2015 News

December 18, 2015
Obama to sign cybersecurity bill as privacy advocates fume
President Barack Obama is set to sign the most substantial piece of cybersecurity legislation in years, after an intense sprint of 24/7 negotiations managed to get the bill ready in time to be attached to the government spending measure the House and Senate approved Friday.

December 17, 2015
Validating Supply Chain Cybersecurity
How to identify risks, understand downstream effects, and prepare for incidents.

December 16, 2015
Former national security officials urge government to embrace rise of encryption
A number of former senior national security officials are urging that the government embrace the move to strong encryption by tech companies — even if it means law enforcement will be unable to monitor some phone calls and text messages in terrorism and criminal investigations.

December 15, 2015
Major cyber bill expected in omnibus
A major cybersecurity bill will likely be included in a sweeping omnibus spending deal expected late Tuesday night, according to multiple people with knowledge of the talks.

December 14, 2015
Twitter begins warning users of attacks from state-sponsored hackers
Twitter has begun notifying account holders who the company believes are being targeted by state-sponsored hackers, following in the footsteps of Google and Facebook as government-hired cyber spies continue to set their sights on social media.

December 11, 2015
Anonymous launches operation against Trump
The activist hacking group Anonymous has selected Donald Trump as its latest target in the wake of the GOP presidential candidate's proposal to ban Muslims from entering the U.S.

December 10, 2015
The human factor in cybersecurity: 5 key thoughts
Though often discussed in highly technical terms, cybersecurity and safeguarding patient data are arguably more human-centric than anything. The root cause of breaches is usually human error — an employee who falls for a phishing scam or shares a password, for example. Research from IBM shows 95 percent of all security incidents involve human error.

December 9, 2015
Survey: Agencies love the NIST cybersecurity framework
Both the public and private sector are finding the guide to be a vital tool.

December 8, 2015
Tech sector denounces bill requiring firms report terrorist activity
In the wake of terrorist attacks in California and Paris, Sens. Dianne Feinstein and Richard Burr are reviving a controversial proposal requiring social media sites report terrorist activity to federal authorities.

December 7, 2015
Clone of Want job security? Try cybersecurity
Even as employers added 211,000 jobs in November, prospective employees still have trouble finding jobs — unless you work in cybersecurity. That is one field where the demand for workers routinely outpaces applicants.

December 7, 2015
Want job security? Try cybersecurity
Even as employers added 211,000 jobs in November, prospective employees still have trouble finding jobs — unless you work in cybersecurity. That is one field where the demand for workers routinely outpaces applicants.

December 4, 2015
Lockheed Martin Corp. To Exit Cybersecurity, Double-Down On Helicopters And Combat Jets
Lockheed Martin Corp. has been planning to sell off or spin off its roughly $4 billion government information technology business since earlier this year. That would include its Cybersecurity unit.

December 3, 2015
Hotline Bling: China, U.S. Work to Further Cybersecurity Pact
The two countries aim to set up a ‘hotline mechanism’ for cybersecurity concerns and are taking other steps to discourage criminal hacking.

December 2, 2015
Cyber security market to grow big time
The global healthcare cybersecurity market is expected to exceed $10 million by 2022. To be exact, a new report pegs the market at $10,848.87 million in U.S. dollars.

December 1, 2015
New cybersecurity bills would add more secrecy for companies under public records laws
A proposed law meant to encourage companies to share information about cyberthreats with the U.S. government includes measures that could significantly limit what details, if any, the public can review about the program through federal and state public records laws.

November 30, 2015
How to improve international cyber-security
THE VAST stores of digital information generated by everyday lives—communications data, CCTV footage, credit-card records and much more—are now yielding invaluable clues about the terrorist attacks in Paris and are helping guide the hunt for the surviving plotters. But prevention is better than cure. The attacks have highlighted the failure of the authorities to share information across borders and agencies. How can this be improved?

November 27, 2015
Beware Black Friday Shoppers: New Malware Targeting POS Systems Discovered
Cybersecurity company iSight has discovered a new malware virus that is able to entrench itself so deeply into point-of-sale systems that it will be overlooked by most antivirus software. The firm states that the new form of attack is the most advanced that it has ever seen.

November 25, 2015
Getting started with a career in cybersecurity
With the ongoing and seemingly never-ending flood of cyberattacks, companies and governments the world over need experienced, skilled professionals to protect, defend, and strike back. But how do you get into the lucrative cybersecurity career? David Gewirtz has some advice.

November 24, 2015
How Lockheed Martin, Cisco and PWC manage cybersecurity
Forget systems … it’s your own people who are your greatest security threats. Luckily, and with training, they can also be your first line of defense.

November 23, 2015
Microsoft CEO takes a collaborative approach to cybersecurity
Microsoft CEO Nadella talks of company's role in an ‘ecosystem,’ saying partnerships and top-to-bottom protection and detection critical to battle emerging security threats.

