The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Cloud Computing:

DISA Lays Groundwork for Commercial Cloud Computing Contract - AFCEA SIGNAL

Request for Proposals For Commercial Cloud Technologies to support DoD pending

Critical Infrastructure:

An Education in Cyber Security - Automation World

Industrial Control Systems community responding to the E.O. on Cybersecurity of Critical Infrastructure - but much remains to be done

Cyberwarfare:

China says US-based hackers target its military websites, amid competing cybersnooping claims - Washington Post

Official response to Mandiant did not take long

Lessons from the cyber attacks on South Korea - Japan Times

In absence of current legal Self Defense Force responsibility for cyberspace, Japan Times calls for response that includes planned, coordinated attacks, combining cyber and physical (kinetic) offensive means

U.S.-Israeli cyber attack on Iran was ‘act of force’, NATO study found - Washington Times

Reported NATO Cooperative Cyber Defense Centre of Excellence study classifies Stuxnet as act of "force" - Study not released yet in Tallinn - https://web.archive.org/web/20131029205100/http://www.ccdcoe.org/2.html

Data Security:

South Korean cyber attacks used hijacked patch management accounts - TechWorld

South Korean Cyber attack used Update Manager to wipe Master Boot Records

High Performance Computing:

A Strange Computer Promises Great Speed - New York Times

Lockheed Martin purchases D-Wave's adiabatic quantum computer for use in defense systems modeling and simulation

Internet-of-Things:

Securing the Internet of Things - Cisco

Wake-up call for pervasive computing - What will the Internet of Everything developers learn from the industrials controls community?

Mobile Security:

Deploying mobility a worthwhile challenge - CIO

Great overview of the technical challenges ahead for BYOD

Network Security:

DISA-provided Network Defense capabilities – new funding plan - DISA

In FY14, pending OSD approval, DISA Network Defense service will move to Defense Working Capital Fund (DWCF)

Cisco switches to weaker hashing scheme, passwords cracked wide open - Ars Technica

Your IT Infrastructure just moved to a higher Level of Risk

Cisco IOS and IOS XE Type 4 Passwords Issue - Cisco

Supposedly stronger Type 4 passwords only used a single pass of SHA-256, thus admitted to be less resilient to brute-force attacks than a Type 5

23-year-old releases new chips that ‘mine’ Bitcoins 50 times faster - The Verge

Bitcoin mining is now DRIVING hardware R&D

Spear Phishing Cause of South Korean Cyber Attack - Kaspersky

Spear-fishing e-mails identified by F-Secure as delivery vector for attack, source still under investigation

Private Sector:

Spam dispute becomes ‘largest cyber attack’ in history of the internet - Sydney Morning Herald

The Private Sector is also capable of major cyber offensives!

Public Sector:

CYBERSECURITY (GAO-13-187) - GAO

14 February GAO report:  National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented

Software Security:

North Korean defector sites report planned cyber attack - ZDNet

This time, the motive appears to support only North Korean aggression

FEEDBACK FROM PREVIOUS DIGEST:

Most Popular:

Evernote Hack Exposes User Data, Forces Extensive Password Resets - Wired

50 MILLION accounts compromised in a similar manner to "the many high profile attacks on other Internet-based companies that have taken place over the last several weeks"

Bradley Manning pleads guilty to 10 lesser charges, explains motive - Washington Post

Insider Threat: You can still exfiltrate a lot of classified data on a CD.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.