agencies

now browsing by tag

 
 

#nationalcybersecuritymonth | Agencies Post Opportunities for Reskilling Academy Grads to Use Their New Cyber Skills

Source: National Cyber Security – Produced By Gregory Evans

As the Trump administration works to reskill current federal employees to meet the workforce needs of the 21st century, lead agencies are now making sure there are jobs for those trainees to transition to—at least temporarily.

Wednesday, the Office of Management and Budget and Office of Personnel Management, in conjunction with the Federal Chief Information Officers Council, announced the first wave of “temporary detail opportunities.” Nine positions were posted to the Open Opportunities job board, where current federal employees can find temporary or part-time work with other agencies to improve their skills.

While the details are open to any qualified federal employee, the latest push is intended to create opportunities for graduates of the Cyber Reskilling Academy.

“We cannot overcome the shortage in the federal cybersecurity workforce overnight,” Federal CIO Suzette Kent said Wednesday in a statement. “By continuing to invest and support reskilling programs, coupled with hands-on opportunities to apply those skills, the federal government is positioning itself to strengthen our cybersecurity workforce capabilities.”

The Reskilling Academy launched in April 2019 with an initial cohort of 25 students, plucked from more than 2,000 applicants from across government with no prior cybersecurity or IT background. Those students went through 13 weeks of training and came out the other side with a set of basic cyber defense skills. However, due to the nature of the federal employment hierarchy—known as the General Schedule—those graduates were not able to immediately transition to cybersecurity jobs.

OMB recognized the job placement issue and began looking at ways to move the program forward, including first broaching the idea in October of using Open Opportunities.

“By serving as a governmentwide bulletin board for short-term assignments, details and training opportunities around the federal government, Open Opportunities will help agencies tap into the valuable talent and skills we already have and are developing within government,” said OPM Director Dale Cabaniss.

The postings that went live Wednesday do not give specific timeline for the details. However, back in October, OPM Principal Deputy Associate Director for Employee Services Veronica Villalobos told Nextgov the agency was looking at nine-month tours.

Three agencies—Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Veterans Affairs Department and the Environmental Protection Agency—posted nine openings Wednesday to Open Opportunities, most with multiple positions available.

The posts contain a brief description of the office seeking assistance, a rundown of the tasks the employee will be asked to perform and a list of skills they should expect to leave with when the detail is done.

Most of the openings focus on policy and security assessments. For example, the VA opportunity is for a “junior IT specialist to prepare, deploy and transition DOD/VA electronic health records.” In this role, the detailee will work with the Office of Electronic Health Record Modernization to review documentation for the authority to operate—a certification verifying a baseline of cybersecurity for an application—and make edits and recommendations, as needed.

Similarly, CISA has two to five openings for GS-12 to GS-15 employees to serve as cyber policy and strategy planners. The position “[d]evelops policies and plans and/or advocates for changes in policy that support organizational cyberspace initiatives or required changes/enhancements,” per the posting, which cites the job description directly from the National Initiative for Cybersecurity Education, or NICE.

The administration is also looking to expand the Reskilling Academy outside of OMB. In the president’s 2021 budget proposal, OMB directed departments to include funding for a distributed reskilling effort run independently out of each agency but based on the central Reskilling Academy model. Per the plan, the administration hopes to reskill some 400,000 federal employees in cybersecurity, data science and other technology-focused areas.

Source link

The post #nationalcybersecuritymonth | Agencies Post Opportunities for Reskilling Academy Grads to Use Their New Cyber Skills appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | WhiteHat Provides Free Vulnerability Discovery Services to Gov’t Agencies

Source: National Cyber Security – Produced By Gregory Evans

As part of an effort to help chronically underfunded government agencies combat state-sponsored cyberattacks, WhiteHat Security, a unit of NTT, has decided to offer free of charge two services it provides for discovering vulnerabilities before and after application code is deployed to federal, state and municipal agencies in North America.

Company CEO Craig Hinkley said the decision to make WhiteHat Sentinel Dynamic and Sentinel Source Essentials Edition available for free to government agencies is motivated by civic duty. A native of Australia, Hinkley moved to the U.S. 23 years ago and last year became a U.S. citizen. State-sponsored attacks against election systems are nothing less than an attack on democracy, he said.

