UPDATE: White House asks public for game changing cybersecurity ideas
BY EMILY LONG
The Obama administration will open next week a web-based forum to discuss a cybersecurity research and development agenda, according to a notice published in the Federal Register…
http://www.nextgov.com/nextgov/ng_20100514_8658.php?oref=rss?zone=itsecurity
@CheriSigmon
[REPRINT] From Nextgov.com: Lieberman's cybersecurity bill leans on buying power
By Aliya Sternstein
Measure would require acquisition officers to learn about security vulnerabilities in technology products in
an effort to use the government's vast purchasing power to push vendors to provide more secure solutions.
Get the full story: http://www.govexec.com/story_page.cfm?articleid=45297
Executive Coach: They Can Handle the Truth
By Scott Eblin
Taking your career to the next level.
Wednesday, March 17
When I'm conducting feedback for a client one of the things I really like to hear from the direct reports is something like, "My manager shares information with us that other managers don't share with their teams. That helps us make better decisions and do better work." The flip side of what makes me happy is that every direct report should be singing the praises of their manager sharing information with them. When you treat people like adults, they usually respond like adults. Most people can handle the truth and resent it when they feel like they're being played. See full article here: http://blogs.govexec.com/executivecoach/
This applies to cybersecurity and other professionals. Your comments are welcome!
Cybersecurity Pros Receive Salary Bump, Hiring to Increase
The hiring managers surveyed in the U.S. said that they're looking
for candidates with specific skills in these top five categories:
operations security;
access control systems and methodology;
information risk management;
applications and system development security;
and security architecture and models.
More than half of the professionals surveyed in
the U.S. received salary increases in 2009...
(#Cybersecurity Jobs)
SOURCE: clearancejobs.com
Wired Workplace: Outlook Bright for Federal IT Jobs (Repost)
Report says the need for technology {cybersecurity} professionals within the federal government remains strong.
A new survey finds that even in the tough economy, the job outlook for information security professionals within the federal government remains strong… (ISC)2's 2010 Career Impact Survey, which interviewed nearly 3,000 information security professionals worldwide, including 668 respondents in the U.S. government, found that nearly 61 percent of federal respondents who identified themselves as having hiring abilities said they were looking to hire permanent and/or contract employees in 2010. Of those hiring, 51 percent said they plan to hire three or more information security professionals this year. Despite these hiring projections, however, nearly 54 percent of hiring managers said their biggest hiring challenge was finding candidates with the right skills...
See full column at GovExec here: http://www.govexec.com/dailyfed/0310/030810ww.htm
COMMENTARY (REPRINT)
The Human Element Complicates Cybersecurity
The human factor remains one of the great impediments to improving cybersecurity - By Johnnie Hernandez Mar 03, 2010
Cyberspace is an untamed frontier. Data networks everywhere remain vulnerable to cyber threats. As Rep. Michael McCaul (R-Texas) recently pointed out, virtually every sector of cyberspace faces danger, including the U.S. military.
Congressional hearings on cybersecurity have revealed that most federal networks have been hacked, McCaul said. Many attacks are classified as espionage, with foreign countries stealing government information. One data dump was equivalent in size to the Library of Congress.
"I hope as with 9/11 we don't turn a blind eye & have a denial-of-service attack before we address this issue," McCaul said.
Legislation passed in early February by the House could go a long way toward addressing the issue. McCaul and Rep. Daniel Lipinski (D-Ill.) are the primary sponsors of the Cybersecurity Enhancement Act of 2009, which would dedicate federal funds toward beefing up cybersecurity in the public and private sectors. The Senate is considering similar legislation.
Yet despite the congressional focus on cybersecurity, all the money, software and hardware in the world can't entirely ward off cybersecurity threats. One nontechnology factor greatly impedes cybersecurity: the human factor.
We are the weak link in the chain. Too many people think they can just throw technology at the problem, but that alone is not the answer.
If people don't follow consistent, well-defined security policies and procedures — and undergo regular cybersecurity training and exercises — then an organization's networks and data won't be safe.
Being human is our greatest strength and our greatest weakness. We are capable of developing the most innovative technical solutions for protecting a network, but if those solutions are not installed, configured and maintained properly, they will not be effective. Worse yet, they will give a false sense of protection.
In a recent report, the International Institute for Strategic Studies, a British think tank, warned of the peril of cyber warfare.
"Despite evidence of cyberattacks in recent political conflicts there is little appreciation internationally of how properly to assess cyber conflict," said John Chipman, director-general of the institute. "We are now, in relation to the problem of cyber warfare, at the same stage of intellectual development as we were in the 1950s in relation to possible nuclear war."
The recently released Quadrennial Defense Review and proposed Defense Department budget for fiscal 2011 emphasize cyber defense. For instance, the budget request supports establishment of the U.S. Cyber Command, which will organize and standardize DOD cyber defense practices.
