How Military Tactics Apply to Cybersecurity

eSecurity Planet

Former West Point professor Greg Conti explains how military doctrines apply to cyber security, and what lessons enterprises can learn from that

Apply Military Strategy to Cybersecurity at Black Hat Trainings Virginia

Dark Reading

This special October event in Alexandria, Virginia offers unique, practical courses in everything from data breach response to military strategy for cybersecurity


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

UK printing company Doxzoo exposed US and UK military docs

Security Affairs

UK printing company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military. Military documents belong to the US and UK military, experts noticed that the incident also impacted Doxzoo customers from India, Nigeria and Sri Lanka.

How the US Military Can Better Keep Hackers

Schneier on Security

Interesting commentary : The military is an impossible place for hackers thanks to antiquated career management, forced time away from technical positions, lack of mission, non-technical mid- and senior-level leadership, and staggering pay gaps, among other issues. The model the author uses is military doctors. cybersecurity hacking military

Program Looks to Tap Military Vets for Cyber-Jobs


Government Cisco cybersecurity workforce cybervets usa job training Maryland military veterans netapp public private partnership shortage skills gap transitionThe training and job-matching effort is a public-private partnership to address a growing workforce gap.

Russian military plans to replace Windows with Astra Linux

Security Affairs

The Russian military is in the process of replacing the Windows system with the Linux distribution Astra Linux. If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter” Thank you. The post Russian military plans to replace Windows with Astra Linux appeared first on Security Affairs.

EU leaders aim at boosting defense and security, including cybersecurity

Security Affairs

“In light of the growing number and complexity of cyber threats, we aim to strengthen European cyber resilience and responsiveness and to improve the cybersecurity crisis management framework.

DoD: Cerner EHR will meet military cybersecurity standards

Information Management Resources

Careful steps to protect data are an example of how the DoD and VA are cooperating and engaging in joint decision-making. Cyber security EHR implementations Patient data Interoperability hdm morning rounds lead

NSA Launches New Cybersecurity Directorate

Security Affairs

NSA is redefining its cybersecurity mission and with the Cybersecurity Directorate it will enhance its partnerships with unclassified collaboration and information sharing. Under the new Cybersecurity Directorate — a major organization that unifies NSA’s foreign intelligence and cyberdefense missions. The NSA announced the new Cybersecurity Directorate — which will help defend domestic organizations from foreign cyberattacks. ” The State of Cybersecurity.

The NSA on the Risks of Exposing Location Data

Schneier on Security

cybersecurity geolocation military nsa riskassessment risks smartphones trackingThe NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices.

Risk 96

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the "hostile or warlike action in time of peace or war" exemption. cybersecurity hacking insurance malware ransomware russia warThis will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S.

Faulty DoD Cybersecurity Leaves U.S. At Risk of Missile Attacks

Adam Levin

Ballistic Missile Defense System (BMDS) falls short of critical cybersecurity standards, according to an audit issued by the Department of Defense Inspector General. The report makes several recommendations to mitigate the systemic vulnerabilities, most of them widely recognized best cybersecurity practices including multi-factor authentication, increased video surveillance at facilities, securing server racks and placing tighter controls on removable media such as USB keys.

These Are the Countries With the Best and Worst Cybersecurity

Security Affairs

Cybersecurity is a growing concern among governments, businesses and individuals around the world. A recent study from technology research company Comparitech looked at cybersecurity around the world and scored 60 countries on their cybersecurity practices. To determine the best-prepared countries, researchers used the Global Cybersecurity Index (GCI) scores. Kayla Matthews is a technology and cybersecurity writer, and the owner of

Japanese government’s cybersecurity strategy chief has never used a computer

Security Affairs

The Japanese government’s cybersecurity strategy chief Yoshitaka Sakurada is in the middle of a heated debate due to his admission about his cyber capability. Yoshitaka Sakurada admitting he has never used a computer in his professional life, despite the Japanese Government, assigned to the politician the responsibility for cybersecurity of the 2020 Tokyo Olympics. Security Affairs – Japanese cybersecurity strategy chief, politics).

