[ISN] What every utility should know about the new physical security standard

http://www.intelligentutility.com/article/15/01/what-every-utility-should-know-about-new-physical-security-standard By William E. Reiter intelligentutility.com Jan 29, 2015 On April 16, 2013, an incident in San Jose, California, led to development of a new physical security standard for owners and operators of transmission stations and substations. In the 2013 incident, a sniper attack on a Pacific Gas & Electric transmission substation knocked out 17 large transformers that powered Silicon Valley. The sniper attack served as a dramatic wake-up call for the industry and raised fears regarding the vulnerability of the nation’s power grid to terrorist attack. The more than 160,000 transmission line miles that comprise the U.S. power grid are designed to handle natural and man-made disasters, as well as fluctuations in demand; but what about physical attack? As a result of the San Jose assault, the Federal Energy Regulatory Commission (FERC) in April 2014 required the North America Energy Reliability Corporation (NERC) to establish Critical Infrastructure Protection (CIP) standards to “address physical security risks and vulnerabilities related to the reliable operation” of the bulk power system. NERC developed and issued what is now commonly referred to as CIP-014-1. This is a physical security standard that has a stated purpose to identify and protect transmissions stations and transmission substations and their associated primary control centers that—if rendered inoperable or damaged as a result of a physical attack—could result in uncontrolled separation or cascading within an interconnection. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] 3 things CSOs can learn from CPOs

http://www.csoonline.com/article/2877972/security-leadership/3-things-csos-can-learn-from-cpos.html By Maria Korolov CSO Jan 29, 2015 The role of the CSO and CIO has been changing dramatically as technology becomes more and more vital to business strategies. Sometimes, it can be hard to keep up. Amol Joshi, SVP of business development at Redwood City, Calif.-based Ivalua Inc., suggests that CSOs and CIOs can pick up a few tricks from Chief Procurement Officers. 1. Create and use contract templates Many CIOs and CSOs are faced with the responsibility of creating or reviewing contracts with outsourcers, contractors, part-time help, software vendors, data centers, cloud services providers and other vendors and suppliers. CPOs have been doing this for a long time, and one trick that the use is create a library of clauses that they can put into a contract when needed. These clauses have to be kept up to date, Joshi said. For example, cloud SLAs evolve all the time, as do compliance requirements. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] OAS hails Jamaica’s cyber security efforts

http://www.jamaicaobserver.com/news/OAS-hails-Jamaica-s-cyber-security-efforts_18310037 By Balford Henry Senior staff reporter jamaicaobserver.com January 30, 2015 ASSISTANT secretary general of the Organisation of American States (OAS), Ambassador Albert Ramdin, says that Jamaica has made a sound choice of a model for its National Cyber Security Strategy (NCSS). Speaking at the official launch of the strategy at the Jamaica Pegasus hotel in New Kingston on Wednesdayy, Ramdin congratulated the government on drafting and approving its NCSS in just under a year, and appointing a “dedicated multi-stakeholder”, the National Cyber Security Task Force, to develop the strategy. He said that the group, working with the OAS and other experts from partner institutions, has committed significant effort and time to develop a strategy that has met and followed international best practices and recommendations. “I am sure that your experiences and approach will be valuable learning lessons for other Caribbean countries to take into consideration in drafting their own security strategies,” he said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Beware the Unwitting Insider Threat

http://www.nextgov.com/cybersecurity/2015/01/beware-unwitting-insider-threat/104097/ By Jack Moore Nextgov.com January 29, 2015 Rank-and-file federal employees and contractors unwilling to “embrace ‘The Suck’ of security” may be the biggest threat posed to securing federal agency networks. “Accidental or careless” insiders


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] China’s New Rules for Selling Tech to Banks Have US Companies Spooked

http://www.wired.com/2015/01/chinas-new-rules-selling-tech-banks-us-companies-spooked/ By Davey Alba Wired.com 01.29.15 Technology companies that want to sell equipment to Chinese banks will have to submit to extensive audits, turn over source code, and build “back doors” into their hardware and software, according to a copy of the rules obtained by foreign companies already doing billions of dollar worth of business in the country. The new rules were laid out in a 22-page document from Beijing, and are presumably being put in place so that the Chinese government can peek into computer banking systems. Details about the new regulations, which were reported in The New York Times today, are a cause for concern, particularly to Western technology companies. In 2015, the China tech market is expected to account for 43 percent of tech-sector growth worldwide. With these new regulations, foreign companies and business groups worry that authorities may be trying to push them out of the fast-growing market. According to the Times, the groups—which include the US Chamber of Commerce—sent a letter Wednesday to a top-level Communist Party committee, criticizing the new policies that they say essentially amount to protectionism. The new bank rules and the reaction from Western corporations represent the latest development in an ongoing squabble between China and the US over cybersecurity and technology. The US government has held China responsible for a number of cyberattacks on American companies, and continues to be wary that Chinese-made hardware, software and internet services may have some built-in features that allow the Chinese government to snoop on American consumers. Meanwhile, China has used the recent disclosures by former NSA contractor Edward Snowden as proof that the US is already doing this kind of spying—and that this is reason enough to get rid of American technology in the country. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Northrop Grumman Foundation Congratulates Top 28 Teams Advancing to CyberPatriot National Finals Competition

