The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
Mobile security continues to be in the cybersecurity spotlight. This follow-up focuses on mobile security trends, how the attack landscape has evolved, and what the average individual or organization can do to avoid the common pitfalls.
CSIAC organized and hosted an invitation-only workshop at George Mason University. The workshop brought together personnel from the Department of Defense DOD), academia and industry. The goal was to facilitate a discussion and exploration of the technical challenges, research directions, and practical approaches to the utilization of cyber modeling and simulation (M&S) to support the Cyber Mission Forces (CMF).
There are a variety of skills, abilities, and traits (SATs) that are critical in different types of cyber operations. Given the sheer number of SATs, it is difficult to identify which individuals have the greatest potential for cyber operations. Further, it is critical to determine if a specific SAT can be learned or reinforced. This webinar will describe some of these SATs and how they differ between cyber operators, technical, and non-technical personnel based on preliminary research. In particular, we propose methods for identifying and measuring the most relevant SATs.
Homeland Eyes Special Declaration to Take Charge of Elections - Washington Examiner
Even before the FBI identified new cyberattacks on two separate state election boards, the Department of Homeland Security began considering declaring the election a "critical infrastructure," giving it the same control over security it has over Wall Street and the electric power grid.
Obama to be Urged to Split Cyberwar Command from NSA - Washington Post
The Pentagon and intelligence community are expected to recommend soon to President Obama that he break up the joint leadership of the National Security Agency and U.S. Cyber Command to create two distinct forces for electronic espionage and cyberwarfare.
Governments and Nation States are now Officially Training for Cyberwarfare: An Inside Look - Tech Republic
Europe, Canada, USA, Australia, and others are now running training exercises to prepare for the outbreak of cyberwar. Locked Shields is the largest simulation and we take you inside.
The U.S. military's top cyber warfare unit is working to develop weapons distinctly different from those used by the intelligence community, the executive director of U.S. Cyber Command said during a Department of Homeland Security business conference held Tuesday.
A congressional report provides previously undisclosed details and a behind-the-scenes chronology of one of the worst-ever cyberattacks on the United States.
The Defense Department's $6 billion supermarket chain needs tighter security for the secret keys fastening its hundreds of databases, Pentagon officials say.
The US House of Representatives has passed a non-binding resolution calling for a national technology innovation policy that includes supportive language for digital currencies and blockchain technology.
IT security departments have used guidance from NIST and other sources to help them defend the vulnerable connections between mobile devices and enterprise computer systems from malware, viruses and other types of attacks. Recently, organizations from both the public and private sectors have requested more specific information on threats and ways to mitigate them.
Internet of Sins: Million More Devices Sharing Known Private Keys for HTTPS, SSH Admin - The Register
Millions of internet-facing devices, from home broadband routers to industrial equipment, are still sharing well-known private keys for encrypting their communications.
The Administration is announcing the first Chief Information Security Officer to drive cybersecurity policy, planning, and implementation across the Government.
Berkeley Lab to Lead 5 Exascale Projects, Support 6 Others - Berkeley Lab
Scientists at the Department of Energy’s (DOE) Lawrence Berkeley National Laboratory (Berkeley Lab) will lead or play key roles in developing 11 critical research applications for next-generation supercomputers as part of DOE’s Exascale Computing Project (ECP).
The Host Based Security System (HBSS), which enables the Defense Department to detect and counter known cyber threats to the DOD enterprise in real-time through a collection of flexible commercial-off-the-shelf and government-off-the-shelf applications, will be combined with several other tools to provide an evolved, holistic approach to cybersecurity network defense, known as Endpoint Security Solutions (ESS).
U.S. intelligence and law enforcement agencies are investigating what they see as a broad covert Russian operation in the United States to sow public distrust in the upcoming presidential election and in U.S. political institutions, intelligence and congressional officials said.
Secretary of Defense Ash Carter announced recently that the Department of Defense will establish a new Defense Innovation Unit Experimental, or DIUx, presence in Austin, Texas. Like the existing DIUx offices in Silicon Valley and Boston, the team in Austin will link the department with America's leading innovators, so they can help address our national security challenges and ensure America's warfighters remain on the cutting edge of technology.
Defense Secretary Ash Carter and his British counterpart Michael Fallon yesterday signed a first-of-its kind agreement to together advance offensive and defensive cyber capabilities, Carter said in a joint press conference in London as part of his three-day trip to the United Kingdom and Norway.
A vulnerability in Cisco WebEx Meetings Player could allow an unauthenticated, remote attacker to execute arbitrary code.
Windows 10 to Deploy Across AF - Air Force
The Air Force is slated to upgrade to Windows 10 during the next couple years to improve the Air Force’s cybersecurity posture, lower the cost of information technology and streamline the IT operating environment.
At the Usenix security conference earlier this month, two teams of researchers presented attacks they developed that bring that new kind of hack closer to becoming a practical threat.
Cyber Security of Critical Infrastructure - Department of Homeland Security
CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at email@example.com
The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.
DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.
DHS S&T Collaboration Community - Ideascale
The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.
The Department of Defense Cyber Strategy - Department of Defense
The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.
Tags: Cybersecurity Strategy
The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.
Standards & Reference Documents - CSIAC
View all Best Practices and Reference Documents on the CSIAC website.
DoD Cyber Domain Resources - Department of Defense
DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense
DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet
DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.
US-CERT Bulletins - Department of Homeland Security
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
US-CERT Alerts - Department of Homeland Security
Alerts provide timely information about current security issues, vulnerabilities, and exploits.
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD
Committee on National Security Systems (CNSS) - Committee on National Security Systems
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.