MY TAKE: Here’s how diversity can strengthen cybersecurity — at many levels

The Last Watchdog

Of the many cybersecurity executives I’ve interviewed, Keenan Skelly’s career path may be the most distinctive. military carry out training exercises for real life cyber warfare. That led to a transition into what it is today: a leading supplier of immersive “gamification” training modules designed to keep cyber protection teams in government, military, and corporate entities on their toes. But that’s a ways off, especially in cybersecurity. “I

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. My reporting trip included meetings with Michigan-based cybersecurity vendors pursuing leading-edge innovations, as well as a tour of a number of thriving public-private cybersecurity incubator and training programs. What’s noteworthy, from my perspective, is that Snyder had the foresight to make cybersecurity readiness a key component of his reinvent Michigan strategy, from day one.

NEW TECH: Circadence deploys ‘gamification’ training to shrink cybersecurity skills gap

The Last Watchdog

It’s clear that closing the cybersecurity skills gap has to happen in order to make our internet-centric world as private and secure as it ought to be. Related: The need for diversity in cybersecurity personnel One of the top innovators in the training space is Circadence ®. The way people are trained in cybersecurity right now is the opposite of gamification.

DNI’s Annual Threat Assessment

Schneier on Security

Cybersecurity is covered on pages 20-21. States’ increasing use of cyber operations as a tool of national power, including increasing use by militaries around the world, raises the prospect of more destructive and disruptive cyber activity.

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Krebs on Security

military. ” Data Breaches The Coming Storm APT29 Cybersecurity and Infrastructure Security Agency Department of Commerce FireEye hack microsoft Orion Reuters SolarWinds breach U.S. Communications at the U.S.

Poland to establish Cyberspace Defence Force by 2024

Security Affairs

Poland announced it will launch a cyberspace defense force by 2024 composed of around 2,000 soldiers with a deep knowledge in cybersecurity. The Polish Defence Ministry Mariusz Blaszczak has approved the creation of a cyberspace defence force by 2024, it will be composed of around 2,000 soldiers with deep expertise in cybersecurity.

SolarWinds Breach Response: 'Shields Up'

Data Breach Today

So when Gregory Touhill reacts to the coordinated supply chain attack on SolarWinds, he does so in military terms. His message to the global cybersecurity community: "Shields up Ex-Federal CISO Gregory Touhill on the Need for Improving Cyber Deterrence Strategy He was the first U.S.

Pentagon Travel Provider Data Breach Counts 30,000 Victims

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S.

GAO: Pentagon's Cyber Hygiene Programs Come Up Short

Data Breach Today

Defense Department needs to improve its cybersecurity training programs for civilian and military employees to reduce the risks that common security incidents pose, a new audit from the Government Accountability Office finds

Pentagon's cybersecurity found unable to stay ahead of attackers

Information Management Resources

Automation and artificial intelligence are beginning to 'make profound changes to the cyber domain,' a threat that the military hasn’t yet fully grasped how to counter. Data security Cyber security Cyber attacks

Master Next-Level Network Defense Techniques at Black Hat USA

Dark Reading

Brush up on new DDOS defense tricks, 5G network vulnerabilities, and applications of military strategy to cybersecurity

Pentagon Data Breach Exposed 30,000 Travel Records

Data Breach Today

Department of Defense Has Begun Notifying Military and Civilian Breach Victims The Pentagon is warning that a data breach at a third-party travel management service provider exposed an estimated 30,000 civilian and military personnel records. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S.

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk. Adopting the NIST Cybersecurity Framework.

Examining the US Cyber Budget

Schneier on Security

Jason Healey takes a detailed look at the US federal cybersecurity budget and reaches an important conclusion: the US keeps saying that we need to prioritize defense, but in fact we prioritize attack. cyberattack cybersecurity defense homelandsecurity nationalsecuritypolicy

Another Massive Russian Hack of US Government Networks

Schneier on Security

SolarWinds’ comprehensive products and services are used by more than 300,000 customers worldwide, including military, Fortune 500 companies, government agencies, and education institutions. Uncategorized cyberespionage cybersecurity hacking Russia

Fake Stories in Real News Sites

Schneier on Security

That hacking campaign, targeting media sites from Poland to Lithuania, has spread false stories about US military aggression, NATO soldiers spreading coronavirus, NATO planning a full-on invasion of Belarus, and more. cybersecurity disinformation fakenews hacking propaganda russia

MY TAKE: Let’s not lose sight of why Iran is pushing back with military, cyber strikes

The Last Watchdog

It is not often that I hear details about the cyber ops capabilities of the USA or UK discussed at the cybersecurity conferences I attend. cybersecurity vendors CrowdStrike and FireEye point to Iran-backed hacking collectives targeting US government agencies, as well as finance and energy companies with spear-phishing emails.

