Showing posts sorted by relevance for query Homeland Security. Sort by date Show all posts
Showing posts sorted by relevance for query Homeland Security. Sort by date Show all posts

Cyber Security Summit Hosted By Department of Homeland Security (DHS)

Posted by Avik Sarkar On 9/26/2012 01:36:00 am

Cyber Security Summit Hosted By Department of Homeland Security (DHS) 

As part of the national Stop.Think.Connect campaign against cyber threats to computers in the private and public sector, the city of Mesa and the Department of Homeland Security are hosting a cyber security summit at the Mesa Arts Center on Wednesday, Sept. 26. The mayor of Mesa said on Wednesday that interest in the summit is growing, and that there also will be numerous representatives of government from throughout the state and a member of the Secret Service attending the event.  Kelvin Coleman, U.S. Department of Homeland Security director of state, local, tribal and territorial cyber engagement, will be the keynote speaker. Mesa Mayor Scott Smith and District 3 councilman and Mesa Public Safety Committee chair Dennis Kavanaugh also will offer comments and help to facilitate questions during the event. “We use computers every day,” Smith said. “We don’t know how important computers are until they’re breached.”


Date: September 26, 2012

1 E. Main Street
Mesa, AZ  85201 
7:30 a.m. Registration & Continental Breakfast sponsored by Siemens

8:30 a.m. Welcome and Opening Remarks

  • Mayor Scott Smith
  • Councilmember Dennis Kavanaugh

9:00 a.m. Keynote Address

  • Mr. Kelvin Coleman, Director, State, Local, Tribal and Territorial Cybersecurity Engagement Program DHS National Cyber Security Division

9:30 a.m. Convenience vs. Security Expert Panel
Current Threats in an increasingly Networked World Panelist Bios
John Meza (Moderator), Assistant Chief, Mesa Police Department
James Choplin, Special Agent, Electronic Crimes Task Force, U.S. Secret Service
Dr. Dee H. Andrews, Ph.D. Senior Research Psychologist, Army Research Institute for the Behavioral and Social Sciences
Kristy Westphal, Director of Security Operation, T-Systems North America
Lonnie Benavides, Red Team Lead, The Boeing Company
Ilene Klein, City of Phoenix Office of Information Security and Privacy
Bill Kalaf, Executive Director - Intelligence-Led Policing, Mesa Police Department
 
During this session, the panel will outline and discuss many of the current threats affecting businesses, local government, users, such as social engineering, security of mobile devices and many of the trending applications on smart phones and PCs.
   
10:30 a.m. Networking Break
   
10:45 a.m. Closing Remarks

  • Mayor Scott Smith

11:15 a.m. Adjournment
   
11:30 a.m. Post CyberSecurity Summit Break Out Session:  Methods for training supervisors to detect behavioral indicators of insider threat

Dr. Dee H. Andrews 
Senior Research Psychologist , U.S. Army Research Institute for the Behavioral and Social Sciences 
During this session, participants will get an overview of methods in training supervisors to spot and mitigate the cyber insider threat.  Statistics reveal that approximately 40% of the cyber incidents are caused by insiders.  

If you want to register for the U.S. Department of Homeland Security Cyber Security Summit then click Here. For additional information about Stop.Think.Connect. click Here


-Source (mesaaz.gov)









SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Department of Homeland Security (DHS) Unveils Cybersecurity Bill

Posted by Avik Sarkar On 12/21/2011 03:01:00 pm



Members of the House Homeland Security Committee unveiled legislation Thursday that would authorize the cybersecurity functions of the Department of Homeland Security (DHS) and establish a quasi-governmental entity to coordinate cybersecurity information-sharing with the private sector. The bill, called the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PrECISE), would station a national clearinghouse for information relating to potential attacks on critical infrastructure, such as electric grid, water facilities, and financial service systems.
"The risk of cyberattack by enemies of the United States is real, is ongoing and is growing," warned Homeland Security Committee Chairman Peter King (R-N.Y., above left). "The PrECISE Act, in line with the framework set forth by the Speaker’s Cybersecurity Task Force led by Rep. [Mac] Thornberry [R-Texas], protects our critical infrastructure without a heavy-handed and burdensome regulatory approach that could cost American jobs."
Under Section 226 of the bill, the Secretary of Homeland Security "is authorized to maintain the capability to act as the focal point for cybersecurity through technical expertise and policy development." Further, the Secretary is ordered to "coordinate cybersecurity activities across the Federal Government, designate a lead cybersecurity official within the Department of Homeland Security, publish a cybersecurity strategy and provide appropriate reports to Congress."
In effect, the DHS would identify cybersecurity risks on a sector-by-sector basis and gather existing performance standards to procure the most efficient methods to mitigate identified exposures. The Secretary will review and collect standards and publish cyber-defense information for owners and operators of "covered critical infrastructure," which is defined as the "infrastructure that if destroyed or disabled would result in a significant number of deaths, cause mass evacuations, major disruptions of the economy, or significant disruption to national security."
"Cybersecurity is truly a team sport, and this bill gives DHS needed authorities to play its part in the federal government’s cybersecurity mission and enables the private sector to play its part by giving them the information and access to technical support they need to protect critical infrastructure," said Rep. Dan Lungren (R-Calif.), Chairman of the House Cybersecurity Subcommittee.
In addition to Reps. King and Lungren, the bill’s original co-sponsors include Rep. Michael McCaul (R-Texas), Rep. Gus Bilirakis (R-Fla.), Rep. Candice Miller (R-Mich.), Rep. Tim Walberg (R-Mich.), Rep. Billy Long (R-Mo.), Rep. Tom Marino (R-Pa.) and Rep. Bob Turner (R-N.Y.) of the Homeland Security Committee, as well as Rep. Steve Stivers (R-Ohio) and Rep. Jim Langevin (D-R.I.).
One key tenet of the legislation is the creation of the National Information Sharing Organization (NISO), a quasi-governmental entity that would be staged as a clearinghouse for exchanging relevant information regarding cyber threats and vulnerabilities. The organization would be a nonprofit entity consisting of a DHS-appointed board of directors, composed of members from five different federal agencies and 13 members of the private sector.

