In early August, at MeriTalk’s Cyber Security Brainstorm, Paul Beckman, chief information security officer (CISO) at the Department of Homeland Security (DHS), said that his biggest new priorities are:
Increasing use of software-defined networking (SDN) Adopting a zero-trust model Optimizing DHS’ security operations centers (SOC)
He added that the ability to leverage micro segmentation in […]
Recently, I was privileged to spend half a day with some of our nation’s finest cyber warriors at a RedSeal workshop. Early in the morning, members of various DoD Cyber Protection Teams (CPTs) gathered around a u-shaped table in Columbia, Maryland. We had four Army soldiers, five Maryland Air National guardsmen, two United States Marines […]
This year, the big news in government cybersecurity is the DHS CDM DEFEND program and task orders being announced by various federal departments. The DHS CDM DEFEND, which stands for Continuous Diagnostics and Mitigation (CDM) Dynamic and Evolving Federal Enterprise Network Defense, task orders are awarded under the General Services Administration’s Alliant 1 Unrestricted contract. […]
While the focus on cybersecurity has never been higher, the cybersecurity community – a combined team of solution providers, CISOs, boards and others– haven’t been able to stop most attacks from being successful.
Why?
We have focused too much of our efforts on network perimeters, working to detect and prevent cyber attacks. We haven’t […]
In NSA: The Silence of the Zero Days, published in Data Breach Today, Mathew Schwartz discusses hackers’ rapid response to newly discovered flaws and/or exploits.
I was struck by a quote from David Hogue, the head of the NSA’s Cybersecurity Threat Operations Center (NCTOC). “Within 24 hours of a vulnerability or exploit being released, it’s […]
Two years ago, a federal government civilian agency had a problem.
Nation state actors were targeting the agency, creating numerous cyber events and breaches every day. The media was all over the story. They faced enormous pressure to change the cybersecurity status quo.
The agency’s cybersecurity team knew that they were in reaction mode. They […]
Over the last few decades, many network security architecture products have come to market, all with useful features to help secure networks. If we assume that all of these security products are deployed in operational networks, why do we still see so many leaks and breaches?
Some say the users are not leveraging the full capabilities […]
On December 30, 2015, the U.S. Department of Defense (DoD) published a three-page interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS), revising its earlier August 2015 interim rule on Safeguarding Covered Defense Information.
This new interim rule is a ticking time bomb that gives government contractors a deadline of December 31, 2017 to […]
The Shadow Brokers are turning out the lights. On their way out they dumped another suite of alleged National Security Agency hacking tools. Unlike last time, where the released exploits focused on network gear from vendors such as Cisco and Fortinet, these tools and exploits target Microsoft Windows operating systems. Most of the sixty plus […]
Willis H. Ware, a research scientist at the Rand Corporation working for the United States Air Force in 1967, predicted that ARPAnet would be a disaster if security wasn’t built into the project.
He was overruled.
In January 2013, the Final Report of the Defense Science Board Task Force on Resilient Military Systems and the […]