How Military Tactics Apply to Cybersecurity

eSecurity Planet

Former West Point professor Greg Conti explains how military doctrines apply to cyber security, and what lessons enterprises can learn from that

Apply Military Strategy to Cybersecurity at Black Hat Trainings Virginia

Dark Reading

This special October event in Alexandria, Virginia offers unique, practical courses in everything from data breach response to military strategy for cybersecurity

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

UK printing company Doxzoo exposed US and UK military docs

Security Affairs

UK printing company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military. Military documents belong to the US and UK military, experts noticed that the incident also impacted Doxzoo customers from India, Nigeria and Sri Lanka.

How the US Military Can Better Keep Hackers

Schneier on Security

Interesting commentary : The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues.

Russian military plans to replace Windows with Astra Linux

Security Affairs

The Russian military is in the process of replacing the Windows system with the Linux distribution Astra Linux. If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter” Thank you.

Program Looks to Tap Military Vets for Cyber-Jobs

Threatpost

Government Cisco cybersecurity workforce cybervets usa job training Maryland military veterans netapp public private partnership shortage skills gap transitionThe training and job-matching effort is a public-private partnership to address a growing workforce gap.

DoD: Cerner EHR will meet military cybersecurity standards

Information Management Resources

Careful steps to protect data are an example of how the DoD and VA are cooperating and engaging in joint decision-making. Cyber security EHR implementations Patient data Interoperability hdm morning rounds lead

NSA Launches New Cybersecurity Directorate

Security Affairs

NSA is redefining its cybersecurity mission and with the Cybersecurity Directorate it will enhance its partnerships with unclassified collaboration and information sharing. The directorate will have NSA turn its efforts towards securing military and defense industry security.

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the "hostile or warlike action in time of peace or war" exemption. cybersecurity hacking insurance malware ransomware russia war

These Are the Countries With the Best and Worst Cybersecurity

Security Affairs

Cybersecurity is a growing concern among governments, businesses and individuals around the world. A recent study from technology research company Comparitech looked at cybersecurity around the world and scored 60 countries on their cybersecurity practices.

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Adam Levin

Ballistic Missile Defense System (BMDS) falls short of critical cybersecurity standards, according to an audit issued by the Department of Defense Inspector General. The post Faulty DoD Cybersecurity Leaves U.S. Data Security Government Cybersecurity featured DoD pentagonThe U.S.

Poland to establish Cyberspace Defence Force by 2024

Security Affairs

Poland announced it will launch a cyberspace defense force by 2024 composed of around 2,000 soldiers with a deep knowledge in cybersecurity.

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel.

Japanese government’s cybersecurity strategy chief has never used a computer

Security Affairs

The Japanese government’s cybersecurity strategy chief Yoshitaka Sakurada is in the middle of a heated debate due to his admission about his cyber capability. Yoshitaka Sakurada admitting he has never used a computer in his professional life, despite the Japanese Government, assigned to the politician the responsibility for cybersecurity of the 2020 Tokyo Olympics. Security Affairs – Japanese cybersecurity strategy chief, politics).

MY TAKE: Here’s how diversity can strengthen cybersecurity — at many levels

The Last Watchdog

Of the many cybersecurity executives I’ve interviewed, Keenan Skelly’s career path may be the most distinctive. military carry out training exercises for real life cyber warfare. That led to a transition into what it is today: a leading supplier of immersive “gamification” training modules designed to keep cyber protection teams in government, military, and corporate entities on their toes. But that’s a ways off, especially in cybersecurity. “I

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. My reporting trip included meetings with Michigan-based cybersecurity vendors pursuing leading-edge innovations, as well as a tour of a number of thriving public-private cybersecurity incubator and training programs. What’s noteworthy, from my perspective, is that Snyder had the foresight to make cybersecurity readiness a key component of his reinvent Michigan strategy, from day one.

NEW TECH: Circadence deploys ‘gamification’ training to shrink cybersecurity skills gap

The Last Watchdog

It’s clear that closing the cybersecurity skills gap has to happen in order to make our internet-centric world as private and secure as it ought to be. Related: The need for diversity in cybersecurity personnel One of the top innovators in the training space is Circadence ®. The way people are trained in cybersecurity right now is the opposite of gamification.

GAO: Pentagon's Cyber Hygiene Programs Come Up Short

Data Breach Today

Defense Department needs to improve its cybersecurity training programs for civilian and military employees to reduce the risks that common security incidents pose, a new audit from the Government Accountability Office finds

Pentagon Data Breach Exposed 30,000 Travel Records

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed an estimated 30,000 civilian and military personnel records.

Examining the US Cyber Budget

Schneier on Security

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. cyberattack cybersecurity defense homelandsecurity nationalsecuritypolicy

Pentagon's cybersecurity found unable to stay ahead of attackers

Information Management Resources

Automation and artificial intelligence are beginning to 'make profound changes to the cyber domain,' a threat that the military hasn’t yet fully grasped how to counter. Data security Cyber security Cyber attacks

Master Next-Level Network Defense Techniques at Black Hat USA

Dark Reading

Brush up on new DDOS defense tricks, 5G network vulnerabilities, and applications of military strategy to cybersecurity

Will Apple Serve Our Veterans, Or Expose Them to Fraud?

