How Military Tactics Apply to Cybersecurity

eSecurity Planet

Former West Point professor Greg Conti explains how military doctrines apply to cyber security, and what lessons enterprises can learn from that

How the US Military Can Better Keep Hackers

Schneier on Security

Interesting commentary : The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Apply Military Strategy to Cybersecurity at Black Hat Trainings Virginia

Dark Reading

This special October event in Alexandria, Virginia offers unique, practical courses in everything from data breach response to military strategy for cybersecurity

UK printing company Doxzoo exposed US and UK military docs

Security Affairs

UK printing company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military. “The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered a leaking S3 Bucket with over 270k records and greater than 343GB in size on an Amazon server, belonging to Doxzoo.” The post UK printing company Doxzoo exposed US and UK military docs appeared first on Security Affairs.

Program Looks to Tap Military Vets for Cyber-Jobs

Threatpost

Government Cisco cybersecurity workforce cybervets usa job training Maryland military veterans netapp public private partnership shortage skills gap transitionThe training and job-matching effort is a public-private partnership to address a growing workforce gap.

Russian military plans to replace Windows with Astra Linux

Security Affairs

The Russian military is in the process of replacing the Windows system with the Linux distribution Astra Linux. If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter” Thank you. The post Russian military plans to replace Windows with Astra Linux appeared first on Security Affairs.

DoD: Cerner EHR will meet military cybersecurity standards

Information Management Resources

Careful steps to protect data are an example of how the DoD and VA are cooperating and engaging in joint decision-making. Cyber security EHR implementations Patient data Interoperability hdm morning rounds lead

NSA Launches New Cybersecurity Directorate

Security Affairs

NSA is redefining its cybersecurity mission and with the Cybersecurity Directorate it will enhance its partnerships with unclassified collaboration and information sharing. Under the new Cybersecurity Directorate — a major organization that unifies NSA’s foreign intelligence and cyberdefense missions. The NSA announced the new Cybersecurity Directorate — which will help defend domestic organizations from foreign cyberattacks. ” The State of Cybersecurity.

The NSA on the Risks of Exposing Location Data

Schneier on Security

cybersecurity geolocation military nsa riskassessment risks smartphones trackingThe NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action based on their specific situation and risk tolerance.

Risk 75

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the "hostile or warlike action in time of peace or war" exemption. cybersecurity hacking insurance malware ransomware russia warThis will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S.

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Adam Levin

Ballistic Missile Defense System (BMDS) falls short of critical cybersecurity standards, according to an audit issued by the Department of Defense Inspector General. The report makes several recommendations to mitigate the systemic vulnerabilities, most of them widely recognized best cybersecurity practices including multi-factor authentication, increased video surveillance at facilities, securing server racks and placing tighter controls on removable media such as USB keys.

These Are the Countries With the Best and Worst Cybersecurity

Security Affairs

Cybersecurity is a growing concern among governments, businesses and individuals around the world. A recent study from technology research company Comparitech looked at cybersecurity around the world and scored 60 countries on their cybersecurity practices. To determine the best-prepared countries, researchers used the Global Cybersecurity Index (GCI) scores. Kayla Matthews is a technology and cybersecurity writer, and the owner of ProductivityBytes.com.

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel.

Japanese government’s cybersecurity strategy chief has never used a computer

Security Affairs

The Japanese government’s cybersecurity strategy chief Yoshitaka Sakurada is in the middle of a heated debate due to his admission about his cyber capability. Yoshitaka Sakurada admitting he has never used a computer in his professional life, despite the Japanese Government, assigned to the politician the responsibility for cybersecurity of the 2020 Tokyo Olympics. Security Affairs – Japanese cybersecurity strategy chief, politics).

MY TAKE: Here’s how diversity can strengthen cybersecurity — at many levels

The Last Watchdog

Of the many cybersecurity executives I’ve interviewed, Keenan Skelly’s career path may be the most distinctive. military carry out training exercises for real life cyber warfare. That led to a transition into what it is today: a leading supplier of immersive “gamification” training modules designed to keep cyber protection teams in government, military, and corporate entities on their toes. But that’s a ways off, especially in cybersecurity. “I

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. My reporting trip included meetings with Michigan-based cybersecurity vendors pursuing leading-edge innovations, as well as a tour of a number of thriving public-private cybersecurity incubator and training programs. What’s noteworthy, from my perspective, is that Snyder had the foresight to make cybersecurity readiness a key component of his reinvent Michigan strategy, from day one.

NEW TECH: Circadence deploys ‘gamification’ training to shrink cybersecurity skills gap

The Last Watchdog

It’s clear that closing the cybersecurity skills gap has to happen in order to make our internet-centric world as private and secure as it ought to be. Related: The need for diversity in cybersecurity personnel One of the top innovators in the training space is Circadence ®. The way people are trained in cybersecurity right now is the opposite of gamification.

Poland to establish Cyberspace Defence Force by 2024

Security Affairs

Poland announced it will launch a cyberspace defense force by 2024 composed of around 2,000 soldiers with a deep knowledge in cybersecurity. The Polish Defence Ministry Mariusz Blaszczak has approved the creation of a cyberspace defence force by 2024, it will be composed of around 2,000 soldiers with deep expertise in cybersecurity.

GAO: Pentagon's Cyber Hygiene Programs Come Up Short

Data Breach Today

Defense Department needs to improve its cybersecurity training programs for civilian and military employees to reduce the risks that common security incidents pose, a new audit from the Government Accountability Office finds

Pentagon Data Breach Exposed 30,000 Travel Records

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed an estimated 30,000 civilian and military personnel records.

