Cyber Connections News Roundup: August 28

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 28, 2018

Are Supercomputers Ready to Combat Cyber Threats

Supercomputers may be evolving, but many believe they remain impractical for solving security challenges. In June 2018, a new winner was crowned as the world’s fastest supercomputer, with the US taking the honors back from China. Oak Ridge National Lab’s Summit supercomputer can process more than 122 petaflops –122 thousand trillion floating-point operations per second. Supercomputers can have application in cybersecurity as well, but, according to experts, the days when that’s a reality are far ahead. Read more.

12 TED Talks That Will Change the Way You Look at Business Cybersecurity

From comes a list of its top 12 TED Talks on cybersecurity. These discussions touch on everything from how to create a strong password to the impact hackers have on world peace. Find out if your business is ready to face its next cyber threat. Read more.

Is New NIST Law Aimed at Helping Small Businesses with Cybersecurity Effective?

The president recently signed into law the NIST Small Business Cybersecurity Act, S.770, originally introduced as the Main Street Cybersecurity Act. This law mandates that NIST (National Institute of Standards and Technology) produce and disseminate educational materials to help small businesses improve their cybersecurity posture. The website offers a succinct overview of the measure plus some invaluable commentary on its effectiveness. Read more.

Google Parent Company Alphabet Closer to Going Public With New Cybersecurity Platform

According to a recent report on, Google’s parent company, Alphabet, has revealed additional details on its new cybersecurity company, called Chronicle. Last year, Alphabet announced the company, but held back on much of the details. Recently, though, Chronicle CEO Stephen Gillett sat down with CNBC to offer some new details about the company’s direction, including plans to deliver “planet-scale” security services to large corporations. Read more.

Steps Healthcare Organizations Must Take to Combat Growing Cyber Threats

A recent article in HealthTech Magazine offers an overview of the cyber threats faced by healthcare organizations, the latest breach trends and security best practices for providers. To help meet today’s cyber challenges, healthcare organizations should first and foremost view cybersecurity as a business risk rather than just a technical challenge. Read more.

Cyber Connections News Roundup: August 14

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 14, 2018

This week in Las Vegas, some of the most talented cybersecurity minds have gathered to take part in two of the year’s biggest hacker conferences, Blackhat and Defcon.

The highlights of these conferences are often what can best be described as cyber magic tricks, where technicians show off their skills by proving how they can break into various devices, such as computers inside cars, voting machines and medical instruments.

News From Black Hat and Defcon: Recent Reports Offer Insights into Current Cyber Threat Vulnerabilities

Two of the largest hacker conferences on the calendar wrapped up in Las Vegas last week. Blackhat USA 2018 (August 4-8) and Defcon (August 9-12). Check out for day-by-day highlights from both events, including news about election vulnerabilities, smart cities, cryptocurrencies, and Google’s current view on cybersecurity. Read more.

Meanwhile, as part of its report on the two cybersecurity events, asked 10 security executives and technical leaders attending Black Hat 2018 what election-related threats should be most worrisome to the government and general public. Read more.

Also reporting from Black Hat, Martin Giles, in an August 11 MIT Technology Review report, lays out the pros and cons of relying on machine learning and artificial intelligence to help guard against cyberattacks. Read more.

Is the Healthcare Industry More Vulnerable to Cyber Threats than Others?

According to a recent article on, healthcare organizations on average spend only half as much on cybersecurity as other industries. Hospitals especially, with their massive amounts of personal records, are attracting an unusually high number of hackers. Read more.

TVA Invests in Cybersecurity Operations Center

Recognizing the increasingly high stakes of cyber threats on power grids and public utilities, the Tennessee Valley Authority (TVA), according to a recent report from The News Courier, has invested in state-of-the-art monitoring systems and equipment for a new cybersecurity operations center designed to combat the thousands of daily hacking attempts on the nation’s largest public power utility. Read more.

Are Employees an Organization’s Greatest Cybersecurity Risk?

As reported on, a new Finn Partners study confirms what many organizations already suspect – employees are their biggest cybersecurity risk. The study, based on a survey of 500 US employees, found that breaches are largely due to the use of personal devices for work. The survey revealed, for example, that nearly two in five workers have clicked on a link or opened an attachment from a sender they did not recognize. Read more.