November 20, 2015
State Dept. cybersecurity still lagging, audit finds
The State Department is not meeting federal information security requirements, potentially endangering the sensitive data it protects, according to an audit commissioned by the agency’s inspector general.

November 19, 2015
Cybersecurity Lessons Learned from the 9/11 Commission Report
Organizations must move beyond misaligned goals, poor collaboration, and organizational intransigence that hamper cybersecurity efforts at enterprise organizations.

November 18, 2015
Benchmark surveys: GCs, executives not prepared to defend against cyberbreaches - key protective steps
Although cybersecurity has become a more prominent issue for executives and boards of directors, three recent benchmark surveys − the BDO Board Survey, the 2015 Consero Group’s General Counsel Data Survey, and the 2015 US State of Cybercrime Survey − indicate that a number of cyber-preparedness gaps remain.

November 17, 2015
Closing the cybersecurity talent gap, one woman at a time
The severe shortage of cybersecurity talent is leaving the U.S. vulnerable to attacks. Women, in particular, are key to closing the security skills gap.

November 16, 2015
A Cybersecurity Generation Gap
Millennials--especially young women--not pursuing careers in cybersecurity due to lack of both awareness and interest.

November 15, 2015 ACSC
Two winners announced for the ACSC Cybersecurity Poster Session
Attendees of the ACSC Annual Conference voted for the top two student innovations presented during the ACSC Cybersecurity Poster Session

November 13, 2015
Cybersecurity Questions Anderson Cooper And Megyn Kelly Should Ask The Presidential Candidates
Here’s a call out to Cooper and Kelly – two the most popular media figures covering the Republican and Democratic front runners: Get the candidates talking about cybersecurity.

November 12, 2015
Cybersecurity: A Millisecond Defense
From access to activation, we pass through multiple digital ecosystems with devices that can be used to hack unrelated digital system processes in a millisecond.

November 11, 2015
Cyber vigilantes flex growing power
Activist hackers -- so-called hacktivists -- are getting harder to differentiate from more serious threats such as terrorist groups and nation-state cyber warriors, security researchers say.

November 10, 2015
Financial regulators weigh cybersecurity requirements
New York regulators are considering a host of cybersecurity requirements for banks and insurers and urged other state and federal authorities to collaborate on establishing a framework of defenses for the financial sector.

November 9, 2015
Know Thy Enemy. Hire a Hacker to Enhance Your Cybersecurity.
If your cybersecurity strategy isn’t up to snuff, you could be exposing your business to financial ruin.

November 6, 2015 ACSC
Same Rhetoric Permeates Going Dark Encryption Debate
The Going Dark encryption debate surfaced again on Wednesday at a small security conference here, and as in previous iterations before larger technical audiences and even Congress, the issue continues to spin on a hamster wheel going nowhere.

November 5, 2015 ACSC
Threat information without context is useless
On Wednesday, I attended an interesting panel on operationalizing threat intelligence at the Advanced Cyber Security Center conference held in Boston every year

November 4, 2015
The Biggest Cybersecurity Threat: The Energy Sector
Cybersecurity has been at the forefront of the news for several years. Coverage of the space usually focuses on a breach at a consumer-facing company, resulting in people’s credit cards, bank and personal records being stolen.

November 3, 2015
Experian Study on Data Breaches Reveals Gaps in Response Plans
While an increasing number of companies have a basic data breach response plan in place, many plans do not cover important steps and executives lack confidence in their ability to manage a major breach, according to a new study.

November 2, 2015
Data Privacy: The Next Big Lawsuit Bonanza
You’ve got to give the trial bar credit for being innovative. It has opened up a new frontier in the litigation sweepstakes—data privacy.

October 30, 2015
White House Details Plan to Bring Feds' Cybersecurity Up to Date
The White House announced plans on Friday to modernize the federal government's out-of-date cybersecurity practices. Work has been underway for much of the Obama administration, but the Office of Personnel Management hack reported in June must have made it abundantly clear that things weren't progressing fast enough.

October 29, 2015
The Problems Experts And Privacy Advocates Have With The Senate's Cybersecurity Bill
It took more than four years for the Senate to pass a cybersecurity bill. As the legislation grew stale amid compromise and contention on the Senate floor over the years, hackers continued to refine their criminal craft and develop more sophisticated methods of attack.

October 28, 2015
A Quick Guide to the Cybersecurity Bill Passed by the U.S. Senate
Yesterday, after more than a year of bickering, stalling and revising, the Senate passed its most significant cybersecurity bill to date 74–21.

October 27, 2015
7 Ways This Cybersecurity Expert Wants You to Protect Yourself Against Hackers
Here are seven tips from Michael Kaiser, executive director of the National Cyber Security Alliance, to help you protect yourself and your private information.

