Trump Cybersecurity Dos and Don’ts

President-elect Donald Trump ran a campaign focused on national security and making America great again through economic reform. Clearly both goals should include policies and programs to bolster the nation’s cybersecurity capabilities. This shouldn’t be an abstract concept to Mr. Trump after an election cycle featuring Russian hacks and WikiLeaks posts. 

To reinforce this priority, it is also worth noting that in a pre-election survey by ESG research, 49% of cybersecurity professionals said that cybersecurity is a critical issue and should be the top national security priority for the next President while 45% said cybersecurity is a very important issue and should be one of the top national security priorities for the next President. If those citizens on the front-line see cybersecurity as a major priority, this should speak volumes to the President-elect. 

Topics: Cybersecurity NICE nsa NIST NSF Barack Obama Donald Trump United States of America

Will Public/Private Threat Intelligence Sharing Work?

In January, Representative Charles Albert “Dutch” Ruppersberger (D-MD) reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA) as H.R. 234 into the 114th Congress.  The bill was first introduced by Mike Rogers (R-MI) in 2011.

Topics: Cybersecurity Threat Intelligence Lifecycle nsa

Book Report: @War: The Rise of the Military-Internet Complex

I’ve read a fair amount of cybersecurity books across a wide spectrum of topics—early hackers, cyber-crime, hacktivists, nation state activity, etc. A few years ago, new books were few and far between, but this is no longer the case. I recently posted a blog/book report on Kim Zetter’s fantastic book, Countdown to Zero Day. Allow me to recommend another good one, @War: The Rise of the Military-Internet Complex, by Shane Harris.

Topics: Cybersecurity nsa president obama

Enterprises Are Not Monitoring Access to Sensitive Data

If you want to make a cybersecurity professional uncomfortable, simply utter these two word: ‘Data exfiltration.’ Why will this term garner an emotional response? Because data exfiltration is a worst-case outcome of a cyber-attack – think Target, the NY Times, Google Aurora, Titan Rain, etc. Simply stated, ‘data exfiltration’ is a quasi-military term used to describe the theft of sensitive data like credit card numbers, health care records, manufacturing processes, or classified military plans.

Most enterprises now recognize the risks associated with data exfiltration and are now reacting with new types of security technologies, granular network segmentation, and tighter access controls. Good start but what about simply monitoring sensitive data access activities? You know, who accesses the data, how often, what they do, etc.?

Topics: Information and Risk Management Dell Security and Privacy Security google Centrify CyberArk Courion Sailpoint data security Quest Box Symantec Target nsa cybercrime identity and access management security analytics Edward Snowden

Advanced Malware Detection and Response and Other Cybersecurity Services on the Rise

Think about all of the cybersecurity industry activity with advanced malware detection and response and what comes to mind? Most people would probably focus on technology vendors like Bromium, Cylance, Damballa, FireEye, and Palo Alto Networks since these firms have garnered headlines, raised vast fortunes of VC funding, and even pushed through successful IPOs.

Topics: IBM Cloud Computing Cybersecurity Palo Alto Networks Cisco Information and Risk Management FireEye HP Dell Security and Privacy Security Mandiant Lockheed DHS Barracuda Booz Allen Hamilton bromium Leidos nsa Cylance cybercrime CSC Damballa NIST BT NSF mssp

Good News and Bad News on Cybersecurity Priorities and Spending in 2014

With the Winter Olympics in full-swing, the cybersecurity community anxiously awaits another global event, the 2014 RSA Conference. Like Sochi, the RSA Conference comes with its own controversy, but I still anticipate that most of the global information security glitterati will be in San Francisco two weeks hence.

Topics: Cybersecurity Information and Risk Management Security and Privacy Security Mandiant rsa conference nsa Edward Snowden cyber attack

Security Professionals Identify IT Risks Associated with Cloud Computing

It’s highly likely that cloud security will be one of the hot topics at this year’s RSA Security Conference coming up in February. Yes, there will surely be a lot of rhetoric and hype, but this is a very important topic for our industry to discuss as cloud computing continues to gain momentum with enterprise organizations.

While information security is still the primary concern around cloud computing, enterprise organizations aren’t holding back on deployment, albeit with non-sensitive workloads for the most part.

Topics: Cloud Computing Information and Risk Management McAfee Security and Privacy Security Amazon trend micro CloudPassage Target nsa Edward Snowden privacy Octa HyTrust

Organizations Remain Vulnerable to Insider Attacks

Over the past few years, the security community has focused its attention on attacks coming from Odessa, Tehran, and Beijing. On balance this is a good thing as we are learning more about our cyber adversaries. That said, what about insider attacks? Back around 2008, insider attacks were viewed as the most dangerous of all since insiders tend to know what they want, where it is, and how to get it.

Topics: Cloud Computing Information and Risk Management Security and Privacy Security malware Booz Allen Hamilton nsa Edward Snowden Anti-malware APT

Why Aren’t We Questioning the Effectiveness of the NSA Program?

Full disclosure, I am extremely uncomfortable with the intrusive intelligence programs going on at NSA. If it weren’t for Edward Snowden and Mark Klein (former AT&T technician) we wouldn’t know about NSA activities on telephony and data networks. It makes you wonder what additional data the NSA is collecting that we don’t know about.

Beyond the privacy issue however, there are a few other fundamental questions here and I don’t hear anyone asking them. Allow me to chime in:

  1. How effective are these programs? PRISM is just one of several programs based upon data collection and mining. We’ve heard rhetoric about how these programs have protected us by detecting and preventing terrorist attacks but no one has provided any detail. Yeah, I know this is classified information but this means that we U.S. Citizens have to take the government’s word for it which has proved to be a fool’s choice in the past. We do know that in spite of these massive programs, the intelligence community missed the underwear bomber (spelling error in database), the Time Square bomber, and Tamerlan Tsarnaev. Given these “swings and misses,” how often did the intelligence community deliver base hits?
  2. How much does it cost? The NSA budget is classified but you've got to figure that the U.S. is spending multiple billions of dollars on data collection, storage, and mining. Heck, the NSA is building a $1.2 billion data center in Utah, capable of holding yottabytes of data. Big dollars for government integrators but is this investment really worth it in an era of budget deficits and bridges falling apart? Without an answer to question #1, we can’t understand whether we are throwing good money after bad to keep K Street lobbyists and “Beltway Bandits” fat and happy.
  3. How secure are these programs? In my mind, Booz Allen has a bit more explaining to do. How was Edward Snowden, a new employee, able to walk out the door with classified data so easily? At a higher level, how many others working at L3, CACI, and SAIC could expose similar data to the press or sell it to Iran, North Korea, or other nations? A disgruntled worker could make the damage caused by Bradley Manning look like nothing.
Topics: Information and Risk Management Security and Privacy Security Booz Allen saic nsa cybercrime Edward Snowden

More On The Security Skills Shortage Issue

I frequently peruse information security news, and recently came across this article. The article highlights Symantec CEO Enrique Salem's warning of a shortage of talented cybersecurity professionals in the United States. Furthermore, this shortage is especially pronounced where it may be needed most -- law enforcement, intelligence agencies, and the Department of Defense.

Topics: Information Security Cloud Computing Network Security Cybersecurity End-User Computing Endpoint & Application Virtualization IT Infrastructure Private Cloud Infrastructure Networking Information and Risk Management mobile Security and Privacy BYOD endpoint security DHS Symantec federal government nsa security analytics DoD security skills cloud security