http://www.globenewswire.com/newsarchive/noc/press/pages/news_releases.html?d=10116947 FALLS CHURCH, Va. – Jan. 26, 2015 – The Northrop Grumman Foundation, presenting sponsor for CyberPatriot VII, is proud to congratulate the top 25 high school and three middle school teams advancing to the national finals competition on March 13 in Washington, D.C. CyberPatriot, established by the Air Force Association, is the National Youth Cyber Education Program that’s inspiring students toward careers in cybersecurity and other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation’s future. The program features the National Youth Cyber Defense Competition, cyber camps, and an elementary school education program. This year’s finalists represent schools and other organizations from Alabama, California, Colorado, Florida, Iowa, Louisiana, Massachusetts, Michigan, Missouri, New Jersey, New Mexico, Oklahoma, South Dakota, Texas, Virginia, and Manitoba, Canada. Click here for a complete listing of finalists. “We are so proud of all the students who participated this year and we wish the top 28 finalists all the best as they prepare for the big showdown,” said Sandra Evers-Manly, president of the Northrop Grumman Foundation and vice president of Northrop Grumman Global Corporate Responsibility. “CyberPatriot has proven to be an innovative way to inspire young people to pursue a career in cybersecurity. It is filling the much-needed pipeline of qualified cyber talent and we couldn’t be more pleased with its success. CyberPatriot is a true example of how a hands-on, STEM initiative can make an impact by addressing a national imperative.” A record 2,175 teams, up 40 percent from the previous year, competed this year in a series of online rounds where students were given a set of virtual images that represent operating systems and were tasked with finding vulnerabilities and hardening the system while maintaining critical services. Students competed from across the U.S. and in other parts of the world to be among the top finalists that receive an all-expenses-paid trip to the CyberPatriot National Finals in Washington, D.C. “The need for cyber defenders has never been more relevant, or urgent,” said Diane Miller, director, CyberPatriot Programs, Northrop Grumman. “To address the increasingly complex threat requires diversity of education, experience, and approach to problem solving. CyberPatriot is inspiring our youth at every level and from every pocket of the country to cultivate a cyber workforce with a strong ethical foundation, the requisite technical skills and life skills in communications, leadership and teamwork so important to potential employers. These students are career-ready and poised to take on this national and global challenge.” In its fifth year as presenting sponsor, the Northrop Grumman Foundation and Northrop Grumman Corporation continue to devote time, talent and resources to support CyberPatriot. In addition to the foundation’s financial support, Northrop Grumman awards annual scholarship funds to the top winning teams and contributes employee volunteers and mentors. The company also provides internships to CyberPatriot competitors, as do other industry and government organizations. Northrop Grumman also partnered this year with Cyber Security Challenge UK to bring CyberPatriot to the U.K.. Known as CyberCenturion, this youth cyber defense competition will hold its finals competition on April 17 at Bletchley Park in London. The CyberPatriot VII Teams will compete face-to-face in a one-day event to defend virtual networks and mobile devices from a professional aggressor team. The National Finalists will also face-off in four additional competition components: the Digital Cyber Crime Scene Challenge from the Digital Forensic Consortium, the Cisco Networking Challenge, the Leidos Digital Forensics Challenge, and a Mobile Application Challenge hosted by AT&T. These extra challenges expose teams to new elements and skillsets of the many career opportunities available to them. As a global provider of cybersecurity solutions, Northrop Grumman is committed to grooming tomorrow’s cyber workforce and is engaged in supporting numerous cybersecurity education, training and technology initiatives. For more information on Northrop Grumman in cyber, go to www.northropgrumman.com/cyber. The Northrop Grumman Foundation supports diverse and sustainable programs for students and teachers. These programs create innovative education experiences in science, technology, engineering and mathematics. For more information please visit www.northropgrumman.com/foundation. CONTACT: Marynoele Benson Northrop Grumman Corporation 703-556-1651 marynoele.benson@ngc.com


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] World’s largest DDoS attack reached 400Gbps, says Arbor Networks

http://www.techworld.com/news/security/worlds-largest-ddos-attack-reached-400gbps-says-arbor-networks-3595715/ By John E Dunn Techworld Jan 27, 2015 Some time in December 2014 an unnamed ISP experienced an NTP reflection DDoS attack that peaked at a router-straining 400Gbps, easily the largest denial of service event in Internet history, Arbor Networks’ 10th Annual Infrastructure Report has revealed. It’s an apparently small detail slipped into the firm’s larger narrative which is probably less important in the grand scheme of things than the fact that super-massive DDoS attacks are now common enough to have turned into dull statistics. Message – large DDoS attacks are here to stay. But what is driving this ballooning traffic? Arbor gets its numbers from Peakflow SP sensors in 330 customers’ premises feeding into the firm’s Atlas system, which it backs up with manual surveys of important ISPs and providers not contributing to this system. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Barrett Brown’s sentence is unjust, but it may become the norm for journalists

http://boingboing.net/2015/01/26/barrett-browns-sentence-is.html By Trevor Timm Jan 26, 2015 Investigative journalist Barrett Brown was sentenced to an obscene 63 months in prison on Thursday, in part for sharing a hyperlink to a stolen document that he did not steal, and despite the fact that he was not guilty of a crime for linking to it. Maybe journalists think this is an anomaly, and some will ignore his case entirely since Brown also pled guilty to other charges that led to part of his sentence too. But be warned: if the White House passes its dramatic expansion of US computer law, journalists will constantly be under similar threat and reporting on hacked documents could become a crime. How is this possible, you ask? Well, first it’s important to understand the details of Brown’s case. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail