Browsing: cybersecurity

Melissa Hathaway, the Obama administration’s acting cybersecurity director, said Friday she is one of the candidates being considered for the permanent cybersecurity post. Hathaway confirmed her candidacy for the “cybersecurity czar” position to reporters after a speech at the Center for Strategic and International Studies, a Washington, D.C. policy group. Hathaway said the administration is considering several candidates but President Barack Obama has not yet conducted any interviews. Hathaway, who led the White House’s 60-day review of cybersecurity policy, said Obama is deeply interested in improving cybersecurity and his leadership will help institute change. “It’s personal to him … they’ve…

Okay, maybe not the best metaphor, since it’s been raining all day in Washington. Nonetheless: In the next five days, the Obama administration is probably going to release a more detailed 2010 budget proposal, its cybersecurity review, and the details of the bank “stress tests.” Busy week. The details of the stress tests have been slowly leaking out — Citigroup and Bank of America both need more capital — and it’s an open secret that the cybersecurity review will call for a big White House role in cybersecurity. But it will be interesting to dig into the specifics. And, of…

We’ve done a lot of reporting on cybersecurity over the past few months (cf here, here and here), mostly focused on defense — how the federal government protects itself against intruders. But the government is also improving its offensive capabilities, a story that gets far less coverage. The New York Times has an interesting article about it this morning: President Obama is expected to propose a far larger defensive effort in coming days […] But Mr. Obama is expected to say little or nothing about the nation’s offensive capabilities, on which the military and the nation’s intelligence agencies have been…

Melissa Hathaway, the official in charge of the White House’s 60-day cybersecurity review, gave a speech last night at the RSA conference in San Francisco. The review concluded last Friday, so there were high expectations around the speech: most experts expected her to announce her findings. Unfortunately, that didn’t happen, apparently because the administration hasn’t read the final report yet. I’m told that the White House deputies committee is meeting to review it today or tomorrow. So we’ll probably see a final copy early next week. Hathaway did confirm that the final report calls for the White House to coordinate…

Symantec has an interesting report out on government IT threats. I’ve uploaded a copy, in PDF form, here. Still digesting the whole (lengthy) report, but it seems like hackers are “diversifying” their attacks — using different approaches than they did in 2007. U.S. government systems are still popular targets (nearly a quarter of attacks on government systems target the U.S.); most of the attacks come from China, it seems.

We’ve got a story up on the Web site about the cybersecurity power struggle between the Homeland Security Department and the National Security Agency. It mentions Rod Beckstrom, the National Cybersecurity Center director who announced his resignation last week. His resignation letter was pretty critical of NSA’s cybersecurity role: NSA effectively controls DHS cyber efforts through detailees, technology insertions, and the proposed move of… the NCSC to a Fort Meade NSA facility. NSA currently dominates most national cyber efforts… I believe this is a bad strategy on multiple grounds… the intelligence culture is very different than a network operations or…

The Federal Aviation Administration notified 45,000 employees and retirees yesterday that files containing their personal data were hacked and their information was electronically stolen. The hacker breached 48 FAA files, two of which contained the personal information. Only employees on the payroll as of the first week of February 2006 are affected. Those individuals will be notified by letter and law enforcement has been notified, FAA said. In a statement FAA said: The FAA is moving quickly to prevent any similar incidents and has identified immediate steps as well as longer-term measures to further protect personal information. The agency is…

We reported yesterday that President Barack Obama planned to order a 60-day review of national cybersecurity policy. The president officially made that announcement last night, just before his prime-time press conference. Melissa Hathaway, currently the top cybersecurity official at the Office of the Director of National Intelligence, will lead the review; she’s expected to become the nation’s first “cyber czar” after the review is complete. The White House’s full announcement is after the jump.

Two cybersecurity experts — Alan Paller of the SANS Institute, and former Energy and Air Force CIO John Gilligan — are presenting what they call a new approach to security at a conference this morning. Gilligan said the current approach is too focused on compliance with hundreds of pages of NIST regulations. He said the next administration should focus on “letting offense inform defense”: We should leverage experts from across the hacker-defender communities to help us determine, as we did in the Air Force… where should we be focusing our investments? He was referring to an exercise the Air Force…