According to Section 242 of the bill, the NISO Would Have Three Primary Missions:-

First, facilitating the exchange of cyber threat information, best practices and technical assistance amongst its membership including the Government. Second, it would facilitate the creation of a common operating picture built from information contributed by technically sophisticated members such as the Government, Internet Service Providers, and other members with access to large amounts of network related information. Third, the NISO would act as a catalyst for cooperative research and development of member driven research projects. Additionally, the NISO would incorporate into its membership agreements for the transferability of intellectual property and integrate with the National Cybersecurity and Communications Integration Center at DHS.

All in all, NISO’s purpose would be to establish a point of connection between the government and the private sector to pool information about potential cybersecurity threats and to collaborate on methods to prevent such threats from occurring.
While cybersecurity laws have brought a rare agreement between Republicans and Democrats, the two parties have quibbled over certain aspects of the legislation. Generally, House Republicans prefer more limited regulation and discretional incentives to ramp up securities, while Senate Democrats and the White House have suggested more stringent regulations monitored by the DHS.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

White House sends Congress a long-awaited cybersecurity proposal

Posted by Avik Sarkar On 5/13/2011 11:44:00 pm



The White House on Thursday sent Congress a formal proposal for cybersecurity legislation to help Senate lawmakers craft a passable bill from 50-some measures currently pending in both chambers.
The long-awaited framework would formally grant the Homeland Security Department oversight of cybersecurity operations within civilian federal agencies -- a role it has played in practice since last summer. Given the dearth of cyber experts in civilian agencies, the proposal would give DHS the same flexibility the Pentagon currently has to rapidly hire skilled professionals at competitive salary levels, Obama administration officials told reporters during a Thursday conference call.
The guidelines, which were expected to be released later on Thursday, largely rely on industry's know-how and willing compliance to certify their systems are safe and ask for federal assistance when attacked.
The proposal is silent on several sticking points, including cyberwarfare, classified information and the criteria for so-called critical infrastructure -- or systems that, if disrupted, could wreak havoc on national security. Such networks would be subject to greater regulation under a key Senate bill sponsored by the leaders of the Homeland Security and Governmental Affairs Committee. The White House framework also stays clear of a dispute over whether the president should have the power to hit a "kill switch," shutting down the Internet during emergencies.
The guidelines were prompted by a request from Senate Majority Leader Harry Reid, D-Nev., and chairmen of the committees with jurisdiction over computer security for input from President Obama on the various congressional proposals, White House officials said. The HSGAC and commerce panels passed comprehensive cybersecurity legislation about a year ago, while numerous other congressional panels and individual members have introduced their own piecemeal measures. The executive branch took about a year to reach consensus on which provisions agencies would support and what new ones they would propose.
The proposal would make so-called intrusion prevention systems a permanent fixture in the federal government, according to a fact sheet. As opposed to intrusion detection systems, which flag attacks and alert the appropriate responders, prevention software can actively respond by blocking intrusions. The guidelines say DHS should have the authority to supervise all such programs, including the existing "Einstein" tool. Internet service providers also would have to use the applications for any government traffic they manage.
The White House plan touches on one security element of a growth area in government IT: cloud computing. The practice allows organizations to access computer power, storage and software stored on the Internet by a third-party provider, rather than build on-site server farms. Administration officials are concerned that state protectionist measures are hampering the cloud industry, so the proposal would block state governments from requiring that companies in their states build data centers there, unless authorized by federal law, the fact sheet stated.
The guidelines would enable industry to obtain immediate assistance from Homeland Security in responding to an intrusion, if they wish, officials said. Currently, when organizations ask DHS to review logs to determine when a hacker attacked, the department's ability to intervene is slowed by legal uncertainty. To protect individuals, if a firm or local government wants to share such information with DHS, the organization must first strip out identifying information that is irrelevant to the infraction, according to the fact sheet.
Companies and local governments would be granted immunity for sharing information with the federal government about new computer viruses and cyber events that have compromised their systems. Should entities choose to provide such information, their customers' privacy would not be violated, according to the proposal.
White House officials said their proposal focuses on transparency and incentives to ensure companies managing networks for critical infrastructure in industries like energy and banking are accountable for service continuity. The draft bill directs Homeland Security and the private sector to jointly figure out which operations are the most critical and prioritize the most important threats to those services. An outside commercial auditor would assess the company's plans for mitigating such vulnerabilities.
On the consumer side, the proposal would require that businesses notify customers of certain data breaches to reduce the risk of identity theft. Sony recently took heat for not immediately telling customers that perpetrators had infiltrated the company's online gaming and music networks. The administration's plan would loop together a patchwork of 47 state laws on data breach reporting.
Many in the legislative branch and business community applauded the White House plan on Wednesday.
"The Senate and the White House are on the same track to make sure our cyber networks are protected against an attack that could throw the nation into chaos," HSGAC Chairman Joe Lieberman, I-Conn., ranking Republican Susan Collins, R-Maine, and Federal Financial Management Subcommittee Chairman Tom Carper, D-Del., said in a joint statement. The Senate and the administration "both recognize that the government and the private sector must work together to secure our nation's most critical infrastructure, for example, our energy, water, financial, telecommunications and transportation systems. We both call for risk-based assessments of the systems and assets that run that infrastructure."
The trio agreed with the administration that Homeland Security should take the lead in safeguarding civilian cybersecurity. Other lawmakers, particularly in the House, say the Defense Department, with its established expertise and deep pockets, should play a larger role in guarding U.S. networks. Currently, the Pentagon can monitor only the .mil domain and many civil liberties advocates would like to keep it that way.
Commerce Committee leaders also largely praised the proposed measure. "The White House has presented a strong plan to better protect our nation from the growing cyber threat," Chairman John D. "Jay" Rockefeller, D-W.Va., said in a statement. "I look forward to continuing to work with the White House, and my colleagues in the House and Senate, to pass a comprehensive cybersecurity bill this year."
Ranking member Sen. Olympia Snowe, R-Maine, said, "While the administration's delay in providing critical input to the legislative process is regrettable, it is my understanding that the administration proposal parallels many of the objectives, particularly pertaining to modernizing the public-private partnership, that Sen. Rockefeller and I have advocated."
Officials with trade group TechAmerica generally supported Obama's framework but said they had lingering questions about the flexibility the proposal grants firms to tailor their security strategies.
"The administration's proposal is a clear step forward in the process and we hope that it strikes the right balance between accountability and innovation in this shared responsibility between the public and private sectors," TechAmerica President Phil Bond said in a statement.
"We encourage Congress and the administration to draw a bright line between critical and noncritical infrastructure," Bond said. "Industry and government need to work together to make the right determinations for what is critical, and what the implications are for that designation."
Should the government require firms to take certain actions, the law must provide liability protections to shelter companies from any unanticipated consequences, he said.
Given that the Senate has been pursuing cybersecurity legislation in a bipartisan fashion, and both parties in the House last year actually passed elements of the White House proposal, the expectation is that a law could be enacted this year.
Disagreements over engagement in cyberwar or the job of the Pentagon's National Security Agency and the new U.S. Cyber Command likely will be worked out in separate legislation. Pending House defense and intelligence authorization bills, for instance, address cyberwarfare and require the development of systems for detecting unauthorized activities on classified networks.
But talks on the civilian-oriented bill may take months, especially since all sides appear to want industry involved in the vetting process. One item overlooked in the White House proposal that Congress wants -- the creation of a Senate-confirmed cyber czar -- may take some time to negotiate. And Congress has never considered some of the information-sharing measures the White House introduced on Thursday.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Homeland Security Approved Cyber security Bill "PRECISE" (H.R. 3674)

