The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
There are a variety of skills, abilities, and traits (SATs) that are critical in different types of cyber operations. Given the sheer number of SATs, it is difficult to identify which individuals have the greatest potential for cyber operations. Further, it is critical to determine if a specific SAT can be learned or reinforced. This webinar will describe some of these SATs and how they differ between cyber operators, technical, and non-technical personnel based on preliminary research. In particular, we propose methods for identifying and measuring the most relevant SATs.
DISA Expanding Scope, Price Tag Of MilCloud 2.0 - Federal News Radio
The Defense Information Systems Agency is tripling the contract time and quintupling the financial ceiling for the replacement of its government-operated MilCloud service.
Homeland Eyes Special Declaration to Take Charge of Elections - Washington Examiner
Even before the FBI identified new cyberattacks on two separate state election boards, the Department of Homeland Security began considering declaring the election a "critical infrastructure," giving it the same control over security it has over Wall Street and the electric power grid.
The U.S. military's top cyber warfare unit is working to develop weapons distinctly different from those used by the intelligence community, the executive director of U.S. Cyber Command said during a Department of Homeland Security business conference held Tuesday.
68 Million Exposed in Old Dropbox Hack - Security Week
The email addresses and passwords pertaining to a total of 68,648,009 Dropbox accounts have been compromised following a data breach in 2012.
Connected, autonomous vehicles are around the corner. Many of the most innovative and deep-pocketed companies in the world are racing to bring them to market — and for good reason: the economic and social gains they will generate will be tremendous.
Researchers shed light this week on a new million-endpoint botnet consisting almost exclusively of internet of things (IoT) devices. The discovery uncovers one more sign -- among several in the last few months -- showing that the threat of IoT botnets is quickly moving from proof-of-concept to common strategy.
The link didn’t lead to any secrets, but to a sophisticated piece of malware that exploited three different unknown vulnerabilities in Apple’s iOS operating system that would have allowed the attackers to get full control of Mansoor’s iPhone, according to new joint reports released on Thursday by Citizen Lab and mobile security company Lookout.
Though Apple's move might seem to decrease iOS security at first, it will actually allow many more to try and poke holes in Apple's products and Apple, in turn, can patch them up faster.
More Than 40% Of Attacks Abuse SSL Encryption - Dark Reading
There’s an important caveat about encrypted traffic from new research released this week: Encryption works so well that hackers are using it as cover.
NSF Funds New Integrative Approaches to Study the Brain - Eurek Alert
The National Science Foundation (NSF) has awarded 18 grants to multidisciplinary teams from across the United States to conduct frontier research focused on neural and cognitive systems. Each award provides a research team with up to $1 million over two to four years.
Swift Warns Banks of Fresh Wave of Cyber Heists - Computer Weekly
Secure financial messaging service Swift has warned member banks of a fresh wave of attempted and successful cyber heists.
Six senators have sent President Obama a letter urging him to make cybersecurity a priority at this weekend’s G20 Summit in China.
The Pentagon is reprogramming $100 million allocated for cyber research and development to use on hunting for vulnerabilities in large weapons systems instead, according to budget documents.
The Air Force is pursuing some revolutionary technology solutions in the space and cyberspace realms, according to the service’s Space Command’s top scientist.
Google’s Quantum Dream May Be Just Around the Corner - MIT Technology Review
Researchers at the company could unveil a quantum computer that is superior to conventional computers by the end of next year.
At the Usenix security conference earlier this month, two teams of researchers presented attacks they developed that bring that new kind of hack closer to becoming a practical threat.
Cortana: The spy in Windows 10 - Computer World
Cortana, Windows 10’s built-in virtual assistant, is both really cool and really creepy.
Cyber Security of Critical Infrastructure - Department of Homeland Security
CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at firstname.lastname@example.org
The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.
DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.
DHS S&T Collaboration Community - Ideascale
The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.
The Department of Defense Cyber Strategy - Department of Defense
The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.
Tags: Cybersecurity Strategy
The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.
Standards & Reference Documents - CSIAC
View all Best Practices and Reference Documents on the CSIAC website.
DoD Cyber Domain Resources - Department of Defense
DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense
DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet
DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.
US-CERT Bulletins - Department of Homeland Security
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
US-CERT Alerts - Department of Homeland Security
Alerts provide timely information about current security issues, vulnerabilities, and exploits.
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD
Committee on National Security Systems (CNSS) - Committee on National Security Systems
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.