Cyber Connections News Roundup: October 9

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

October 9, 2018

New Cybersecurity Rules in China Raise Concerns for Companies Abroad

New cybersecurity rules in China are designed to give authorities broad authority to inspect businesses and access corporate networks and proprietary information, according to a recent report on http://www.wsj.com. These steps have raised concerns among foreign businesses, which maintain that Beijing could use these rules to force the disclosure of source codes and other corporate secrets. Read more.

October is Cybersecurity Awareness Month

University of Maryland University College (UMUC) joins others in recognizing October as National Cybersecurity Awareness Month by promoting education as the key to building a sustainable talent pipeline of professionals who are trained to effectively combat the growing threat of cybercrime. To learn more about the role of K-12 education, interdisciplinary higher-education strategies, and federal government programs in combatting cyber threats and building a sustainable pipeline of highly-trained professionals, read the recent feature article in leading UK publication, “Cyber Security Practitioner” by Dr. Emma Garrison-Alexander, vice dean of Cybersecurity and Information Assurance at UMUC. Read the full article.

Senate Passes Key Cyber Bill

The Senate on October 4 passed a key cyber bill that solidifies the Department of Homeland Security’s role as the main federal agency overseeing civilian cybersecurity, according to an article on https://thehill.com. Called “The Cybersecurity and Infrastructure Security Agency Act,” the bill establishes a cybersecurity agency that is the same stature as other units within DHS. Read more.

Vancouver, Washington-based Burgerville Chain Hit By Cyber Breach

Burgerville, a chain of 47 restaurants in Oregon and southwest Washington, recently discovered a cybersecurity breach that may have affected customers who paid with a credit card at any restaurant location in the last year, according to a report on http://www.opb.org. The breach involved customer debit or credit cards. Compromised customer information could include names, card numbers, expiration dates and the CVV numbers on the back of most cards. Read more.

Honeywell Launches Cybersecurity Service

Global software-industrial company Honeywell has launched CyberVantage, a dedicated cybersecurity consulting service. According to a recent http://www.forbes.com article, the new service, the result of five years of research and development in industry cybersecurity solutions, represents a logical next step for the company, given the increasing frequency and sophistication of cyber attacks on industrial devices, as well as the growing skills gap. Read more.

 

Two Years After the Presidential Election Hack: Can Our Election Systems Be Trusted?

Balakrishnan Dasarathy’s latest post explores whether we can trust our election systems leading up to the 2018 mid-terms.

In October 2016, as a lead-in to the November presidential election, Dasarathy, professor and program chair of Cybersecurity and Information Assurance at UMUC, posted a blog that examined whether or not our election systems could be hacked. Back then Dasarathy said that the short answer was, “yes, it’s possible,” but unlikely that the effect of a breach would be catastrophic.

Today, we not only know with certainty that our election systems can be hacked but also that Russian interference in our election systems is ongoing, according to an August 2 CNN report quoting Director of National Intelligence Dan Coats and other high-ranking U.S. national security officials.

So, in 2018, the more pointed and compelling question might very well be, in the wake of election hacking and continued interference, can U.S. citizens trust our election results?

Discover what we have learned since the 2016 election. Read the full article.

About the Author

DasMarch2018v6Balakrishnan Dasarathy, Ph.D., is professor and program chair of Cybersecurity and Information Assurance at University of Maryland University College (UMUC). Prior to joining UMUC in September 2012, he spent 30 years in industry focusing on information assurance and cybersecurity, and related areas of computer science. He has worked in both telecommunications—at GTE Laboratories, now part of Verizon, and at Bellcore and Telcordia, now part of Ericsson—and in finance at JP Morgan. Dasarathy has applied his information assurance, cybersecurity, software and network engineering skills to commercial and military systems. He has published extensively in the areas of information assurance, communication networks, middleware and distributed computing. Dasarathy received his doctorate in computer and information science from the Ohio State University.and is computer information systems security professional (CISSP) certified.

 

Cyber Connections News Roundup: Sept. 25

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

New Document Lays Out Trump Administration Cyber Strategy

The new White House cybersecurity strategy, announced on Sept. 21, according to national security adviser John Bolton, suggests a more aggressive posture, including authorizing offensive cyber operations against foreign adversaries. The directive — called National Security Presidential Memorandum 13, or NSPM 13 – aims to deter malicious actors from launching digital attacks against the United States. However some argue that the 40-page document lacks new proposals, according to a recent Washington Post report. Read more.

Three “Out of the Box” Solutions for Closing the Cyber Skills Gap

Recently on http://www.wsj.com, Janaki Chadha reported on three proposals for closing the cybersecurity skills gap – a “Cybersecurity Peace Corps” (proposed by Scott Shackelford, chair of the cybersecurity program at Indiana University, Bloomington); a Cyber ROTC (proposed by Michèle Flournoy, a former senior official in the Defense Department); and financial incentives in the form of tax breaks for employers that develop training programs for cybersecurity jobs. Read more.

