cyber

now browsing by tag

 
 

#cyberbullying | #cyberbully | Cyberbullying, trolling and Cyber abuse | #parenting | #parenting | #kids

“We think too much and feel too little, more than machinery we need humanity, more than cleverness we need kindness and gentleness.” This famous quote by Charlie Chaplin seems to […] View full post on National Cyber Security

#nationalcybersecuritymonth | Moody’s, Nasdaq and many others choosing Lithuania for cyber security GBS functions

Source: National Cyber Security – Produced By Gregory Evans

The following article by Invest Lithuania’s Senior Investment Advisor Monika Vilkelytė first appeared in the Outsourcing&More magazine. You can find the original here.

Assigning cyber security operations to GBS centres is a smart move for international companies. But finding the right location for such a centre can be a serious headache. Suitable locations need to have both fast, secure IT infrastructure and a strong pool (and future pipeline) of IT talent. Affordable locations offering this combination are few and far between. That’s why Lithuania, which is ranked 4th globally in the Cyber Security Index, is proving so attractive to global company groups in terms of cyber security operations. The likes of Oracle, Nasdaq and Outokumpu already have cyber security teams in Lithuania, while Moody’s is on the way to building its cyber security capabilities in Vilnius. With a strong pipeline of talent and a clearly defined National Cyber Security Strategy, there’s plenty of room for future growth.

The ever-changing face of cyber security

The number of cyber attacks made against organizations around the world is increasing every year. Worse still, the complexity and severity of these attacks is also growing, as criminals search for ever-more sophisticated ways to break through a company’s cyber defences. With huge amounts of both company and customer data in their systems, and processes that are more deeply interconnected than ever, a major cyber attack could have catastrophic consequences.

GBS and cyber security – a smart combination

To face this ever-changing threat, companies need to be innovative and responsive, constantly updating their cyber defences to meet the latest dangers. And increasingly, global companies are using the GBS model as the most effective way to manage their Cyber Security operations. By centralizing their cyber security team in one location, it becomes easier to adopt new innovative solutions. These teams are also more effective at focusing the limited time and resources a company has on mission-critical cyber services.

Finding a home for your cyber security team

Finding the right model for managing cyber security (a GBS approach) is an important first step, but executing this model well is just as important. And one of the critical decisions a company has to make is where to locate the GBS centre that manages their cyber security.

Two features characterise the ideal location for a cyber security team. The location needs to have fast, well-developed and robust IT infrastructure. It also needs a wealth of IT talent from which to build a team of experts capable of responding to the latest threats.

Finding this combination is already a tall order, without even factoring in cost. This is not an area of operations where you want to cut corners, so low cost locations that don’t offer the quality needed are out of the question. On the other hand, building a team of high quality IT experts is prohibitively expensive in many cities and countries.

Lithuania offers quality infrastructure and talent

Lithuania offers the IT infrastructure and talent businesses need for cyber security, and at competitive costs compared to other EU locations.

Ranked 4th in the Global Cyber Security index, Lithuania’s IT infrastructure is well suited to cyber security operations. It is robust, with a strong focus at the executive level on cyber readiness and resilience. In 2017 Lithuania established a National Cyber Security Centre, and the following year a National Cyber Security Strategy was approved. This strategy covers not only the government, but also a wide range of non-governmental organizations, private sector players, and scientific and educational institutions. This means the whole ecosystem is building resilience, as shown by the introduction of advanced warning systems at critical infrastructure facilities last year.

In terms of talent, there are currently 38,000 IT professionals in Lithuania, with a further 10,600 students enrolled in IT studies. Funding for IT studies was recently doubled, ensuring further growth in the flow of IT talent. The government has also invested in an upskilling project focused on key areas including cyber security and AI, with the aim of adding new specialists to the market. Universities in Lithuania’s two largest cities, Vilnius and Kaunas, offer dedicated programmes for cyber security specialists, including MScs in Information and Information Technology Security, a BSc programme in Information Systems and Cyber Security and an MSc in Cybersecurity Management.

This means the level of quality, in terms of both talent and infrastructure, is comparable to other leading EU destinations. But, unlike those locations, Lithuania is a far more cost-competitive option.

