Apr 29 2011

Top Five Hollywood Hackers Movie

Category: cyber security,Information SecurityDISC @ 11:23 am
Hollywood Sign

Image via Wikipedia

In movies the hacker tries to hack into a Department of Defense computer by speed-typing passwords. We all know reality is nothing like this and we see it as the joke that it is.

But business management don’t see the inherent risks as affecting business bottom line but a hindrance to another new project; they don’t see the research, the probing, the social engineering, risk impact, risk probability and overall risk as security professional do. It is our job as a security professional to show the risks in business terms to management so they can make a reasonable decision based on business risk threshold rather than emphasis on hinderance to bottom line. Remember the return on investment in security is part of doing business, it’s about reducing risks on ongoing basis and keep the company profitable on long term basis (keep making the money).

Emphasize management’s accountability for the risk and most importantly for residual risks (remaining risk after implementing a control). Put the onus on the Information Asset Owner who should be at the management level not a technical staff (may delegate responsibilities in small companies). Make clear recommendations but let them make the key decisions AND make them accountable if things may go wrong.

So yes, management is more impressed by flash and glamour, Because they know and good at analyzing the business risks but take the security risks as business inhibiting to their new project and may like to accept the risks rather than taking the time to address the issue which should be a corrective control to mitigate the existing risk to acceptable level.

What do you think – Do the Hollywood movies add any value in a sense to emphasis the information security risks as a threat to business folks or they just fictional stories which make business people ignore the information security threat?

Which one is your favorite hacker movie….

Below are the top three hackers movies

3-Hackers, 2-Untraceable, 1-WarGames



Tags: Business, Cinema of the United States, Hollywood, Information Security, Management, Risk, United States Department of Defense, WarGames

Mar 28 2011

McAfee report: Cyber thieves target firms’ secrets

Category: cyber security,CybercrimeDISC @ 1:36 pm

Alex O’Donnell and the 40 CyberThieves

sfchronicle.com by Marcus Chan

Social Security numbers and other personal information have been popular targets by cyber crooks. But a new report says thieves have shifted their focus to corporate data such as trade secrets and marketing plans, making it the “new currency” of the underworld economy.

The report, based on a global survey of more than 1,000 senior IT workers, follows recent headlines of hacker attacks on Nasdaq OMX Group, RSA Security and energy companies.

When it comes to these targeted attacks, many companies have taken the approach that “it won’t happen to us, and if it does, we’ll just pay for it then,” said Simon Hunt, a vice president and chief technology officer at McAfee, which is based in Santa Clara. “What’s become evident over the past year is that it’s happening more than people expected.”

McAfee, which sells cyber security products and services, authored the study with SAIC, a scientific and engineering company that works with national security agencies.

The potentially bigger payday from selling stolen proprietary data, along with the trend of businesses putting more of their information in the cloud, have made intellectual capital a bigger target, the report said.

To illustrate the impact of these targeted attacks, the report noted how a quarter of the companies said a data breach – or the serious threat of one – caused them to either stop or delay a merger and acquisition or a new product rollout.

The survey also found that when an organization suffers a data breach or loss, only 3 out of 10 report all such instances to government agencies or authorities, or stockholders. About 6 out of 10 “pick and choose” the incidents they report.

“Companies certainly aren’t doing all the reporting they should or that I think most people would like them to,” said Scott Aken, vice president for cyber operations at SAIC.

Businesses are also “generally trying to store their data in locations where they’re offered the best ability to pick and choose whether they have to notify (about) a breach or not,” he added. “Some countries’ laws are set up in such a way that maybe they don’t have to report.”

Further obscuring the full picture of data theft is the fact that many companies may not even realize they’ve been breached.

“Malware is really clever, hides itself well and is hard to detect,” said Fred Rica, a security expert and principal at PricewaterhouseCoopers. “We still see a lot of clients where we find evidence of a breach on their network, but they just didn’t know.”