Citing data compiled by the Center for Strategic & International Studies, recent examples of state-sponsored cyberattacks against applications and websites included are of increasing concern, with recent examples include the theft of login credentials from government agencies in 22 countries across Asia, Europe and North America and hacking campaign that kicked more than 2,000 websites offline in Georgia.

At the same time, North Dakota officials this week disclosed cyberattacks aimed at the state government nearly tripled last year. Shawn Riley, North Dakota’s chief information officer and head of the Information Technology department, disclosed there were more than 15 million cyberattacks against the state’s government per month in 2019, a 300% increase year over year.

The Texas Department of Information Resources revealed it has seen as many as 10,000 attempted attacks per minute from Iran over a 48-hour period on state agency networks, while the U.S. Coast Guard (USCG) issued a security bulletin after revealing that one of its bases had been knocked offline last month by a Ryuk ransomware attack. Even small school districts are being impacted by cybersecurity: Richmond, Michigan, a small city near Detroit, recently announced that students would be enjoying a few extra days of holiday break this year while its school system recovered from a ransomware attack.

A recent report published by Emisoft, a provider of endpoint security software, estimates attacks against roughly 966 government agencies, educational institutions and healthcare providers created costs in excess of $7.5 billion.

Clearly, a lot of focus on cybersecurity attacks is on state and local governments that are responsible for ensuring the integrity of elections. Just this week, a bipartisan bill was proposed calling for the director of the Cybersecurity and Infrastructure Security Agency to appoint a cybersecurity state coordinator in each U.S. state.

Hinkley said it’s apparent government agencies don’t have the resources required to thwart attacks being launched by states themselves or rogue organized groups acting to advance their interests. By making available cybersecurity vulnerability assessment services for free, WhiteHat Security is moving to help agencies identify vulnerabilities in websites and applications that could be easily exploited, he said.

Making that capability available as a service should make it easier for both application developers and cybersecurity teams to scan for vulnerabilities before and after an application is deployed. It may even help foster the adoption of best DevSecOps practices within government agencies, Hinkley noted.

State-sponsored cybersecurity attacks have become a global issue. Concerns about such attacks have risen sharply as tensions in the Middle East continue to rise. The challenge now is how best to thwart those attacks before they are launched by eliminating as many existing vulnerabilities as possible.

Source link

The post #cybersecurity | #hackerspace |<p> WhiteHat Provides Free Vulnerability Discovery Services to Gov’t Agencies <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Idaptive Brings Next-Gen Access to Government Agencies with GSA Designation

Source: National Cyber Security – Produced By Gregory Evans

To cap off an incredible first year for Idaptive’s sales and channel program, we’re proud to announce that Idaptive is now on the  U.S. General Services Administration (GSA) Schedule, so we are now able to offer GSA government agencies and state and local governments the identity and access management services they need to benefit from true Zero Trust security. With this designation, Idaptive can bring the future of identity and access to the public service sector, empowering government agencies to enable seamless and secure access to public servants and citizens alike through our Next-Gen Access Cloud. 

The GSA is the purchasing arm of the U.S. Government, and lists contracts or schedules available for vendors to bid on. To become eligible to bid on a GSA schedule, Idaptive had to complete a series of steps that included obtaining a DUNS number, registering in the government’s SAM (System for Award Management), and providing previous customer contact information as a means for the GSA to perform a past performance evaluation. 

GSA status is a non-industry specific designation, and Idaptive was able to earn its GSA approval through the help of our strategic channel partner ImmixGroup. This partnership marks the next chapter for Idaptive’s blossoming channel program, which we launched from scratch earlier this year. Since then, it has grown to include a total of 152 incredible solution providers and technology integrators and accounts for nearly 80 percent of our sales to date. All while racking up a number of channel-based awards wins and accolades along the way (check those out below). 

Brian Krause, Idaptive’s Director of Worldwide Channels, explains that GSA is an important next step for both Idaptive and for Federal, state and local governments when it comes to bringing much-needed innovation and security to the country’s most important public service agencies. 

“There’s no one more at risk to data breaches than government agencies, and the stakes are often far higher,” said Krause. “With GSA designation, we’re proud to deliver Next-Gen Access identity technology to help more government organizations implement a Zero Trust security posture while also improving employee productivity, enhancing citizen and partner experiences, and reducing the risk of data breaches.” 