US House Introduces Cyber Workforce Bill

In other cybersecurity workforce news, http://www.zdnet.com reported that US lawmakers have introduced a bipartisan bill meant to address the current shortage of cybersecurity professionals. The bill, called the Cyber Ready Workforce Act (H.R.6791), would establish a grant program within the Department of Labor to support the creation, implementation, and expansion of apprenticeship programs in cybersecurity. Read more.

Many US Adults Lack Awareness of Cyber Careers According to New Survey

Meanwhile, a recent report on http://www.securityboulevard.com suggests that closing the cybersecurity skills gap may be difficult because many adults lack awareness of the opportunities in the field. A new national University of Phoenix survey found that 80 percent of U.S. adults have never considered a career in cybersecurity. These findings owe a lot to a greater lack of awareness and familiarity with cyber jobs and job titles, according to the report. Read more.

Healthcare Industry Must Keep Pace With Growing Number of Cyber Threats to Mobile Devices

A recent article on http://www.healthtechmagazine.net outlines what healthcare organizations must to do to keep pace with the inherent cybersecurity threats to the growing number of health mobility programs available to patients and medical staff. The article cited 2017 HIMSS Cybersecurity Survey data, which indicate that health industry users are generally aware of phishing or typical threats that affect a desktop computer, but less aware of threats that impact mobile devices such as smartphones or tablets. Read more.

Cyber Connections News Roundup: Sept. 11

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

September 11, 2018

Strong Encryption a Threat to Law Enforcement and National Security

The governments of the United States, United Kingdom, Canada, Australia and New Zealand – countries known as the “Five Eyes” nations, based on an agreement they entered to cooperate on signal intelligence – all agree that strong encryption can be a threat to law enforcement and national security, according to a recent report on http://www.etcnews.com.

According to the article, forcing companies to provide governments with access to encrypted data likely will be a losing proposition, both for the governments and the people they’re trying to protect. UMUC’s Balakrishnan Dasarathy, quoted in the article, said: “Bad guys will just be chased to places where strong encryption is available, and good citizens won’t have the opportunity to use the best possible encryption.” Read more.

Equifax One Year Later: Still in Need of a Cybersecurity Solution

One year after the Equifax, Inc. breach the number of options for CISOs responsible for protecting company data remains overwhelming. Growing pressure to protect customer data and corporate reputations has led to the idea of a “Holy Grail” solution to cybersecurity, according to a recent report on http://www.marketwatch.com. MarketWatch interviewed top cybersecurity executives for their views on a solution. The common theme among these leaders was the need for consolidation in a fractured sector. Read more.

Why Securing Products and Services Remains a Challenge

Security is an afterthought in products and software, according to a recent http://www.forbes.com report. Capabilities like the Internet, applications, and distributed computing devices are here, are widely used, but commonly have been discovered to be insecure. Why? Namely, producers of these products know they need to do a better job, but securing them requires a huge amount of computing power. Read more.

The Case for a National Cybersecurity Agency

Recently on http://www.politico.com, David Petraeus and Kiran Sridhar laid out a case for a national cybersecurity agency. Cyberthreats have changed dramatically in recent years, they argue, but our national approach to cyber defense has not. The authors believe that an independent National Cybersecurity Agency can take the lead in protecting our critical infrastructure with greater focus than the Department of Homeland Security is currently able to execute. Read more.

How to Win the Cybersecurity Battle

Thirteen tech CIOs, CTOs and executives from the Forbes Technology Council share their tips on how to win the cybersecurity battle. In an article on http://www.forbes.com, these tech leaders take the reader well beyond the routine, such as installing updates, and offer some smart, and strategic, tips your business can do to protect itself and avoid becoming the next victim. Read more.

Cyber Connections News Roundup: August 28

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 28, 2018

Are Supercomputers Ready to Combat Cyber Threats

Supercomputers may be evolving, but many believe they remain impractical for solving security challenges. In June 2018, a new winner was crowned as the world’s fastest supercomputer, with the US taking the honors back from China. Oak Ridge National Lab’s Summit supercomputer can process more than 122 petaflops –122 thousand trillion floating-point operations per second. Supercomputers can have application in cybersecurity as well, but, according to experts, the days when that’s a reality are far ahead. Read more.

12 TED Talks That Will Change the Way You Look at Business Cybersecurity

From http://www.varonis.com comes a list of its top 12 TED Talks on cybersecurity. These discussions touch on everything from how to create a strong password to the impact hackers have on world peace. Find out if your business is ready to face its next cyber threat. Read more.