Rica also said that amid cyber criminals’ efforts to steal intellectual capital, he’s still seeing a huge amount of personally identifiable information, such as credit card numbers, being stolen.

Among the report’s other findings:

— Lost or breached data cost companies more than $1.2 million on average. That compares to less than $700,000 in 2008, when a similar study was done.

— In the United States, China and India, organizations are spending more than $1 million a week on protecting sensitive data abroad.

— Employees’ lack of compliance with internal security policies was considered the greatest challenge to securing information.

As for the outlook, Aken of SAIC expects to see more of these sophisticated attacks.

“We’ll continue to see very well-coordinated attacks against big companies that have good security postures in place,” he said.

Mar 24 2011

Federal Cyber Attacks Rose In 2010

Category: cyber securityDISC @ 9:16 pm
Injuries incurred by service members are cover...

Image via Wikipedia

Federal Cyber Attacks Rose 39% In 2010

Cyber attacks on the federal government increased in 2010 over the previous year, even though the total number of cybersecurity incidents was down overall, according to a new report from the Office of Management and Budget (OMB).

There were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team (US-CERT), according to the OMB’s fiscal year 2010 report on federal implementation of the Federal Information Security Management Act (FISMA). The number represented a 39% increase over 2009, when 30,000 incidents were reported by the feds, of 108,710 attacks overall, according to the report.

To read more on Federal Cyber Attacks Rose 39% In 2010

Richard Clarke: U.S. Chamber committed felony in ChamberLeaks scandal


Tags: Computer security, Federal government of the United States, Flickr, Office of Management and Budget, United States, United States Computer Emergency Readiness Team, United States Department of Veterans Affairs, Veteran

Mar 19 2011

Computer security and crime prevention tips for businesses

Category: cyber securityDISC @ 10:09 pm

Top Ten Tips™: Computer Security

By SDPD

Computer crimes involve the illegal use of or the unauthorized entry into a computer system to tamper, interfere, damage, or manipulate the system or information stored in it. Computers can be the subject of the crime, the tool of the crime, or the target of the crime.

As the subject of a crime, a criminal would use your computer or another computer to willfully alter the information stored in your computer, add fraudulent or inaccurate information, delete information, etc. Motives for this include revenge, protest, competitive advantage, and ransom.

As the tool of a crime, a criminal would use a computer to gain access to or alter information stored on another computer. In one common mode of attack a hacker would send a “spear phishing” e-mail to employees who have access to the business bank account. The e-mail would contain an infected file or a link to a malicious website. If an employee opens the attachment or goes to the website, malware that gives the hacker access bank account log-ins and passwords would be installed on the computer. The hacker would then have electronic payments made to accounts from which the money would be withdrawn. Criminals also use computers to commit various frauds and steal identities and other information.

As the target of a crime, computers and information stored in them can be stolen, sabotaged, or destroyed. Sabotage includes viruses, malware, and denial-of-service attacks. Trade secrets and sensitive business information stored in computers can be lost in these kinds of attacks.

Your computers and the information in them should be protected as any valuable business asset. The following tips deal with physical and operational protective measures, Wi-Fi hacking and hotspot dangers, personnel policies and employee training, anti-virus and spyware protection, protecting your bank accounts, use of social media, preventing and dealing with data breaches, and safer use of the Internet. For more details see National Institute of Standards and Technology (NIST) Interagency Report NISTIR 7621 entitled Small Business Information Security: The Fundamentals, dated October 2009. It’s available online under NIST IR Publications on http://csrc.nist.gov.
Also, consider joining the FBI’s InfraGard, a partnership with the private sector with the goal of promoting an ongoing dialogue and timely communications between its members and the FBI. Its members gain access to information that enables them to protect their assets from cyber crimes and other threats by sharing information and intelligence. Go to www.infragard.net to apply for membership.