Posted by Avik Sarkar On 4/21/2012 11:15:00 pm

Homeland Security Approved Cyber security Bill "PRECISE" (H.R. 3674)

The House Homeland Security Committee approved H.R. 3674, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011 (the PRECISE Act) by voice vote, after a lengthy mark-up session that saw the bill’s scope scaled back. This Cybersecurity bill was approved on April 18 aimed at securing federal information systems and helping private sector critical infrastructure owners/operators, but key committee members complained that its watered-down provisions weren’t adequate. The bill, originally introduced by Rep. Dan Lungren (R-CA) in February had aimed to create a national information sharing organization to oversee the cyber protection of critical infrastructure, but will now only authorize the National Cybersecurity and Communications Integration Center (NCCIC) at the Department of Homeland Security (DHS).
The committee’s ranking member, Rep. Bennie Thompson (D-MS), bitterly objected to the changes, saying they essentially gutted the bill. In a statement following the bill’s mark-up, he said it “bears little resemblance to the measure that the Cybersecurity Subcommittee approved in February.” He said key provisions that promoted information sharing between and among the private sector and government and privacy protections were removed behind closed doors by the committee’s leadership.


-Source (Govt. Security News)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI Started National Cyber Security Awareness Month 2012

Posted by Avik Sarkar On 10/03/2012 04:37:00 am

FBI Started National Cyber Security Awareness Month 2012

Last week the  Federal Bureau of Investigation (FBI) has issued a report based on information from law enforcement and complaints submitted to the Internet Crime Complaint Center (IC3) detailing recent cyber crime trends and new twists to previously-existing cyber scams. As you all know that the Month of October is celebrated as National Cyber Security Awareness Month for last nine years. This year also FBI declared the October as National Cyber Security Awareness Month 2012. According to the official blog of FBI - the threat has continued to grow even more complex and sophisticated. Just 12 days ago, in fact, FBI Director Robert Mueller said that “cyber security may well become our highest priority in the years to come.” 

For its part, the FBI is strengthening its cyber operations to sharpen its focus on the greatest cyber threats to national security: computer intrusions and network attacks. We are enhancing the technological capabilities of all investigative personnel and hiring additional computer scientists to provide expert technical support to critical investigations. We are creating two distinct task forces in each field office: Cyber Task Forces, focused on intrusions and network attacks that will draw on our existing cyber squads; and Child Exploitation Task Forces, focused on crimes against children. We are also increasing the size and scope of the National Cyber Investigative Joint Task Force—the FBI-led multi-agency focal point for coordinating and sharing cyber threat information to stop current and future attacks.

The FBI also runs several other cyber-related programs, including the Innocent Images National Initiative—which combats online child predators—and the Internet Crime Complaint Center—a partnership between the Bureau and the National White Collar Crime Center that serves as a clearinghouse for triaging cyber complaints and provides an easy-to-use online tool for reporting these complaints.

Because of the interconnectedness of online systems, every American who uses digital technologies at home or in the office can—and must—play a part in cyber security. For example, if you open a virus-laden e-mail attachment at work, you could infect your entire company’s computer network. Don’t be the weakest link: get educated on cyber safety.

Here are a few basic steps you can take to be more secure:

  • Set strong passwords, and don’t share them with anyone.
  • Keep a clean machine—your operating system, browser, and other critical software are optimized by installing regular updates.
  • Maintain an open dialogue with your family, friends, and community about Internet safety.
  • Limit the amount of personal information you post online, and use privacy settings to avoid sharing information widely.
  • Be cautious about what you receive or read online—if it sounds too good to be true, it probably is.


