The Financial Services Information Sharing and Analysis Center will simulate a cyber attack on its member institutions to study how robust their IT security is.
Information Week says that the online war game is scheduled for February 9 - 11, and each day of the exercise will present the participating institutions with a different type of cyber attack that their IT defenses must attempt to foil. The participants will be expected to activate any contingency plans that they had in place to deal with that type of cyber attack and fill out an anonymous survey to gauge how successful those plans were.
"When cyber security threats occur, swift and well-planned reactions can mean the difference between business continuity and business catastrophe," said FS-ISAC president and CEO Bill Nelson, in a statement cited by Information Week.
Secure ID News reports that the exercise has garnered national attention, and the support of numerous businesses and other financial institutions. Online retailers, card processors, and numerous other businesses that handle cash online will participate in the exercise.
Tag Archives: cybersecurity
Financial services umbrella group to probe bank cyber security
Filed under Security News
Tagged as banks, cybersecurity, financial, FS-ISAC, game, group, online, war
Tagged as banks, cybersecurity, financial, FS-ISAC, game, group, online, war
Former U.S. cybersecurity director Hathaway lands at Harvard
Filed under Security News
Tagged as cybersecurity, Harvard, Hathaway, National Security Council, Obama, rsigned, White House
Tagged as cybersecurity, Harvard, Hathaway, National Security Council, Obama, rsigned, White House
Melissa Hathaway, who resigned in August as acting senior director for cyberspace at the National Security Council, has joined the Harvard Kennedy School's Belfer Center for Science and International Affairs as a senior advisor to its cybersecurity initiative.
Hathaway served under President George W. Bush and led the 60-day cybersecurity review under President Obama that recommended the appointment of a White House cybersecurity official - a cyber czar - to replace her.
Obama has still not appointed a top White House cybersecurity official - reportedly, several people including former Virginia Senator Tom Davis have turned the administration's job offers down.
Harvard said its Belfer Center's Project Minerva, which Hathaway will join, is a joint effort between the Department of Defense, Massachusetts Institute of Technology and Harvard.
"I believe the United States must take a broader and more active leadership position abroad to drive the future security of this global infrastructure and help galvanize the establishment of norms of behavior in cyberspace," Hathaway said.
As director of the Joint Interagency Cyber Task Force within the Office of the Director of National Intelligence from March 2007 to February 2009 under Presidents Bush and Obama, Hathaway led efforts at developing a cybersecurity strategy on an "unprecedented scope and scale," Harvard said.
Hathaway served under President George W. Bush and led the 60-day cybersecurity review under President Obama that recommended the appointment of a White House cybersecurity official - a cyber czar - to replace her.
Obama has still not appointed a top White House cybersecurity official - reportedly, several people including former Virginia Senator Tom Davis have turned the administration's job offers down.
Harvard said its Belfer Center's Project Minerva, which Hathaway will join, is a joint effort between the Department of Defense, Massachusetts Institute of Technology and Harvard.
"I believe the United States must take a broader and more active leadership position abroad to drive the future security of this global infrastructure and help galvanize the establishment of norms of behavior in cyberspace," Hathaway said.
As director of the Joint Interagency Cyber Task Force within the Office of the Director of National Intelligence from March 2007 to February 2009 under Presidents Bush and Obama, Hathaway led efforts at developing a cybersecurity strategy on an "unprecedented scope and scale," Harvard said.
Cyber Secure Institute: Get serious about cybersecurity
Filed under Security News
Tagged as Cyber Secure Institut, cybersecurity, malware, Rob Housman, security
Tagged as Cyber Secure Institut, cybersecurity, malware, Rob Housman, security
The threat of online attacks from cybercriminals requires stronger network security and better standards using existing technologies, warns Rob Housman, executive director of the Cyber Secure Institute.
Pointing to a recent web security report indicating that hackers have created more than 5 million new strains of malware in 2009 - 50,000 new viruses each day - Housman said businesses and individuals need to do more to protect themselves from computer bugs leading to identity theft and fraud.
"Most businesses and individuals in America are relying on systems that are inherently insecure to protect them from cybercriminals," Housman said.