To read more on this article: Crime News: Computer security and crime prevention tips for businesses

Top Ten Tips: Computer Security

Mar 16 2011

Hacking Cars with MP3 Files

Category: cyber securityDISC @ 1:20 pm

by Bruce Schneier

“By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car’s stereo, this song could alter the firmware of the car’s stereo system, giving attackers an entry point to change other components on the car.”

Impressive research:

To see all the comments on this posting on Hacking Cars with MP3 Files

The latest most devastating hacks and possible countermeasures

Mar 13 2011

Lessons from Anonymous on cyberwar

Category: cyber security,CybercrimeDISC @ 11:44 am
Cyberwar soldiers

Image via Wikipedia

By Haroon Meer
A cyberwar is brewing, and Anonymous reprisal attacks on HBGary Federal shows how deep the war goes

“Cyberwar” is a heavily loaded term, which conjures up Hollywood inspired images of hackers causing oil refineries to explode.

Some security celebrities came out very strongly against the thought of it, claiming that cyberwar was less science, and more science fiction.

Last year on May 21, the United States Cyber Command (USCYBERCOM) reported reaching initial operational capability, and news stories abound of US soldiers undergoing basic cyber training, which all point to the idea that traditional super powers are starting to explore this arena.

Recent activities with one government contractor and Anonymous, however, show clearly that cyber operations have been going on for a long while, and that the private sector has been only too ready to fill the cyber mercenary role for piles of cash.

To read the remaining article and Anonymous vs. HBGary

Tags: Anonymous (group), cyberwarfare, Haroon, Hollywood, Loaded language, Oil refinery, Organisation for Economic Co-operation and Development, United States Cyber Command

Feb 17 2011

RSA conference looks at online vulnerability

Category: cyber security,Smart PhoneDISC @ 5:27 pm

By James Temple

The hottest trends in technology also represent some of the gravest threats to corporate data security.

Mobile devices, social networking and cloud computing are opening up new avenues for both cyber criminals and competitors to access critical business information, according to speakers at this week’s RSA Conference 2011 at San Francisco’s Moscone_Centerand a survey set for release this morning.

The poll of 10,000 security professionals, by Mountain View market research firm Frost & Sullivan, also concluded that corporate technology staffs are frequently ill prepared to deal with many of the new threats presented by these emerging technologies.

“The professionals are really struggling to keep up,” said Rob Ayoub, global program director for information security research at Frost & Sullivan.

  • Mobile: Mobile devices ranked near the top of their security concerns, coming in second behind applications, such as internally developed software and Internet browsers.

    • Businesses face a number of threats from the increasingly common use of smart phones and tablets by their workers, including malicious software that attacks the operating systems, or the simple loss or theft of devices often laden with corporate information.

    Juniper Networks, a sponsor of the RSA conference, presented some eye-catching – if also self-serving – statistics during a session titled “Defend Your Mobile Life.”

    Mark Bauhaus, an executive vice president at Juniper, said that 98 percent of mobile devices like smart phones and tablets aren’t protected with any security software, and that few users set up a password. That’s troublesome, he said, given that:

    — 2 million people in the United States either lost or had their phones stolen last year;

    — 40 percent of people use their smart phone for both personal and business use;

    — 72 percent access sensitive information, including banking, credit card and medical records;

    — 80 percent access their employer’s network over these devices without permission.

    Read more: New Technologies bring new threats

    Mobile devices new threats and countermeasures

    Feb 10 2011

    China-based hackers targeted oil, energy companies in ‘Night Dragon’ cyber attacks

    Category: cyber securityDISC @ 8:34 pm
    Utility

    Image by lisbokt via Flickr

    From the LA Times

    China-based hackers may have been stealing sensitive information from several international oil and energy companies for as long as four years, cyber-security firm McAfee Inc. said in a report Thursday.

    The company said it traced the “coordinated covert and targeted cyberattacks” back to at least November 2009 and that victims included companies in the U.S., Taiwan, Greece and Kazakhstan. McAfee has dubbed the security breach “Night Dragon.”

