The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cloud Computing:

Will the Cloud Change Scientific Computing? - Scientific Computing

Tom Wilkie reports on two examples how the growth of scientific data sets is driving computing into the cloud, and asks how profoundly this will change computing for science.

Critical Infrastructure:

Alert (ICS-ALERT-14-281-01E) Ongoing Sophisticated Malware Campaign Compromising ICS (Update E) - ICS-CERT

UPDATE: ICS-CERT has identified a sophisticated malware campaign that has compromised numerous industrial control systems (ICSs) environments using a variant of the BlackEnergy malware.

Cyber-Attack Against Ukrainian Critical Infrastructure - ICS-CERT

On December 23, 2015, Ukrainian power companies experienced unscheduled power outages impacting a large number of customers in Ukraine.

Japan’s critical infrastructure under ‘escalating’ cyber attack, says report - Zdnet

Operation Dust Storm has migrated to exclusively seek out organizations involved in Japanese critical infrastructure and resources, says security firm.

Cyber Attack Only a Matter of Time – NSA Security Chief - Tru News

The U.S. National Security Agency chief said on Tuesday it was a "matter of when, not if" a foreign nation-state attempts to launch a cyber attack on the U.S. critical infrastructure, citing the recent hack on Ukraine's power grid as a cause for concern.

Hackers Caused Mass Blackout in Ukraine, US Officials Say - ABC News

U.S. government cyber security experts officially declared that hackers are to blame for a power outage in Ukraine that affected nearly a quarter million people in the latest significant attack on vulnerable "critical infrastructure."

Cyberwarfare:

Pentagon Cyber Campaign Against ISIS Signals A New Era In Warfare - Forbes

The U.S. airstrike campaign against the Islamic State is public knowledge. But on Monday, the Pentagon admitted for the first time during an active war that it had used cyberattacks against the extremist group, too.

Norway Officially Accuses China of Stealing Military Secrets - SC Magazine

Threat actors in China have stolen confidential information from Norwegian companies which is now being used in Chinese military technology says General Lt Morten Haga Lunde, head of the Norwegian intelligence.

Data Security:

IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W-2s - IRS

Email Phishing scheme purports to be from company executives and requests personal information on employees.
Tags: Phishing

Hacker May Have Punched Through FBI Cyber Security With One Phone Call - Defense One

The departments of Justice and Homeland Security are investigating a Justice hack allegedly made possible by the enemy of secure logins - IT support.

Internet-of-Things:

IoT Security: Industry Finally Waking Up To The Dangers - Information Week

For the last several years, Internet of Things security has been one of the most hotly debated topics at Mobile World Congress. This year, however, IoT security took on a new sense of urgency as more devices are being connected and the technology turns mainstream.
Tags: Internet of Things (IoT)

FEEDBACK FROM PREVIOUS DIGEST:

Legislation and Regulation:

DHS Issues Guidance on How to Share Cyberthreat Data - Gov Info Security

Learn about by the Cyber Information Sharing Act (CISA) of 2015.

RECENT HEADLINES:

Mobile Security:

Mossberg: The iCloud Loophole - The Verge

Your iPhone may be nearly impermeable, but its online backup isn't.

Neuromorphic Computing:

PlaNet, Google’s Latest AI, has Amazing Accuracy with Photo Locations - Google has developed a deep-learning neural network program that beats well-traveled humans at guessing where a photo was taken.

Google has developed a deep-learning neural network program that beats well-traveled humans at guessing where a photo was taken.

Private Sector:

Cyber Experts Invited to ‘Hack the Pentagon’ - The Hill

The Defense Department is inviting "vetted hackers" to test its cybersecurity in a new pilot program called "Hack the Pentagon."

Leading Cybersecurity Technology Providers Launch Coalition To Address Critical Policy Issues - PR Newswire

Founding Members of the Coalition for Cybersecurity Policy and Law Include Arbor Networks, Cisco, Intel, Microsoft, Oracle, Rapid7, and Symantec; Coalition Files Comments to NIST on Cybersecurity Framework.

Public Sector:

Pentagon Chief to Appeal to Silicon Valley for Help with Cybersecurity - LA Times

Carter will visit a Pentagon outpost in the heart of Silicon Valley, speak at a cybersecurity conference in San Francisco and go to Microsoft and Amazon headquarters in Seattle to highlight the risks of cyberattacks and the need for greater digital cooperation with the Pentagon.

After Major Hack, Pentagon Taps Private Sector for Cybersecurity - NBC News

The U.S. Defense Department plans to hire private contractors to develop a $600-million-plus computer system for a new background check agency being set up after a security breach last year exposed the personal data of nearly 22 million people, a top official told Reuters.

Is the New IT Plan to Protect Security Clearance Docs ‘Headed for Another Disaster?’ - Next Gov

The Pentagon is preparing to undertake a full-scale security assessment of the previously hacked and patched-over IT systems currently used to store background investigation files.

Software Security:

US to Renegotiate Rules on Exporting “Intrusion Software” - ARS Technica

Inter-agency panel decides just fixing US implementation of export controls isn't enough.

FEEDBACK FROM PREVIOUS DIGEST:

Video Follow-ups:

Critical Infrastructure - CSIAC

The CSIAC has produced a short follow-up on recent cybersecurity headlines. Critical infrastructure incidents continue to make news headlines on a consistent basis. This podcast takes a deeper dive into understanding the cybersecurity challenges this sector faces. Additionally, the CSIAC offers a look into what some organizations, both offensive and defensive, are doing to address these important challenges.

CSIAC SUPPORTED COMMUNITIES:

Cyber Security of Critical Infrastructure - Department of Homeland Security

CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at plosiewicz@csiac.org

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.

TECHNICAL RESOURCES, POLICY & GUIDANCE:

Opportunities Exist for DOD to Share Cybersecurity Resources with Small Businesses - GAO

DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.

DHS S&T Collaboration Community - Ideascale

The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.

The Department of Defense Cyber Strategy - Department of Defense

The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.
Tags: Cybersecurity Strategy

Information Sharing Environment - ISE

The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.

Standards & Reference Documents - CSIAC

View all Best Practices and Reference Documents on the CSIAC website.

The DoD Cybersecurity Policy Chart (Formerly the IA Policy Chart) - CSIAC

DoD Cyber Domain Resources - Department of Defense

DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense

DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet

DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.

US-CERT Bulletins - Department of Homeland Security

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

US-CERT Alerts - Department of Homeland Security

Alerts provide timely information about current security issues, vulnerabilities, and exploits.

National Vulnerability Database - NIST

NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD

Committee on National Security Systems (CNSS) - Committee on National Security Systems

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.