The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Handling classified information is a serious responsibility. Are you aware of your obligations in regard to need-to-know information?
Free CSIAC Webinar – A Faster Method for Bot Detection On Social Networks That Eliminates The Need For Expensive Algorithms - CSIAC
In this presentation, we present a novel approach to detection of bots on social networks in near real-time. Our approach comprises of computationally simple comparisons and calculations, as opposed to the all too common machine learning approach to this problem, or non-real-time approaches that involve network analysis which is both expensive and time-consuming.
San Francisco Rail System Hacker Hacked - Krebs on Security
The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, "You are Hacked. ALL Data Encrypted." Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location.
Technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp AG in cyber attacks earlier this year, the German company said on Thursday.
Russia said on Friday it had uncovered a plot by foreign spy agencies to sow chaos in Russia's banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust.
A South Korean military source says it has identified the source of North Korea cyberattacks that targeted the internal networks of the military.
IBM Warns of Rising VoIP Cyber-Attacks - Network World
Cyber-attacks using the VoIP protocol Session Initiation Protocol (SIP) have been growing this year accounting for over 51% of the security event activity analyzed in the last 12 months, according to a report from IBM’s Security Intelligence group this week.
The Justice Department today announced a multinational operation involving arrests and searches in four countries to dismantle a complex and sophisticated network of computer servers known as "Avalanche." The Avalanche network allegedly hosted more than two dozen of the world’s most pernicious types of malicious software and several money laundering campaigns.
Small-business owners may think that they are too small to be victims of cyber hackers, but Pat Toth knows otherwise.
Personal data belonging to 134,386 current and former sailors in the U.S. Navy has been compromised, the Navy said on Wednesday.
In a defeat for privacy advocates, Senate leaders rebuffed a last-ditch effort by a bipartisan group of senators Wednesday to allow a vote to block a new rule that allows federal agents armed with a single search warrant to hack millions of Americans' computers or smartphones at once.
More than one million Google accounts have been breached by malware that infiltrated older Android devices, cyber security firm Check Point Software Technologies Ltd. announced Wednesday.
A serious, and potentially frightening, security vulnerability involving some Android smartphones came to light Tuesday.
Nearly a million users across Europe were thrown off the internet during the weekend into Monday after criminals tried to hijack home routers as part of a coordinated cyber attack.
Microsoft, Intel, and IBM are three of the most vocal companies that opposed China’s plans to access proprietary source code of software and technology products in order to make sure that they’re hackerproof or do not include backdoors.
Facebook, Microsoft, Twitter and YouTube are joining forces to more quickly identify the worst terrorist propaganda and prevent it from spreading online.
Cybersecurity Must Become Core Function of Agencies in Next Administration, Commission Says - Federal News Radio
A presidentially commissioned task force on cybersecurity says the incoming Donald Trump administration needs to begin shoring up the federal government's IT security posture by granting a promotion to the White House official who oversees cybersecurity, giving that person the title of "assistant to the president" and having him or her report directly to the National Security Advisor.
President Obama has directed the intelligence community to conduct “a full review” of the 2016 election in light of reports of Russian interference, homeland security adviser Lisa Monaco said Friday.
The United States Air Force has awarded an $18.8 million contract for digital defense software to Endgame, the cybersecurity firm told Fortune.
Scientists at the University of Sussex have invented a ground-breaking new method that puts the construction of large-scale quantum computers within reach of current technology.
We can create software with 100 times fewer vulnerabilities than we do today, according to computer scientists at the National Institute of Standards and Technology (NIST). To get there, they recommend that coders adopt the approaches they have compiled in a new publication.
Cyber Security of Critical Infrastructure - Department of Homeland Security
CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at firstname.lastname@example.org
The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.
DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.
DHS S&T Collaboration Community - Ideascale
The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.
The Department of Defense Cyber Strategy - Department of Defense
The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.
Tags: Cybersecurity Strategy
The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.
Standards & Reference Documents - CSIAC
View all Best Practices and Reference Documents on the CSIAC website.
DoD Cyber Domain Resources - Department of Defense
DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense
DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet
DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.
US-CERT Bulletins - Department of Homeland Security
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
US-CERT Alerts - Department of Homeland Security
Alerts provide timely information about current security issues, vulnerabilities, and exploits.
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD
Committee on National Security Systems (CNSS) - Committee on National Security Systems
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.