-collar crime is not trivial or victimless, as most white-collar criminals would have you believe. A single cybercrime effort can result in multiple victims. The original victim may have something stolen, data held for ransom or their identity used to fleece other organizations. One event can leave a single person dealing with an issue for years, but that event can also impact a person’s family, friends and co-workers who must deal with the issue and, of course, the taxpayers often take a hit.

  1. Cybercrime is committed by highly skilled and computer savvy people.

People with only basic computer skills commit most cybercrime. These criminals use simple and proven methods, many of which have been around for a long time, and seek the easiest way into a computer system. The software and methods used are readily available on the Internet for free or at a minimum cost. Phishing attacks are an example of how easy it really is. Too many people, even if they are suspicious of an email, will open it to see what is inside and, worse yet, will click a link to see where it goes.

  1. Cybercrime requires a technically complex and sophisticated solution.

As noted earlier, actual cyberattacks are not technically complex and sophisticated. But the organized crime aspects of the criminal network itself are, by their very nature, complex and sophisticated because they are designed to avoid detection and prosecution while exploiting the fruits of the actual cybercrime. Think of cybercrime as akin to a business where the actual thief is just one of many along a seemingly traditional hierarchy. With the sky being the limit and very little risk required to start, many potential hackers experiment at entry-level just to test their moxie and give it a try.

  1. Victims of cybercrimes are usually made whole again.

The sad fact is that victims often spend years trying to resolve issues created by cybercrime and rarely see the return of stolen funds. The onus is on the victim to prove that they did not apply for that credit card or transfer funds from their accounts. Imagine discovering one day that your house has a second mortgage loan on it for tens of thousands of dollars that you did not take out? And now the bank is foreclosing on your property because you did not make your loan payments. Cybercrime creates real victims dealing with long-lasting issues. But cybercrime is not always about money. Consider the fear and psychological trauma associated with cyber-stalking and cyber bullying.

“Cybercrime: The Madness Behind the Method,” published in late 2017, is available on Amazon.

Reflections on Cybersecurity: A Deliberate Career Choice

By Valorie King, Ph.D

Can one live an unplugged life? Not really. If you shop or receive medical care or do any one of a hundred small things each day, information about you is captured, stored, transmitted to places that are not secure and may not even be securable. Your phone, your watch or step tracker and your tablet or computer—all your devices—know where you are and where you’ve been. The apps on your devices capture information about your location and time of day and send that off to people you don’t even know and might not approve of if you did.

Every single modern computer is vulnerable to a new type of attack. Organizations are scrambling to deploy new defenses. Vendors are working furiously to find, fix and patch. The public is trying to understand what this new cyber threat means and decide how worried they should be. And the hackers? Well, they’re looking for the next new vulnerability to exploit and increase their fame and fortune.

I deliberately chose to move into the cybersecurity career field. I deliberately chose a career that has become one of the most stressful career fields to be in. Every day, there are new attacks, new vulnerabilities and new tactics that negatively impact—and steal away—our safety and privacy. The cybersecurity industry just can’t keep up. The hackers, cyber criminals and cyber terrorists are winning.

What was I thinking? I don’t know. Cybersecurity just seemed like the best career choice at the time, especially for someone re-entering the IT workforce after almost a decade as a stay-at-home mom. Many of my students are facing similar choices, and I applaud them for wanting to better their lives and the lives of their families. But, sometimes, I wonder if cybersecurity really is the best choice. Is the stress of dealing with cyber risks and cyberattacks, day in and day out, worth the impact on me personally or on my family?

Here’s my bottom line. As I read the news and watch videos about the changing landscape of cyber risks, I am reminded of the words of Irish statesman and philosopher Edmund Burke: “All it takes for evil to triumph is for good men to do nothing.” So, for the moment, I’ll keep on keeping on. I will try to balance my job of informing people and society about cyber risks with an obligation to refrain from creating fear unnecessarily. And, I will try to manage the stress of living daily with the responsibility to inform, to defend and to protect.

About the Author

Valorie King, Ph.D, is program chair, Cybersecurity Management and Policy at UMUC. King’s professional focus is on developing tomorrow’s cybersecurity workforce. To accomplish this, she leads a world-class faculty of scholar-practitioners who engage in the design, management, and assessment of cybersecurity programs, products, and services in businesses and governments within local, regional, national and international contexts.

 

Full STEAM Ahead: UMUC Cyber Faculty Members Help Girls Fuel Futures in Tech

University of Maryland University College (UMUC) cybersecurity professors Loyce Pailen and Tamie Santiago were among panelists who shared advice with girls of all ages interested in STEAM careers.

On Saturday, Feb. 24, 2018 UMUC Cybersecurity faculty members Loyce Pailen and Tamie Santiago joined Maryland elementary, middle, and high school students at the Indian Head Parks and Recreation Center for “Fuel Your Future with STEAM,” a day long event dedicated to empowering girls and young women toward careers in science, technology, engineering and math (STEM)—with a twist.

STEAM givIndian Heades STEM added dimension and relevance by integrating traditional STEM subjects with art plus design to drive 21st century innovation. The event featured industry leaders and experts in STEAM who offered a comprehensive overview of what STEAM is, how to get involved, and how these fields can be used for personal career development.

Pailen, director of UMUC’s Center for Security Studies, and Santiago, collegiate associate professor, Cybersecurity Policy, served on the panel, which represented women in medicine, nursing, veterinary science, science, and cybersecurity. The panelists shared advice and motivations for career advancement.

LoycePailen (right) advised audience members to develop an understanding of cybersecurity early, which then may lead to a career in the field. “Young people need to grow up with an understanding of what cybersecurity is all about, its nuances, and implications,” she said. “If we can get young people engaged in cybersecurity at an early age, then we can introduce them to careers in the field because if students are not aware of careers, they won’t seek them.”

Processed with VSCO with hb2 preset

Santiago (left) stressed the importance of following your own unique path. “It’s important to chart your own path, and don’t feel like you have to have a path that resembles your peer’s,” she said. “My passion for technology actually started with curiosity and a desire to question and investigate. This led me to career opportunities.”

Other panelists stressed the importance of an advanced degree as a critical step toward a successful career as well as hurdles they encountered during their career journey. Key themes for the students also included: perseverance; focusing on your dreams regardless of what others think; advancing your career through mentorships and networking; the importance of academic success; obtaining certifications and professional development; and simply striving to be the best you can be.

 

 

 

 

 

 

Discover All You Need to Know about Access Control

A recent CSO Online article featuring UMUC adjunct Ted Wagner offers a guide to what it is, why it’s important, and who needs it the most.

What is “access control” and why is it important? Simply put, access control is the security technique for regulating who has access to your physical environment to the data in a computing environment. From a cybersecurity perspective, the ability to control who gains access to your data is critically important to the security, safety, and digital hygiene of your organization.

Much has been written about the importance of access control and its governance, but an article titled “What is access control? 5 enforcement challenges security professionals need to know” by James A. Martin pulls all of the elements of the topic together into a comprehensive explanation of what access controls are, why we need them, and the critical policy challenges for enforcing them.

The article features insights from Ted Wagner, CISO at SAP National Security Services, Inc., and adjunct assistant professor in cybersecurity at University of Maryland University College.

Read the full article.