    McAfee said the hackers, using techniques and tools originating in China and often found on Chinese hacking forums, grabbed details about company operations, project financing and bidding that “can make or break multibillion dollar deals.”

    Operating through servers in the U.S. and the Netherlands, the company said, the hackers exploited vulnerabilities in the Microsoft Windows operating system. Techniques included social engineering, spear-phishing, Active Directory compromises and remote administration tools, or RATs.

    Although elaborate, Santa Clara-based McAfee said the hacking method was “relatively unsophisticated.” And because most of the Night Dragon attacks originated between 9 a.m. and 5 p.m. Beijing time on weekdays, the cyber-security firm said it suspects that the hacking was not the work of freelancers.

    Tags: Active Directory, china, Greece, Kazakhstan, McAfee, Microsoft Windows, phishing, Taiwan

    Feb 01 2011

    Top 15 hacking tools & utilities

    Category: cyber securityDISC @ 1:05 pm

    A list of 15 Hacking Tools & Utilities from darknet.org.uk.

    Experienced user may recognize most of these tools and for others who are not so familir with these tools may provode a good place to start with a good explanation.

    Here is a short list of all the other tools mentioned: Nmap, Nessus Remote Security Scanner, John the Ripper, Nikto, Superscan, pof, Ethereal, Yersinia, LCP, Cain and Abel, Kismet, Netstumbler and hping.

    Make sure you check these tools in a safer environment and have a proper authorization to use these tools on a client or business environment.

    Here is a list again 15 Hacking Tools & Utilities for your review. Please share your thought on some your favorite tools which works for you.

    To know more the latest titles on security tools

    Jan 27 2011

    Cyber Attacks Jeopardize Superpower Status

    Category: cyber securityDISC @ 3:09 pm

    Cyberspace enable e-mail, electricity grids, international banking and military superiority.
    We can’t live without cyberspace – but increasingly, experts say its openness is putting the United States in jeopardy.

    “We can say that sovereignty’s at risk,” said Sami Saydjari. He heads the Cyber Defense Agency, an information security company.

    “Basically our whole superpower status as the United States depends on computers,” he said. “We lose them, we lose our status as a superpower. We become a Third World country overnight.”

    http://www.youtube.com/watch?v=V3rNiKF4ku8

    Tags: Cyber Defense Agency, Cyber-warfare, cyberwar, Sami Saydjari, superpower status

    Dec 21 2010

    Digital Photocopiers Loaded With Secrets

    Category: cyber security,Information PrivacyDISC @ 10:13 pm

    How a digital copier can become a treasure trove for an identity thief, because they have a hard drive which permanently store all images which have been digitally printed, scanned, faxed, emailed or copied on that printer. Storing images on the hard drive can be a huge threat to the security of an organization and a serious breach to the privacy law when these printers need maintenance, needed to be returned at end of a lease period or simply retired without erasing the data from the hard drive.

    Due diligence of erasing the data before an identity thief gets their paws on it is squarely falls on the shoulder of the organization who owns the digital printer.

    Dec 19 2010

    Protect your credit card information and avoid Fraud

    Category: cyber securityDISC @ 10:51 pm
    NEW YORK - MAY 20: In this photo illustration...
    Image by Getty Images via @daylife

    Essentials of Online payment Security and Fraud Prevention

    As we all know that credit card frauds are on the rise and crooks are utilizing more advanced techniques to acquire credit card information. In these circumstances anyone can lose their private and credit card information to crooks. Individual due diligence is necessary to protect credit card information and below are few measures which can help to protect it.

    – At least once a year (or preferably every 6 months) report each one of your cards missing, so that your credit card company would issue you a new card. This is because often crooks steal credit card info but they wait to collect many (at least a million) before they sell them and this process typically takes a year (according to FBI) so most of the times your credit card info may be compromised but you don’t know about it until the crook sells it to a buyer and then in a matter of 1-2 weeks you get hit by tons of purchases and before you know it you credit card is maxed and you are stuck with proving it wasn’t you.