October 26, 2015
Senate cybersecurity bill misses the mark
Over the past few years, the federal government and big corporations, including Sony and Target, have been hit by massive data breaches, a chilling reminder of the severity and scope of cybersecurity threats.

October 23, 2015
Building Tomorrow’s Cybersecurity Workforce
Many companies need technology upgrades but are "starving" for the cash necessary to upgrade critical systems. That's the message from the author of a new study sponsored by the Georgia Tech Information Security Center.

October 22, 2015
Cybersecurity bill advances in Senate, but hurdles remain
Many companies need technology upgrades but are "starving" for the cash necessary to upgrade critical systems. That's the message from the author of a new study sponsored by the Georgia Tech Information Security Center.

October 21, 2015
CIOs reporting directly to CFOs can create massive cybersecurity headaches
Many companies need technology upgrades but are "starving" for the cash necessary to upgrade critical systems. That's the message from the author of a new study sponsored by the Georgia Tech Information Security Center.

October 20, 2015
Senate considers controversial cyber security bill
The U.S. Senate on Tuesday began debating a long-delayed bill that would make it easier for corporations to share information about cyber attacks with each other or the government without concern about lawsuits.

October 19, 2015
Cybersecurity Firm Says Chinese Hackers Keep Attacking U.S. Companies
It was heralded as the first concrete step taken by the United States and China on the thorny issue of online espionage.

October 16, 2015
A crackdown is coming on firms with lax cybersecurity
Financial firms that have lax cybersecurity practices can expect a crackdown from regulators, the head of the Securities and Exchange Commission’s enforcement unit said Friday.

October 15, 2015
SBA Unveils Small Business Cybersecurity Tools
In honor of October's designation as National Cybersecurity Awareness Month, the U.S. Small Business Administration (SBA) has unveiled a new Web page dedicated to promoting cybersecurity for small businesses.

October 14, 2015
Federally funded education programs aren't effectively closing the cybersecurity skills gap, says panel
Some federally managed university education programs focused on cybersecurity cannot, in their current state, address the skills gap for operational cyber defense talent in the federal government, according to a report.

October 13, 2015
Officials: Be specific about cybersecurity during acquisition
The administration has been pushing agencies to include more cybersecurity language in contracts, specifically in citing control standards like those advanced by the National Institute of Standards and Technology.

October 12, 2015
Cybersecurity Insurance: 4 Practical Considerations
There can't be reliable cybersecurity insurance until companies can identify who is responsible for the continuous exploitation of stolen data, long-lasting attacks, and hardly-detectable APTs.

October 9, 2015
Dell Files Confidentially for IPO of Cybersecurity Unit SecureWorks
SecureWorks could begin trading by year-end and may be worth as much as $2 billion

October 8, 2015
Cybersecurity education report aims to address student 'confusion'
According to the report, government can do more to explain and streamline different programs and scholarships available to students who want cyber skills.Tuesday, the Department of Homeland Security (DHS) Cybersecurity Strategy Act of 2015 (HR 3510) passed the House of Representatives which would direct the Secretary of the Department of Homeland Security to develop a departmental strategy to carry out cybersecurity responsibilities as set forth in law.

October 7, 2015
Important Cybersecurity Strategy Bill Passes House
Tuesday, the Department of Homeland Security (DHS) Cybersecurity Strategy Act of 2015 (HR 3510) passed the House of Representatives which would direct the Secretary of the Department of Homeland Security to develop a departmental strategy to carry out cybersecurity responsibilities as set forth in law.

October 6, 2015
Cybersecurity information-sharing bill to get Senate vote in October
The Senate is expected to take up a bipartisan cybersecurity bill later this month aimed at thwarting more massive hack attacks against the federal government and American companies, the bill's lead sponsors announced Tuesday.

October 5, 2015
Krebs: Most Firms Fail to Take Simple Cybersecurity Measures
Reports show federal agencies are unprepared for hackers and pending legislation won't help much.

October 4, 2015
What Comes After Cybersecurity Awareness?
Last year, for National Cybersecurity Awareness Month, we asked whether 2014 would be the year cybersecurity finally sinks in.

October 2, 2015
Government Is the Biggest Cybersecurity Threat
Reports show federal agencies are unprepared for hackers and pending legislation won't help much.

October 1, 2015
Happy Cybersecurity Awareness Month?
Well intended effort only calls attention to pervasive cybersecurity ignorance throughout society

September 30, 2015
GAO report sheds light on federal agencies' cybersecurity flaws
A U.S. Government Accountability Office report released Tuesday revealed that federal agencies are struggling to implement effective cybersecurity measures and policies, a notion that will surprise few.