2019 was a huge year for Idaptive and our channel program, and we look forward to seeing what next year has in store! Stay tuned in 2020 for more updates on the future of identity from Idaptive. 

 

Check out all of Idaptive’s channel program news and recognitions this year here: 

Source link

The post #cybersecurity | #hackerspace |<p> Idaptive Brings Next-Gen Access to Government Agencies with GSA Designation <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Attackers pose as German, Italian & US gov’t agencies to spread malware

Source: National Cyber Security – Produced By Gregory Evans

Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan.

Business and IT services, manufacturing companies, and healthcare organizations make up a large share of the targets in this operation, said a blog post today from Proofpoint, which calls the group TA2101. In many cases, the emails are sent from addresses that are made to look authentic at first glance, only they end in the .icu top-level domain.

The Proofpoint Threat Insight Team observed TA2101 campaigns targeting German on Oct. 16 and 23, and then again on Nov. 6, during which time the actor pretended to be the Bundeszentralamt fur Steuern, aka the German Federal Ministry of Finance. The adversary sent hundreds of emails with lures designed to entice recipients into opening Word documents containing malicious macros. These macros executed a PowerShell script that delivered Cobalt Strike, a legitimate attack simulation tool that in the wrong hands can be used as actual malware.

The October emails, aimed largely at IT services companies, falsely claimed that recipients were due to receive a tax refund, and instructed them to open the Word doc to fill out a refund request form.

The Nov. 6 emails similarly targeted business and IT services companies. In this instance, however, the attached documents were disguised as an RSA SecureID key, but actually contained macros that delivered Maze ransomware. One day later, TA2101 sent out even more emails, except instead of impersonated the Federal Ministry of Finance, the attackers pretended to be the ISP 1&1 Internet AG.

Phishing activity targeting Italian organizations, especially manufacturing companies, took place on Oct. 29. For this scam, TA2101 emailed dozens of prospective victims a notification of law enforcement activities that purportedly came from Agenzia Entrate, the Italian Ministry of Taxation and threatened recipients with financial penalties. Again, opening the attached Word doc would trigger the embedded macros to install Maze.

The most recent campaign referenced in the blog post took place on Nov. 12 and zeroed in on American organizations. These emails, which used a uspsdelivery-service.com domain instead of .icu, seemed to come from the U.S. Postal Service and again appeared to include a Word document with an RSA SecurID key. Opening the document this case caused the macros to deliver the IcedID banking trojan.

“Proofpoint researchers have observed a consistent set of TTPs… that allows attribution of these campaigns to a single actor with high confidence. These include the use of .icu domains, as well as identical email addresses for the Start of Authority (SOA) resource records stored for the DNS entries for the domains used in these campaigns,” wrote Proofpoint researcher and blog post author Bryan Campbell. The SOA email addresses, gladkoff1991@yandex.ru, is also linked campaigns that attempted to spread Buran ransomware in September.”

“Additionally, Proofpoint researchers have observed that the canonical URLs used by this actor are formatted in a repeatable fashion with word_/.tmp in the string with slight variations made over time,” the blog post continued. “Proofpoint researchers suspect that the word_/.tmp usage might be linked to previous campaigns that were spotted earlier by the infosec community in 2019.”

Original Source link

The post #cybersecurity | hacker | Attackers pose as German, Italian & US gov’t agencies to spread malware appeared first on National Cyber Security.

View full post on National Cyber Security

US #Gov’t #Agencies Fail to #Implement #Anti-Hacking #Security #Measures

Chief Information Officers (CIOs) at 24 US government agencies have yet to act on hundreds of recommendations to improve cybersecurity and protect personal information, the Government Accountability Office (GAO) said in a report on Wednesday.

“GAO’s preliminary results suggest that none of the 24 selected agencies have policies that fully address the role of their CIO, as called for by federal laws and guidance,” a press release summarizing the report said.

In recent years, the GAO has made 2,700 recommendations to improve the security of US federal information systems, the release explained.

“These recommendations identified actions for agencies to take to strengthen their information security programs and technical controls over their computer networks and systems,” the release said.

As of May 2018, about 800 of the information security-related recommendations had not been implemented, the release concluded.
In April, the Democratic National Committee (DNC) sued the Trump campaign, WikiLeaks and Russia over the 2016 hack of its emails.