It's an opportune time to be making that point, with stories of email password thefts from Hotmail and other popular email accounts making headlines. Security researchers have been raising alarms about rapidly spreading cybersecurity threats, including on social networks with millions of users.
"These networks are only as strong as their weakest link and one person's risk becomes everyone's risk," Housman said.
Because of the size of networks like Facebook - which claims more than 300 million users - hackers understand the potential for ensnaring potentially millions of computers in their botnets of infected computers.
Social networks have accelerated the spread of worms like Koobface, a malicious strand of malware that jumps form PC to PC by spreading spam and messages embedded with malicious links.
Pointing to a recent web security report indicating that hackers have created more than 5 million new strains of malware in 2009 - 50,000 new viruses each day - Housman said businesses and individuals need to do more to protect themselves from computer bugs leading to identity theft and fraud.
"Most businesses and individuals in America are relying on systems that are inherently insecure to protect them from cybercriminals," Housman said.
It's an opportune time to be making that point, with stories of email password thefts from Hotmail and other popular email accounts making headlines. Security researchers have been raising alarms about rapidly spreading cybersecurity threats, including on social networks with millions of users.
"These networks are only as strong as their weakest link and one person's risk becomes everyone's risk," Housman said.
Because of the size of networks like Facebook - which claims more than 300 million users - hackers understand the potential for ensnaring potentially millions of computers in their botnets of infected computers.
Social networks have accelerated the spread of worms like Koobface, a malicious strand of malware that jumps form PC to PC by spreading spam and messages embedded with malicious links.
Cybersecurity official Kwon resigns from US-CERT
Mischel Kwon, director of the U.S. Computer Emergency Response Team (US-CERT), a cybersecurity agency within the Department of Homeland Security, has submitted her resignation.
Kwon, the fourth director of US-CERT in the last five years, had been frustrated by a lack of authority to fulfill her mission to protect the network security of civilian government agencies, according to anonymous officials, the Washington Post reported.
Her resignation comes soon after Melissa Hathaway, a top cybersecurity aide under President Bush who continued to serve in the Obama administration, announced she was stepping down.
The Obama administration had directed Hathaway to lead a comprehensive review of U.S. cybersecurity, which recommended the creation of a so-called cyber czar to serve in the White House and report to the Economic Security Council and the National Security Council.
Obama has yet to fill the position and several people have turned down the job, including Hathaway. Rod Beckstrom, another DHS cybersecurity official, resigned in March over what he described as the domination of civilian cybersecurity by the military.
A recent report highlighted the struggles of the federal government to recruit and retain top cybersecurity talent. The Department of Defense has launched a hacking contest to draw on young talent.
Kwon, the fourth director of US-CERT in the last five years, had been frustrated by a lack of authority to fulfill her mission to protect the network security of civilian government agencies, according to anonymous officials, the Washington Post reported.
Her resignation comes soon after Melissa Hathaway, a top cybersecurity aide under President Bush who continued to serve in the Obama administration, announced she was stepping down.
The Obama administration had directed Hathaway to lead a comprehensive review of U.S. cybersecurity, which recommended the creation of a so-called cyber czar to serve in the White House and report to the Economic Security Council and the National Security Council.
Obama has yet to fill the position and several people have turned down the job, including Hathaway. Rod Beckstrom, another DHS cybersecurity official, resigned in March over what he described as the domination of civilian cybersecurity by the military.
A recent report highlighted the struggles of the federal government to recruit and retain top cybersecurity talent. The Department of Defense has launched a hacking contest to draw on young talent.
Napolitano says Secret Service is lead cybersecurity agency
Filed under Security News
Tagged as cybersecurity, DHS, Janet Napolitano, Melissa Hathaway, Secret Service
Tagged as cybersecurity, DHS, Janet Napolitano, Melissa Hathaway, Secret Service
Speaking at the Global Cyber Security Conference in Washington yesterday, Department of Homeland Security Secretary Janet Napolitano said the Secret Service is the lead civilian agency fighting cybercrime in the U.S.
In the wake of the resignation of Melissa Hathaway, the top White House advisor on cybersecurity, Napolitano remarked that it is DHS, which includes the Secret Service, that has jurisdiction over cybersecurity for civilian agencies and the private sector, rather than the military.