Visit the links below for more tips on protecting your computers and other electronic devices, information on cyber threats, and details on how to report cyber crimes or scams:



For more information:






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Researcher Security Hole Found in US Power Plants, DHS is Investigating

Posted by Avik Sarkar On 8/23/2012 02:54:00 pm

Researcher Security Hole Found in US Power Plants, DHS is Investigating  

Security researcher figure out seirous flaws in software for specialized networking equipment from Siemens could enable hackers to attack US power plants and other critical systems. A security expert said that he had found a backdoor in hardware from a Siemens subsidiary. The alleged flaw was made public by security researcher Justin W Clarke at a conference in Los Angeles. The equipment is widely used by power companies mainly based on US. Clarke said that the discovery of the flaw is disturbing because hackers who can spy on communications of infrastructure operators could gain credentials to access computer systems that control power plants and other critical systems. "If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you," Clarke said.
The Department of Homeland Security said it was in contact with the firm to assess the claim. After this issue came in-front, the US Govt immeditely taken stpes & investigating the whole scenario. RuggedCom, a Canadian subsidiary of Siemens that sells networking equipment for use in harsh environments such as areas with extreme weather, said it was investigating Clarke's findings, but declined to elaborate. This is the second bug that Clarke, a high school graduate who never attended college, has discovered in products from RuggedCom, which are widely used by power companies that rely on its equipment to support communications to remote power stations.
In May, RuggedCom released an update to its Rugged Operating System software after Clarke discovered that it had a previously undisclosed "back door" account that could give hackers remote access to the equipment with an easily obtained password. The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, which is known as ICS-CERT, said in its advisory on Tuesday that government analysts were working with RuggedCom and Clarke to figure out how to best mitigate any risks from the newly identified vulnerability. "According to this report, the vulnerability can be used to decrypt SSL traffic between an end-user and a RuggedCom network device," Read the full advisory. 

This is not the first time, earlier in 2011 - researcher found vulnerability in the security system of US Power Grid, form which NSA suspected that hacktivist Anonymous may even shutdown the entire US Power Grid. later The White House introduced an Electric Sector Cybersecurity Risk Maturity ModelFor these kind of cyber security updates & news, just stay tuned with VOGH


-Source (Reuters & BBC)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DSH is Taking Anonymous More Seriously & Issued A Security Bulletin To Warn About The Upcoming Cyber Threats

Posted by Avik Sarkar On 9/05/2011 02:57:00 pm



The Department of Homeland Security is beginning to take Anonymous and other non-professional cyber-attackers more seriously as it issues a warning about potential attacks.
The United States Department of Homeland Security warned the security community about potential attacks from hacking collective Anonymous over the next few months. The Sept. 2 security bulletin from the DHS National Cyber-Security and Communications Integration Center warned financial services companies to be on the lookout for attackers operating under the Anonymous umbrella to "solicit ideologically dissatisfied, sympathetic employees" to the cause. The collective recently took to Twitter to persuade employees within the financial sector to hand over information and access to enterprise networks. Though such attempts may have been unsuccessful so far, "unwilling coercion through embarrassment or blackmail may be a risk to personnel," the DHS bulletin warned.
DHS issued the bulletin primarily for cyber-security professionals and staff in charge of protecting critical infrastructure. The bulletin also refer to new tools that Anonymous may be using in launching future attacks. Anonymous has been primarily using the Low Orbit Ion Cannon, a fairly simple testing software that can ping a server repeatedly, to launch its distributed denial of service attacks. Some of the members have been working on a new DDoS tool, based on JavaScript,  dubbed #RefRef.

The new attack tool is said to be capable of using the server's own resources and processing power to launch a denial of service attack against itself, but "so far it's unclear what the true capabilities of #RefRef are," the DHS said in the bulletin. The tool is slated to be released Sept. 17.
DHS also referenced the "Apache Killer" Perl script that can be used to launch denial of service attacks against Web servers running the popular Apache software. Apache developers released a patch earlier this week to fix the vulnerability in Apache 2.2. Administrators have been urged to patch their servers immediately.

The DHS also mentioned three cyber-attacks and civil protests Anonymous has already announced. "Occupy Wall Street" is the first scheduled one, for Sept. 17. Announced by a group Adbusters in July and actively supported by Anonymous, the goal is to get 20,000 individuals to gather on Wall Street to protest various U.S. government policies. Similar rallies targeting financial districts are being planned in Madrid, Milan, London, Paris and San Francisco.
Another protest in October, also led by Adbusters, is scheduled to be held at the Washington, D.C. National Mall to mark the 10th anniversary of the war in Afghanistan. There is also the supposed Nov. 11 attack against Facebook and Project Mayhem, scheduled for Dec. 21, 2012, DHS warned. There are indications that Project Mayhem would be a combination of physical disruption and targeting of information systems.

The bulletin itself is unusual in that DHS hasn't commented on the activities of Anonymous ever since the group stepped up its efforts over the past few months, attacking federal agencies and private corporations to protest a wide range of issues. As anyone following the security space undoubtedly knows, there have been at least one or two attacks by Anonymous, even more, each week for the past few months, so the bulletin may be just stating the obvious when warning of future potential attacks.
"Anonymous has shown through recently reported incidents that it has members who have relatively more advanced technical capabilities who can also marshal large numbers of willing, but less technical, participants for DDOS activities," the DHS said.