Cost advantages to help you build the right team

Junior IT staff such as database administrators of Unix / Linux administrators can be hired to a around €2,000 per month, including taxes. The average salary for a senior QA specialist with 5 years’ experience is €2,700 tax inclusive, while a Senior cyber security specialist with 5 years experience earns €3,360. This means assembling a skilled cyber security team which includes highly experienced professionals is affordable and sustainable in Lithuania.

What’s more, Lithuania has the 3rd most affordable internet rates in Europe, and office rental costs are also highly competitive. As a result, overheads for GBS centres are also low in comparison with other EU locations.

Nasdaq, Moody’s, Oracle and more

These strong fundamentals have attracted some of the world’s largest companies to set up cyber security teams in Lithuania. Moody’s established a GBS centre in Vilnius in early 2019 which is planned to include an advanced cyber security unit. In fact, the availability of talent in this area was one of the major reasons Moody’s chose Lithuania, as Duncan Neilson, SVP HR Regional Lead EMEA explained when the centre was announced:“Given our goals of hiring diverse talent and further developing our automation and cyber security capabilities, choosing Lithuania as our newest EU location makes good business sense.”

Nasdaq also operates an IT centre in Vilnius. This centre has been developing constantly since its establishment in 2015 – it grew from 30 to 300 FTEs in 3 years – and includes a cyber security team. On a visit to Lithuania, Nasdaq’s CEO and president Adena Friedman noted the strength of the IT talent available. “This place has a great talent pool,” she commented. “At first we thought Lithuania was a centre of low cost, but today Vilnius is a centre of professionalism for us. This city is going to be an ever more important player for us.”

Overall, almost 10% of the GBS centres in Lithuania perform cyber security functions. This includes GBS centres of companies such as Danske Bank, DXC Technology, Outokumpu, Devbridge Group, TransUnion and many more. And the number is growing all the time.

Cyber security products developed in Lithuania

Lithuanian cyber security teams are adept at product development as well. Oracle runs an office of 50 specialists in Kaunas who develop a range of products, including web application firewalls, and advanced API, DDoS, and cloud-based malware protection. According to Leon Kuperman, Vice President of the company’s software development division Oracle Dyn, the Kaunas team will be further expanded: “We are planning significant growth in the region, so we may need to move to a bigger office.”

TransUnion has a special team of Lithuanian cyber security specialists who continuously monitor the online security of more than 1,200 company employees and the information systems of TransUnion’s corporate customers worldwide. “The platform monitoring teams who are working on cyber security are the only TransUnion UK teams that operate 24/7, ensuring the uninterrupted and stable operation of all systems,” says  Jonas Lukošius, Manager of TransUnion’s Kaunas office.

There are a number of other cyber security development teams operating in the Kaunas-Vilnius hub. NRD Cyber Security focuses on offering protection for public service providers, law enforcement, critical infrastructure and more, while US-based Arxan offers guarding solutions injected directly into its clients’ binary code. “We currently have offices in the US, the UK, and Japan,” says Andrew Whaley, Arxan’s SVP Head of Engineering. “In the near future, Vilnius has the potential to become our largest software development office.” Then there is CUJO AI, a Lithuanian tech company that develops AI-based online security solutions.

More talent and expertise

This developed ecosystem, combined with the range of cyber security training opportunities offered by local universities, means there is plenty of know-how and experience on offer in Lithuania. Existing players are actively involved in training up new talent – Moody’s cooperates with ISM business school, Oracle offers its own multi-level training programme, and Danske Bank offers flexible arrangements to students so they can begin working while they complete their studies.

Therefore, as the sector matures, an even deeper pool of expertise in cyber security will be available to companies looking to establish GBS centres in Lithuania.

The original article can be found here.

Source link

The post #nationalcybersecuritymonth | Moody’s, Nasdaq and many others choosing Lithuania for cyber security GBS functions appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Agencies Post Opportunities for Reskilling Academy Grads to Use Their New Cyber Skills

Source: National Cyber Security – Produced By Gregory Evans

As the Trump administration works to reskill current federal employees to meet the workforce needs of the 21st century, lead agencies are now making sure there are jobs for those trainees to transition to—at least temporarily.

