One of the more widely anticipated keynotes at the RSA Conference this week is the talk by Melissa Hathaway, who was in charge of the Obama administration’s recently completed review of the country’s information security standing. However it now looks unlikely that Hathaway will actually reveal any of the key findings or recommendations in the review during her talk on Wednesday afternoon at the conference.
Browsing Category: Government
The FBI has been using an in-house spyware program for several years to monitor the activities of suspected online criminals and hackers, according to recently released documents. The documents, obtained by Wired.com, show that the FBI was able to plant the program on target machines by encouraging their subjects to click on a link that silently installed the software.
From SMBlog (Steve Bellovin)
The Senate bill introduced earlier this month that would make sweeping changes to the way that information security is practiced both in the federal government and the private sector has a number of good elements, but the flaws in the proposed legislation outweight the benefits, writes Steve Bellovin.
The supposedly new attacks on the electrical grid and other portions of the country’s critical infrastructure that came to light this week are in fact not new at all and have been ongoing for several years. Attackers have been making serious inroads into U.S. government, utility and military networks for most of this decade and the problem is continuing to worsen, security experts say.
From Cnet (Elinor Mills)
The security of U.S. networks is in such disarray that the Pentagon has spent $100 million in the last six months alone to repair damage done by cyber attacks. That huge number presumably includes cleaning up after external attacks, viruses and internal problems.
The received wisdom in the security industry is that trying to qualitatively assess the security of a given piece of software is an incredibly difficult task. Some of the sharpest minds in software security–Gary McGraw, Brian Chess and Michael Howard among them–have spent years trying to nail down a framework for this task, with varying degrees of success. Not to worry, though. As Eric Rescorla writes, the government has now joined the fray with a proposal to develop standards for software security.
A bill introduced in the Senate on Wednesday would make major changes to the way that cybersecurity is handled both within the government and in the private sector, including giving the federal government more control over private networks.
Federal legislators are working on a bill that would make major changes to the way that both government and private networks are protected. The Washington Post reports that the legislation not only will include more enforcement for regulations, but also will push for a federal cybersecurity czar to be stationed in the White House, a measure that security experts have been recommending for years.
In the next few weeks President Barack Obama will be handed a report detailing the country’s cybersecurity defenses and laying out what’s needed to protect America’s technology resources from hostile nations and organized crime groups.
As a result of some tremendous work done by researchers at the University of Toronto, we now know that there is an enormous network of compromised machines in more than 100 countries around the world, many of them in government agencies, embassies and other sensitive locations.