September 29, 2015
Defense, Intel Leaders: Cybersecurity Priorities are Defense, Deterrence
Top officials from the Defense Department and the intelligence community told a Senate panel that defense and deterrence are two of the highest priorities for bolstering the nation’s cybersecurity capabilities. Deputy Defense Secretary Bob Work testified on cybersecurity policy and threats before the Senate Armed Services Committee, Sept. 29, 2015. Joining him were Director of National Intelligence James R. Clapper and Navy Adm. Mike Rogers, commander of U.S. Cyber Command and director of the National Security Agency.

September 28, 2015
Gender gap widens in cyber security field long dominated by men
Women account for just one out of 10 cyber security professionals, as the gender gap widened over two years in a male-dominated field with a drastic workforce shortage, a survey showed.

September 25, 2015
US reaches economic cybersecurity agreement with China
oday, President Obama, appearing with Chinese President Xi Jinping, announced that the United States and China had reached an agreement to curb "cyber-enabled theft of intellectual property" between the two countries

September 24, 2015
Cybersecurity Stocks: Which Is the Best?
FireEye (FEYE), Palo Alto Networks (PANW) and Cyberark Software (CYBR) are all providers of advanced cybersecurity products. While each company provides a vast array of services, each company also has a niche that defines it.

September 23, 2015
Cybersecurity legislation still draws intense opposition
Efforts to craft legislation that would promote sharing cyberthreat information between the private sector and government – without jeopardizing privacy, civil liberties and leaving organizations vulnerable to liability – isn’t there yet, according to critics.

September 22, 2015
SEC goes after investment adviser for poor cybersecurity
The Securities and Exchange Commission (SEC) settled charges Tuesday with an investment adviser that allegedly failed to properly protect its clients’ data in what might be a first-of-its-kind enforcement action.

September 21, 2015
Apple removes malicious apps after security breach
Apple Inc. has removed some applications from its App Store after developers in China were tricked into using software tools that added malicious code in an unusual security breach.

September 18, 2015
Cybersecurity Demands Culture Change, DoD Official Says
A change in culture is needed to protect against threats in the rapidly changing cyber domain, the Defense Department's chief information officer said here yesterday.

September 17, 2015
How to Pass a Cybersecurity Audit in 10 Steps
With data breaches becoming an unfortunate everyday occurrence, cybersecurity is no longer just an IT issue. Legal departments, which have a need to protect sensitive information, such as employees’ and clients’ personally identifiable information and nonpublic corporate information, are increasingly becoming involved in data security issues as the universe of risk exposure expands.

September 16, 2015
Jeb Bush unveils cybersecurity plan
Two days before the second Republican debate, Jeb Bush unveiled a cybersecurity plan Monday that he cast partly in terms of economics.

September 15, 2015
Ex-Spies Join Cybersecurity Fight
Firms turn to cloak-and-dagger tactics to infiltrate hacker groups and pre-empt attacks

September 14, 2015
US, China conclude cybersecurity discussions
Senior U.S. and Chinese officials wrapped up four days of meetings on cybersecurity over the weekend, Reuters reports.

September 11, 2015
Where Next for Government Cybersecurity?
On the 14th anniversary of 9/11/01, there are plenty of reasons to be thankful regarding public safety in America. And yet, there is also a growing list of cyber threats that are grabbing news headlines.

September 10, 2015
Insurance requirements can drive stronger cybersecurity, Treasury official says
The insurance industry has a key role to play in helping U.S. companies strengthen cybersecurity, a senior Treasury Department official said Thursday.

September 9, 2015
Opinion: On cybersecurity info sharing, it’s the medium not the message
If Congress succeeds in pushing through CISA, neither the bill in its current form – nor any of the amendments – will do much to increase the effectiveness or timeliness of cybersecurity information sharing.

September 8, 2015
U.S. Senator Says Nation Is 'On Point' with Cybersecurity
Although recent cyberattacks have affected U.S. agencies, one Congressman believes that the Army Cyber Command is completely prepared to take on any future hacks.

September 7, 2015
Kaspersky And FireEye Security Products Cracked By Researchers
A security researcher at Google made public the fact he had cracked Kaspersky’s anti-virus product before revealing the details to the Russian company.

September 3, 2015
The word for 2015: "Cybersecurity"
In the age of the mega-hack, a cyber protection industry percolates.

September 2, 2015
States taking steps to bolster cybersecurity
Two governors this week took executive action to improve their states’ cybersecurity defenses.