The sphere of cybersecurity gains importance in the modern world, as with the development of technology states’ critical infrastructure increasingly depends on data security. In July 2017, Donald Trump’s administration announced it was finalizing plans to revolutionize the US’ military command for defensive and offensive cyber operations, in hopes of intensifying America’s ability to wage cyberwar against foes.

advertisement:

The post US #Gov’t #Agencies Fail to #Implement #Anti-Hacking #Security #Measures appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Agencies have #one-year #deadline to #identify #cyber workforce #shortages

The Office of Personnel Management (OPM) is giving federal agencies a one-year deadline to identify and report on skill shortages in their cybersecurity workforces.

A memorandum unveiled Monday requires each agency to tell the government’s human resource office what their “critical needs” are in a broad range of cyber workforce areas, including security and information technology.

They must submit their findings by April 2019 and provide reports for three more years after.

“I am pleased to provide guidance that will help federal agencies pinpoint their cybersecurity workforce’s most critical skill shortages,” Mark Reinhold, OPM’s associate director for employee services, wrote in a memo sent to human resources directors at different federal agencies.

“Based on these agency reports, the U.S. Office of Personnel Management will identify common needs to address from the Governmentwide perspective,” he continued.

The guidance says agencies must determine whether there is a critical need based on two criteria.

The first criteria includes what an agency deems its most glaring skill shortages in terms of staffing as well as proficiency and competency levels — both current and emerging.

The second criteria is what an agency decides is “critical to meeting the agency’s most significant organizational missions, priorities, challenges,” or its mission importance.

According to the guidance, agencies will need to conduct a self-examination to determine the “root causes” of their skill shortages in their report, including reasons like the talent pipeline, recruitment and retention, training, performance management, as well as resources and budget.

Once the agency uncovers those core issues, they must then submit a plan that lays out how they will “address and mitigate the root causes,” partly through establishing metrics and goals for mitigating such workforce shortages.

The Federal Cybersecurity Workforce Assessment Act of 2015 serves as the basis for this guidance because it outlined how the federal government would identify and then assess the critical needs for its cybersecurity workforce — specifically the National Initiative for Cybersecurity Education Workforce Framework (NICE Framework).

“The NICE Framework establishes a common lexicon that describes cybersecurity work,” Reinhold wrote.

advertisement:

The post Agencies have #one-year #deadline to #identify #cyber workforce #shortages appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

12 #Connecticut #state agencies #hit by a #cyber attack

The Department of Administrative Services (DAS) announced that the State of Connecticut suffered a ransomware attack on Friday, February 23. Although most computers were protected with adequate antivirus software, approximately 160 machines in 12 agencies were not.

DAS spokesperson Jeffrey Beckham said that, through a collaboration with agency IT and other partners, the virus was contained by the evening of Sunday, February 25. There were no reports of encrypted files or data loss, and the DAS does not believe state business will be affected by the breach.

NRA targeted by DDoS cyber criminals
Three US National Rifle Association (NRA) websites were the latest victims of memcached-based distributed denial-of-service (DDoS) attacks, as reported by Qihoo 360’s Network Security Research Lab (Netlab). nra.org, nracarryguard.com, and nrafoundation.org join other large-platform targets, including Amazon and Google. This also follows the biggest DDoS attack to date, which targeted GitHub in February 2018.

As early as February 25, Twitter users were posting about the NRA DDoS takedown. It’s likely that these attacks are politically motivated, as the pro-gun organization has been criticised following the Parkland school shooting on February 14, in which 17 people were killed. It is not uncommon for criminal hackers to launch DDoS attacks on controversial organizations and figures – past victims include the Ku Klux Klan, ISIS, and Donald Trump.

Read More….

advertisement:

The post 12 #Connecticut #state agencies #hit by a #cyber attack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Man, 30, held over #hacking attacks on two #Hong Kong #travel #agencies

Source: National Cyber Security – Produced By Gregory Evans

Officers raid IT worker’s flat on Cheung Chau and also seize two desktop computers, two laptops, one tablet, three hard disks and five mobile phones

A 30-year-old Hong Kong man was arrested in connection with cyberattacks in which the computers of two travel agencies in the city were hacked and their clients’ sensitive personal information held for ransom, with payouts in bitcoin sought last week.

The two travel agencies reported the incidents to police on January 1 and 2.

One bitcoin (HK$123,735 or US$15,819) was demanded as a ransom in each hacking case, according to police.