    – Sign up with www.LifeLock.com, instead of the many identity theft programs that your bank offers. This program costs about $80-$100 a year (similar in cost to what banks like Chase and WFB offer) but this program TRULY covers all the costs of when your identity is stolen and cards are maxed. They do by far MORE than the other programs that banks offer and they cover all the costs that you may incur (including replacing your PC that maybe infected with a virus).

    – If anyone calls you (from Visa, MC, AmEx or any credit card company) and told you anything like your credit card has been used, stolen, etc, get their telephone number and tell them you will call them back before you say ANYTHING to them. And then call the 800 number on the back of your card and verify that the phone number they gave you is indeed a valid number. Do NOT give anything, specially the 3 digit off the back of your card to anyone who calls you.

    – As always, do NOT enter your ATM card PIN into any email.

    – Do NOT open any emails from anyone that you do NOT know. If you do, and there is a .pdf file is attached, make sure it makes sense that the sender has sent you this file otherwise do NOT open the .pdf file. Many viruses are embedded in .pdf files (Not pictures or txt files, just .pdf)

    – If you do on-line banking (as we all do) do NOT do bill payment or if you do then once a day check the balance in your account. Also, if possible contact your bank and BAN any WIRE TRANSFERs from your account. Tons, tons of wire transfer fraud has happened during the past year or two and people have LOST THEIR MONEY, the banks have NO obligation to repay even if you can prove you didn’t do the transfer. They say that your computer was hacked and that is YOUR fault not theirs. Check your bank account balances DAILY as with wire transfer you have 24 hours (in most cases) to reverse it but if it is gone then your money is GONE and you may never be able to collect it back.

    – NEVER give your laptop for repair or upgrades to anyone that you do NOT know really well. Once your laptop or computer is in the hands of a crook he can install spyware and other programs that will go into the core of your PC and nothing, as in NOT EVEN FORMATTING YOUR HARD DISK, can get rid of the virus or spyware. Your only option is to throw away your PC and buy a new one.

    – When online, if you happen to go to a website that had many different items on it; such as “Sarah Palin’s info”, “Earthquake victims”, “Las Vegas Deals”, etc. DO NOT open any files or documents (don’t click on them). These websites are put together by very smart crooks who want to attract people so they have a variety of info posted but each article has a virus/spyware loaded in it and if you click on it the virus will be loaded into your PC and from that point on they can monitor your keyboard entries, even the screens you look at. Avoid any website that has an unusual or strange collection of info on them.

    – Have one credit card with a low limit ($1000-$2000) only for use on internet purchases.

    – Have another card with even a lower limit ($500) only for use in Gas stations. Gas stations have the highest rate of fraud because the pumps have Readers/Pin pads in them that are really old and do NOT have any security feature in them. So have a very low limit card only for use in Gas stations.

    – Have one/more high limit cards that you only use when you purchase something that you SIGN for, and always check your statements at the end of the month.

    Related articles

    Tags: Business, Consumer, Credit card, Financial services, Identity Theft, Merchant Services, Sarah Palin, Wire transfer

    Dec 13 2010

    Cyber War: The Next Threat to National Security and What to Do About It

    Category: cyber security,CybercrimeDISC @ 5:54 pm

    Richard Clarke’s credentials are well established, having been a national security advisor to presidents of both parties

    “The major shock about the mischievous WikiLeaks—even more than the individual headline items—is that it dramatizes how vulnerable we still are. Digitization has made it easier than ever to penetrate messages and download vast volumes of information. Our information systems have become the most aggressively targeted in the world. Each year, attacks increase in severity, frequency, and sophistication. On July 4, 2009, for instance there was an assault on U.S. government sites—including the White House—as well as the New York Stock Exchange and Nasdaq. There were similar attacks that month on websites in South Korea. In 2008, our classified networks, which we thought were inviolable, were penetrated. Three young hackers managed to steal 170 million credit-card numbers before the ringleader was arrested in 2008.”