September 1, 2015
Do boards of directors actually care about cybersecurity?
Survey says business leaders probably don’t care as much about cybersecurity as they say they do

August 31, 2015
GSA Seeks Industry Input on Cybersecurity Schedule Offerings
Earlier this month, the U.S. General Services Administration (GSA) issued a Request for Information (RFI) soliciting feedback from industry on ways to improve the sale of Cybersecurity and Information Assurance (CyberIA) products and services through GSA’s multi-billion dollar Information Technology (IT) Schedule 70. - See more at: http://www.natlawreview.com/article/gsa-seeks-industry-input-cybersecurity-schedule-offerings#sthash.dYH6Y8vn.dpuf

August 28, 2015
Court ruling leads to fears of FTC litigation on cybersecurity
Industry groups are worried that an appeals court ruling giving the Federal Trade Commission permission to sue for shoddy cybersecurity will result in overregulation.

August 27, 2015
Military leaders warn U.S. is falling behind in cybersecurity
The United States is at risk of falling behind its enemies in the field of cybersecurity, military leaders said this week.

August 26, 2015
The 22 Amendments That Could Determine the Fate of the Senate's Cybersecurity Bill
After a brief but heated battle, senators packed up for summer recess early this month without voting on a key cybersecurity bill. In announcing that the bill's consideration would be delayed, Majority Leader Mitch McConnell lined up 22 amendments that will get a vote when the bill comes up again in the fall, a product of intense negotiations over the bill's fate.The latest research from MarketResearch.com forecasts the global cybersecurity market to jump from $106.32 billion in 2015 to $170.21 billion by 2020.

August 25, 2015
Cybersecurity Market Expected To Lock Down $170B
The latest research from MarketResearch.com forecasts the global cybersecurity market to jump from $106.32 billion in 2015 to $170.21 billion by 2020.

August 24, 2015
With a Major Cybersecurity Job Shortage, We Must Act Like We Are at War
Recently, the Internal Revenue Service revealed the data breach that happened in May via the agency’s “Get Transcript” program affected three times as many users as originally reported -- 334,000 accounts in all.

August 21, 2015
Survey Roundup: Execs Lack Confidence in Cybersecurity Plans
A survey of 100 security executives by Raytheon Cyber Products/Websense found 63% of respondents said their organization had suffered one or two breaches in the past year.

August 20, 2015
White House cybersecurity czar: Threat awareness has improved, but protection hasn't
Federal agencies are increasingly engaged in cybersecurity issues and understand they have something to protect, said the White House's cybersecurity czar, but he added that most agencies, like their private-sector counterparts, are not protecting themselves as well as they should.

August 19, 2015
Cybersecurity IPOs: two biggies to report... for now
Rapid7 and Sophos go IPO while many cybersecurity firms pursue M&A and investments.

August 18, 2015
Gaming Industry Seek Tougher Federal Cybersecurity Policies
Cyberscecurity is a growing concern after a number of large companies lost customer data during breaches in recent years.

August 17, 2015
Defense Spending Red Tape Endangers Cybersecurity
The Navy is using Windows XP because complicated spending rules have prevented a better upgrade.

July 10, 2015
The Dinosaurs Of Cybersecurity Are Planes, Power Grids And Hospitals
As we continue down the path toward complete connectivity — in which all devices, appliances and networks connect to each other and the Internet — it is evident that much of our longstanding technology can no longer keep up.

July 9, 2015
DHS Secretary: 'Federal Cybersecurity Is Not Where It Needs To Be'
Department of Homeland Security Secretary Jeh Johnson on Wednesday reaffirmed his goal to make the latest version of a cybersecurity intrusion detection and prevention platform -- known as EINSTEIN 3A -- available to all federal civilian agencies by the end of 2015

July 8, 2015
Steven LaFountain: Working to increase the cybersecurity talent pipeline
This summer, approximately 1,300 middle and high school students plus a number of K-12 teachers will attend cybersecurity camps at universities in 18 states, learning about online threats, basic cyber defenses and the ethics of operating in the virtual world.

July 7, 2015
New Cybersecurity Council backs info sharing legislation
Information sharing legislation has stalled in the Senate but that hasn't stopped government and industry from collaborating on cybersecurity issues.

July 6, 2015
When hackers get hacked: Hacking Team falls prey to hack attack.
Emails, passwords, and client lists were dumped online over the weekend as controversial Italian company Hacking Team found itself victim of a massive hack.

July 3, 2015
Cybersecurity legislation only a partial solution
The shocking truth is that only about 6 percent of healthcare data breaches to date are the work of hackers.

July 2, 2015
GAO sees room for improvement in bank cyber security exams
U.S. banking regulators must hire and train more examiners with technology expertise so they can give more useful cyber security recommendations to small and mid-sized banks, a federal watchdog agency has warned.

July 1, 2015
Doctors See Big Cybersecurity Risks, Compliance as Key for Hospitals
Cybersecurity and healthcare IT are both burgeoning areas of business. Put them together and you have a volatile mix of emerging technologies, security and privacy risks, and regulatory requirements—but also a lot of opportunity for growth and improvements.