Cybersecurity 101: Five “Back to School” Tips to Stay Safe Online

University of Maryland University College grad Keirsten Brager, a security technology lead at a Fortune 500 power utility company, shares her 60-minute digital security checkup designed to empower any returning student with tips and resources to improve their personal digital security.

Although there is no single solution that will prevent security compromises 100 percent of the time, there are things you should be doing to protect yourself against cyber threats. Recently published in Homeland Security Today, the following tips represent the top five ways users can protect themselves online:

  1. Choose a password manager.
  2. Reset all passwords with stronger credentials.
  3. Add two-factor authentication to eligible accounts.
  4. Adjust security and privacy settings.
  5. Communicate securely.

Get the Full 60-Minute Checkup

About the Author

Keirsten Brager ia a security technology lead at a Fortune 500 power utility company and was recently named one of Dark Reading’s top women in security quietly changing the game. She is also the author of “Secure The InfoSec Bag: Six Figure Career Guide for Women in Security,” a guide to empowering women with the strategies needed maximize their earning potential. Brager holds a MS in Cybersecurity from UMUC and several industry certifications, including the CISSP and CASP.

Cyber Connections News Roundup: July 24

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

July 24, 2018

What Is the Biggest Risk Cybersecurity Today?

According to a new survey from DataSolutions, it’s human error. A recent article on dives deeper into the survey results, explaining that companies must invest more money in educating employees against carelessness with respect to phishing attacks and other threats that could be avoided through increased awareness and training. Read more.

[Lack of] Cybersecurity Awareness in the C Suite

A recent report examines the disconnect between c-suite executives and cybersecurity. Specifically, the article cites a variety of surveys that establish a failure among business executives to understand that cybersecurity strategy starts at the top. For example, a recent CSO Online report found that “six out of 10 boards still see cyber risk as primarily an IT issue.” Read more.

These sentiments were echoed in a recent article on where cybersecurity in the trucking industry has emerged as a major issue for carriers. However, it is largely overlooked at the executive level and, when addressed, is only dealt with from a defensive posture. Read more.

Who Is Responsible for Cybersecurity? The CTO or the CISO?

In a recent article, Nick Ismael agrees that today’s boards have historically overlooked cybersecurity, instead leaving the issue to the experts in within the organization. Now, however, many boards are finally taking on the issue, but struggling to decide who has ultimate responsibility – the Chief Technology Officer (CTO) or the Chief Information Security Officer (CISO). Read more.

US Army Commissions First Civilian Cyber Officers

James Gusman and Timothy Hennessy have become the first civilians commissioned as officers in US Army Cyber. As reported on, their commission is the result of the US Army’s Cyber Direct Commissioning Program’s initiative to begin commissioning civilians as cyber operations officers, something that only happened in the medical and legal fields as well as seminary. The pilot program kicked off in October 2017. Read more.

AT&T Acquires Start-up AlienVault to Boost Cybersecurity Offerings for Businesses

AT&T announced that it would acquire AlienVault, a cybersecurity start-up based in San Mateo, California. AlienVault offers tools that detect and respond to threats through its Unified Security Management platform as well as its online platform called Open Threat Exchange. As reported on, the acquisition will serve to strengthen AT&T’s security portfolio for small- and medium-sized businesses. Read more.


Cyber Connections News Roundup: July 10

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

Japan and EU to Strengthen Cybersecurity Efforts Ahead of 2020 Olympics

Tokyo is expected to face an onslaught of cyber attacks if past Olympics are any indication. Organizers of the 2016 Rio Games counted an estimated 500 million attacks. To combat these anticipated threats, Japan and the European Union are strengthening their cooperation on cybersecurity ahead of the Tokyo 2020 Olympic and Paralympic Games, according to a report on This past January, for example, Japan Prime Minister Shinzo Abe visited Estonia, an EU member (and early victim of cyber attack) and a global leader in cybersecurity to agree on bilateral cooperation. Read more.

Global Internet of Things market to be worth over $1,352 billion in 2018

Market research firm Visiongain has published its Internet of Things (IoT) Market Report 2018-2028: Analysis of Machine to Machine (M2M), Big Data & Cloud Technologies, which predicts that the Internet of Things market is set to be worth $1,352bn in 2018, driven by the increasing number of IoT applications. The 167 page report provides a range of forecasts for the period 2018-2028, as well as for five submarket sectors: Industrial IoT, Automotive & Transportation IoT, Healthcare IoT, Consumer Electronics IoT and Others IoT. The report also provides forecasts are also for each of the 10 leading national markets as well as the ROW. Read more.