    From Publishers Weekly
    “On today’s battlefields computers play a major role, controlling targeting systems, relaying critical intelligence information, and managing logistics. And, like their civilian counter-parts, defense computers are susceptible to hacking. In September 2007, Israeli cyber warriors “blinded” Syrian anti-aircraft installations, allowing Israeli planes to bomb a suspected nuclear weapons manufacturing facility (Syrian computers were hacked and reprogrammed to display an empty sky). One of the first known cyber attacks against an independent nation was a Russian DDOS (Deliberate Denial of Service) on Estonia. Since it can rarely be traced directly back to the source, the DDOS has become a common form of attack, with Russia, China, North Korea, the U.S., and virtually every other country in possession of a formidable military having launched low-level DDOS assaults. Analysts across the globe are well aware that any future large-scale conflict will include cyber warfare as part of a combined arms effort. Clarke and Knake argue that today’s leaders, though more computer savvy than ever, may still be ignorant of the cyber threats facing their national security.”

    Dec 06 2010

    U.S. looks to protect computer networks as rogues hack away

    Category: cyber securityDISC @ 10:16 am

    By Lolita Baldor

    WASHINGTON — It will take several more years for the government to fully install high-tech systems to block computer intrusions, a drawn-out timeline that enables criminals to become more adept at stealing sensitive data, experts say.

    As the Department of Homeland Security moves methodically to pare down and secure the approximately 2,400 network connections used every day by millions of federal workers around the world, experts suggest that technology already may be passing them by.

    The department that’s responsible for securing government systems other than military sites is slowly moving all the government’s Internet and e-mail traffic into secure networks that eventually will be guarded by intrusion detection and prevention programs. The networks are known as Einstein 2 and Einstein 3.

    Progress has been slow, however. Officials are trying to complete complex contracts with network vendors, work out technology issues and address privacy concerns involving how the monitoring will affect employees and public citizens.

    The WikiLeaks release of more than a quarter-million sensitive diplomatic documents underscores the massive challenge ahead, as Homeland Security labors to build protections for all of the other, potentially more vulnerable U.S. agencies.

    “This is a continuing arms race and we’re still way behind,” said Stewart Baker, former Homeland Security undersecretary for policy.

    The WikiLeaks breach affected the government’s classified military network and was as much a personnel gap as a technological failure.

    Officials believe the sensitive documents were stolen from secure Pentagon computer networks by an Army intelligence analyst who downloaded them onto a CD.

    The changes sought by Homeland Security on the government’s non-military computers would be wider and more systemic than the immediate improvements ordered recently by the Departments of Defense and State as a result of the WikiLeaks releases.

    Those changes included improving the monitoring of computer usage and making it harder to move material onto a portable computer flash drive or CD.

    Related articles

    Tags: DHS, Einstein 1, Einstein 2, IDP, IDS, Intrusion Detection and Prevention, WikiLeaks

    Oct 20 2010

    Incidence Of Cybertheft Surpasses Incidence Of Physical Theft

    Category: cyber securityDISC @ 1:17 pm
    私は No Click!
    Image by mie_journal via Flickr

    Fraud-related losses rose 20 percent to $1.7 billion in the past year, Kroll study says

    Incidence of theft of information and electronic data at global companies has overtaken physical theft for the first time, according to a study released yesterday.

    According to the latest edition of the Kroll Annual Global Fraud Report, the amount lost by businesses to fraud rose from $1.4 million to $1.7 million per $1 billion of sales in the past 12 months — an increase of more than 20 percent.

    The findings are the result of a study commissioned by Kroll and conducted by the Economist Intelligence Unit, which surveyed more than 800 senior executives worldwide.

