Cyber Connections News Roundup: November 6

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 6, 2018

Why Does Cybersecurity Have to Be So Hard?

According to a three-part series on http://www.forbes.com, the main reason is a lack of maturity in enterprise security operations. In a typical organization, insufficient skills at the tier 1 level to handle the response to most security events and incidents leads to excessive escalations to tier 2 and tier 3 support that are inadequately staffed to handle the volume. And because cybersecurity is in its infancy, by comparison to other IT areas, there is far less institutional knowledge to be shared with security operations recruits. Read more.

FDA Called Out on Deficient Plans to Secure Medical Devices

The U.S. Health & Human Services Department’s inspector general last month flagged the Food and Drug Administration (FDA) for its “deficient” plans and processes to ensure medical device cybersecurity, according to a recent report on http://www.massdevice.com. According to an HHS report, the FDA had not adequately tested its ability to respond to emergencies resulting from cybersecurity events in medical devices. Moreover, in two of 19 district offices, the FDA had not established written standard operating procedures to address recalls of medical devices vulnerable to cyber threats. Read more.

Talk of Cybersecurity Concerns Dominates Recent Law Practice Conference

Cybersecurity is a growing concern among practicing lawyers, according recent coverage of the College of Law Practice Management’s Futures Conference on http://www.abovethelaw.com. One of the statistics shared during the conference, at which discussion of cybersecurity dominated, was that one third of law firms with 10-99 lawyers suffered from a cyber breach in 2017. Read more. Read more.

How Utility Companies Can Combat Cybersecurity Threats

The recent indictments of seven intelligence officers from the Russian Main Intelligence Directorate of the General Staff (GRU) on charges of hacking computers associated with anti-doping sports organizations should serve wake-up call to utility companies in the US and abroad. . The hacking, as it turned out, was not limited to the anti-doping organizations. Allegedly, it extended to an international chemical weapons lab and a global electric company. A recent article on http://www.tdworld.com offers utility companies five tips they can take to combat cyber threats. Read more.

New NSF Investments Focus on Cybersecurity Programs

The National Science Foundation (NSF) Secure and Trustworthy Cyberspace (SaTC) program has announced new support for a diverse, $78.2 million portfolio of more than 225 new projects in 32 states spanning a broad range of research and education topics, including artificial intelligence, cryptography, network security, privacy, and usability. According to a recent report on www.scienmag.com, the new portfolio features an award for the Center for Trustworthy Machine Learning (CTML), which will address challenges in cybersecurity science and engineering. Read more.

How Secure Are Our Election Systems?

Some final thoughts leading up to the November 8 mid-term elections from UMUC Cybersecurity expert Balakrishnan Dasarathy.

Can our election systems be hacked? In 2018, as we move closer to the mid-term elections, a more pointed and compelling question might very well be, in the wake of election hacking and continued interference, can U.S. citizens trust our election results?

We caught up with Balakrishnan Dasarathy, professor and program chair of Cybersecurity and Information Assurance at University of Maryland University College, at last week’s CyberMaryland 2018 event to get his thoughts (see video below) leading up to the 2018 mid-terms.

See the video below or read his Dasarathy’s full analysis of election security.

Cyber Connections News Roundup: October 9

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

October 9, 2018

New Cybersecurity Rules in China Raise Concerns for Companies Abroad

New cybersecurity rules in China are designed to give authorities broad authority to inspect businesses and access corporate networks and proprietary information, according to a recent report on http://www.wsj.com. These steps have raised concerns among foreign businesses, which maintain that Beijing could use these rules to force the disclosure of source codes and other corporate secrets. Read more.

October is Cybersecurity Awareness Month

University of Maryland University College (UMUC) joins others in recognizing October as National Cybersecurity Awareness Month by promoting education as the key to building a sustainable talent pipeline of professionals who are trained to effectively combat the growing threat of cybercrime. To learn more about the role of K-12 education, interdisciplinary higher-education strategies, and federal government programs in combatting cyber threats and building a sustainable pipeline of highly-trained professionals, read the recent feature article in leading UK publication, “Cyber Security Practitioner” by Dr. Emma Garrison-Alexander, vice dean of Cybersecurity and Information Assurance at UMUC. Read the full article.

Senate Passes Key Cyber Bill

The Senate on October 4 passed a key cyber bill that solidifies the Department of Homeland Security’s role as the main federal agency overseeing civilian cybersecurity, according to an article on https://thehill.com. Called “The Cybersecurity and Infrastructure Security Agency Act,” the bill establishes a cybersecurity agency that is the same stature as other units within DHS. Read more.