Without a cybersecurity czar, a high-level post recommended in the 60-day cybersecurity review led by Hathaway, Napolitano's speech underscored the lack of coordination and other challenges facing the government as it tries to more fully secure the nation from online threats.
"When I came into the department I think it's fair to say we were not organized sufficiently where cybersecurity is concerned," Napolitano said.
How the government will recruit and retain top talent and make the Secret Service "the repository for cybersecurity" knowledge within the government is a leading challenge, she said.
Other challenges include a lack of significant research and development capacity in civilian agencies, the difficulties of sharing intelligence and involving the private sector in promoting online security.
Napolitano announced the creation of a quadrennial Homeland Security Review process to outline strategic goals and a new website, homelandsecuritydialogue.org, to encourage input from academic and private sector experts.
In the wake of the resignation of Melissa Hathaway, the top White House advisor on cybersecurity, Napolitano remarked that it is DHS, which includes the Secret Service, that has jurisdiction over cybersecurity for civilian agencies and the private sector, rather than the military.
Without a cybersecurity czar, a high-level post recommended in the 60-day cybersecurity review led by Hathaway, Napolitano's speech underscored the lack of coordination and other challenges facing the government as it tries to more fully secure the nation from online threats.
"When I came into the department I think it's fair to say we were not organized sufficiently where cybersecurity is concerned," Napolitano said.
How the government will recruit and retain top talent and make the Secret Service "the repository for cybersecurity" knowledge within the government is a leading challenge, she said.
Other challenges include a lack of significant research and development capacity in civilian agencies, the difficulties of sharing intelligence and involving the private sector in promoting online security.
Napolitano announced the creation of a quadrennial Homeland Security Review process to outline strategic goals and a new website, homelandsecuritydialogue.org, to encourage input from academic and private sector experts.
Acting U.S. cybersecurity czar Hathaway resigns
Melissa Hathaway, the top White House cybersecurity official and a holdover from the Bush administration, announced yesterday that she was resigning for personal reasons.
Hathaway told the Wall Street Journal that she had provided an "initial down payment" for what needs to be done for national cybersecurity. A White House spokesman said a rigorous search is underway to find a replacement.
In the first 60 days of the new administration, Hathaway was charged with conducting a comprehensive review of cybersecurity policies and needs. Among its primary recommendations was for creating a White House position to oversee cybersecurity efforts - a cybersecurity "czar," as it has become known.
But it has been months without an official appointment and several candidates for the job have reportedly turned it down. Hathaway told the Journal that she removed her name from consideration.
Not everyone agrees that such a position is even desirable or that it would be an effective way to tackle the nation's considerable cybersecurity challenges, including spying on its networks, breaches of sensitive data and cyberattacks on government websites.
Writing at Wired magazine's Danger Room blog, Michael Tanji noted that a cyber czar would have no power over service providers that are "the underpinnings of cyberspace."
"Despite grandiose claims to the contrary, the government has very little direct impact on how safe national resources are online," Tanji said.
Hathaway told the Wall Street Journal that she had provided an "initial down payment" for what needs to be done for national cybersecurity. A White House spokesman said a rigorous search is underway to find a replacement.
In the first 60 days of the new administration, Hathaway was charged with conducting a comprehensive review of cybersecurity policies and needs. Among its primary recommendations was for creating a White House position to oversee cybersecurity efforts - a cybersecurity "czar," as it has become known.
But it has been months without an official appointment and several candidates for the job have reportedly turned it down. Hathaway told the Journal that she removed her name from consideration.
Not everyone agrees that such a position is even desirable or that it would be an effective way to tackle the nation's considerable cybersecurity challenges, including spying on its networks, breaches of sensitive data and cyberattacks on government websites.
Writing at Wired magazine's Danger Room blog, Michael Tanji noted that a cyber czar would have no power over service providers that are "the underpinnings of cyberspace."
"Despite grandiose claims to the contrary, the government has very little direct impact on how safe national resources are online," Tanji said.