Will Apple Serve Our Veterans, Or Expose Them to Fraud?

Adam Levin

The Wall Street Journal (subscription required) reported a potential new partnership between Apple and the Department of Veterans Affairs that would give military veterans access to portable electronic health records. Maybe it’s because I write about cybersecurity, but the first thought that comes to mind for me is a question: What if something goes wrong? As the military considers the next steps, the marching orders here should be, “baby steps.”.

China Issues Draft Rule on Cybersecurity Review for Certain CII Operators

Hunton Privacy

On May 24, 2019, the Cyberspace Administration of China (the “CAC”), together with eleven other relevant government authorities, jointly released the draft Cybersecurity Review Measures for public comment. In general, the Cybersecurity Review Measures apply only to critical information infrastructure operators (“CII Operators”), provided that the laws and regulations do not provide otherwise. Cybersecurity Review Working Mechanism. Cybersecurity Review Process.

The secret to reeling in cybersecurity talent at three big banks

Information Management Resources

million cybersecurity jobs will go unfilled by 2021. Banks are looking to military veterans, universities and even high schools to help fill the gap. One estimate says 3.5 Cyber security Bank technology Recruiting Wells Fargo USAA U.S.

The Importance of a Proactive Cyber Defense Solution To Protect Your Critical Data

Security Affairs

The Military Chinese General and Philosopher Sun Tzu (544 BC – 496 BC) wrote these tactics over two thousand years ago, and it is as applicable today as it ever was. Author of numerous articles in the cybersecurity field as well as authored the book Penetration Testing with Backbox.

MY TAKE: Former NSA director says cybersecurity solutions need to reflect societal values

The Last Watchdog

Yes, observes retired Admiral Michael Rogers , who served as a top White House cybersecurity advisor under both Presidents Obama and Trump. While more companies are making cybersecurity a high priority, the devil is in the details, and many are struggling.

SEC and FINRA Issue 2020 Examination Priorities (Including Cybersecurity) for Broker-Dealers and Investment Advisers

Data Matters

OCIE also will focus on recommendations and advice provided to retail investors, with a particular emphasis on seniors, retirees, teachers and military personnel, as well as products that the SEC considers higher risk (e.g., Cybersecurity. FINRA recognizes that there is no one-size-fits-all approach to cybersecurity but expects firms to implement controls appropriate to their business model and scale of operations. The U.S.

Security Vulnerabilities in US Weapons Systems

Schneier on Security

From the summary: Automation and connectivity are fundamental enablers of DOD's modern military capabilities. Although GAO and others have warned of cyber risks for decades, until recently, DOD did not prioritize weapon systems cybersecurity. Finally, DOD is still determining how best to address weapon systems cybersecurity. control cybersecurity departmentofdefense encryption nationalsecuritypolicy operationalsecurity passwords reports vulnerabilities weapons

Citrix Hack Exposes Customer Data

Adam Levin

While unconfirmed the hackers are thought to have accessed between 6 and 10 terabytes of customer data including, according to cybersecurity firm Resecurity, “email correspondence, files in network shares, and other services used for project management and procurement.”. Data Security Cybersecurity featured citrix iridiumCitrix, a major network software company, had its internal network compromised by what appears to be an international hacking campaign.

House Passes Two Cybersecurity Bills

Hunton Privacy

CISPA also includes a provision that limits the liability of private entities from sharing cyber threat information, but the adopted version does not include provisions regarding the protection of critical infrastructure systems, as was proposed by the Obama Administration and recommended by military and intelligence experts. Cybersecurity Information Security Online Privacy U.S. On April 26, 2012, the U.S.