Pentagon's cybersecurity found unable to stay ahead of attackers

Information Management Resources

Automation and artificial intelligence are beginning to 'make profound changes to the cyber domain,' a threat that the military hasn’t yet fully grasped how to counter. Data security Cyber security Cyber attacks

Master Next-Level Network Defense Techniques at Black Hat USA

Dark Reading

Brush up on new DDOS defense tricks, 5G network vulnerabilities, and applications of military strategy to cybersecurity

Will Apple Serve Our Veterans, Or Expose Them to Fraud?

Adam Levin

The Wall Street Journal (subscription required) reported a potential new partnership between Apple and the Department of Veterans Affairs that would give military veterans access to portable electronic health records. Data Security Government Technology featured military

Fake Stories in Real News Sites

Schneier on Security

That hacking campaign, targeting media sites from Poland to Lithuania, has spread false stories about US military aggression, NATO soldiers spreading coronavirus, NATO planning a full-on invasion of Belarus, and more. cybersecurity disinformation fakenews hacking propaganda russiaFireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories.

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk. Adopting the NIST Cybersecurity Framework.

Examining the US Cyber Budget

Schneier on Security

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. To its credit, this budget does reveal an overall growth in cybersecurity funding of about 5 percent above the fiscal 2019 estimate. government budgeted as much on military construction for cyber units as it did for the entirety of Homeland Security ($1.9

China Issues Draft Rule on Cybersecurity Review for Certain CII Operators

Hunton Privacy

On May 24, 2019, the Cyberspace Administration of China (the “CAC”), together with eleven other relevant government authorities, jointly released the draft Cybersecurity Review Measures for public comment. In general, the Cybersecurity Review Measures apply only to critical information infrastructure operators (“CII Operators”), provided that the laws and regulations do not provide otherwise. Cybersecurity Review Working Mechanism. Cybersecurity Review Process.

MY TAKE: Let’s not lose sight of why Iran is pushing back with military, cyber strikes

The Last Watchdog

It is not often that I hear details about the cyber ops capabilities of the USA or UK discussed at the cybersecurity conferences I attend. cybersecurity vendors CrowdStrike and FireEye point to Iran-backed hacking collectives targeting US government agencies, as well as finance and energy companies with spear-phishing emails.

The secret to reeling in cybersecurity talent at three big banks

Information Management Resources

million cybersecurity jobs will go unfilled by 2021. Banks are looking to military veterans, universities and even high schools to help fill the gap. One estimate says 3.5 Cyber security Bank technology Recruiting Wells Fargo USAA U.S.

Security Vulnerabilities in US Weapons Systems

Schneier on Security

From the summary: Automation and connectivity are fundamental enablers of DOD's modern military capabilities. Although GAO and others have warned of cyber risks for decades, until recently, DOD did not prioritize weapon systems cybersecurity.

SEC and FINRA Issue 2020 Examination Priorities (Including Cybersecurity) for Broker-Dealers and Investment Advisers

Data Matters

OCIE also will focus on recommendations and advice provided to retail investors, with a particular emphasis on seniors, retirees, teachers and military personnel, as well as products that the SEC considers higher risk (e.g., Cybersecurity. FINRA recognizes that there is no one-size-fits-all approach to cybersecurity but expects firms to implement controls appropriate to their business model and scale of operations. The U.S.

MY TAKE: Former NSA director says cybersecurity solutions need to reflect societal values

The Last Watchdog

Yes, observes retired Admiral Michael Rogers , who served as a top White House cybersecurity advisor under both Presidents Obama and Trump. Cyber Command, as well as director, National Security Agency, and chief, Central Security Service, from March 2014 until he retired from military service in May 2018. While more companies are making cybersecurity a high priority, the devil is in the details, and many are struggling.

Citrix Hack Exposes Customer Data

Adam Levin

While unconfirmed the hackers are thought to have accessed between 6 and 10 terabytes of customer data including, according to cybersecurity firm Resecurity, “email correspondence, files in network shares, and other services used for project management and procurement.”. Data Security Cybersecurity featured citrix iridiumCitrix, a major network software company, had its internal network compromised by what appears to be an international hacking campaign.

House Passes Two Cybersecurity Bills

Hunton Privacy

CISPA also includes a provision that limits the liability of private entities from sharing cyber threat information, but the adopted version does not include provisions regarding the protection of critical infrastructure systems, as was proposed by the Obama Administration and recommended by military and intelligence experts. Cybersecurity Information Security Online Privacy U.S. On April 26, 2012, the U.S.

The Myth of Consumer-Grade Security

Schneier on Security

In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: "After all, we are not talking about protecting the nation's nuclear launch codes. More consumer products became approved for military applications.

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Krebs on Security

military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. Sources tell KrebsOnSecurity that Microsoft Corp.

Vladimir Putin ‘s computers still run Windows XP, Media reports

Security Affairs

In June, the Russian military announced it was in the process of replacing the Windows system with the Linux distribution Astra Linux .

MY TAKE: COVID-19 cements the leadership role CISOs must take to secure company networks

The Last Watchdog

cybersecurity policy needs to match societal values CISOs must preserve and protect their companies in a fast-changing business environment at a time when their organizations are under heavy bombardment. Beyond just understanding the technical aspect of cybersecurity, CISOs also need leadership qualities and influencing skills; they need to be able to articulate a vision, a mission, a strategy. If you look at the military model, the military is constantly training.

California Amends Breach Notification Law

Hunton Privacy

State Law Biometric Data California Consumer Protection Cybersecurity Personal Information State Attorneys General

British Army launches a new Cyber Regiment

Security Affairs

British Army has created a new regiment that will be tasked to operate its in-house security operations centre … cybersecurity is a pillar of UK defence strategy! The British Ministry of Defence continues to invest in cybersecurity as part of its strategy, it has launched a new regiment that will take charge of its in-house security operations centre. SecurityAffairs – foreign hackers, cybersecurity).