-News Source (e-Week)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DHS & Public Safety Canada Started Joint Cybersecurity Action Plan

Posted by Avik Sarkar On 10/31/2012 06:08:00 am

DHS Public Safety Canada Started Joint Cybersecurity Action Plan

A joint venture Cyber Security plan has been announced by US Department of Homeland Security and Canada. According to the official website of Public Safety Canada - PS Canada along with the Department of Homeland Security (DHS) are pursuing a coordinated approach to enhance the resiliency of our cyber infrastructure. The Cybersecurity Action Plan (the Action Plan) between PS and DHS seeks to enhance the cybersecurity of our nations through increased integration of PS' and DHS' respective national cybersecurity activities and improved collaboration with the private sector. This Action Plan represents just one of many important efforts between Canada and the United States to deepen our already strong bilateral cybersecurity cooperation.
As the Internet knows no borders, all countries have a responsibility to prevent, respond to, and recover from cyber disruptions and to make cyberspace safer for all citizens across the globe. Due to a shared physical border, Canada and the United States have an additional mutual interest in partnering to protect our shared infrastructure. This Action Plan aims to articulate a shared approach to fulfill PS' and DHS' vision of working together to defend and protect our use of cyberspace and to strengthen the resiliency of our nations. These efforts, combined, advance the objectives articulated by President Obama and Prime Minister Harper in the February 2011 declaration, Beyond the Border: A Vision for Perimeter Security and Economic Competitiveness.
This Action Plan outlines three goals for improved engagement, collaboration, and information sharing at the operational and strategic levels, with the private sector, and in public awareness activities, for activities conducted by PS and DHS. The Action Plan establishes lines of communication and areas for collaborative work critical to enhancing the cybersecurity preparedness of both nations. The Action Plan's goals and objectives are to be conducted in accordance with the June 2012 Statement of Privacy Principles by the United States and Canada. This Action Plan is intended to remain a living document to be reviewed on a regular basis and updated as needed to support new requirements that align to the Plan's key goals and objectives. It intends to support and inform current and future efforts to advance the goals of Beyond the Border, which ultimately seeks to enhance broad bilateral cooperation on cybersecurity efforts across both governments.

Goals and Objectives:-

1. Enhanced Cyber Incident Management Collaboration between National Cybersecurity Operations Centers

PS' Canadian Cyber Incident Response Centre intends to work jointly with DHS' United States Computer Emergency Readiness Team and Industrial Control Systems Cyber Emergency Response Team towards the following objectives:
  • 1.1 Increase real-time collaboration between analysts by improving existing channels for remote communication and arranging in-person visits;
  • 1.2 Enhance information sharing at all classification levels and collaborate on training opportunities, while promoting inter-agency coordination, as appropriate, as well as the proper protections for information, as outlined in the Statement of Privacy Principles;
  • 1.3 Coordinate on cybersecurity incident response management, relating to defense, mitigation, and remediation activities and products, including with other public and private entities consistent with each country's laws and policies;
  • 1.4 Align and standardize cyber incident management processes and escalation procedures; and
  • 1.5 Enhance technical and operational information sharing in the area of industrial control systems security.

2. Joint Engagement and Information Sharing with the Private Sector on Cybersecurity

Due to the shared nature of critical infrastructure between Canada and the United States, PS and DHS intend to collaborate on cybersecurity-focused private-sector engagement for cybersecurity activities for which they are responsible through the following objectives:
  • 2.1 Share engagement approaches for private sector;
  • 2.2 Exchange and collaborate on the development of briefing materials for the private sector;
  • 2.3 Jointly conduct private sector briefings;
  • 2.4 Review approaches and align processes for private sector engagement through requests for technical assistance and non-disclosure agreements; and
  • 2.5 Standardize protocols for sharing information.

3. Continued Cooperation on Ongoing Cybersecurity Public Awareness Efforts

Cybersecurity is a shared responsibility and everyone, including our citizens, has a role to play. With increased media attention devoted to cybersecurity incidents and with the continuing growth of electronic commerce and social media, it is imperative that citizens receive clear and trustworthy information on how to manage cyber threats to themselves and their families. Ensuring that government's cybersecurity awareness messages are consistent across our border helps to deliver that information effectively and consistently. PS Communications, the DHS Office of Public Affairs, and the National Protection and Program Directorate's Office of Cybersecurity and Communications (CS&C) intend to continue to work together as they:
  • 3.1 Collaborate on public awareness campaigns (websites, social media activities, education material, etc.);
  • 3.2 Collaborate on Cybersecurity Awareness Month (October); and
  • 3.3 Share and coordinate messaging on issues of common interest.

Governance of the Joint Action Plan:-

Senior officials within PS and CS&C intend to review and provide additional guidance in order to update this Action Plan on a quarterly basis. This Action Plan is intended to be a part of broader inter-governmental coordination across government agencies in both the United States and Canada.


To Download The Full Cybersecurity Action Plan Between Public Safety Canada and the Department of Homeland Security Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI Said: Anonymous is Not so Anonymous Anymore

Posted by Avik Sarkar On 9/13/2011 05:52:00 pm


Anonymous is not so anonymous anymore. The computer hackers, chat-room denizens and young people who make up the loosely affiliated Internet collective have drawn the attention of the FBI, the Department of Homeland Security and other federal investigators. What was once a small group of pranksters has become a potential national security threat, federal officials say. The FBI has carried out more than 75 raids and arrested 16 people this year in connection with illegal hacking claimed by Anonymous.
Since June, Homeland Security has issued three “bulletins” warning cybersecurity professionals of hacking successes and future threats by Anonymous and related groups — including a call in Manhattan to physically occupy Wall Street on Sept. 17 to protest various U.S. government policies.
San Francisco police arrested more than 40 protesters last month during a rowdy demonstration organized by Anonymous that disrupted the evening commute. The group called for the demonstration after the Bay Area Rapid Transit system blocked cellphone service in San Francisco stations to quell a planned protest over a police shooting on a subway platform.
“Anonymous’ activities increased throughout 2011 with a number of high-profile attacks targeting both public- and private-sector entities,” one of the bulletins issued last month said.
Some members of the group have called for shutting down Facebook in November over privacy issues, though other Anonymous followers are disavowing such an attack, underscoring just how loosely organized the group is and how problematic it is to police.

“Anonymous insist they have no centralized operational leadership, which has been a significant hurdle for government and law enforcement entities attempting to curb their actions,” an Aug. 1 Homeland Security bulletin noted. “With that being said, we assess with high confidence that Anonymous and associated groups will continue to exploit vulnerable publicly available Web servers, Web sites, computer networks and other digital information mediums for the foreseeable future.”
Followers posting to Twitter and conversing on Internet Relay Chat insist there are no defined leaders of Anonymous and that it’s more of a philosophy than a formal club, though a small group of members do the most organizing online.