Wednesday, the Office of Management and Budget and Office of Personnel Management, in conjunction with the Federal Chief Information Officers Council, announced the first wave of “temporary detail opportunities.” Nine positions were posted to the Open Opportunities job board, where current federal employees can find temporary or part-time work with other agencies to improve their skills.

While the details are open to any qualified federal employee, the latest push is intended to create opportunities for graduates of the Cyber Reskilling Academy.

“We cannot overcome the shortage in the federal cybersecurity workforce overnight,” Federal CIO Suzette Kent said Wednesday in a statement. “By continuing to invest and support reskilling programs, coupled with hands-on opportunities to apply those skills, the federal government is positioning itself to strengthen our cybersecurity workforce capabilities.”

The Reskilling Academy launched in April 2019 with an initial cohort of 25 students, plucked from more than 2,000 applicants from across government with no prior cybersecurity or IT background. Those students went through 13 weeks of training and came out the other side with a set of basic cyber defense skills. However, due to the nature of the federal employment hierarchy—known as the General Schedule—those graduates were not able to immediately transition to cybersecurity jobs.

OMB recognized the job placement issue and began looking at ways to move the program forward, including first broaching the idea in October of using Open Opportunities.

“By serving as a governmentwide bulletin board for short-term assignments, details and training opportunities around the federal government, Open Opportunities will help agencies tap into the valuable talent and skills we already have and are developing within government,” said OPM Director Dale Cabaniss.

The postings that went live Wednesday do not give specific timeline for the details. However, back in October, OPM Principal Deputy Associate Director for Employee Services Veronica Villalobos told Nextgov the agency was looking at nine-month tours.

Three agencies—Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Veterans Affairs Department and the Environmental Protection Agency—posted nine openings Wednesday to Open Opportunities, most with multiple positions available.

The posts contain a brief description of the office seeking assistance, a rundown of the tasks the employee will be asked to perform and a list of skills they should expect to leave with when the detail is done.

Most of the openings focus on policy and security assessments. For example, the VA opportunity is for a “junior IT specialist to prepare, deploy and transition DOD/VA electronic health records.” In this role, the detailee will work with the Office of Electronic Health Record Modernization to review documentation for the authority to operate—a certification verifying a baseline of cybersecurity for an application—and make edits and recommendations, as needed.

Similarly, CISA has two to five openings for GS-12 to GS-15 employees to serve as cyber policy and strategy planners. The position “[d]evelops policies and plans and/or advocates for changes in policy that support organizational cyberspace initiatives or required changes/enhancements,” per the posting, which cites the job description directly from the National Initiative for Cybersecurity Education, or NICE.

The administration is also looking to expand the Reskilling Academy outside of OMB. In the president’s 2021 budget proposal, OMB directed departments to include funding for a distributed reskilling effort run independently out of each agency but based on the central Reskilling Academy model. Per the plan, the administration hopes to reskill some 400,000 federal employees in cybersecurity, data science and other technology-focused areas.

Source link

The post #nationalcybersecuritymonth | Agencies Post Opportunities for Reskilling Academy Grads to Use Their New Cyber Skills appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Here’s why the State Department may need a new cyber office

Source: National Cyber Security – Produced By Gregory Evans

The Cyberspace Solarium Commission will recommend that the Department of State establish a bureau focused on international cybersecurity efforts and emerging technologies as part of its forthcoming report, commissioners said March 3 at the Carnegie Endowment for International Peace.

The suggestion from the commission, made up of government and non-government cybersecurity experts developing cyber policy recommendations, comes as part of a broader belief in the group that the State Department needs to be more involved on cybersecurity issues.

Among the report’s 75 recommendations, set for release March 11, will be the proposal for a new State Department office called the “Bureau for Cyberspace Security and Emerging Technologies,” in addition to a new assistant secretary of state position to coordinate international outreach for cyber issues and emerging tech.

The new position would report to the deputy secretary of state or undersecretary of political affairs, according to Rep. Jim Langevin, D-R.I., a member of the commission. The goal of the new office is to take cybersecurity issues at the department and “raising its level of importance and stature … to reinforce that this is an international approach that we need to and want to take,” Langevin said.

