• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • CAT Program
    • Subject Matter Experts
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • Inquiries & CAT’s
    • FAQ’s
    • DTIC STI Program
  • Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • CAT Program
    • Subject Matter Experts
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • Inquiries & CAT’s
    • FAQ’s
    • DTIC STI Program
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
  • Cyber COI
/ CS Digests / 08 Mar 2016

CS Digest: 08 Mar 2016

Posted: 03/09/2016 | Leave a Comment

The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cloud Computing:

Will the Cloud Change Scientific Computing? - Scientific Computing

Tom Wilkie reports on two examples how the growth of scientific data sets is driving computing into the cloud, and asks how profoundly this will change computing for science.

Critical Infrastructure:

Alert (ICS-ALERT-14-281-01E) Ongoing Sophisticated Malware Campaign Compromising ICS (Update E) - ICS-CERT

UPDATE: ICS-CERT has identified a sophisticated malware campaign that has compromised numerous industrial control systems (ICSs) environments using a variant of the BlackEnergy malware.

Cyber-Attack Against Ukrainian Critical Infrastructure - ICS-CERT

On December 23, 2015, Ukrainian power companies experienced unscheduled power outages impacting a large number of customers in Ukraine.

Japan’s critical infrastructure under ‘escalating’ cyber attack, says report - Zdnet

Operation Dust Storm has migrated to exclusively seek out organizations involved in Japanese critical infrastructure and resources, says security firm.

Cyber Attack Only a Matter of Time – NSA Security Chief - Tru News

The U.S. National Security Agency chief said on Tuesday it was a "matter of when, not if" a foreign nation-state attempts to launch a cyber attack on the U.S. critical infrastructure, citing the recent hack on Ukraine's power grid as a cause for concern.

Hackers Caused Mass Blackout in Ukraine, US Officials Say - ABC News

U.S. government cyber security experts officially declared that hackers are to blame for a power outage in Ukraine that affected nearly a quarter million people in the latest significant attack on vulnerable "critical infrastructure."

Cyberwarfare:

Pentagon Cyber Campaign Against ISIS Signals A New Era In Warfare - Forbes

The U.S. airstrike campaign against the Islamic State is public knowledge. But on Monday, the Pentagon admitted for the first time during an active war that it had used cyberattacks against the extremist group, too.

Norway Officially Accuses China of Stealing Military Secrets - SC Magazine

Threat actors in China have stolen confidential information from Norwegian companies which is now being used in Chinese military technology says General Lt Morten Haga Lunde, head of the Norwegian intelligence.

Data Security:

IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W-2s - IRS

Email Phishing scheme purports to be from company executives and requests personal information on employees.
Tags: Phishing

Hacker May Have Punched Through FBI Cyber Security With One Phone Call - Defense One

The departments of Justice and Homeland Security are investigating a Justice hack allegedly made possible by the enemy of secure logins - IT support.

Internet-of-Things:

IoT Security: Industry Finally Waking Up To The Dangers - Information Week

For the last several years, Internet of Things security has been one of the most hotly debated topics at Mobile World Congress. This year, however, IoT security took on a new sense of urgency as more devices are being connected and the technology turns mainstream.
Tags: Internet of Things (IoT)

FEEDBACK FROM PREVIOUS DIGEST:

Legislation and Regulation:

DHS Issues Guidance on How to Share Cyberthreat Data - Gov Info Security

Learn about by the Cyber Information Sharing Act (CISA) of 2015.

RECENT HEADLINES:

Mobile Security:

Mossberg: The iCloud Loophole - The Verge

Your iPhone may be nearly impermeable, but its online backup isn't.

Neuromorphic Computing:

PlaNet, Google’s Latest AI, has Amazing Accuracy with Photo Locations - Google has developed a deep-learning neural network program that beats well-traveled humans at guessing where a photo was taken.

Google has developed a deep-learning neural network program that beats well-traveled humans at guessing where a photo was taken.

Private Sector:

Cyber Experts Invited to ‘Hack the Pentagon’ - The Hill

The Defense Department is inviting "vetted hackers" to test its cybersecurity in a new pilot program called "Hack the Pentagon."

Leading Cybersecurity Technology Providers Launch Coalition To Address Critical Policy Issues - PR Newswire

Founding Members of the Coalition for Cybersecurity Policy and Law Include Arbor Networks, Cisco, Intel, Microsoft, Oracle, Rapid7, and Symantec; Coalition Files Comments to NIST on Cybersecurity Framework.

Public Sector:

Pentagon Chief to Appeal to Silicon Valley for Help with Cybersecurity - LA Times

Carter will visit a Pentagon outpost in the heart of Silicon Valley, speak at a cybersecurity conference in San Francisco and go to Microsoft and Amazon headquarters in Seattle to highlight the risks of cyberattacks and the need for greater digital cooperation with the Pentagon.

After Major Hack, Pentagon Taps Private Sector for Cybersecurity - NBC News

The U.S. Defense Department plans to hire private contractors to develop a $600-million-plus computer system for a new background check agency being set up after a security breach last year exposed the personal data of nearly 22 million people, a top official told Reuters.

Is the New IT Plan to Protect Security Clearance Docs ‘Headed for Another Disaster?’ - Next Gov

The Pentagon is preparing to undertake a full-scale security assessment of the previously hacked and patched-over IT systems currently used to store background investigation files.

Software Security:

US to Renegotiate Rules on Exporting “Intrusion Software” - ARS Technica

Inter-agency panel decides just fixing US implementation of export controls isn't enough.

FEEDBACK FROM PREVIOUS DIGEST:

Video Follow-ups:

Critical Infrastructure - CSIAC

The CSIAC has produced a short follow-up on recent cybersecurity headlines. Critical infrastructure incidents continue to make news headlines on a consistent basis. This podcast takes a deeper dive into understanding the cybersecurity challenges this sector faces. Additionally, the CSIAC offers a look into what some organizations, both offensive and defensive, are doing to address these important challenges.

CSIAC SUPPORTED COMMUNITIES:

Cyber Security of Critical Infrastructure - Department of Homeland Security

CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at plosiewicz@csiac.org

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.

TECHNICAL RESOURCES, POLICY & GUIDANCE:

Opportunities Exist for DOD to Share Cybersecurity Resources with Small Businesses - GAO

DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.

DHS S&T Collaboration Community - Ideascale

The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.

The Department of Defense Cyber Strategy - Department of Defense

The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.
Tags: Cybersecurity Strategy

Information Sharing Environment - ISE

The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.

Standards & Reference Documents - CSIAC

View all Best Practices and Reference Documents on the CSIAC website.

The DoD Cybersecurity Policy Chart (Formerly the IA Policy Chart) - CSIAC


DoD Cyber Domain Resources - Department of Defense


DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense


DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet

DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.

US-CERT Bulletins - Department of Homeland Security

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

US-CERT Alerts - Department of Homeland Security

Alerts provide timely information about current security issues, vulnerabilities, and exploits.

National Vulnerability Database - NIST

NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD


Committee on National Security Systems (CNSS) - Committee on National Security Systems



The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.

« 23 Feb 2016
22 Mar 2016 »

Reader Interactions

Leave a Comment Cancel

You must be logged in to post a comment.

sidebar

Blog Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

CSIAC Journal - Launching Innovation Through Medical Modeling and Simulation Technologies

CSIAC Journal Cover Volume 5 Number 4

This Special Edition of the Journal will provide a glimpse into current efforts to improve military medical training with simulation-based solutions.

Read the Journal

CSIAC Journal - Innovation Based Ecosystems

CSIAC Journal Cover Volume 5 Number 4

This issue of the Journal of Cyber Security & Information Systems explores how managing fast adoption modern-based system has more to do with understanding capabilities, interdependency between systems and effectively operating in the new paradigm than it has to do with differentiating product features.

Read the Journal

Recent Video Podcasts

  • What is DevOps? from a tools point of view Series: CSIAC Webinars
  • 5th Generation (5G) Technology Series: The CSIAC Podcast
  • Malvertising Explored Series: The CSIAC Podcast
  • Cybersecurity Arms Race – Modernizing the Arsenal Series: CSIAC Webinars
  • Cyber Situational Awareness Series: The CSIAC Podcast
View all Podcasts

Upcoming Events

Thu 28

BSides Columbus 2019

February 28 - March 1
Columbus OH
United States
Organizer: BSides Columbus
Mar 19

1st NATO – Industry Workshop on Autonomous Cyber Defence

March 19 @ 09:30 - 16:00 EDT
Cranfield Bedfordshire MK43 0AL
United Kingdom
Organizer: Cranfield University
View all Events

Recently Active Members

Profile picture of dominarmarc
Profile picture of eviscosi
Profile picture of bbarksdale
Profile picture of cfasolo22
Profile picture of aludd24
Profile picture of bmazzie14
Profile picture of rileysperati
Profile picture of Asprague09a
Profile picture of kradzewicz
Profile picture of CSIACAdmin
Profile picture of kreinerj
Profile picture of Mathieu Schram
Profile picture of clyon30
Profile picture of rseng26
Profile picture of MSPOLLEN
Profile picture of Garrett
Profile picture of Diogo
Profile picture of amiller08

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
ASD(R&E) LogoUS Department of Defense LogoDoD IACs LogoDTIC LogoTEMS Logo

Copyright 2018, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More