“Anonymous is not a group, it does not have leaders, people can do ANYTHING under the flag of their country,” wrote one of the more vocal members who asked not to be identified.

“Anything can be a threat to National Security, really,” the member said in an e-mail interview. “Any hacker group can be.”

Fore More Info click Here
-News Source (Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Wikileaks insider threat: A lesson for government cybersecurity managers

Posted by Avik Sarkar On 5/19/2011 12:31:00 pm


“There is no patch for people.” That one-liner, made at a recent symposium in Washington on the Wikileaks insider threat, is no joke. It succinctly captures the hurdles facing federal managers when it comes to information security risks posed by their own users. And those hurdles are getting higher, as the Wikileaks case illustrates. Nor is Wikileaks just an isolated case: public data breaches by insiders in both the private and public sectors are on the rise.

While system breaches caused by the unwitting insider -- the employee who opens up an email message and falls for a phishing scam, for example -- are still a concern, it’s the malicious insider who represents the greatest risk. And, that risk means government cybersecurity managers will have to shift their efforts more towards actively combating that threat.
Particularly worrisome these days is the trusted insider “gone wrong”—the system administrator or IT executive whose actions turn malicious, for instance.
“You have a lot of folks that…pretty much have the keys to the castle,” said a security expert at the Homeland Security Department who asked to remain anonymous. “The enterprise admins have the ability to scour the entire network. That’s a hurdle that everyone has, especially with the move to managed services. You don’t know who the people who are managing your systems are anymore.”
Ken Ammon, chief strategy officer at Xceedium Inc., agreed that the ever-growing size, sophistication and complexity of systems have amplified the insider threat. “If you flash back 15 years ago, people who were considered privileged users -- those who had the ability to get to any platform or to any information within the infrastructure -- were a smaller group,” he said. “They tended to be the higher-assured employee or to be more fixtures than transients. Now you flash forward 15 years and the number of people and resources it takes to keep the systems running and number of people you give elevated rights or privileges to have dramatically increased.”
The advent of cloud computing also has expanded the insider threat, and even blurred the distinction between insiders and outsiders, Ammon added. “It has spread to vendors and contractors you have no control over,” he said. “You have a security boundary that has evolved and eroded from this inside-outside issue.”
Threat mitigation
The increasing visibility of the insider threat is shifting the focus from security policies and user training -- which likely have negligible impact on the determined malicious insider -- to technologies and tools designed to mitigate the threat. Testifying recently at a Senate Homeland Security and Governmental Affairs Committee on “Information Sharing in the Era of Wikileaks,” Corin Stone, the information sharing executive for the Office of the Director of National Intelligence, said the government must develop a comprehensive insider threat capability, of which technology is a vital part.
The Intelligence Community’s strategy involves three interlocking elements, Stone said:
  • Ensuring the right people have access to the networks and information they need to perform their duties, but not to information they don’t need.
  • Technically limiting the ability to misappropriate, manipulate or transfer data, especially in large quantities, such as by disabling or prohibiting the use of removable media on classified networks.
  • Auditing and monitoring user activity on classified computer systems to identify anomalous activity and follow up accordingly.
“In general, the idea that you can depend on written policy or that you have policy as a control for security is something that has to be retired,” Ammon said. “You have to modify that and put some technology in place. The days of … trusting someone to follow policy are gone, so you have to build in technical controls.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

IU experts find flaws in US web protection plan

Posted by Avik Sarkar On 5/16/2011 03:25:00 pm


The White House proposed new cybersecurity legislation Thursday that aimed to protect the country against threats to the national infrastructure and the economy, but it was too small a step, according to IU cybersecurity experts.
Fred Cate, a professor in the Maurer School of Law and the director of the Center for Applied Cybersecurity Research, said cybersecurity attacks are a huge problem in today’s society.
“We live in a data-driven society — almost everything we do generates or uses digital data,” Cate said. “Yet as the president and most everyone else recognizes, those data and the systems that transmit and store them are not secure.”
The proposal focuses on the protection of American citizens, critical infrastructure, government systems and privacy and civil liberties. The legislation includes harsher penalties for cybercriminals and requires the Department of Homeland Security to work with companies in the private sector to identify and address vulnerabilities.
Von Welch, the deputy director of the CACR, thinks the new legislation was a positive step, but not a big enough one.
“My concern is that it isn’t keeping up with advances we’re seeing in cybercrime,” he said.
The administration’s cybersecurity efforts have been focused on new technologies, rather than on creating legal and economic incentives for the private sector to invest in better security, Cate said. This approach hasn’t worked, he said.
“During the past two years we have witnessed massive security breaches involving hundreds of millions of Americans, involving Sony PlayStation, the online marketing firm Epsilon, even the security powerhouse RSA,” Cate said. “According to one study, more than 2,500 companies were victims of one sophisticated cyberattack that exfiltrated proprietary corporate data, and there are thousands of other successful attacks against companies and agencies.”
Cate said that U.S. counterintelligence officials report that 140 foreign intelligence organizations are actively engaged in trying to hack into U.S. government and business networks.
“Without appropriate incentives, industry won’t invest sufficiently in good security,” he said. “It is that simple.”
Welch agrees. Much of what the legislation does is formalize practices already happening, he said.
“For example, federalizing breach notification laws have already been put in place by many states, and explicitly allowing collaboration and information exchange that is already taking place by cybersecurity practitioners.”
Cate and Welch agree that there are some positive parts to the plan. Its focus on critical infrastructure, by mandating core critical infrastructure operators, creates a plan for addressing threats. Having those plans evaluated by third parties is a good step given the importance of critical infrastructure to national security, Welch said.
What’s missing from the plan, Welch said, is a similar push for other parts of the Internet.
“As recent high-profile cases such as Sony and Epsilon have shown, and what seem to be constant problems with privacy on social networking sites, there are other companies operating on the Internet that while perhaps not critical to our national security, still impact millions of people,” he said. “There is nothing in the proposed legislation to really incentivize these companies to improve their cybersecurity and, in turn, our privacy as their users.”
Cate explained how the plan could be improved.
“The plan could include legal requirements for good information security, tax incentives, safe harbor provisions for businesses that try to enhance security even if they fail, liability provisions to allow injured consumers to recover from harms caused by bad security and new enforcement powers and resources for the Federal Trade Commission,” he said.
In addition to calling for new privacy protections, he said the President should appoint the members of the Privacy and Civil Liberties Oversight Board, which Congress created, but the administration has yet to fill.
Cate also said the administration’s plan includes no effort to curtail risky behaviors by businesses themselves.
“The recent discoveries that Google and Apple are both collecting location data on smart phone users and storing that data, unencrypted, in unsecured files suggests that some regulation may be appropriate to protect individuals as well as industry,” he said.
The bottom line? Technology is very important in security, but the administration’s focus on it is only one step towards enhancing information security.
“Technologies are like magic bullets for the government — no matter what the problem, we want to believe that technology can solve it,” Cate said. “Technology alone just isn’t enough — for security or anything else.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