June 30, 2015
When It Comes to Cybersecurity, Millennials Throw Caution to the Wind
Studies show young adults' risky online behaviors leave them more prone to cyber threats.

June 29, 2015
New tactics for improving critical infrastructure cybersecurity pushed by MIT consortium
The MIT Sloan School of Management has launched a consortium that touts interdisciplinary research and cooperation as keys to improving cybersecurity.

June 26, 2015
CIOs seek cybersecurity solutions, bigger voice in C-suite
Tech chiefs come together to sift through security issues, ranging from cybersecurity to budgets to CISO roles.

June 25, 2015
Military Branches Assemble to Break Ground on National Cybersecurity Strategy
The nation's best defense in cyberspace involves not only the military but private citizens and corporations, top security planners said in a closed-door meeting at the U.S. Army War College.

June 24, 2015
Officials Masked Severity Of Hack
OPM definition of hack allowed administration to initially deny security records were stolen; FBI suspects China was behind breach

June 24, 2015
Why Most Cybersecurity Activity Happens Outside the CISO’s Office
Most corporate cybersecurity efforts happen outside the official security department, says James Kaplan, a partner at McKinsey & Co. and co-author of “Beyond Cybersecurity: Protecting Your Digital Business.” Critical cybersecurity work touches all areas of a company, including risk management and application development, Mr. Kaplan said. He stopped by The Wall Street Journal’s office to discuss the current state of cybersecurity and how it can be more effective.

June 23, 2015
China says up to United States to resume cyber security talks
It is up to the United States to create conditions to resume regular talks on cyber security, China's foreign ministry said on Tuesday, as the two countries began three days of high-level meetings in Washington.

June 22, 2015
Money hasn't solved all our cybersecurity problems
Video report of expenditures by government and by private sectors.

June 19, 2015
This terrifying chart explains why cybersecurity is such a big problem for the government
The massive breach of Office of Personnel Management systems that compromised the personal data of millions of Americans is still making headlines. But behind those headlines is a much bigger story about the government's systematic failure to protect itself from cybersecurity risks that have expanded at an alarming rate.

June 18, 2015
Breach Defense Playbook, Part 4: Reviewing Your Cybersecurity Program
Most organizations are involved in a cyclical process of enhancing their cybersecurity posture focused around their sensitive data and processes. While enhancement involves roadmaps and milestones, a key element should also be evaluating your cybersecurity people, processes, and technology with the purpose of making transitional changes from a current state to a more secure future state.

June 17, 2015
Federal CIO says 'digitization of everything' will help enhance cybersecurity across government
The federal government's top technology official said June 15 that "the digitization of everything" will help accelerate a new technological model that infuses cybersecurity as a core component.

June 16, 2015
Cybersecurity stocks hit high; Goldman sees more
Cybersecurity stocks surged to an all-time high Friday as the U.S. government continues to investigate the possibility that Social Security numbers for every federal employee were stolen by hackers.

June 15, 2015
Feds on '30-day sprint' to better cybersecurity
As news of the full scope of the breach of Office of Management and Budget systems emerges, Federal CIO Tony Scott launched a government-wide Cybersecurity Sprint on June 12, giving agencies 30 days to shore up their systems.

June 12, 2015
Senate Rejects Measure to Strengthen Cybersecurity
On the heels of a vast breach of the personal information of federal employees, the Senate failed Thursday to advance a cybersecurity measure, the third time in three years that a bipartisan effort to tackle the problem has fallen victim to procedural actions.

June 11, 2015
Kaspersky Lab cybersecurity firm is hacked
Kaspersky Lab said it believed the attack was designed to spy on its newest technologies. It said the intrusion involved up to three previously unknown techniques. The Russian firm added that it was continuing to carry out checks, but believed it had detected the intrusion at an early stage. Although it acknowledged that the attackers had managed to access some of its files, it said that the data it had seen was "in no way critical to the operation" of its products.

June 10, 2015
Mitch McConnell tries to turn the tables on Dems with cyber bill
Senate Majority Leader Mitch McConnell is firing back at Senate Democrats’ procedural threats — by daring them to oppose a cybersecurity bill just days after a massive attack on the federal government’s computer systems was revealed. On Tuesday, McConnell announced his strategy to link the cybersecurity measure to a sweeping defense policy bill that’s now on the Senate floor. That could make it harder for Democrats to oppose the underlying bill, which they say uses a budget gimmick to boost defense funding.

June 9, 2015
Obama: U.S. Cybersecurity Problems Will Get Worse
The U.S. government has long known about its cybersecurity vulnerabilities, and the problem is only getting worse, President Barack Obama said Monday. "We have known for a long time that there are significant vulnerabilities, and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector," Obama said at news conference from the Group of Seven summit in Germany.