Military outfits are fully aware of human shortfalls when it comes to cybersecurity, so they regularly conduct training in realistic settings. However, those military organizations can't undertake so-called live fire exercises without risking an actual network meltdown.
In recent times, simulators — made by a number of companies, including ours — have been employed to train defenders of military and government data networks. The best example of this is an exercise known as Bulwark Defender. Each year, the military services and government agencies practice their tactics, techniques and procedures against unknown cyber enemies intent on stealing critical information and creating havoc on our networks. This is all accomplished within the safety of a nonoperational global network used to regularly train, certify and exercise network operators.
The network is known as the Joint Cyberspace Operations Range. The range, which has been used since 2002, is run by the Air Force Network Integration Center at Scott Air Force Base, Ill. It has trained thousands of network operators and defenders; during the past three years, it's been the underlying structure for Bulwark Defender.
We must develop and build new and smarter security technology and architectures in addition to defining and documenting security policies and processes. We must remain vigilant against cyber terrorism, cyber crime and cyber mischief.
However, until we take humans out of the loop, we will have to deal with our human inadequacies.
About the Author: Johnnie Hernandez is chief executive officer of EADS North America Defense Security & Systems Solutions Inc.
Brought to You By @SecurityQ http://twitter.com/SecurityQ
United States Department of Defense Embraces Hacker Certification to Protect US Interests -2010-03-01
CEH is now formally integrated into the certification requirements for U.S. DoD IA Workforce
The U.S. Department of Defense (DoD) announces the official approval of the EC-Council Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S.cyber defenders. Specifically, the new Certified Ethical Hacker program is required for the DoD's computer network defenders (CND's), a specialized personnel classification within the DoD's information assurance workforce.
The Certified Ethical Hacker requirement falls under the auspices of DoD Directive 8570 Information Assurance Workforce Improvement Program. The current version (incorporating Change 2) was signed by Assistant Secretary of Defense, John G. Grimes and was officially instated on February 25, 2010. Directive 8570 provides clear guidance to information assurance training, certification and workforce management across all components of the DoD.
The CND groups protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information systems and computer networks.
With this directive, military service, contractors, and foreign employees across all job descriptions must show 100-percent compliance with the new Certified Ethical Hacker training requirement by 2011. This shows the DoD's focus on better training and preparation of the U.S. military workforce in this area.
The Certified Ethical Hacker qualification tests the certification holder's knowledge in the mindset, tools and techniques of a hacker, fortifying it's certification tag line: "To beat a hacker, you must think like one."
"CEH has been selected due to the immense technical and tactical nature of the certification," said Jay Bavisi, co-founder and president of EC-Council. "It is one of the most technically advanced certifications on the directive for CND professionals. In fact, it is the only certification approved across four out of the five categories to prepare the CND teams. While other policy-based programs add value, CEH prepares the U.S. CNDs to combat hackers in real time, defending U.S. interests globally."
Bavisi added: "We have been researching this space for quite some time and with this mandate from the DoD, there has never been a better time for us to beat the hackers at their own game. We are racing to research complex hacker techniques and in the next release of our CEH program, we hope to showcase in over 150 modules, detailed and extremely complex attack and countermeasures that will help raise the level of knowledge of the CND teams."
KEY FACTS:
CEH is now formally integrated into the certification requirements for U.S. DoD IA Workforce
CEH is now required for CND Analyst, CND Infrastructure Support, CND Incident Responder, and CND Auditor as defined by Directive 8570
Newly revised DoD 8570 is available at http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf
More information about EC-Council and Directive 8570 can be found at https://www.eccouncil.org/about_us/dod_8570.aspx
For more information about EC-Council, visit the website: www.eccouncil.orgThe following article makes excellent points, especially if you are a cybersecurity professional who is seeking employment now…
| |||||
What do you think of this idea from a colleague?
Establish a "Cyber Corps" - set up like the Peace Corps - for cyber monitoring and early alerts, as well as for educational purposes. Students studying cyber security would be a community asset (but not in terms of cyber war or cyber defense). The purpose would be training for future cyber warriors while concurrently helping their community. The cyber corps tasks could be to monitor and report, and to provide sensing and early warning, etc.
Rationale: Since students must reproduce scenarios in a lab anyway, why not place them in a real environment with white or gray hats instructing?
Your thoughts, please?
US Secret Service, Italian Post Form Cyber-Crime Task Force
— The US Secret Service, the Italian Post Office and the postal division of the Italian police are teaming up to fight transnational cyber-crime as the Rome-based European Electronic Crimes Task Force (EECTF).
It will be the first - and long overdue - task force designed to fight cyber crimes outside the United States and will use as its model the Electronic Crimes Task Force the Secret Service created in America.
I'm evaluating a
multi-media course on blogging from the folks at Simpleology. For a while, they're letting you snag it for free if you post about it on your blog.
It covers:
I'll let you know what I think once I've had a chance to check it out. Meanwhile, go grab yours while it's still free... - Regards, Cheri
