Wednesday, July 13, 2011

Falkenrath Says Hackers `Mocking' Booz Allen With Attack

July 13 (Bloomberg) -- Richard Falkenrath, a principal at Chertoff Group and Bloomberg Television contributing editor, talks about a computer hacking attack on U.S. government contractor Booz Allen Hamilton Holding Corp. that resulted in the posting of certain data files online on July 11. Falkenrath speaks with Erik Schatzker on Bloomberg Television's "InsideTrack." (Source: Bloomberg)

Friday, June 17, 2011

Are the ongoing storm of cyberattacks preventable?

Experts think so. William Jackson over at Government Computer News has written a great article about the latest attacks and what experts think we need to do:

The CIA has become a member of a less-than-exclusive club of high-profile targets hit by online attacks, falling victim to a denial-of-service attack that temporarily took down its website.

The outage was reported June 15 and the LulzSec hacker group claimed credit. Other recent victims of a variety of attacks include defense contractors Lockheed Martin and L-3 Communications, the website of the Atlanta InfraGard chapter, the International Monetary Fund and the U.S. Senate.

Some of the attacks were targeted, using data stolen earlier this year from EMC’s RSA security division, some involved webpage defacements and others were simple denial-of-service attacks.

“They all have one common denominator,” said Eric Giesa, vice president of product management for F5 Networks. “All of them are preventable.”

Giesa blamed the cybersecurity industry as much as the users for the lack of preparedness. “Shame on the industry,” he said. “We haven’t been doing a good enough job of educating people how to protect against these things.”

“A lot of this stuff we should be able to stop,” agreed Kevin Haley, a director of Symantec Security Response. “But we’re not. People haven’t been doing the easy things to stop the attacks.”

Read the rest of the story over at

Tuesday, June 7, 2011

Major cybersecurity breaches builds momentum for government action

Cybersecurity experts have warned the government for years about the increasing threat that attacks from criminals and foreign states post to the nation's economic and physical security. But it has taken a series of high-profile breaches in recent years to build enough momentum to cut through the legislative stalemate.

The release of the first detailed legislative guidance on the topic from the White House is another sign that comprehensive cybersecurity legislation may finally pass Congress this session after years of inactivity.

Both the Senate and the House have shown a willingness to cooperate on legislation, though there is a healthy debate over how much authority the government should have to regulate security standards for private sector firms, particularly those deemed "critical infrastructure" and therefore crucial to national security. On one thing most experts are in agreement: whatever we're doing now isn't working. The following incidents are just the most public evidence.

Click on over to THE HILL to see some of the major security breaches

Wednesday, June 1, 2011

The Pentagon is Consider Cyberattacks as Acts of War

The US is set to publish plans that will categorise cyber-attacks as acts of war, the Pentagon says.
In future, a US president could consider economic sanctions, cyber-retaliation or a military strike if key US computer systems were attacked, officials have said recently.

The planning was given added urgency by a cyber-attack last month on the defence contractor, Lockheed Martin.

A new report from the Pentagon is due out in a matter of weeks.

"A response to a cyber-incident or attack on the US would not necessarily be a cyber-response. All appropriate options would be on the table," Pentagon spokesman Colonel Dave Lapan told reporters on Tuesday.
Mr Lapan confirmed the Pentagon was drawing up a cyber defence strategy, which would be ready in two to three weeks.

Cyber-attacks from foreign nations that threaten widespread US civilian casualties, like cutting off power supplies or shutting down emergency-responder networks, could be treated as an act of aggression under the new policy.

But the plan does not mention how the US may respond to cyber-attackers, such as terrorists, who are not acting for a nation state.

Take a look at the rest of the story HERE

Thursday, February 10, 2011

If your iPhone is lost or stolen it can be hacked in six minutes

Researchers in Germany say they've been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone's passcode.

The attack, which requires possession of the phone, targets keychain, Apple's password management system. Passwords for networks and corporate information systems can be revealed if an iPhone or iPad is lost or stolen, said the researchers at the state-sponsored Fraunhofer Institute Secure Information Technology (Fraunhofer SIT).