Officers from the force’s Cyber Security and Technology Crime Bureau raided a flat in the outlying island of Cheung Chau and arrested the man on Saturday.

During the operation, police seized two desktop computers, two laptops, one tablet, three hard disks and five mobile phones in the flat.

At lunchtime on Monday, police escorted the suspect to his workplace on Hoi Yuen Road in the Kwun Tong district of Kowloon to gather evidence.

The Post understands the suspect, a computer technician, hacked into the computers of the agencies on New Year’s Day through security loopholes on their websites hours before the companies were hit with demands for a ransom to be paid in bitcoin.

“An email was sent to the persons in charge of the companies after the personal information of more than 20,000 customers was stolen from the computer servers of the agencies,” a police source said.

“The companies were told to pay in bitcoin in a newly opened account with threats that their customers’ data would be posted on the internet if the firms failed to pay on Saturday.”

The stolen information included customers’ names, identity card numbers and contact numbers but no credit card information was involved.

Officers from the Cyber Security and Technology Crime Bureau were understood to have worked around the clock and checked tens of thousands of log records to the servers to gather information.

“Investigations showed circuitous routes were used to hack into the computer servers, but officers eventually identified the suspect through his IP address,” another source said.

He said the man was nabbed at home on Cheung Chau hours before the payment deadline.

Officers would carry out a forensic examination of the victims’ computers and hard disks to gather information, he said.

At about 5pm on Monday, the suspect was still being held for questioning and had not been charged.

“We believe his motive was to look for money,” said bureau superintendent Swalikh Mohammed said.

Investigations were continuing and he did not rule out the possibility of further arrests.

“The cyber world is not a lawless place where criminals can hide. A majority of the laws applicable to the real world can also be applied to the internet,” he warned.

He said blackmail was a serious offence that carries a maximum penalty of 14 years in prison.

Travel agency Goldjoy Holidays revealed on Thursday that unauthorised parties accessed its customer database containing personal information such as names and identity card numbers, passport details and phone numbers.

The company apologised to customers and promised it was taking steps to tighten cybersecurity.

The other agency, Big Line Holiday, said on Wednesday night that hackers might have broken into its database a day earlier and gained possession of some of its customers’ personal information.

The data was believed to include ID card numbers, home return permit numbers and phone numbers.

In a statement, Big Line said: “Our company attaches great importance to this incident and deeply apologises to the affected clients.”

Big Line, which has 13 branches and organises tours to mainland China and Asia, said it received a letter from perpetrators demanding a sum of money for the release of the information.

In November, one of the city’s largest travel agencies, Hong Kong-listed WWPKG Holdings, revealed that its customer database had also been hacked, putting at risk personal data such as ID card numbers and credit card information of some 200,000 customers.

The culprits had asked for a seven-figure ransom, to be paid in bitcoin, but the firm did not pay and instead called the police, who later managed to decrypt the data. Because of the hacking incident, all four of the agency’s branches -in Tsim Sha Tsui, Mong Kok, Causeway Bay and Sha Tin – were closed for a day.

The force recorded 653 cases of cybercrimes in 2005, the first year it began tracking such offences, and saw the number reach 5,939 in 2016, with financial losses hitting HK$2.3 billion.

The post Man, 30, held over #hacking attacks on two #Hong Kong #travel #agencies appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Agencies’ approach to IoT security highlights differences in cybersecurity approach

Source: National Cyber Security – Produced By Gregory Evans

Despite recent White House efforts to bring some standardization to federal cybersecurity, agencies are still taking different paths to secure their systems and data. Speaking at the July 18 AFCEA Energy and Earth Science IT symposium in Washington, D.C., Sean Kelley, chief information security officer at the Environmental Protection Agency, said when…

The post Agencies’ approach to IoT security highlights differences in cybersecurity approach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How Microsoft’s Azure platform can help agencies with the Cybersecurity EO

Source: National Cyber Security – Produced By Gregory Evans

How Microsoft’s Azure platform can help agencies with the Cybersecurity EO

Microsoft Security Response Center research into recent cyberattacks indicates that the average time for infection or exploitation of an unpatched node on a compromised network is as little as 90 seconds. Verizon’s Data Breach Investigation Report found that 12 percent of phishing mail recipients will click on a link or…

The post How Microsoft’s Azure platform can help agencies with the Cybersecurity EO appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures