How Military Tactics Apply to Cybersecurity

eSecurity Planet

Former West Point professor Greg Conti explains how military doctrines apply to cyber security, and what lessons enterprises can learn from that

Apply Military Strategy to Cybersecurity at Black Hat Trainings Virginia

Dark Reading

This special October event in Alexandria, Virginia offers unique, practical courses in everything from data breach response to military strategy for cybersecurity

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

UK printing company Doxzoo exposed US and UK military docs

Security Affairs

UK printing company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military. Military documents belong to the US and UK military, experts noticed that the incident also impacted Doxzoo customers from India, Nigeria and Sri Lanka.

Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs

Security Affairs

China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. The Naikon APT group mainly focuses on high-profile orgs, including government entities and military orgs.

How the US Military Can Better Keep Hackers

Schneier on Security

Interesting commentary : The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues. The model the author uses is military doctors. cybersecurity hacking military

Program Looks to Tap Military Vets for Cyber-Jobs

Threatpost

Government Cisco cybersecurity workforce cybervets usa job training Maryland military veterans netapp public private partnership shortage skills gap transitionThe training and job-matching effort is a public-private partnership to address a growing workforce gap.

Chinese Military personnel charged with hacking into credit reporting agency Equifax

Security Affairs

The United States Department of Justice charged 4 Chinese military hackers with hacking into credit reporting agency Equifax. The four members of the Chinese military unit are Wu Zhiyong (???), were members of the PLA’s 54 th Research Institute, a component of the Chinese military.

DoD: Cerner EHR will meet military cybersecurity standards

Information Management Resources

Careful steps to protect data are an example of how the DoD and VA are cooperating and engaging in joint decision-making. Cyber security EHR implementations Patient data Interoperability hdm morning rounds lead

EU leaders aim at boosting defense and security, including cybersecurity

Security Affairs

“In light of the growing number and complexity of cyber threats, we aim to strengthen European cyber resilience and responsiveness and to improve the cybersecurity crisis management framework.

NSA Launches New Cybersecurity Directorate

Security Affairs

NSA is redefining its cybersecurity mission and with the Cybersecurity Directorate it will enhance its partnerships with unclassified collaboration and information sharing. Under the new Cybersecurity Directorate — a major organization that unifies NSA’s foreign intelligence and cyberdefense missions. The NSA announced the new Cybersecurity Directorate — which will help defend domestic organizations from foreign cyberattacks. ” The State of Cybersecurity.

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the "hostile or warlike action in time of peace or war" exemption. cybersecurity hacking insurance malware ransomware russia warThis will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S.

The NSA on the Risks of Exposing Location Data

Schneier on Security

cybersecurity geolocation military nsa riskassessment risks smartphones trackingThe NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices.

Risk 89

New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021

Hunton Privacy

Connecticut recently passed two cybersecurity laws that will become effective on October 1, 2021. The newly passed laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program that complies with applicable state or federal law or industry-recognized security frameworks. Cybersecurity Safe Harbor (HB 6607). Cybersecurity Information Security Security Breach U.S.

These Are the Countries With the Best and Worst Cybersecurity

Security Affairs

Cybersecurity is a growing concern among governments, businesses and individuals around the world. A recent study from technology research company Comparitech looked at cybersecurity around the world and scored 60 countries on their cybersecurity practices. To determine the best-prepared countries, researchers used the Global Cybersecurity Index (GCI) scores. Kayla Matthews is a technology and cybersecurity writer, and the owner of ProductivityBytes.com.

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Adam Levin

Ballistic Missile Defense System (BMDS) falls short of critical cybersecurity standards, according to an audit issued by the Department of Defense Inspector General. The report makes several recommendations to mitigate the systemic vulnerabilities, most of them widely recognized best cybersecurity practices including multi-factor authentication, increased video surveillance at facilities, securing server racks and placing tighter controls on removable media such as USB keys.

Japanese government’s cybersecurity strategy chief has never used a computer

Security Affairs

The Japanese government’s cybersecurity strategy chief Yoshitaka Sakurada is in the middle of a heated debate due to his admission about his cyber capability. Yoshitaka Sakurada admitting he has never used a computer in his professional life, despite the Japanese Government, assigned to the politician the responsibility for cybersecurity of the 2020 Tokyo Olympics. Security Affairs – Japanese cybersecurity strategy chief, politics).

SolarWinds Breach Response: 'Shields Up'

Data Breach Today

So when Gregory Touhill reacts to the coordinated supply chain attack on SolarWinds, he does so in military terms. His message to the global cybersecurity community: "Shields up Ex-Federal CISO Gregory Touhill on the Need for Improving Cyber Deterrence Strategy He was the first U.S.

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. My reporting trip included meetings with Michigan-based cybersecurity vendors pursuing leading-edge innovations, as well as a tour of a number of thriving public-private cybersecurity incubator and training programs. What’s noteworthy, from my perspective, is that Snyder had the foresight to make cybersecurity readiness a key component of his reinvent Michigan strategy, from day one.

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Security Affairs

Experts attribute a series of cyber-espionage campaigns dating back to 2014, and focused on gathering military intelligence, to China-linked Unit 69010.

MY TAKE: Here’s how diversity can strengthen cybersecurity — at many levels

The Last Watchdog

Of the many cybersecurity executives I’ve interviewed, Keenan Skelly’s career path may be the most distinctive. military carry out training exercises for real life cyber warfare. That led to a transition into what it is today: a leading supplier of immersive “gamification” training modules designed to keep cyber protection teams in government, military, and corporate entities on their toes. But that’s a ways off, especially in cybersecurity. “I

Poland to establish Cyberspace Defence Force by 2024

Security Affairs

Poland announced it will launch a cyberspace defense force by 2024 composed of around 2,000 soldiers with a deep knowledge in cybersecurity. The Polish Defence Ministry Mariusz Blaszczak has approved the creation of a cyberspace defence force by 2024, it will be composed of around 2,000 soldiers with deep expertise in cybersecurity.

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S.

NEW TECH: Circadence deploys ‘gamification’ training to shrink cybersecurity skills gap

The Last Watchdog

It’s clear that closing the cybersecurity skills gap has to happen in order to make our internet-centric world as private and secure as it ought to be. Related: The need for diversity in cybersecurity personnel One of the top innovators in the training space is Circadence ®. The way people are trained in cybersecurity right now is the opposite of gamification.

Germany protests to Russia over attacks ahead of the upcoming election

Security Affairs

The German government has reliable information on the basis of which Ghostwriter activities can be attributed to cyber-actors of the Russian state and, specifically, Russia’s GRU military intelligence service,” she added.

European Council extends sanctions against foreign threat actors

Security Affairs

The EU Council announced sanctions imposed on a Russia-linked military espionage unit, as well as companies operating for Chinese and North Korean threat actors that launched cyber-attacks against the EU and its member states.

Pakistan-linked Transparent Tribe APT expands its arsenal

Security Affairs

The Operation Transparent Tribe (Operation C-Major, APT36, and Mythic Leopard) was first spotted by Proofpoint Researchers in Feb 2016, in a series of cyber espionage operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan.

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Krebs on Security

military. ” Data Breaches The Coming Storm APT29 Cybersecurity and Infrastructure Security Agency Department of Commerce FireEye hack microsoft Orion Reuters SolarWinds breach U.S. Communications at the U.S.

REvil ransomware gang hit US nuclear weapons contractor Sol Oriens

Security Affairs

Sol Oriens statement to us now: “In May 2021, Sol Oriens became aware of a cybersecurity incident that impacted our network environment.” The ransomware gang threatened to leak relevant documentation and data belonging to military agencies.

NK-linked InkySquid APT leverages IE exploits in recent attacks

Security Affairs

Experts from cybersecurity firm Volexity reported that North Korea-linked InkySquid group (aka ScarCruft , APT37 , Group123 , and Reaper ) leverages two Internet Explorer exploits to deliver a custom backdoor in watering hole attacks aimed at the Daily NK South Korean online newspaper (www.dailynk[.]com).

DNI’s Annual Threat Assessment

Schneier on Security

Cybersecurity is covered on pages 20-21. States’ increasing use of cyber operations as a tool of national power, including increasing use by militaries around the world, raises the prospect of more destructive and disruptive cyber activity.

GAO: Pentagon's Cyber Hygiene Programs Come Up Short

Data Breach Today

Defense Department needs to improve its cybersecurity training programs for civilian and military employees to reduce the risks that common security incidents pose, a new audit from the Government Accountability Office finds

Pentagon's cybersecurity found unable to stay ahead of attackers

Information Management Resources

Automation and artificial intelligence are beginning to 'make profound changes to the cyber domain,' a threat that the military hasn’t yet fully grasped how to counter. Data security Cyber security Cyber attacks

Russia-linked APT breached the network of Dutch police in 2017

Security Affairs

The group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. APT28 was also involved in the string of attacks that targeted 2016 Presidential election , experts link the APT to the Russian military intelligence service (GRU).

Pentagon Data Breach Exposed 30,000 Travel Records

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed an estimated 30,000 civilian and military personnel records. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S.

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk. Adopting the NIST Cybersecurity Framework.

Vulnerabilities in Weapons Systems

Schneier on Security

Our military systems are vulnerable. We need to face that reality by halting the purchase of insecure weapons and support systems and by incorporating the realities of offensive cyberattacks into our military planning.

The secret to reeling in cybersecurity talent at three big banks

Information Management Resources

million cybersecurity jobs will go unfilled by 2021. Banks are looking to military veterans, universities and even high schools to help fill the gap. One estimate says 3.5 Cyber security Bank technology Recruiting Wells Fargo USAA U.S.

Master Next-Level Network Defense Techniques at Black Hat USA

Dark Reading

Brush up on new DDOS defense tricks, 5G network vulnerabilities, and applications of military strategy to cybersecurity

Will Apple Serve Our Veterans, Or Expose Them to Fraud?

Adam Levin

The Wall Street Journal (subscription required) reported a potential new partnership between Apple and the Department of Veterans Affairs that would give military veterans access to portable electronic health records. Maybe it’s because I write about cybersecurity, but the first thought that comes to mind for me is a question: What if something goes wrong? As the military considers the next steps, the marching orders here should be, “baby steps.”.

Another Massive Russian Hack of US Government Networks

Schneier on Security

SolarWinds’ comprehensive products and services are used by more than 300,000 customers worldwide, including military, Fortune 500 companies, government agencies, and education institutions. Uncategorized cyberespionage cybersecurity hacking Russia