Software Integrity

Archive for the 'Government Security' Category

 

DEF CON 25 exposes voting system vulnerabilities

It took security researchers only minutes to gain access to more than a dozen voting machines at last month’s DEF CON security conference. The nearly two dozen machines, all purchased from eBay and government auctions, are considered representative of the wide variety of electronic voting systems in use today. One even contained actual voting data from […]

Continue Reading...

Posted in Application Security, Data Breach, Government Security | Comments Off on DEF CON 25 exposes voting system vulnerabilities

 

Smart devices, smart grids, and cyber security

A recent “Innovation Spotlight” in the IEEE XPLORE Digital Library announced “a first-of-its-kind charger that allows plug-in electric vehicles (PEVs) to deliver excess capacity to the power grid and recharge during off-peak hours.” Promising new technologies often evoke questions about security. Suppose a bad actor exploits the connection somehow and brings down portions of the […]

Continue Reading...

Posted in Automotive Security, Government Security, Security Standards and Compliance, Smart Grid Security | Comments Off on Smart devices, smart grids, and cyber security

 

How will new IoT legislation strengthen the future of cyber security?

New legislation proposed this month in U.S. Congress seeks to mitigate the risk of botnets commandeering Internet of Things (IoT) devices used in the U.S. government. The Internet of Things Cybersecurity Improvement Act of 2017 is a proposal from Sens. Mark R. Warner (D-Va.) and Cory Gardner (R-Colo.), co-chairs of the Senate Cybersecurity Caucus, along […]

Continue Reading...

Posted in Government Security, Internet of Things | Comments Off on How will new IoT legislation strengthen the future of cyber security?

 

Howard Schmidt, the United States’ first Cybersecurity Czar, has died

Howard A. Schmidt, a friend to many in the security community, has died. A statement on his Facebook page says that he died today “in the presence of his wife and four sons … following a long battle with cancer.” Schmidt served as the White House Cybersecurity Advisor to Presidents Barack Obama and George W. […]

Continue Reading...

Posted in Fuzz Testing, Government Security, Medical Device Security, Network Security, Software Security Testing | Comments Off on Howard Schmidt, the United States’ first Cybersecurity Czar, has died

 

Cyberattacks erase Saudi government data

The data on thousands of computers at the headquarters of the General Authority of Civil Aviation in Saudi Arabia was erased starting in mid-November by malware from “outside the country,” according to a state report. On Thursday, the state-run Saudi Press Agency confirmed that a series of attacks on government systems, especially the transportation sector. […]

Continue Reading...

Posted in Data Breach, Government Security, Industrial Control System Security | Comments Off on Cyberattacks erase Saudi government data

 

U.S. cybersecurity plans under a new administration

Little is known about Donald Trump’s actual policies regarding cybersecurity except that it is being discussed as a top-level priority in the new administration. As a candidate, Trump articulated a four-part strategy, however, among security experts it was deemed fairly light-weight in response to the growing threat. “It sounds like a fairly rational, high-level playbook […]

Continue Reading...

Posted in Government Security | Comments Off on U.S. cybersecurity plans under a new administration

 

Cyber supply chain risks identified at CodenomiCON 2016

Experts from UL, government, and industry have established programs for organizations to mitigate risks from exploitable software in their cyber supply chain. On the CodenomiCON 2016 panel Mitigating Software Supply Chain Risks – Gaining Trust of Software in Cyber Assets, moderated by Joe Jarzombek, Global Manager for Software Supply Chain Management for the Synopsys Software […]

Continue Reading...

Posted in Government Security, Security Conference or Event | Comments Off on Cyber supply chain risks identified at CodenomiCON 2016

 

Hear what a former Deputy Assistant AG for National Security said at CodenomiCON 2016

At CodenomiCON 2016, a former U.S. government official talked about changes in cybersecurity perceptions. In a fireside chat, computer scientist Fred Cohen interviewed Luke Dembosky, Cybersecurity Attorney, Debevoise & Plimpton. Dembosky was the former U.S. Deputy Assistant Attorney General for National Security. When asked what are some of the biggest differences with cybersecurity today, Dembosky […]

Continue Reading...

Posted in Government Security, Security Conference or Event | Comments Off on Hear what a former Deputy Assistant AG for National Security said at CodenomiCON 2016

 

OMB issues supply chain risk management (SCRM) guidance

New guidance for US government suppliers includes requirements for software testing. In the Office of Management and Budget (OMB) Circular A-130, published July 28, 2016, requirements for Supply Chain Risk Management (SCRM) were specified for those selling to any US Government organizations, including sub-tier suppliers. This means that suppliers of IoT/ICT components and services, either […]

Continue Reading...

Posted in Government Security, Security Risk Assessment | Comments Off on OMB issues supply chain risk management (SCRM) guidance

 

The Fed hires its first CISO

A retired U.S. Air Force brigadier general will be the U.S. government’s first federal cyber security chief (CISO). As federal CISCO, U.S. Air Force brigadier general Gregory Touhill’s new job will be to protect government networks and critical infrastructure from cyber threats. The position was previously announced last February as part of the creation of […]

Continue Reading...

Posted in Government Security | Comments Off on The Fed hires its first CISO