    To read more: Incidence Of Cybertheft Surpasses Incidence Of Physical Theft

    Related articles

    Tags: Computer crime, crime, Economist Intelligence Unit, fraud, Identity Theft, Security, Theft, United States

    Sep 09 2010

    DHS Cyber security Watchdogs Miss Hundreds of Vulnerabilities on Their Own Network

    Category: cyber securityDISC @ 8:36 am
    Seal of the United States Department of Homela...
    Image via Wikipedia

    By Kevin Poulsen @wired.com

    The federal agency in charge of protecting other agencies from computer intruders was found riddled with hundreds of high-risk security holes on its own systems, according to the results of an audit released Wednesday.

    The United States Computer Emergency Readiness Team, or US-CERT, monitors the Einstein intrusion-detection sensors on nonmilitary government networks, and helps other civil agencies respond to hack attacks. It also issues alerts on the latest software security holes, so that everyone from the White House to the FAA can react quickly to install workarounds and patches.

    But in a case of “physician, heal thyself,” the agency — which forms the operational arm of DHS’s National Cyber Security Division, or NCSD — failed to keep its own systems up to date with the latest software patches. Auditors working for the DHS inspector general ran a sweep of US-CERT using the vulnerability scanner Nessus and turned up 1,085 instances of 202 high-risk security holes (.pdf).

    “The majority of the high-risk vulnerabilities involved application and operating system and security software patches that had not been deployed on … computer systems located in Virginia,” reads the report from assistant inspector general Frank Deffer.

    Einstein, the government’s intrusion-detection system, passed the security scan with flying colors, as did US-CERT’s private portal and public website. But the systems on which US-CERT analysts send e-mail and access data collected from Einstein were filled with the kinds of holes one might find in a large corporate network: unpatched installs of Adobe Acrobat, Sun’s Java and some Microsoft applications.

    In addition to the 202 high-risk holes, another 106 medium- and 363 low-risk vulnerabilities were found at US-CERT.

    “To ensure the confidentiality, integrity, and availability of its cybersecurity information, NCSD needs to focus on deploying timely system-security patches to mitigate risks to its cybersecurity program systems, finalizing system security documentation, and ensuring adherence to departmental security policies and procedures,” the report concludes.

    In an appendix to the report, which is dated Aug. 18, the division wrote that it has patched its systems since the audit was conducted.

    DHS spokeswoman Amy Kudwa said in a statement Wednesday that DHS has implemented “a software management tool that will automatically deploy operating-system and application-security patches and updates to mitigate current and future vulnerabilities.”

    Tags: Adobe Acrobat, Computer security, Intrusion detection system, Microsoft, National Cyber Security Division, Security, United States, United States Computer Emergency Readiness Team

    Aug 05 2010

    DHS Quietly Dispatching Teams to Test Power Plant Cybersecurity

    Category: cyber securityDISC @ 1:22 pm
    DHS Logo
    Image via Wikipedia

    The Department of Homeland Security is quietly creating teams of experts charged with assessing the cyber security needs of power plants in the U.S. The question is why the secrecy? When plants vulnerabilities are known facts in both security and hacker communities, perhaps it is time to pay attention or impossible to ignore anymore even by DHS.

    Utility Security: The New Paradigm

    By Jaikumar Vijayan
    The Department of Homeland Security (DHS) is quietly creating specialized teams of experts to test industrial control systems at U.S power plants for cybersecurity weaknesses, according to a report published today by the Associate Press.

    According to the Associate Press report, DHS has so far created four teams to conduct such assessments, according to Sean McGurk, director of control system security. McGurk told the news service that 10 teams are expected to be in the field next year as the program’s annual budget grows from $10 million to $15 million.

    To read the rest of the article….

    Related articles by Zemanta

    Tags: Computer security, Control system, Homeland Security Department, power plants, Power station, United States Department of Homeland Security, utilities

    « Previous Page