In its fiscal 2021 budget request, released in February, the State Department asked Congress for $6 million in new funding for establish an “Cyberspace Security and Emerging Technologies” office. According to the budget request, the office would “allow the Department of State to ensure the development of long-term, comprehensive expertise in order to fully support U.S. foreign policy and diplomatic initiatives needed to meet the national security challenges posed by cyberspace and emerging technologies.”

Right now, the top cybersecurity official at the State Department is Robert Strayer, who has headed 5G policy and international outreach for that issue. That effort has centered on convincing allies not to use hardware from the China-based Huawei company in their 5G networks — an effort that has had limited success.

For example, Great Britain announced last month that it would allow Chinese tech in non-critical portions of its 5G network. Germany is also reportedly expected to make a decision soon. Chris Inglis, former deputy director of the NSA and current Solarium commissioner, said that the United States may have had limited success on the issue because U.S. policymakers were “late to the game” and there wasn’t an agency charged with that role. That’s a gap the suggested bureau would fill.

The commission is needed “so that in the future hopefully 6G, 7G, 10G will be the responsibility of somebody at least in terms of the international portfolio,” Inglis said.

Two weeks ago, the State Department was a key part of an international effort attributing a 2019 cyberattack on the country of Georgia to Russian military intelligence. Langevin wants to see more.

“They need more resources, more people, more expertise within the State Department to raise the profile and also to be able to be proactive in being involved with international …. groups that are involved in setting international cyber norms,” he said.

Source link

The post #nationalcybersecuritymonth | Here’s why the State Department may need a new cyber office appeared first on National Cyber Security.

View full post on National Cyber Security

3 Ways to Strengthen Your Cyber Defenses

Source: National Cyber Security – Produced By Gregory Evans

By taking proactive action, organizations can face down threats with greater agility and earned confidence.

Security professionals are under much pressure. It’s understandable: Within the past 12 months, 61% of US and European businesses suffered a cyberattack, up from 45% in 2018, and the figures are higher in every category of breach, according to cyber insurer Hiscox. The frequency of attacks is also up, with the number of firms reporting four or more incidents increasing from 20% to 30% over the same time period.

As cyberattacks increase in volume and get more sophisticated – and hackers become more agile – CISOs must do more to build a comprehensive security strategy that can protect critical assets, monitor impact, and recover from any unexpected attacks or disruption. Building defenses will also require a fundamental shift in thinking. Security and IT leaders should take a hard look at how they’ve been working and ask themselves: Is my security posture really rock-solid? Have I taken care of the IT hygiene basics that are so often the cause of successful breaches? And what are those core fundamentals I should implement to ensure the risk of cyberattacks is minimized as much as possible going forward?

Here are three fundamentals.

1. Patch Vulnerabilities Within Minutes, Not Days
Many organizations fail to patch their hardware and software in a timely manner. Our own recent research, conducted with Forrester Consulting, revealed it can take between 28 and 37 business days to patch IT vulnerabilities. When left open, these security gaps can make it easier for malicious actors to strike, paving the way for a host of damaging assaults. From disrupted systems to data breaches, enterprises cannot operate securely or protect their data (or their customers’ data) if they fail to patch vulnerabilities as soon as they are discovered.

Hackers can and will use any opening available to breach networks, disrupt operations, steal data, or hold it ransom. And new exploits are discovered every day.  For example, in January the National Security Agency informed Microsoft about a vulnerability that would allow an attacker to, most significantly, enable remote code execution. (Microsoft quickly patched the vulnerability, which affected Windows 10 and Windows Server 2016/2019.)

And, despite some perceptions that Mac and iOS are more secure, Apple has been dealing with ongoing jailbreak issues for iOS devices, which create security vulnerabilities and are not always easy to patch.  

But it’s not just operating systems and mainstream programs that are at risk. Qualcomm’s February 2020 Security Bulletin detailed multiple vulnerabilities, each with a “High” security rating. Among them, Adobe FrameMaker suffered a memory corruption vulnerability, which could lead to arbitrary code execution, and remote attackers could also make life difficult for those who use a Belkin N300 router.

With these and so many other vulnerabilities discovered every single day, security teams must have a real-time view of their IT enterprise. Their view needs to extend across all computing devices and endpoints, and they must have the ability to quickly patch their hardware and software and monitor their environments. To that end, a unified endpoint management platform is one effective way to monitor and patch systems more quickly, thus reducing the likelihood of breaches and disruptions. [Editor’s note: The author’s company is one of many that offer a unified endpoint management platform.]  