Vancouver, Washington-based Burgerville Chain Hit By Cyber Breach

Burgerville, a chain of 47 restaurants in Oregon and southwest Washington, recently discovered a cybersecurity breach that may have affected customers who paid with a credit card at any restaurant location in the last year, according to a report on http://www.opb.org. The breach involved customer debit or credit cards. Compromised customer information could include names, card numbers, expiration dates and the CVV numbers on the back of most cards. Read more.

Honeywell Launches Cybersecurity Service

Global software-industrial company Honeywell has launched CyberVantage, a dedicated cybersecurity consulting service. According to a recent http://www.forbes.com article, the new service, the result of five years of research and development in industry cybersecurity solutions, represents a logical next step for the company, given the increasing frequency and sophistication of cyber attacks on industrial devices, as well as the growing skills gap. Read more.

 

Two Years After the Presidential Election Hack: Can Our Election Systems Be Trusted?

Balakrishnan Dasarathy’s latest post explores whether we can trust our election systems leading up to the 2018 mid-terms.

In October 2016, as a lead-in to the November presidential election, Dasarathy, professor and program chair of Cybersecurity and Information Assurance at UMUC, posted a blog that examined whether or not our election systems could be hacked. Back then Dasarathy said that the short answer was, “yes, it’s possible,” but unlikely that the effect of a breach would be catastrophic.

Today, we not only know with certainty that our election systems can be hacked but also that Russian interference in our election systems is ongoing, according to an August 2 CNN report quoting Director of National Intelligence Dan Coats and other high-ranking U.S. national security officials.

So, in 2018, the more pointed and compelling question might very well be, in the wake of election hacking and continued interference, can U.S. citizens trust our election results?

Discover what we have learned since the 2016 election. Read the full article.

About the Author

DasMarch2018v6Balakrishnan Dasarathy, Ph.D., is professor and program chair of Cybersecurity and Information Assurance at University of Maryland University College (UMUC). Prior to joining UMUC in September 2012, he spent 30 years in industry focusing on information assurance and cybersecurity, and related areas of computer science. He has worked in both telecommunications—at GTE Laboratories, now part of Verizon, and at Bellcore and Telcordia, now part of Ericsson—and in finance at JP Morgan. Dasarathy has applied his information assurance, cybersecurity, software and network engineering skills to commercial and military systems. He has published extensively in the areas of information assurance, communication networks, middleware and distributed computing. Dasarathy received his doctorate in computer and information science from the Ohio State University.and is computer information systems security professional (CISSP) certified.

 

Cyber Connections News Roundup: Sept. 25

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

New Document Lays Out Trump Administration Cyber Strategy

The new White House cybersecurity strategy, announced on Sept. 21, according to national security adviser John Bolton, suggests a more aggressive posture, including authorizing offensive cyber operations against foreign adversaries. The directive — called National Security Presidential Memorandum 13, or NSPM 13 – aims to deter malicious actors from launching digital attacks against the United States. However some argue that the 40-page document lacks new proposals, according to a recent Washington Post report. Read more.

Three “Out of the Box” Solutions for Closing the Cyber Skills Gap

Recently on http://www.wsj.com, Janaki Chadha reported on three proposals for closing the cybersecurity skills gap – a “Cybersecurity Peace Corps” (proposed by Scott Shackelford, chair of the cybersecurity program at Indiana University, Bloomington); a Cyber ROTC (proposed by Michèle Flournoy, a former senior official in the Defense Department); and financial incentives in the form of tax breaks for employers that develop training programs for cybersecurity jobs. Read more.

US House Introduces Cyber Workforce Bill

In other cybersecurity workforce news, http://www.zdnet.com reported that US lawmakers have introduced a bipartisan bill meant to address the current shortage of cybersecurity professionals. The bill, called the Cyber Ready Workforce Act (H.R.6791), would establish a grant program within the Department of Labor to support the creation, implementation, and expansion of apprenticeship programs in cybersecurity. Read more.

Many US Adults Lack Awareness of Cyber Careers According to New Survey

Meanwhile, a recent report on http://www.securityboulevard.com suggests that closing the cybersecurity skills gap may be difficult because many adults lack awareness of the opportunities in the field. A new national University of Phoenix survey found that 80 percent of U.S. adults have never considered a career in cybersecurity. These findings owe a lot to a greater lack of awareness and familiarity with cyber jobs and job titles, according to the report. Read more.

Healthcare Industry Must Keep Pace With Growing Number of Cyber Threats to Mobile Devices

A recent article on http://www.healthtechmagazine.net outlines what healthcare organizations must to do to keep pace with the inherent cybersecurity threats to the growing number of health mobility programs available to patients and medical staff. The article cited 2017 HIMSS Cybersecurity Survey data, which indicate that health industry users are generally aware of phishing or typical threats that affect a desktop computer, but less aware of threats that impact mobile devices such as smartphones or tablets. Read more.