ATM scams spotted by Defcon hackers
Scammers hoping to score cash off of unsuspecting ATM users at hotels in Las Vegas may have underestimated their targets this time: hackers in town for the Defcon cybersecurity conference this week spotted the data-swiping machines and reported them to authorities.
According to IDG News Service, hackers spotted one fake ATM last week at the Riviera Hotel because it didn't look right and discovered that the ATM was a shell with a PC hidden behind the screen for stealing PINs and card numbers for cloning bank cards.
Then, this weekend, Defcon presenter and credit card and identity theft expert Chris Paget tried to withdraw money from an ATM at the Rio All-Suite Hotel and Casino, when he noticed that his account was debited but no money came out, IDG News reported.
Paget notified hotel security and law enforcement along with the ATM vendor, saying the machine could have been infected by malware designed to prevent it from dispensing cash, which could later be picked up by an insider.
The Secret Service was investigating the ATM at the Rio hotel, IDG News reported.
A security expert had been scheduled to give a talk at Defcon on a security flaw in a type of ATM that could allow scammers to hijack the machines, but the talk was canceled when the ATM vendor threatened legal action.
According to IDG News Service, hackers spotted one fake ATM last week at the Riviera Hotel because it didn't look right and discovered that the ATM was a shell with a PC hidden behind the screen for stealing PINs and card numbers for cloning bank cards.
Then, this weekend, Defcon presenter and credit card and identity theft expert Chris Paget tried to withdraw money from an ATM at the Rio All-Suite Hotel and Casino, when he noticed that his account was debited but no money came out, IDG News reported.
Paget notified hotel security and law enforcement along with the ATM vendor, saying the machine could have been infected by malware designed to prevent it from dispensing cash, which could later be picked up by an insider.
The Secret Service was investigating the ATM at the Rio hotel, IDG News reported.
A security expert had been scheduled to give a talk at Defcon on a security flaw in a type of ATM that could allow scammers to hijack the machines, but the talk was canceled when the ATM vendor threatened legal action.
U.S. cybersecurity effort understaffed, is cyber czar appointment imminent?
Federal cybersecurity initiatives are hampered by a shortage of skilled IT personnel, as well as a lack of leadership, planning and coordination among agencies, according to a new report. Meanwhile, several reports indicate President Obama may be ready to name a "cyber czar" in the near-term.
Despite a high-level cybersecurity review ordered by the Obama administration within its first 100 days, Obama has yet to find a point person to lead the effort.
Forbes.com cited unnamed cybersecurity insiders as saying that the administration has offered the cyber czar job to at least three people who have turned it down. Former Virginia Senator Tom Davis, now a consultant for Deloitte, announced last month that he wouldn't take the cyber czar job, according to Forbes.
The staffing problem extends throughout the government, as highly-skilled IT professionals are snapped up by private companies, according to the nonprofit Partnership for Public Service (PPS) and Booz Allen Hamilton.
Max Stier, president and CEO of PPS, said that a lack of cybersecurity talent is a major problem for the government, in calling for "a vibrant, highly trained and dedicated federal cybersecurity workforce."
Fragmentation and uncoordinated leadership and an insufficient pipeline of skilled network security professionals, the PPS report says, has hamstrung U.S. efforts to defend against cyberattacks.
Despite a high-level cybersecurity review ordered by the Obama administration within its first 100 days, Obama has yet to find a point person to lead the effort.
Forbes.com cited unnamed cybersecurity insiders as saying that the administration has offered the cyber czar job to at least three people who have turned it down. Former Virginia Senator Tom Davis, now a consultant for Deloitte, announced last month that he wouldn't take the cyber czar job, according to Forbes.
The staffing problem extends throughout the government, as highly-skilled IT professionals are snapped up by private companies, according to the nonprofit Partnership for Public Service (PPS) and Booz Allen Hamilton.
Max Stier, president and CEO of PPS, said that a lack of cybersecurity talent is a major problem for the government, in calling for "a vibrant, highly trained and dedicated federal cybersecurity workforce."
Fragmentation and uncoordinated leadership and an insufficient pipeline of skilled network security professionals, the PPS report says, has hamstrung U.S. efforts to defend against cyberattacks.