2. Improve the Relationship Between IT and Security Ops
Last year prove challenging for other foundational concepts as well. Our research found a misplaced sense of confidence among IT decision-makers: Eighty percent said they were certain they could act on the results of vulnerability scans, yet fewer than half (49%) were confident they had full visibility into all the hardware/software assets in their environments, including servers, laptops, desktops, and containers.

What we found is that overall visibility dramatically improves when IT and security and operations work closer together, and they are better able to defend the entire enterprise using shared sets of actionable data. Among IT decision-makers, those with strained relationships with security (40%) struggled more with maintaining both visibility and IT hygiene compared to those with good partnerships. When these two teams build walls, things fall through the cracks, mistakes are made, breaches are inevitable, and the entire organization is at risk. All it takes is them getting on the same page about goals, areas of focus, and tools at their disposal.

3. Consolidate Point Tools
Tools proliferation is one of the biggest mistakes we see organizations make. Typically, as a problem emerges, businesses acquire a tool to remedy it. This approach often leads to a mountain of tools that are hard to manage and monitor at scale. Our research shows that in the past two years alone, IT teams obtained an average of five new tools just for security.

IT leaders need to step back and aggressively take stock of all their tools. They should identify the capabilities and deliverables their organizations need to implement, which will help them gain a clearer view into their networks and determine which tools they can consolidate across both teams. The end result will be a leaner, more judiciously managed environment that will help positive business outcomes.

Always Remain Vigilant
IT teams continue to face a tremendous challenge as they move forward into a new decade. Malicious actors are more sophisticated than ever before, while many enterprises are still struggling with strained internal relationships, unpatched vulnerabilities, and a lack of comprehensive endpoint visibility. By taking proactive action on these three steps, organizations can face down threats with greater agility and earned confidence.

Related Content:

Chris Hallenbeck is a security professional with years of experience as a technical lead and cybersecurity expert. In his current role as CISO for the Americas at Tanium, he focuses largely on helping Tanium’s customers ensure that the technology powering their business can … View Full Bio

More Insights

Click here for the Source link

The post 3 Ways to Strengthen Your Cyber Defenses appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Department of Parliamentary Services gives itself cyber tick of approval

Source: National Cyber Security – Produced By Gregory Evans


Image: Asha Barbaschow/ZDNet

The Australian Department of Parliamentary Services (DPS) has self-assessed that everything is mostly fine with its infrastructure, following a leaked report that everything was not.

Last month, the ABC reported that an internal audit written by KPMG had given many elements of DPS the lowest cyber maturity rating possible.

At Senate Estimates on Monday morning, DPS secretary Rob Stefanik said the leaked report was a draft prepared after the advisory giant had completed its “preliminary field work”.

“It wasn’t until a process of validation and verification that a lot of the information presented in that draft was simply found to be incorrect and the final report that they had produced, which had an implementation plan in it, in July 2019, did not have the statements in it that the original draft did.”

Stefanik said that instead of receiving the “ad hoc” rating — the lowest possible rating on a scale that ranges from ad hoc to developing, to managing, to embedded as the highest rating — the department bagged a “managing” rating in 85 of 88 criteria, with the remaining three being scored as “developing”.

Labor Senator Kimberley Kitching asked to what extent the department was able to self-assess its cyber maturity.

“It’s entirely self-assessment,” Stefanik replied.

Senate President Scott Ryan said the final report would not be released, and senators could take their concerns to the private Senate Standing Committee on Appropriations, Staffing, and Security.

“It is not appropriate to release that report because it contains information that could be used to weaken our cybersecurity,” he said.

“We have more lengthy discussions on these matters in a non-public forum to which all senators are entitled to attend and, having consulted officials, both in the Department of the Senate and in DPS, it is the view that that committee, which has a specific mandate regarding information technology in its terms of reference, is the appropriate place to discuss matters that should not be drawn to public attention or exposed to public.”

In earlier remarks, Ryan said public sector networks were targeted across a four-day period in October.