Cyber Connections News Roundup: Sept. 11

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

September 11, 2018

Strong Encryption a Threat to Law Enforcement and National Security

The governments of the United States, United Kingdom, Canada, Australia and New Zealand – countries known as the “Five Eyes” nations, based on an agreement they entered to cooperate on signal intelligence – all agree that strong encryption can be a threat to law enforcement and national security, according to a recent report on http://www.etcnews.com.

According to the article, forcing companies to provide governments with access to encrypted data likely will be a losing proposition, both for the governments and the people they’re trying to protect. UMUC’s Balakrishnan Dasarathy, quoted in the article, said: “Bad guys will just be chased to places where strong encryption is available, and good citizens won’t have the opportunity to use the best possible encryption.” Read more.

Equifax One Year Later: Still in Need of a Cybersecurity Solution

One year after the Equifax, Inc. breach the number of options for CISOs responsible for protecting company data remains overwhelming. Growing pressure to protect customer data and corporate reputations has led to the idea of a “Holy Grail” solution to cybersecurity, according to a recent report on http://www.marketwatch.com. MarketWatch interviewed top cybersecurity executives for their views on a solution. The common theme among these leaders was the need for consolidation in a fractured sector. Read more.

Why Securing Products and Services Remains a Challenge

Security is an afterthought in products and software, according to a recent http://www.forbes.com report. Capabilities like the Internet, applications, and distributed computing devices are here, are widely used, but commonly have been discovered to be insecure. Why? Namely, producers of these products know they need to do a better job, but securing them requires a huge amount of computing power. Read more.

The Case for a National Cybersecurity Agency

Recently on http://www.politico.com, David Petraeus and Kiran Sridhar laid out a case for a national cybersecurity agency. Cyberthreats have changed dramatically in recent years, they argue, but our national approach to cyber defense has not. The authors believe that an independent National Cybersecurity Agency can take the lead in protecting our critical infrastructure with greater focus than the Department of Homeland Security is currently able to execute. Read more.

How to Win the Cybersecurity Battle

Thirteen tech CIOs, CTOs and executives from the Forbes Technology Council share their tips on how to win the cybersecurity battle. In an article on http://www.forbes.com, these tech leaders take the reader well beyond the routine, such as installing updates, and offer some smart, and strategic, tips your business can do to protect itself and avoid becoming the next victim. Read more.

Cyber Connections News Roundup: August 28

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 28, 2018

Are Supercomputers Ready to Combat Cyber Threats

Supercomputers may be evolving, but many believe they remain impractical for solving security challenges. In June 2018, a new winner was crowned as the world’s fastest supercomputer, with the US taking the honors back from China. Oak Ridge National Lab’s Summit supercomputer can process more than 122 petaflops –122 thousand trillion floating-point operations per second. Supercomputers can have application in cybersecurity as well, but, according to experts, the days when that’s a reality are far ahead. Read more.

12 TED Talks That Will Change the Way You Look at Business Cybersecurity

From http://www.varonis.com comes a list of its top 12 TED Talks on cybersecurity. These discussions touch on everything from how to create a strong password to the impact hackers have on world peace. Find out if your business is ready to face its next cyber threat. Read more.

Is New NIST Law Aimed at Helping Small Businesses with Cybersecurity Effective?

The president recently signed into law the NIST Small Business Cybersecurity Act, S.770, originally introduced as the Main Street Cybersecurity Act. This law mandates that NIST (National Institute of Standards and Technology) produce and disseminate educational materials to help small businesses improve their cybersecurity posture. The website http://www.seacoastonline.com offers a succinct overview of the measure plus some invaluable commentary on its effectiveness. Read more.

Google Parent Company Alphabet Closer to Going Public With New Cybersecurity Platform

According to a recent report on http://www.cnbc.com, Google’s parent company, Alphabet, has revealed additional details on its new cybersecurity company, called Chronicle. Last year, Alphabet announced the company, but held back on much of the details. Recently, though, Chronicle CEO Stephen Gillett sat down with CNBC to offer some new details about the company’s direction, including plans to deliver “planet-scale” security services to large corporations. Read more.

Steps Healthcare Organizations Must Take to Combat Growing Cyber Threats

A recent article in HealthTech Magazine offers an overview of the cyber threats faced by healthcare organizations, the latest breach trends and security best practices for providers. To help meet today’s cyber challenges, healthcare organizations should first and foremost view cybersecurity as a business risk rather than just a technical challenge. Read more.