-
DHS warns of critical vulnerabilities in Chinese software
Last week DHS warned that control software widely used in China’s weapons systems, utilities, and chemical plants has dangerous weaknesses that leave it open to hackers; the warning, issued by the DHS Industrial Control Systems Cyber Emergency Response Team (ISC-CERT), stems from critical vulnerabilities found in SCADA software developed by Beijing’s Sunway ForceControl Technology
-
-
Weather variations cost U.S. $485 billion a year
New research finds that routine weather events such as rain and cooler-than-average days can add up to an annual economic impact of as much as $485 billion in the United States; the study found that finance, manufacturing, agriculture, and every other sector of the economy is sensitive to changes in the weather, and that the impact of routine weather variations on the economy is as much as 3.4 percent of U.S. gross domestic product
-
-
U.S. will "view major cyber attacks as acts of war"
The Pentagon has adopted a new strategy that will classify major cyber attacks as acts of war, paving the way for possible military retaliation; “If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” a U.S. military official said; the move to formalize the Pentagon’s thinking was borne of the military’s realization the United States has been slow to build up defenses against cyber attacks, even as civilian and military infrastructure has grown more dependent on the Internet; the military established a new command last year, headed by the director of the National Security Agency (NSA), to consolidate military network security and attack efforts
-
-
Digital ants protect critical infrastructure
As the U.S. electrical power grid becomes more interconnected through the Internet, the chances of cyber attacks increase as well; a Wake Forest University security expert developed “digital ants” to protect critical networks; unlike traditional security approaches, which are static, digital ants wander through computer networks looking for threats such as computer worms, self-replicating programs designed to steal information or facilitate unauthorized use of computers; when a digital ant detects a threat, it summons an army of ants to converge at that location, drawing the attention of human operators to investigate
-
-
Pentagon to help protect U.S. cyber assets, infrastructure
The U.S. Defense Department is now sharing cybersecurity information, capabilities, and expertise with DHS; this is in line with the administration’s cyber security plan, which calls for DHS to lead the effort to protect Americans, the U.S. critical infrastructure, and the federal government’s computer networks; the Defense Department would retain protections over its “dot-mil” domain, and it would work in close collaboration DHS and the departments of Justice and Commerce better to safeguard cyberspace
-
-
DHS to double cybersecurity staff
DHS recently announced that it plans to increase its cybersecurity workforce by more than 50 percent so that it can lead government-wide efforts to secure federal networks against cyber attacks as outlined in President Obama’s recently proposed cybersecurity plan; DHS plans to hire 140 additional cybersecurity experts by October 2012 bringing the agency’s total to 400; under the president’s proposed legislation, DHS would act as the lead agency in coordinating cybersecurity measures across the government and would also be responsible for ensuring that private operators of critical infrastructure have adequate security measures in place
-
-
DHS cybersecurity chief resigns
Just days after the White House unveiled its comprehensive plan for securing government networks from cyber attacks, one of the government’s top cyber security officials announced that he was resigning; Phil Reitinger, the deputy undersecretary of DHS’s National Protection and Programs Directorate (NPPD), was careful to note that the timing of his resignation was not meant as a reflection or a statement on the recently released government-wide cyber plan; at NPPD, Reitinger was DHS’s senior interagency policymaker and top cyber and computer crimes official.
-
-
Government launches cybersecurity plan
Last week the Obama administration unveiled its plan to secure federal computer networks, critical industries, and consumers from cyberattacks; under the proposed plan, DHS will lead government efforts to secure networks with “primary responsibility within the executive branch for information security” ; DHS would also be empowered to set policies and activities for government systems; the plan would require critical infrastructure operators like electric companies and large financial firms to present cybersecurity plans to DHS for approval; DHS auditors would review the plans with the operators, discuss any shortcomings and “take other action as may be determined appropriate”
-
-
Memphis flood fear eases, Louisiana and Mississippi brace for worst
Residents living near the Mississippi River have been battling a record surge of water that is slowly making its way south sending a deluge of water beyond the river’s banks and into nearby communities; on Tuesday, the river’s crest made its way through Memphis hitting near record levels of 47.8 feet; so far the levees along the river have been holding up; residents of Louisiana and Mississippi are bracing for similar record water levels as the crest winds southward; to help ease the pressure on the levee system, the Army Corps of Engineers opened up several spillways on Monday including parts of the Bonnet Carre spillway; the region has received 600 percent more rain than usual for this time of year
-
-
DOJ report finds FBI agents lacks critical cyber security skills
A recent government report found that the FBI’s cybersecurity experts are incompetent and overly focused on investigating child pornography; the study, conducted by the Department of Justice (DOJ), said that many of the FBI agents trained in cyber security lacked the ability to investigate national security related intrusions and threats; out of the thirty-six agents interviewed, only 64 percent said they had the expertise to handle national security related cyber investigations; the remaining 36 percent “lacked the networking and counterintelligence expertise to investigate national security intrusion cases” ; five agents even admitted that they “did not think they were able or qualified to investigate national security intrusions effectively”
-
-
Dramatic increase in critical infrastructure cyber attacks, sabotage
A new study by McAfee and CSIS reveals a dramatic increase in cyber attacks on critical infrastructure such as power grids, oil, gas, and water; the study also shows that that many of the world’s critical infrastructures lacked protection of their computer networks, and revealed the staggering cost and impact of cyberattacks on these networks
-
-
Firm pushes for open wireless sensor data
As wireless sensors are becoming increasingly ubiquitous in electrical grids, homes, and businesses, electronic enthusiasts and programmers believe that this data could be used to create a host of new devices with practical uses; making sensor data freely available allows engineers to build software and apps that monitor data in real time for things like local radiation levels, water quality, or even your home’s energy consumption; leading the push for open sensor data is U.K. based Pachube (pronounced “patchbay”) which has developed a network of sensors that collect six million points of data per day; the majority of sensor information is currently encrypted and therefore inaccessible
-
-
Siemens, McAfee team up to defend against critical infrastructure attacks
McAfee and Siemens will work together to help secure critical infrastructure against cyber attacks that target industrial control processes like the Stuxnet worm which destroyed nuclear centrifuges at an Iranian nuclear enrichment facility; the two companies are targeting Advanced Persistent Threats aimed at the manufacturing and process industry; this new security product could help ease security fears for critical infrastructure operators who rely on industrial control programs for nearly every automated process; McAfee says it’s Application Control system product would have protected Iran’s centrifuges from the Stuxnet virus that caused them to spin out of control
-
-
Joint EU and U.S. cyber security exercise to be held this year
The United States and the European Union (EU) recently announced that they will hold joint cyber war exercises by the end of 2011; the exercise comes as part of a broader agreement to expand efforts to jointly defend against cyber security threats; the two sides agreed to share best practices, engage the private sector, and increase global cyber incident response capabilities; in particular, the agreement will focus on fighting botnets, securing industrial control systems, and enhancing the resilience and stability of the internet
-
-
Call for creating a U.S. cybersecurity emergency response capability
Lawmakers call for the creation of a cybersecurity emergency response capability to help businesses under major cyber attacks; “Who do you call if your CIO is overwhelmed, if you’re a local bank or utility?” Senator Sheldon Whitehouse (D-Rhode Island) asked; “How can we preposition defenses for our critical infrastructure, since these attacks come at the speed of light?”
-