“During this period, the investment that DPS made in cybersecurity has paid dividends,” Ryan said.

“Our cybersecurity operation centre was able to leverage information from partners to be well prepared in advance of the campaign, and protective controls in place, blocked many attempts to inject malware into the environment.”

The attackers also went after parliamentary staff on their personal email addresses in an attempt to gain access to the parliamentary network.

“I’m pleased to report that there was a high degree of co-operation by users during this period, combined with the maturing cybersecurity defences that have been put in place. They both ensured that the parliamentary environment was protected from this attack,” the Senate President said.

“This is one example of many cases on a daily basis where parliament is targeted by malicious actors.”

The parliamentary network and Australia’s political parties were not successfully defended during an attack in February 2019.

For eight days, the attacker described as a state actor was able to remain on the network.

“While I do not propose to discuss operational security matters in detail, I can state that a small number of users visited a legitimate external website that had been compromised,” Ryan said at the time.

“This caused malware to be injected into the Parliamentary Computing Network.”

The incident highlighted the awful password practices present with Australia’s parliament.

Related Coverage

Parliament House hack report reveals poor password practices

It took eight days to flush February’s cyber attackers from Australia’s parliamentary network. A procedure to authenticate staff asking to reset their boss’ passwords only came another week later.

Ransomware infection takes some police car laptops offline in Georgia

Ransomware infection impacted police car laptops for the Georgia State Patrol, Georgia Capitol Police, and the Georgia Motor Carrier Compliance Division.

Department of Parliamentary Services says February attack was ‘detected early’

The department admitted it has work to do on fighting external threats.

Australian government computing network reset following security ‘incident’

Department of Parliamentary Services says there is no evidence to suggest data has been taken or accessed, or that the incident is part of a plan to influence electoral processes.

Cybercriminals flooding the web with coronavirus-themed spam and malware (TechRepublic)

Hackers have expanded their exploitation of the outbreak fears with hundreds of scams and operations.

Source link

The post #cyberfraud | #cybercriminals | Department of Parliamentary Services gives itself cyber tick of approval appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Cyber Minds: Expert Insights on Blockchain and Much More

Source: National Cyber Security – Produced By Gregory Evans

Shira Rubinoff is the President and Co-Founder of Prime Tech Partners, which is a unique incubator in NYC.  She is also the President of SecureMySocial, which warns people of social media problems in real time. 

In Shira’s new book “Cyber Minds,” we see a unique mix of cutting-edge perspectives on blockchain and where it is going, insights on several hot technologies like AI and the Internet of Things (IoT) as well as solid cybersecurity advice for technology and business leaders.   

Cutting right to the core, this book offers the best practical content l I have seen regarding blockchain’s potential, future and cybersecurity opportunities and drawbacks. The materials on blockchain, which includes interviews with thought-leaders in the area, are simply ground-breaking.

Here’s an excerpt from page 52 regarding blockchain:

“If you look into the financial services space, we’ve blueprinted the financial architecture and sort of overlaid it with the crypto industry. When you look at that, you realize that within five year, something amazing has been built. We’ve got exchanges, wallets, mining, interfaces, and so on. It’s all moving towards institutional grade infrastructure.

Logistics is another example. In the past few weeks, we’ve heard the news of the biggest competitors in logistics coming together. I believe it was DHL, UPS, and FedEx coming together to think about how they can use blockchain to reduce and merge the burden of governance in the system. We’ll get more efficient Internet safety from that.

Blockchain is being used by farmers for cattle feeding and in Switzerland, it’s starting to be used in the watch industry and the butter industry among others. …”

Here’s one other excerpt that I like from page 60 (quoting Sally Eaves) on the leading blockchain sectors:

“Yes, I would say two sectors (are leading) – financial (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> Cyber Minds: Expert Insights on Blockchain and Much More <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | MAS reminds of vigilance against cyber threats taking advantage of coronavirus situation

Source: National Cyber Security – Produced By Gregory Evans SINGAPORE: The Monetary Authority of Singapore (MAS) reminded financial institutions to remain vigilant on the cybersecurity front amid cases of “cyber threat actors” taking advantage of the coronavirus situation to conduct email scams, phishing and ransomware attacks.  In a media release on Sunday (Feb 9), MAS said […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Cyber Security Today – Oscar movie scams, and make sure you update these products