Is New NIST Law Aimed at Helping Small Businesses with Cybersecurity Effective?

The president recently signed into law the NIST Small Business Cybersecurity Act, S.770, originally introduced as the Main Street Cybersecurity Act. This law mandates that NIST (National Institute of Standards and Technology) produce and disseminate educational materials to help small businesses improve their cybersecurity posture. The website http://www.seacoastonline.com offers a succinct overview of the measure plus some invaluable commentary on its effectiveness. Read more.

Google Parent Company Alphabet Closer to Going Public With New Cybersecurity Platform

According to a recent report on http://www.cnbc.com, Google’s parent company, Alphabet, has revealed additional details on its new cybersecurity company, called Chronicle. Last year, Alphabet announced the company, but held back on much of the details. Recently, though, Chronicle CEO Stephen Gillett sat down with CNBC to offer some new details about the company’s direction, including plans to deliver “planet-scale” security services to large corporations. Read more.

Steps Healthcare Organizations Must Take to Combat Growing Cyber Threats

A recent article in HealthTech Magazine offers an overview of the cyber threats faced by healthcare organizations, the latest breach trends and security best practices for providers. To help meet today’s cyber challenges, healthcare organizations should first and foremost view cybersecurity as a business risk rather than just a technical challenge. Read more.

Cyber Connections News Roundup: August 14

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 14, 2018

This week in Las Vegas, some of the most talented cybersecurity minds have gathered to take part in two of the year’s biggest hacker conferences, Blackhat and Defcon.

The highlights of these conferences are often what can best be described as cyber magic tricks, where technicians show off their skills by proving how they can break into various devices, such as computers inside cars, voting machines and medical instruments.

News From Black Hat and Defcon: Recent Reports Offer Insights into Current Cyber Threat Vulnerabilities

Two of the largest hacker conferences on the calendar wrapped up in Las Vegas last week. Blackhat USA 2018 (August 4-8) and Defcon (August 9-12). Check out http://www.cnet.com for day-by-day highlights from both events, including news about election vulnerabilities, smart cities, cryptocurrencies, and Google’s current view on cybersecurity. Read more.

Meanwhile, as part of its report on the two cybersecurity events, http://www.crn.com asked 10 security executives and technical leaders attending Black Hat 2018 what election-related threats should be most worrisome to the government and general public. Read more.

Also reporting from Black Hat, Martin Giles, in an August 11 MIT Technology Review report, lays out the pros and cons of relying on machine learning and artificial intelligence to help guard against cyberattacks. Read more.

Is the Healthcare Industry More Vulnerable to Cyber Threats than Others?

According to a recent article on http://www.techcrunch.com, healthcare organizations on average spend only half as much on cybersecurity as other industries. Hospitals especially, with their massive amounts of personal records, are attracting an unusually high number of hackers. Read more.

TVA Invests in Cybersecurity Operations Center

Recognizing the increasingly high stakes of cyber threats on power grids and public utilities, the Tennessee Valley Authority (TVA), according to a recent report from The News Courier, has invested in state-of-the-art monitoring systems and equipment for a new cybersecurity operations center designed to combat the thousands of daily hacking attempts on the nation’s largest public power utility. Read more.

Are Employees an Organization’s Greatest Cybersecurity Risk?

As reported on http://www.holmesreport.com, a new Finn Partners study confirms what many organizations already suspect – employees are their biggest cybersecurity risk. The study, based on a survey of 500 US employees, found that breaches are largely due to the use of personal devices for work. The survey revealed, for example, that nearly two in five workers have clicked on a link or opened an attachment from a sender they did not recognize. Read more.

 

 

Cybersecurity 101: Five “Back to School” Tips to Stay Safe Online

University of Maryland University College grad Keirsten Brager, a security technology lead at a Fortune 500 power utility company, shares her 60-minute digital security checkup designed to empower any returning student with tips and resources to improve their personal digital security.

Although there is no single solution that will prevent security compromises 100 percent of the time, there are things you should be doing to protect yourself against cyber threats. Recently published in Homeland Security Today, the following tips represent the top five ways users can protect themselves online:

  1. Choose a password manager.
  2. Reset all passwords with stronger credentials.
  3. Add two-factor authentication to eligible accounts.
  4. Adjust security and privacy settings.
  5. Communicate securely.

Get the Full 60-Minute Checkup

About the Author

Keirsten Brager ia a security technology lead at a Fortune 500 power utility company and was recently named one of Dark Reading’s top women in security quietly changing the game. She is also the author of “Secure The InfoSec Bag: Six Figure Career Guide for Women in Security,” a guide to empowering women with the strategies needed maximize their earning potential. Brager holds a MS in Cybersecurity from UMUC and several industry certifications, including the CISSP and CASP.