The White House Introduced- Electric Sector Cybersecurity Risk Maturity Model

Posted by Avik Sarkar On 1/13/2012 03:28:00 pm



The White House has launched a new initiative designed to help companies in the electric power industry measure the maturity of their security programs against a new maturity model. The program is being run in tandem with the Department of Homeland Security and Department of Energy and is meant to help the utility companies find their weak spots and where they need to improve.
The Electric Sector Cybersecurity Risk Maturity Model Pilot is the first such program launched by the White House, which has been pointing to information security--and specifically the security of systems running utilities and critical infrastructure--as a priority since the beginning of the Obama administration. The administration has developed a number of strategies and policy documents in the last few years, but this is the first foray into the kind of maturity model that typically is seen in private industry.
The White House, DHS and Energy launched the initiative last week with a meeting of government officials and executives from electric companies to discuss the main problems facing the industry when it comes to information security.
In his blog Howard Schmidt, the White House cybersecurity coordinator, said -
"This initiative -- the Electric Sector Cybersecurity Risk Maturity Model Pilot -- is a new White House initiative led by the Department of Energy, in collaboration with the Department of Homeland Security, to develop a model to help us identify how secure the electric grid is from cyber threats and test that model with participating utilities. Gaining knowledge about strengths and remaining gaps across the grid will better inform investment planning and research and development, and enhance our public-private partnership efforts," 

More More Information Click Here


-Source (threatpost)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

UK is Enhancing Cyber Security to fight Against Hackers

Posted by Avik Sarkar On 7/07/2011 12:11:00 am

The fight against cyber crime needs a stronger common international legal framework to enable perpetrators outside the country of their victims to be tracked down and punished, a British security official said on Tuesday.
James Brokenshire, a Home Office (Interior Ministry) Minister for Crime and Security, added in remarks to reporters that governments and companies had to work much more closely together to fight the "scammers, fraudsters and hackers" who were creating a truly global problem.
"Active international partnerships are central to tackling cyber crime," he said. "There needs to be an international response including international treaties, bilateral treaties and common agreements between countries." A priority for governments is to find ways of hunting criminals across borders and ensuring they are punished, but many nations lack a common definition of cyber crime or common legal standards that would enable prosecutions of criminals operating offshore. Security experts have long said the core problem has been that nations are thinking too parochially about their online security to collaborate on crafting global cyber regulation.
High-profile online assaults in recent weeks have targeted the International Monetary Fund, the U.S. Central Intelligence Agency and the U.S. Senate, and companies such as Citigroup and Lockheed Martin Corp. The raids have raised doubts about the security of government and corporate computer systems and the ability of law enforcement to track down hackers. Saying there should be "no safe haven" for online criminals, Brokenshire added that governments had to work with the private sector to provide technical expertise to police in those countries that lacked the resources to fight cyber criminals.

He was speaking at the launch of the International Cyber Security Protection Alliance (ICSPA), a global not-for-profit organisation that aims to channel funding, expertise and help directly to law enforcement cyber crime units around the world.The venture, which will seek funding from the European Union, governments of the United States, Canada, Australia, New Zealand and Britain, and private sector companies, plans to work in partnership with European police agency EUROPOL.
Rik Ferguson, Director of Security Research at Trend Micro said areas of concern to ICSPA included Brazil, which had expertise in banking malware, China, where computers were often used by criminals elsewhere to host attacks in third countries, and Russia and Ukraine.Companies supporting the venture include McAfee , Cassidian, Trend Micro, Yodel, Core Security Technologies, Visa Europe , Shop Direct group, A&REdelman, Transactis and Article10. Cyber crime costs the British economy some 27 billion pounds ($43.5 billion) a year and appears to be "endemic", according to the first official government estimate of the issue published in February 2011.
Brokenshire's call echoes remarks by U.S. Secretary of Homeland Security Janet Napolitano who said last week that cyber criminals were outwitting national and international legal systems that fail to embrace technological advances.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

FBI's Cybercrime Unit Taken New Initiative to Nab Hackers & Intruders

Posted by Avik Sarkar On 10/31/2012 06:09:00 am

FBI's Cybercrime Unit Taken New Initiative to Nab Hackers & Intruders 

The month of October has been declared by FBI as the National Cyber Security Awareness Month of 2012 , and in the last week of this month the cyber crime division of FBI has started a new program which will specially emphasis on hackers and intrusion. The main aim of this program is to focusing on hackers and to prevent cyber crime. Last month  Federal Bureau of Investigation (FBI) has issued a report based on information from law enforcement and complaints submitted to the Internet Crime Complaint Center (IC3) detailing recentcyber crime trends and new twists to previously-existing cyber scams. Now the recent movement of FBI will surely inject fear into the heart & mind of hackers. According to FBI's official release - Early last year, hackers were discovered embedding malicious software in two million computers, opening a virtual door for criminals to rifle through users’ valuable personal and financial information. Last fall, an overseas crime ring was shut down after infecting four million computers, including half a million in the U.S. In recent months, some of the biggest companies and organizations in the U.S. have been working overtime to fend off continuous intrusion attacks aimed at their networks. The scope and enormity of the threat—not just to private industry but also to the country’s heavily networked critical infrastructure—was spelled out last month in Director Robert S. Mueller’s testimony to a Senate homeland security panel: “Computer intrusions and network attacks are the greatest cyber threat to our national security.”
To that end, the FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers’ digital signatures from mountains of malicious code. Agents are cultivating cyber-oriented relationships with the technical leads at financial, business, transportation, and other critical infrastructures on their beats. 

