The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Will the Cloud Change Scientific Computing? - Scientific Computing
Tom Wilkie reports on two examples how the growth of scientific data sets is driving computing into the cloud, and asks how profoundly this will change computing for science.
Alert (ICS-ALERT-14-281-01E) Ongoing Sophisticated Malware Campaign Compromising ICS (Update E) - ICS-CERT
UPDATE: ICS-CERT has identified a sophisticated malware campaign that has compromised numerous industrial control systems (ICSs) environments using a variant of the BlackEnergy malware.
On December 23, 2015, Ukrainian power companies experienced unscheduled power outages impacting a large number of customers in Ukraine.
Operation Dust Storm has migrated to exclusively seek out organizations involved in Japanese critical infrastructure and resources, says security firm.
The U.S. National Security Agency chief said on Tuesday it was a "matter of when, not if" a foreign nation-state attempts to launch a cyber attack on the U.S. critical infrastructure, citing the recent hack on Ukraine's power grid as a cause for concern.
U.S. government cyber security experts officially declared that hackers are to blame for a power outage in Ukraine that affected nearly a quarter million people in the latest significant attack on vulnerable "critical infrastructure."
The U.S. airstrike campaign against the Islamic State is public knowledge. But on Monday, the Pentagon admitted for the first time during an active war that it had used cyberattacks against the extremist group, too.
Threat actors in China have stolen confidential information from Norwegian companies which is now being used in Chinese military technology says General Lt Morten Haga Lunde, head of the Norwegian intelligence.
Email Phishing scheme purports to be from company executives and requests personal information on employees.
IoT Security: Industry Finally Waking Up To The Dangers - Information Week
For the last several years, Internet of Things security has been one of the most hotly debated topics at Mobile World Congress. This year, however, IoT security took on a new sense of urgency as more devices are being connected and the technology turns mainstream.
Mossberg: The iCloud Loophole - The Verge
Your iPhone may be nearly impermeable, but its online backup isn't.
PlaNet, Google’s Latest AI, has Amazing Accuracy with Photo Locations - Google has developed a deep-learning neural network program that beats well-traveled humans at guessing where a photo was taken.
Google has developed a deep-learning neural network program that beats well-traveled humans at guessing where a photo was taken.
Cyber Experts Invited to ‘Hack the Pentagon’ - The Hill
The Defense Department is inviting "vetted hackers" to test its cybersecurity in a new pilot program called "Hack the Pentagon."
Leading Cybersecurity Technology Providers Launch Coalition To Address Critical Policy Issues - PR Newswire
Founding Members of the Coalition for Cybersecurity Policy and Law Include Arbor Networks, Cisco, Intel, Microsoft, Oracle, Rapid7, and Symantec; Coalition Files Comments to NIST on Cybersecurity Framework.
Carter will visit a Pentagon outpost in the heart of Silicon Valley, speak at a cybersecurity conference in San Francisco and go to Microsoft and Amazon headquarters in Seattle to highlight the risks of cyberattacks and the need for greater digital cooperation with the Pentagon.
The U.S. Defense Department plans to hire private contractors to develop a $600-million-plus computer system for a new background check agency being set up after a security breach last year exposed the personal data of nearly 22 million people, a top official told Reuters.
The Pentagon is preparing to undertake a full-scale security assessment of the previously hacked and patched-over IT systems currently used to store background investigation files.
US to Renegotiate Rules on Exporting “Intrusion Software” - ARS Technica
Inter-agency panel decides just fixing US implementation of export controls isn't enough.
Critical Infrastructure - CSIAC
The CSIAC has produced a short follow-up on recent cybersecurity headlines. Critical infrastructure incidents continue to make news headlines on a consistent basis. This podcast takes a deeper dive into understanding the cybersecurity challenges this sector faces. Additionally, the CSIAC offers a look into what some organizations, both offensive and defensive, are doing to address these important challenges.
The departments of Justice and Homeland Security are investigating a Justice hack allegedly made possible by the enemy of secure logins - IT support.
DHS Issues Guidance on How to Share Cyberthreat Data - Gov Info Security
Learn about by the Cyber Information Sharing Act (CISA) of 2015.
Cyber Security of Critical Infrastructure - Department of Homeland Security
CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at email@example.com
The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.
DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.
DHS S&T Collaboration Community - Ideascale
The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.
The Department of Defense Cyber Strategy - Department of Defense
The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.
The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.
Standards & Reference Documents - CSIAC
View all Best Practices and Reference Documents on the CSIAC website.
DoD Cyber Domain Resources - Department of Defense
DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense
DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet
DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.
US-CERT Bulletins - Department of Homeland Security
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
US-CERT Alerts - Department of Homeland Security
Alerts provide timely information about current security issues, vulnerabilities, and exploits.
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD
Committee on National Security Systems (CNSS) - Committee on National Security Systems
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.