The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

Cyber Awareness Videos – Accessing Classified Information “Need to Know” - CSIAC

Handling classified information is a serious responsibility. Are you aware of your obligations in regard to need-to-know information?

Free CSIAC Webinar – A Faster Method for Bot Detection On Social Networks That Eliminates The Need For Expensive Algorithms - CSIAC

In this presentation, we present a novel approach to detection of bots on social networks in near real-time. Our approach comprises of computationally simple comparisons and calculations, as opposed to the all too common machine learning approach to this problem, or non-real-time approaches that involve network analysis which is both expensive and time-consuming.

RECENT HEADLINES:

Critical Infrastructure:

San Francisco Rail System Hacker Hacked - Krebs on Security

The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, "You are Hacked. ALL Data Encrypted." Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location.

ThyssenKrupp Secrets Stolen in ‘Massive’ Cyber Attack - Reuters

Technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG in cyber attacks earlier this year, the German company said on Thursday.

Russia Says Foreign Spies Plan Cyber Attack on Banking System - Reuters

Russia said on Friday it had uncovered a plot by foreign spy agencies to sow chaos in Russia's banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust.

Cyberwarfare:

North Korea Cyberattack Traced to City in China, Report Says - UPI

A South Korean military source says it has identified the source of North Korea cyberattacks that targeted the internal networks of the military.

Data Security:

IBM Warns of Rising VoIP Cyber-Attacks - Network World

Cyber-attacks using the VoIP protocol Session Initiation Protocol (SIP) have been growing this year accounting for over 51% of the security event activity analyzed in the last 12 months, according to a report from IBM’s Security Intelligence group this week.

Avalanche Network Dismantled in International Cyber Operation - Justice

The Justice Department today announced a multinational operation involving arrests and searches in four countries to dismantle a complex and sophisticated network of computer servers known as "Avalanche." The Avalanche network allegedly hosted more than two dozen of the world’s most pernicious types of malicious software and several money laundering campaigns.

Legislation and Regulation:

Congress Allows Rule Permitting Mass Hacking by Government to Take Effect - USA Today

In a defeat for privacy advocates, Senate leaders rebuffed a last-ditch effort by a bipartisan group of senators Wednesday to allow a vote to block a new rule that allows federal agents armed with a single search warrant to hack millions of Americans' computers or smartphones at once.

Mobile Security:

More Than One Million Google Accounts Hit by Malware - CBS News

More than one million Google accounts have been breached by malware that infiltrated older Android devices, cyber security firm Check Point Software Technologies Ltd. announced Wednesday.

Network Security:

Mirai Botnet Attack Hits Thousands of Home Routers, Throwing Users Offline - ZD Net

Nearly a million users across Europe were thrown off the internet during the weekend into Monday after criminals tried to hijack home routers as part of a coordinated cyber attack.

Private Sector:

Microsoft, Intel, Others Oppose China’s Plans to Get Access to Source Code - Softpedia

Microsoft, Intel, and IBM are three of the most vocal companies that opposed China’s plans to access proprietary source code of software and technology products in order to make sure that they’re hackerproof or do not include backdoors.

Tech Companies Move to Target Terrorist Propaganda Online - AP

Facebook, Microsoft, Twitter and YouTube are joining forces to more quickly identify the worst terrorist propaganda and prevent it from spreading online.

Public Sector:

Cybersecurity Must Become Core Function of Agencies in Next Administration, Commission Says - Federal News Radio

A presidentially commissioned task force on cybersecurity says the incoming Donald Trump administration needs to begin shoring up the federal government's IT security posture by granting a promotion to the White House official who oversees cybersecurity, giving that person the title of "assistant to the president" and having him or her report directly to the National Security Advisor.

White House Orders Intelligence Report of Election Cyberattacks - The Hill

President Obama has directed the intelligence community to conduct “a full review” of the 2016 election in light of reports of Russian interference, homeland security adviser Lisa Monaco said Friday.

Exclusive: U.S. Air Force Inks $19 Million Cybersecurity Deal - Fortune

The United States Air Force has awarded an $18.8 million contract for digital defense software to Endgame, the cybersecurity firm told Fortune.

Quantum Computing:

Construction of Practical Quantum Computers Radically Simplified - PHYS

Scientists at the University of Sussex have invented a ground-breaking new method that puts the construction of large-scale quantum computers within reach of current technology.

FEEDBACK FROM PREVIOUS DIGEST:

Most Popular:

Safer, Less Vulnerable Software Is the Goal of New NIST Computer Publication - NIST

We can create software with 100 times fewer vulnerabilities than we do today, according to computer scientists at the National Institute of Standards and Technology (NIST). To get there, they recommend that coders adopt the approaches they have compiled in a new publication.

What You Need to Know About the Phones That Were Secretly Sending Data to China - Consumer Reports

A serious, and potentially frightening, security vulnerability involving some Android smartphones came to light Tuesday.

New NIST Guide Helps Small Businesses Improve Cybersecurity - NIST

Small-business owners may think that they are too small to be victims of cyber hackers, but Pat Toth knows otherwise.

Navy Says Personal Data of Over 134,000 Sailors Was Hacked - ABC News

Personal data belonging to 134,386 current and former sailors in the U.S. Navy has been compromised, the Navy said on Wednesday.

CSIAC SUPPORTED COMMUNITIES:

Cyber Security of Critical Infrastructure - Department of Homeland Security

CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at plosiewicz@csiac.org

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.

TECHNICAL RESOURCES, POLICY & GUIDANCE:

Presidential Policy Directive – United States Cyber Incident Coordination - The White House

Opportunities Exist for DOD to Share Cybersecurity Resources with Small Businesses - GAO

DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.

DHS S&T Collaboration Community - Ideascale

The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.

The Department of Defense Cyber Strategy - Department of Defense

The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.

Information Sharing Environment - ISE

The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.

Standards & Reference Documents - CSIAC

View all Best Practices and Reference Documents on the CSIAC website.

The DoD Cybersecurity Policy Chart (Formerly the IA Policy Chart) - CSIAC

DoD Cyber Domain Resources - Department of Defense

DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense

DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet

DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.

US-CERT Bulletins - Department of Homeland Security

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

US-CERT Alerts - Department of Homeland Security

Alerts provide timely information about current security issues, vulnerabilities, and exploits.

National Vulnerability Database - NIST

NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD

Committee on National Security Systems (CNSS) - Committee on National Security Systems

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.