Today, investigators in the field can send their findings to specialists in the FBI Cyber Division’s Cyber Watch command at Headquarters, who can look for patterns or similarities in cases. The 24/7 post also shares the information with partner intelligence and law enforcement agencies—like the Departments of Defense and Homeland Security and the National Security Agencyon the FBI-led National Cyber Investigative Joint Task Force.
A key aim of the Next Generation Cyber Initiative has been to expand our ability to quickly define “the attribution piece” of a cyber attack to help determine an appropriate response, said Richard McFeely, executive assistant director of the Bureau’s Criminal, Cyber, Response, and Services Branch. “The attribution piece is: who is conducting the attack or the exploitation and what is their motive,” McFeely explained. “In order to get to that, we’ve got to do all the necessary analysis to determine who is at the other end of the keyboard perpetrating these actions.”
The Cyber Division’s main focus now is on cyber intrusions, working closely with the Bureau’s Counterterrorism and Counterintelligence Divisions.  “We are obviously concerned with terrorists using the Internet to conduct these types of attacks,” McFeely said. “As the lead domestic intelligence agency within the United States, it’s our job to make sure that businesses’ and the nation’s secrets don’t fall into the hands of adversaries.”
In the Coreflood case in early 2011, hackers enlisted a botnet—a network of infected computers—to do their dirty work. McFeely urged everyone connected to the Internet to be vigilant against computer viruses and malicious code, lest they become victims or unwitting pawns in a hacker or web-savvy terrorist’s malevolent scheme.
“It’s important that everybody understands that if you have a computer that is outward-facing—that it’s connected to the web—that your computer is at some point going to be under attack,” he said. “You need to be aware of the threat and you need to take it seriously.” 


To Listen the Podcast of FBI's "“The intrusions are occurring 24/7, 365 days a year.” Click Here






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Department of Homeland Security (DHS) Said -Cyber Crime is As Threatening As al Qaeda

Posted by Avik Sarkar On 6/12/2012 02:30:00 am

Department of Homeland Security (DHS) Said -Cyber Crime is As Threatening As al Qaeda

The number of organized cyber crime has already kisses the sky. Keeping this scenario in mind Janet Napolitano, Secretary of Homeland Security, said that "the greatest threats in actual activity we've seen aimed at the West and the United States has been in the cyber-arena", in addition to "al Qaeda and al Qaeda-related groups" The comments highlight the increasing trend of political sparring and espionage proliferating on the Web. The Flame virus, believed to be driven by a western government, continues to grab headlines, while he also claimed that Google has introduced a tool to warn users of state-sponsored attacks on their accounts. Though gmail completely denied this blame while saying that Govt hired State-Sponsored attackers who ware accessing millions of Gmail accounts illegally
Napolitano also said the government is taking steps to be "proactive instead of reactive" in combating the new threats, adding that the worldwide cost of tackling cyber-crime - an estimated $388 billion (£250 billion) - is "already outstripping [the cost of tackling] traditional narcotics". 
A White House plan code-named Olympic Games was launched to infect Iran's nuclear program at the beginning of the Obama administration, though Washington denies the Flame virus, also targeting Iran, was part of the project, after it was found to have existed for a number of years.


-Source (IT Portal)
.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Department of Homeland Security & U.S. Navy Hires Company To Hack Into Video Game Consoles

Posted by Avik Sarkar On 4/07/2012 10:01:00 pm

Department of Homeland Security & U.S. Navy Hires Company To Hack Into Video Game Consoles 

The U.S. government has hired a California-based company to hack into video game consoles, such as Xbox 360 and PlayStation 3, to watch criminals, especially child predators, and learn how to collect evidence against them. The $177,000 contract with Obscure Technologies of San Rafael, Calif., is being executed by the U.S. Navy on behalf of the Department of Homeland Security because of the Navy’s expertise in the field, officials said. Under the contract, Obscure Technologies will purchase used gaming systems from abroad that are believed to hold “sensitive information from previous users” and try to hack into them. Obscure’s experts will then report back on how they gained access to the systems, provide instructions to obtain users’ chat room activity, and even report back on the data gleaned, according to the contract and tasking documents. Obscure will also purchase new systems and construct a device that can capture data and activity, the documents state.
Over the past few decades, video game systems have grown in sophistication and capabilities by leaps and bounds. Consoles like the Nintendo Wii, Sony PlayStation 3, and Microsoft Xbox can be found in many U.S. households and are popular among servicemembers, with Internet access and hard drives that rival personal computers.
With these advances, Garfinkel said, the systems have become a playground of illegal activity for criminals. In 2008, law enforcement agencies contacted the DHS’s Science and Technology Directorate and requested help in analyzing gaming systems seized during court-authorized searches, Garfinkel said. While some tools exist to extract data from gaming consoles, the consoles are hard to crack as they are designed with copyright protection systems, he said. Navy and DHS officials declined to comment on whether the gaming consoles of Americans will ever be hacked and monitored. They also declined to comment as to whether the system manufacturers had been approached about this research.


-Source (Stars & Stripes)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search