Source: National Cyber Security – Produced By Gregory Evans Movie scams, and make sure you update Windows, WhatsApp and Cisco products Welcome to Cyber Security Today. It’s Friday February 7th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com. To hear the podcast click on the arrow below:    On Monday’s podcast I warned […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | NSA General Counsel Glenn Gerstell Moves Cyber Work to Think Tank

Source: National Cyber Security – Produced By Gregory Evans

Glenn Gerstell, former general counsel of the NSA

Glenn Gerstell, who spent much of the last five years pounding a steady drumbeat warning of a global cyber pandemic, has left his job as general counsel at the U.S. National Security Agency. His last day was Jan. 31.

Gerstell will be a senior adviser at the Center for Strategic & International Studies in Washington, D.C., beginning this month. The center, a nonpartisan think tank on global challenges, was not immediately able to provide a start date.

Gerstell took the National Security Agency’s general counsel job in 2015 after working 40 years at Milbank, Tweed, Hadley & McCloy, where he served as managing partner of the firm’s Washington, D.C., Singapore and Hong Kong offices.

At the spy agency, he oversaw about 100 attorneys who “functioned in a manner comparable to corporate in-house counsel,” according to an online description of his office structure. He reported to the U.S. Department of Defense general counsel.

Asked for comment, the agency Monday referred Corporate Counsel to a speech Gerstell made Jan. 15 to an American Bar Association committee. In the speech, he said, “It is almost impossible to overstate the gap between the rate at which the cybersecurity threat is getting worse relative to our ability to effectively address it. The simple fact of the matter is that no nation has yet found an effective solution to stop foreign malevolent cyberactivity.”

The speech discussed three key points that challenge national security:

  • Technology is less susceptible to or contained by national boundaries, with other countries, especially China, having the potential to surpass U.S. advances.
  • Cross-border cyberactivity makes “it harder to hold a foreign nation-state accountable for domestic damage. All of this introduces extraordinary complexity into international relations and national security arrangements.”
  • The balance between the federal government and the private sector in the area of technology is undergoing rapid, significant change, with the private sector in the lead. “The extent to which this puts effective power in the hands of the private sector and the extent to which the private sector is permitted or required to share that information with the government will be a defining public policy question of the next decade.”

Citing his upcoming departure, Gerstell concluded his speech by praising the men and women at the spy agency.

“Having had the privilege of assisting on the front lines in national security efforts,” he said, “I am confident that we have intellectual ability, moral integrity, skills and dedicated professionals across the intelligence community and defense establishments. In short, I have no doubt that we are capable of addressing these challenges. But it will require a broad and integrated effort to do so, and I know that the lawyers in the national security sector… can and should be in the vanguard in addressing these challenges.”

The speech was a calmer version of a lengthy opinion article Gerstell wrote for the New York Times last September in which he warned that “the unprecedented scale and pace of technological change will outstrip our ability to effectively adapt to it.”

He went on to write, “The digital revolution has urgent and profound implications for our federal national security agencies. It is almost impossible to overstate the challenges … The short period of time our nation has to prepare for the effects of this revolution is already upon us, and it could not come at a more perilous and complicated time.”

The article cited the “extraordinary economic and political power” that technology puts in the hands of the private sector, and its “potential for a pernicious effect on the very legitimacy and thus stability of our governmental and societal structures.”

Gerstell served on the President’s National Infrastructure Advisory Council, which reports to the president and the secretary of Homeland Security on security threats to the nation’s infrastructure, as well as on the District of Columbia Homeland Security Commission.

A graduate of New York University and Columbia University School of Law, he previously served as an adjunct law professor at the Georgetown University School of Law and New York Law School.

When he retired from Milbank in 2015, Gerstell said of his new national security job, “There is a tremendous level of technical expertise here. At this agency, everyone is mission-driven; they truly want to be here. They probably could be making lots more money working at Facebook or Microsoft, but they’re here because they believe they are doing something important—and they are.”

Source link

The post #nationalcybersecuritymonth | NSA General Counsel Glenn Gerstell Moves Cyber Work to Think Tank appeared first on National Cyber Security.

View full post on National Cyber Security