Adam Levin

The Wall Street Journal (subscription required) reported a potential new partnership between Apple and the Department of Veterans Affairs that would give military veterans access to portable electronic health records. Data Security Government Technology featured military

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk. Adopting the NIST Cybersecurity Framework.

China Issues Draft Rule on Cybersecurity Review for Certain CII Operators

Hunton Privacy

On May 24, 2019, the Cyberspace Administration of China (the “CAC”), together with eleven other relevant government authorities, jointly released the draft Cybersecurity Review Measures for public comment. In general, the Cybersecurity Review Measures apply only to critical information infrastructure operators (“CII Operators”), provided that the laws and regulations do not provide otherwise. Cybersecurity Review Working Mechanism. Cybersecurity Review Process.

MY TAKE: Let’s not lose sight of why Iran is pushing back with military, cyber strikes

The Last Watchdog

It is not often that I hear details about the cyber ops capabilities of the USA or UK discussed at the cybersecurity conferences I attend. cybersecurity vendors CrowdStrike and FireEye point to Iran-backed hacking collectives targeting US government agencies, as well as finance and energy companies with spear-phishing emails.

The secret to reeling in cybersecurity talent at three big banks

Information Management Resources

million cybersecurity jobs will go unfilled by 2021. Banks are looking to military veterans, universities and even high schools to help fill the gap. One estimate says 3.5 Cyber security Bank technology Recruiting Wells Fargo USAA U.S.

MY TAKE: Former NSA director says cybersecurity solutions need to reflect societal values

The Last Watchdog

Yes, observes retired Admiral Michael Rogers , who served as a top White House cybersecurity advisor under both Presidents Obama and Trump. While more companies are making cybersecurity a high priority, the devil is in the details, and many are struggling.

Security Vulnerabilities in US Weapons Systems

Schneier on Security

From the summary: Automation and connectivity are fundamental enablers of DOD's modern military capabilities. Although GAO and others have warned of cyber risks for decades, until recently, DOD did not prioritize weapon systems cybersecurity.

SEC and FINRA Issue 2020 Examination Priorities (Including Cybersecurity) for Broker-Dealers and Investment Advisers

Data Matters

OCIE also will focus on recommendations and advice provided to retail investors, with a particular emphasis on seniors, retirees, teachers and military personnel, as well as products that the SEC considers higher risk (e.g., Cybersecurity. FINRA recognizes that there is no one-size-fits-all approach to cybersecurity but expects firms to implement controls appropriate to their business model and scale of operations. The U.S.

Citrix Hack Exposes Customer Data

Adam Levin

While unconfirmed the hackers are thought to have accessed between 6 and 10 terabytes of customer data including, according to cybersecurity firm Resecurity, “email correspondence, files in network shares, and other services used for project management and procurement.”.

MY TAKE: COVID-19 cements the leadership role CISOs must take to secure company networks

The Last Watchdog

cybersecurity policy needs to match societal values CISOs must preserve and protect their companies in a fast-changing business environment at a time when their organizations are under heavy bombardment. If you look at the military model, the military is constantly training.

The Myth of Consumer-Grade Security

Schneier on Security

In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. More consumer products became approved for military applications.

House Passes Two Cybersecurity Bills

Hunton Privacy

CISPA also includes a provision that limits the liability of private entities from sharing cyber threat information, but the adopted version does not include provisions regarding the protection of critical infrastructure systems, as was proposed by the Obama Administration and recommended by military and intelligence experts. Cybersecurity Information Security Online Privacy U.S. On April 26, 2012, the U.S.

British Army launches a new Cyber Regiment

Security Affairs

British Army has created a new regiment that will be tasked to operate its in-house security operations centre … cybersecurity is a pillar of UK defence strategy! SecurityAffairs – foreign hackers, cybersecurity).

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Krebs on Security

military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. Sources tell KrebsOnSecurity that Microsoft Corp.

Vladimir Putin ‘s computers still run Windows XP, Media reports

Security Affairs

In June, the Russian military announced it was in the process of replacing the Windows system with the Linux distribution Astra Linux .

California Amends Breach Notification Law

Hunton Privacy

State Law Biometric Data California Consumer Protection Cybersecurity Personal Information State Attorneys General

NATO will send a counter-hybrid team to Montenegro to face Russia’s threat

Security Affairs

The Chairman of the NATO Military Committee announced that the alliance has sent a counter-hybrid team to Montenegro to face Russian hybrid attacks. United States Army General Mark Milley, the highest military officer and military adviser to the President, Minister of Defence and U.S.

Washington State Comprehensive Privacy Bill Loses Steam, Data Breach Law Amendment Heads to Governor’s Desk

Data Matters

CCPA Cybersecurity Data Breaches Legislation U.S. As the legislative session drew to a close, what once seemed like an inevitability suddenly looked unlikely. The Washington Privacy Act, SB 5376/HB1854, failed to make its way through the legislative process. The Bill’s sponsor, Sen. Reuven Carlyle, called the game on April 17, tweeting that despite the “unprecedented 46-1 vote” in the Senate, “[u]nfortunately, House failed to pass privacy legislation this year. We’re committed to 2020.”