In addition to the standard two forms of identification, offer letter and contact information, new hires at the U.S. Department of Education are required to bring along a certificate of completion for cybersecurity training course. A recent internal investigation shows why that training is probably a pretty good idea. In a previously undisclosed probe into a 2011 “spear phishing” campaign, hackers targeted senior staff and managed to break through the department’s security protections to steal data from the department. Much about the incident, which was described in documents released through a Freedom of Information Act request by Federal Times, remains…
Browsing: cybersecurity
Hackers operating under the name Anonymous said Monday that they infiltrated a server on Booz Allen Hamilton’s network, swiping some 90,000 military email addresses. “We infiltrated a server on their network that basically had no security measures in place,” the group posted on the website PirateBay. “We were able to run our own application, which turned out to be a shell.” Titled “Military Meltdown Monday,” the post said the group gained access to about 90,000 military emails and password hashes and alluded to having other sensitive information. On its Twitter account, Booz Allen Hamilton said as part of the company’s security policy, “we generally do not comment on specific…
Providing limited liability protection to private companies could be a sticking point for lawmakers working to pass cybersecurity legislation. Rep. John Tierney, D-Mass., ranking member of the national security, homeland defense and foreign operations questioned whether companies that adhere to federal cybersecurity policies should not be held liable for the impact of a breach. Tierney also raised concerns that government agencies like the Department of Homeland Security are conducting risk assessments for companies that should be responsible for doing them. “I don’t know why we have to give you incentives,” said Tierney, in response to TechAmerica President Phil Bond’s remarks about providing…
A review of the FBI’s efforts to mitigate national security cyber incidents found that some field agents tasked with investigating these cases lack the technical skills and expertise to effectively do their jobs. The redacted version of the report, released Wednesday by the Justice Department’s Office of the Inspector General, examined the ability of the FBI-led National Cyber Investigative Joint Task Force to defend against attacks on U.S. computer networks and efforts by the FBI field offices to investigate these attacks. Of the 36 agents interviewed in 10 of the FBI’s field offices, 13 said they do not have the…
Sens. Susan Collins, R-Maine, Joe Lieberman, ID-Conn., and Tom Carper, D-Del, introduced a cybersecurity bill Thursday that would prevent the president or any federal employee from shutting down the Internet. The 2011 Cybersecurity and Internet Freedom Act would amend the 2002 Federal Information Security Act and set limits on what the government can do to protect information infrastructure. “Our bill contains additional protections to explicitly prevent the president from shutting down the Internet,” Collins said in a released statement. “While experts question whether anyone can technically ‘shut down’ the Internet in the United States, our bill has specific language making it crystal clear that…
If you plan on landing a cybersecurity job with the federal government, above all, you’d better be honest, a good learner and resilient. Oh yeah, make sure you can read and write. That’s according to most government cybersecurity workers and managers who participated in the Office of Personnel Management’s cybersecurity survey last fall. OPM reached out to 50,000 feds for their thoughts about the most critical tasks and competencies required to be an effective cyber worker. Their responses were used to create a so-called cybersecurity competency model for information technology management, electronics engineering, computer engineering and telecommunications job series. Participants ranked technical and general competencies in order of…
An extension of the federal research and development tax credits and passage of a comprehensive cybersecurity bill top the list of priorities that trade group TechAmerica is calling on Congress to take up during the lame-duck session. TechAmerica president Phil Bond said he is hopeful the tax credit will see some action given that the White House has been supportive of a strengthened and permanent measure. Bond said the credit “needs to go, and it needs to stand on its own.” “It’s overdue and, again, it’s jobs for today and competitive edge for tomorrow.” Officially known as the research and…
Good luck trying to decipher the Defense Department’s color-coded chart of policies it uses to “build, operate and secure” its networks. The two-foot-long IA policy chart outlines 193 documents (including directives, strategies, policies, memos, regulations, strategies, white papers and instructions) that many information assurance professionals “may not be aware of,” Noah Shachtman points out on his Danger Room blog. Designed by the Deputy Assistant Secretary of Defense for Cyber Identity & Information Assurance, the chart is supposed to help these workers familiarize themselves with the policies that govern how they do their job. I guess the legend may be a good place to start, but even…
The Washington Post is reporting that a flash drive containing malicious code was the source behind a major breach of U.S. military computers in 2008. The drive was “inserted into a U.S. military laptop on a post in the Middle East,” according to the article. Revelations of the breach’s root cause further underscore the challenges facing federal government to identify vulnerabilities and defend against cyberattacks. On November 3-5, experts from government, industry and academia are set to discuss these issues, and more, during the 2010 Cyber Security Readiness Summit. Attendees will learn best practices for: Cultivating a complete approach to…
The Office of Management and Budget has officially tabbed the Homeland Security Department to oversee cybersecurity in the executive branch, as OMB indicated would be the case in April. A memo this week from OMB Director Peter Orszag and federal cybersecurity coordinator Howard Schmidt gives DHS responsibility for: • overseeing the government-wide and agency-specific implementation of and reporting on cybersecurity policies and guidance; • overseeing and assisting government-wide and agency-specific efforts to provide adequate, risk-based and cost-effective cybersecurity; • overseeing the agencies’ compliance with FISMA and developing analyses for OMB to assist in the development of the FISMA annual report;…