It is based on existing exploits that provide access to large parts of the iOS file system even if a device is locked.

In this video FraunhoferSITDA demonstrates the attack, the researchers first jailbreak the phone using existing software tools. They then install an SSH server on the iPhone that allows software to be run on the phone:

Have a look at the rest of the story over at PC world.

Wednesday, January 12, 2011

C5i becomes a George Mason University Volgenau School Corporate Partner

The Volgenau School Corporate Partnership program has become one of the best resources for companies in the Northern Virginia area to recruit technical talent, collaborate on research initiatives, and give back to the community.

Each corporate partner is a VIP. The Volgenau School offers corporate partners focused attention by connecting them to students, recruiting events, and faculty. Students appreciate knowing that The Volgenau School partner companies will likely be the place where they will begin work as an intern or full time hire. Over eighty percent of IT&E alumni stay in the Northern Virginia area for that reason. The partnership becomes a win-win for everyone with a percentage of funds designated to scholarship funds to help recruit and retain outstanding students.

“It’s essential to give back to the universities and to help develop the next generation of professionals in the cyber security space,” says Shaun Amini, chairman and CEO of C5i.

C5i’s mission is to provide cyber and network security to the U.S. government and Fortune 500 commercial clients. For almost a decade, C5i — located in Sterling, Virginia — has been growing and meeting the changing needs of government and industry that are more heavily invested in the cyberspace platform. “We hope to work with Mason faculty and students to develop enhanced technology solutions,” says Amini. “We also want to leverage the school’s recruiting platform and help graduating students find jobs in the market place.”

C5i is interested in student development. They have staff members working with student groups and they offer an internship program. The company sees its new involvement with the Volgenau School as a positive step to creating a strong and well educated workforce. For more information visit online at

Volgenau School Corporate Partners:
Accenture; Aerospace; C5i; CACI; CGI; CSC; ENSCO, Inc.; Freddie Mac; General
Dynamics - AIS; GTSI; Harris Crucial Security, Inc.; Knowledge Consulting
Group; Lockheed Martin; ManTech; Metron Aviation; Micron; Mitre; MTCSC;
Noblis; Northrop Grumman; Raytheon; Segue Technologies, Inc.; SRA,
International; TASC; Vangent; Volkswagen Group of America; Widelity

Tuesday, December 21, 2010

DHS Secretary Asserts Cybersecurity Leadership

Cybersecurity should be left neither to the free market nor to the military to solve, Department of Homeland Security (DHS) secretary Janet Napolitano said in a speech in Washington, D.C., last week as she reasserted her agency's role as the locus of cybersecurity authority in the federal government.

"Cyberspace is fundamentally a civilian space," Napolitano said. "There are some who say cybersecurity should be left to the market, and there are some who characterize the Internet as a battlefield. Both the market and the battlefield analogies are the wrong ones to use. We should be talking about this as, fundamentally, a civilian space and a civilian benefit that employs partnerships with the private sector and across the globe."

The DHS has taken the lead in the federal government on cybersecurity measures via its National Cyber Security Division. That group this year headed up a major international and inter-governmental cyber exercise, Cyber Storm III, and continued ramping up efforts to protect federal systems and critical infrastructure like power plants.

Napolitano has been an ardent supporter of DHS' leadership role, but while she implied a DHS-centered view of cybersecurity, she did admit that DHS can't do it alone. "It is our goal to build one of the very best teams that we can to tackle the cybersecurity challenge," she added. "No single industry or agency, quite frankly, can manage it. Cybersecurity is about effective partnerships and shared security."

This year, DHS has expanded partnerships with private industry, for example doing a substantial amount of investigative work on the Stuxnet worm that infiltrated power plant control systems earlier this year and working to build up liaisons with private sector industries it deems to be "critical."

Have a look at the rest of this article over at Information Week Goverment