Equifax to Put in Place Security Measures in Eight States

As reported on, Equifax has agreed to a number of security measures put in place by financial regulators in eight states in response to the breach that compromised the personal information of more than 147 million people. Regulators in Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas set in place steps the credit bureau must follow including annual security audits, the development of written protection policies and guides, better monitoring of its third-party vendors, and improving its patch management system, according to The New York Times. Read more.

Incidents of Cryptojacking on the Rise

A new report from WatchGuard Technologies anticipates that crypto-mining malware attacks could be among the top 10 types of cyber attacks by the end of 2018. According to an article on, a rise in cryptocurrency values during this past year has triggered a rise in cryptojacking, whereby cyber criminals are cashing in on a volatile market. Read more.

For IT Departments Proliferation of IoT and AI Signals Greater Investment in Cybersecurity

A survey conducted by EY Global found that 42 percent of respondents would be willing to invest more than 10 percent of their annual IT budget on cybersecurity. As reported recently on, the EY study highlighted that the proliferation of “Industry 4.0” technologies such artificial intelligence (AI), Internet of Things (IoT) and machine learning (ML) has increased the attack vectors for companies, therefore they must invest more in cybersecurity. Read more.


The NIST Framework and its Implications on Cybersecurity and the Internet of Things

Felix Uribe, University of Maryland University College (UMUC) adjunct associate professor of Cybersecurity Management and Policy, provides an overview of NIST and its implications on cybersecurity and IoT at recent Dominican Republic Cyber Event.

At the II Digital Forensic and Cybersecurity Conference, held at the Ocean Blue and Sand Resort in Punta Cana, Dominican Republic from May 17-20, 2018, Uribe joined an international roster of speakers from Spain, Colombia, Chile, Mexico and the United States to discuss a host of topics related to digital forensics, cybersecurity and cybercrime, as well as the Dominican Republic’s “digital government” initiative and its cybersecurity and privacy challenges and solutions.

For his part, Uribe presented an overview of the NIST Risk Management Framework (RMF) and the NIST Cybersecurity Framework and its implications on the Internet of Things (IoT). He kicked off his talk with a brief history of NIST and an explanation of what it is.

Established in 1901 as the National Bureau of Standards, the National Institute of Standards and Technology (NIST), as the agency has been known since 1988, is a measurement standards laboratory that is a non-regulatory agency of the US Department of Commerce. The institute’s official mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

Today, NIST measurements support the smallest of technologies to the largest and most complex of human-made creations, from nanoscale devices to earthquake-resistant skyscrapers and global communication networks.

The Computer Security Resource Center (CSRC) provides access to NIST’s cybersecurity and information security related projects, one of which is the Risk Management Framework (RMF), six steps (Categorize, Select, Implement, Assess, Authorize and Monitor) to ensure that organizations integrate security, privacy and risk management activities into the system development life cycle.

NIST developed the RMF to provide a more flexible, dynamic, approach for effective management of information system-related security and privacy risk in highly diverse environments and throughout the system development life cycle.

In short, the RMF addresses risk management by:

  • Building security and privacy capabilities into information systems throughout the System Development Life Cycle.
  • Maintaining awareness of the security and privacy posture of information systems on an ongoing basis through continuous monitoring processes.
  • Providing information to senior leaders and executives to facilitate decisions regarding the acceptance of risk to organizational operations and assets, individuals, other organizations, and the Nation arising from the operation and use of systems.

The voluntary NIST Cybersecurity Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Framework’s goal is promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.

Cybersecurity and Privacy Challenges in the Internet of Things (IoT)

Uribe also discussed IoT cybersecurity and privacy challenges. He defines IoT as the network of devices (things) capable of interacting with other devices and/or living things via the Internet or through a private local or global network not connected to the Internet. He explained that the components of an IoT device can be microcontrollers, sensors, actuators, memory, storage, and other components that is embedded or connected to the device and that forms part of its operation.

IoT projections suggest that by the year 2020 the number of connected devices worldwide will reach approximately 20 billion (The Gartner Group 2017, retrieved from As such, the number of IoT devices compromised by cybercriminal is also expected to intensify. Both the NIST RMF and the Cybersecurity Framework strive to provide organizations security and privacy safeguards to protect information and information systems and the future of complex interconnected IoT environments.

NIST Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations was developed to addresses the selection of security controls (“Select” step in the RMF). It provides guidelines for selecting the security controls for organization and information systems.

The latest version of SP 800-37 (Revision 5) provides a comprehensive set of safeguarding regarding Internet of Things (IoT) devices. As stated by NIST, “privacy is now fully integrated throughout the new draft. For example, one privacy control addresses the data captured by sensors such as those used in traffic-monitoring cameras in smart cities. The control advises configuring such sensors in a way that minimizes their capturing data about individuals that’s not necessary for the traffic-monitoring system to carry out its function.” In addition, “…an IT system may employ cameras. Security experts determine security controls for the camera sensor, while privacy professionals decide on privacy controls such as a control to preserve a passerby’s privacy.”

The exponential growth of IoT devices and their everyday applications calls for the use of the NIST RMF and the Cybersecurity framework in order to address today’s security and privacy concerns affecting the trustworthiness of the world’s current IoT domain. IoT device manufacturers should take into account the security and privacy controls provided by the RMF when designing and manufacturing IoT devices and its components to ensure that security and privacy is implemented by design and does not come up as an afterthought during the IoT device development life cycle.

About the Author

UribeFelix Uribe is an information technology (IT) security professional with extensive experience in the field of information security, cybersecurity, privacy, software development and teaching in the private and public sectors. He currently serves as an IT security analyst at the US Department of the Interior serving as associate privacy officer for the National Park Service. Prior to this, he served as an IT security auditor (Infosec) at the US Department of Justice Office of the Inspector General. As an academic, Uribe serves as adjunct associate professor at UMUC in the Cybersecurity Management and Policy program.

Uribe holds a Bachelor’s and Master’s degree in Computer Science from the Herbert H. Lehman College of the City University of New York.

Cyber Connections News Roundup: June 26

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

June 26, 2018

The Intersection of Cybersecurity and Domestic Abuse

Sadly, the latest pattern of behavior in domestic abuse cases, according to a recent New York Times report, involves smart home technology, whereby abusers are using apps on their smartphones to manipulate the Internet-connected locks, speakers, thermostats, lights and cameras that their victims use in their homes to harass, monitor and control. Read more.

SEC Outlines Changes After EDGAR Hack

The US Securities and Exchange Commission (SEC) is proposing reforms to its cybersecurity practices in light of the review of the 2016 breach of its EDGAR filing system. As reported on, SEC Chairman Jay Clayton, in a testimony submitted to the House Financial Services Committee, outlined changes the commission is putting in place in response to the incident. Among other initiatives, Clayton has tasked a number of units within the commission to analyze the security gaps that had facilitated the breach. Read more.

Senate Wants Tougher Action on Russian Hacking

As reported by Derek Hawkins on, the massive defense policy bill the Senate approved on June 18 calls on Trump to curb Russian aggression in cyberspace, giving him the green light to direct the US Cyber Command to “disrupt, defeat and deter” cyber attacks by the Russian government, conduct surveillance on Kremlin-backed hackers and partner with social media organizations to crack down on disinformation campaigns such as the ones that disrupted the 2016 election. Read more.

China Cyber Group May Be Targeting US Satellites

According to a recent report on, a cyber-espionage group operating from computers inside China is currently targeting US satellite communications and defense sectors. As party of a wide-ranging operation, they may soon seek to disrupt critical systems, according to cybersecurity firm Symantec’s Security Response Attack Investigation Team. The hacking collective, codenamed “Thrip,” has been using powerful malware against targets in the U.S. and Southeast Asia. Read more.

Human Error Main Cause of Data Breaches According to New Report

According to a new report by information security company Shred-it, employee negligence is the main cause of data breaches. As reported recently on, the study found that 47 percent of business leaders said human error such as accidental loss of a device or document by an employee had caused a data breach at their organization. More than 1,000 small business owners and C-suite executives in the US were surveyed online in April for the report. Read more.