NSA chief explains new cyber directorate | FCW


The National Security Agency’s new cyber directorate wants to bridge gaps between government agencies and the defense industrial base, according to the agency’s chief Gen. Paul Nakasone.

“NSA’s new cybersecurity directorate, which opened for business last week, will give us a laser focus on these challenges,” said Nakasone, who also leads U.S. Cyber Command, during an Oct. 9 keynote at the FireEye Cyber Defense Summit in Washington, D.C.

Nakasone named three reasons behind standing up the cybersecurity directorate, which is headed by Anne Neuberger and stood up Oct. 1: to combat an evolving threat landscape, capitalize on ability to set security standards and make vulnerability assessments, and enhance partnerships with Cyber Command, Homeland Security, FBI and industry.

Source: NSA chief explains new cyber directorate — FCW

Former Navy Secretary: Effective Cybersecurity Requires Persistent Presence | Nextgov


If you lead an organization of any size in the United States today, you sit atop a powerful technology stack. Your communications, calendar and finances coordinate instantly, globally—as long as the networks keep working, and you have access to that data. Disrupting those networks creates chaos.

In nearly eight years as Secretary of the Navy, I faced a steep challenge on how to manage cyber threats at the pace of 8 million attempted intrusions a day in an organization of 900,000 people.

Here’s how we maintained presence in the cyber domain—and you can too …

Source: Former Navy Secretary: Effective Cybersecurity Requires Persistent Presence – Nextgov

NSA official: ‘Dumb’ software supply chain attacks still prevalent | FCW


While much of the discussion around supply chain security has focused on the parts, components and gear that make up an organization’s physical IT assets, a growing number of experts are making the case that vulnerabilities in the software supply chain may represent the larger cybersecurity threat over the long haul.

A 2018 survey of 1,300 IT security professionals by cybersecurity firm CrowdStrike found that nearly 80% of respondents said their organizations needed to devote more resources to their software supply chain, and 62% said the issue was being overlooked during IT spending decisions.

That lack of attention may be creating easy pathways for malicious hackers. According to Cheri Caddy, director of public private partnerships at the National Security Agency, rudimentary, easily exploitable software vulnerabilities are still the most common ways bad actors get into systems and networks.

Source: NSA official: ‘Dumb’ software supply chain attacks still prevalent — FCW

Protection from Ransomware Attacks Isn’t as Simple as Insurance | Nextgov


Local governments facing an onslaught of ransomware attacks are increasingly turning to insurance to protect them if hackers successfully take control of a city’s computer system.

But experts warn that local governments may not be getting the level of protection they need through basic policies. And when insurance companies opt to pay ransoms, rather than cover the (sometimes exorbitant) cost to recover data, they make local governments a bigger target for hackers.

Source: Protection from Ransomware Attacks Isn’t as Simple as Insurance – Nextgov

The Pentagon is Standing Up a Nonprofit to Assess Vendor Cybersecurity  | Nextgov


The Defense Department is looking to stand up a nonprofit organization to measure the strength of its contractors’ cybersecurity practices.

The group would be responsible for running the vendor accreditation process under the Pentagon’s new Cybersecurity Maturity Model Certification, or CMMC. The framework, which was released in draft form last month, will serve as a yardstick for determining if contractors are taking sufficient steps to protect the sensitive military data that resides on their networks.

Source: The Pentagon is Standing Up a Nonprofit to Assess Vendor Cybersecurity  – Nextgov

NIST looking for partners to secure energy IoT | FCW

null
The National Institute for Standards and Technology is looking to enter into cooperative research agreements for products and technical expertise that can secure energy-related internet-of-things devices.

In a posting scheduled to be published Oct. 8 in the Federal Register, NIST is asking all interested organizations to submit letters of interest to enter a Cooperative Research and Development Agreement with the agency to “provide an architecture that can be referenced and develop guidance for securing [industrial IoT devices] in commercial and/or utility-scale distributed energy resource environments.”

Source: NIST looking for partners to secure energy IoT — FCW

Jim Langevin’s view from the Hill | FCW


Few lawmakers in Congress today cover as much ground in cybersecurity policy as Rep. Jim Langevin (D-R.I.).

From his perch as chairman of the House Armed Services Committee and a member of the House Homeland Security Committee, Langevin has visibility and input into many of the most critical offensive and defensive issues confronting the U.S. government in cyberspace today. He’s also co-founder of the Congressional Cybersecurity Caucus and a member of the U.S. Cyber Solarium Commission.

Source: Jim Langevin’s view from the Hill — FCW

How IOTA technology Will Transform IoT Design | EE Times


Smart cities will provide more and more services, an increasing number of which they’ll be apt charge for. As urban IoT infrastructure expands, local businesses will naturally also take advantage of it. With all of that on the way, there’s an expectation that it will be useful for people to have access to a suitable electronic currency for small fees and minor purchases — for making micropayments.

IOTA, a ledger-based technology designed specifically for the IoT, is being proposed for that purpose.

Several ledger systems already exist. The most well-known is blockchain, the technology at the base of Bitcoin. Blockchain has some of the basic characteristics appropriate for supporting micropayments in an IoT environment, but it has disadvantages too, which make it unsuitable for making micropayments in IoT ecosystems.

Source: How IOTA technology Will Transform IoT Design | EE Times

Today’s era of information warfare and drones can make the fog of war thicker, harder to penetrate | Military & Aerospace Electronics


That’s why the increasingly anxious armed forces are wrestling with so-called grey zone operations and information warfare. A successful response requires far more than the military, the Army’s three-star senior futurist says. It will take a unified effort with civilian agencies and foreign allies.

U.S. law and culture make that extremely difficult to do, Lt. Gen. Eric Wesley acknowledged. But the fog of war is a challenge the Army can’t simply set aside, he said. Letting adversaries muddy the debate can dramatically affect whether and how the military will be employed.

Source: information warfare drones fog of war | Military & Aerospace Electronics

Bill Barr is about to test Mark Zuckerberg’s commitment to privacy | Vox

null
Mark Zuckerberg says he’s convinced that the future of Facebook is private. He now has the first test of that conviction.

The Justice Department is preparing to ask Facebook to slow down its plan to encrypt its messaging services across its platforms, setting up a possible standoff between Facebook and the federal government. Facebook has made this encryption a centerpiece of its corporate future, both as a business strategy but also as a way to position Facebook as friendly to its users amid new scrutiny from privacy activists and regulators.

But it turns out that the federal government isn’t happy with this.

Source: Bill Barr is about to test Mark Zuckerberg’s commitment to privacy – Vox