June 8, 2015
HackerOne turns hacking into legitimate, lucrative work
In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. They found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter, and 95 other companies’ systems. They called their list the Hack 100. When they alerted executives of those companies, about a third ignored them. Another third thanked them, curtly, but never fixed the flaws, while the rest raced to solve their issues. Thankfully for the young hackers, no one called the police.

June 5, 2015
US believes China behind cybersecurity breach affecting at least 4M federal employees
Hackers based in China are believed to be behind a massive data breach that could have compromised the personal data of at least 4 million current and former federal employees, U.S. officials said late Thursday.

June 4, 2015
Boston cybersecurity teams win a spot in Highland Capital’s pilot accelerator
Earlier this year, Highland Capital announced that in addition to hosting its competitive Summer@Highland accelerator in San Francisco this summer, it would also partner with a pair of MIT PhD students to launch a pilot accelerator in its Cambridge office specializing in cybersecurity startups. The program, Cybersecurity Factory, is being organized by Jean Yang and Frank Wang, and has just announced the two winning teams, both of which are Boston-based companies working on cloud encryption technology.

June 3, 2015
OVERNIGHT CYBERSECURITY: Senate finally passes NSA reform
It's finally over. The Senate on Tuesday sent legislation reforming the nation's surveillance laws to President Obama's desk. The 67-32 vote for the USA Freedom Act came more than 36 hours after three parts of the Patriot Act expired, forcing the National Security Agency (NSA) to wind down its bulk collection of U.S. phone data. The bill will essentially end the phone data collection program altogether.

June 2, 2015
The Power And Problem Of Privilege In Cybersecurity
All identities are not created equal. There are regular users. And then there are superusers, people who wield far greater access and privilege in the organization’s IT environment.

June 1, 2015
DoD slow to implement new rules on cybersecurity breaches
It's now been almost two years since the Defense Department issued a final rule requiring contractors to inform the government when their systems have been involved in cybersecurity breaches and that government technical data has been stolen.

May 29, 2015
NYSE and Veracode Reveal Surprising Results From Board Cybersecurity Survey
66% Are Not Confident Their Companies Are Properly Secured Against Cyberattacks

May 28, 2015
China cybersecurity plan aims to protect state secrets: official paper
China will prepare a five-year cybersecurity plan to protect state secrets and data, the official China Daily said on Thursday, citing a senior official of the Ministry of Industry and Information Technology.

May 27, 2015
A growing threat: Car hacking
A string of high-profile hacks — the most recent on President Obama’s personal email account — have made cybercrime an ever-growing concern in the United States. Despite the publicity, most people still think of hacking as something which is done only to information systems like computers and mobile devices. In reality, hacking is no longer confined to the information world. The level of automation in modern physical systems means that even everyday automobiles are now vulnerable to hacking.

May 26, 2015
What the security industry can learn from the World Health Organization
The discovery of computer bugs can be marketing boons for cybersecurity firms. But one critic says the industry should take a page from the health profession and select names for flaws that aren't designed to stoke fear or generate buzz.

May 25, 2015
Division of Investment Management Issues Cybersecurity Guidance-- Securities and Exchange Commission
On April 28, 2015, the staff of the Division of Investment Management of the SEC published a Guidance Update addressing cybersecurity risks and the need for funds and advisers to protect confidential and sensitive information concerning fund investors and advisory clients.

May 22, 2015
IEEE Cybersecurity Initiative Releases “Building Code for Medical Device Software Security”
IEEE, the world's largest professional organization dedicated to advancing technology for humanity, today announced the release of Building Code for Medical Device Software Security, a set of guidelines to help companies establish a secure baseline for software development and production practices of medical devices. Authored by leading security research scientists Tom Haigh and Carl Landwehr, Building Code for Medical Device Software Security provides the blueprint to reduce or eliminate vulnerabilities that adversaries can exploit to gain access to medical devices.

May 21, 2015
DoJ Calls On Private Sector to Strengthen Cybersecurity
The U.S. Department of Justice is stepping up its program to engage more actively with the private sector on dealing with cybercrime and cybersecurity breaches.

May 20, 2015
Toward Omniscient Cybersecurity Systems
CISOs need an all-knowing central system to truly address their cybersecurity monitoring, diagnostics, and operations need

May 19, 2015
CyberFed Encourages Women to Become more Involved in Cybersecurity
Men have long dominated the technology industry and the Cybersecurity Competition Federation (CyberFed) seeks to close that gender gap. To educate and inspire women to participate in cybersecurity competitions, CyberFed produces The CyberFed Show to showcase more women in the cybersecurity sector.

May 18, 2015
Inflated Cybersecurity Threat Escalates US-China Mistrust
The rhetorical spiral of mistrust in the Sino-American relationship threatens to undermine the mutual benefits of the information revolution. Fears about the paralysis of the United States' digital infrastructure or the hemorrhage of its competitive advantage are exaggerated. Policymakers in the United States often portray China as posing a serious cybersecurity threat. In 2013 U.S. National Security Adviser Tom Donilon stated that Chinese cyber intrusions not only endanger national security but also threaten U.S. firms with the loss of competitive advantage.

May 15, 2015
What is ‘cybersecurity law’?
Cybersecurity has become a big deal. Corporations have begun to worry about cybersecurity risks. In response, some major law firms have recently established or significantly bolstered practice groups in cybersecurity law. If you look closely, though, there isn’t much clarity about what ‘cybersecurity law’ actually means. In this post, I thought I would explain what I think of as the field of cybersecurity law.

May 14, 2015
For hackers, people are an IT system’s weak link
As big businesses spend millions of dollars to plug holes in their technology and block cyber criminals from databases of private consumer information, hackers are increasingly targeting a different weakness: employees. They are sending official-looking e-mails to large health systems, banks, retailers, and vendors to try to trick employees into giving up passwords or other credentials. Armed with employee passwords, criminals can access mines of sensitive information and use it to steal identities and commit fraud. That is how data from about 3,300 patients was breached last year at Partners HealthCare. Several employees responded to so-called phishing e-mails and mistakenly allowed access to patient names, addresses, health insurance information, and Social Security numbers. It turns out that tricking an employee to give up a password is easier than hacking, cyber-security specialists said.

May 13, 2015
Women In Security Speak Out On Why There Are Still So Few Of Them
They're now CISOs, security officials in DHS and the NSA, researchers, and key players in security -- but women remain a mere 10% of the industry population. It's a perplexing -- and sometimes annoying -- question nearly every female information security professional hears over and over again: why are there still so few women in their field? Just 10% of information security pros worldwide are women today, according to the latest data from (ISC)2, despite the fact that women are getting more high-profile roles in the industry and that there are job opportunities aplenty. It's a reality that confounds and frustrates many women in the industry, who today represent a mix of researchers, chief information security officers, executives, and top government cyber security leaders.

May 12, 2015
Quantum computing is about to overturn cybersecurity’s balance of power
“Spooky action at a distance” is how Albert Einstein described one of the key principles of quantum mechanics: entanglement. Entanglement occurs when two particles become related such that they can coordinate their properties instantly even across a galaxy. Think of wormholes in space or Star Trek transporters that beam atoms to distant locations. Quantum mechanics posits other spooky things too: particles with a mysterious property called superposition, which allows them to have a value of one and zero at the same time; and particles’ ability to tunnel through barriers as if they were walking through a wall.

May 11, 2015
Whistleblower accuses cybersecurity company of extorting clients
A cybersecurity company faked hacks and extorted clients to buy its services, according to an ex-employee.

May 8, 2015 ACSC
What’s new in the U.S. cyber strategy
The Department of Defense has just issued a new cyber strategy, which perhaps provides the best public presentation of how the United States thinks about cybersecurity. As always with these documents, what is left out is as important as what is put in. So how has U.S. strategic thinking about cybersecurity changed in the post-Snowden era?

May 7, 2015 ACSC
Valuable Federal Cybersecurity Training for Critical Infrastructure Organizations
Last week I wrote two blogs about cybersecurity, critical infrastructure organizations, and the US government. In the first blog, I mentioned some ESG research stating that 76% of cybersecurity professionals working at critical infrastructure organizations were somewhat or very unclear about the US government’s cybersecurity strategy (note: I am an ESG employee). In spite of this confusion, 83% of these same cybersecurity pros want to see the feds become more active with cybersecurity programs and defenses.

May 6, 2015
Cybercriminals borrow from APT playbook in attack against PoS vendors
Cybercriminals are increasingly copying cyberespionage groups in using targeted attacks against their victims instead of large-scale, indiscriminate infection campaigns. This change in tactics has been observed among those who launch attacks, as well as those who create and sell attack tools on the underground market. A recent example of such behavior was seen in a cybercriminal attack against vendors of point-of-sale systems that researchers from RSA documented last week.

May 5, 2015
16 World Renowned IT Security Experts Provide Their Website Security Tips and What You Should NEVER Do
Everyone – including the experts – makes mistakes when it comes to information security. Whether it’s failing to properly secure your website for customers, or not implementing effective password managers, minor cybersecurity gaps can rapidly evolve into a much more serious security incident. As security experts from around the globe gather for the annual RSA Conference in San Francisco, Distil Networks has compiled a list of tips and things you should NEVER do.

May 4, 2015
Once a field of self-taught hackers, cybersecurity education shifts to universities
Over the past year, colleges and universities across the country have received millions in funding from the government and foundations to launch cybersecurity initiatives. The result is a stark change for an industry made up of programmers who have often learned by trial and error.

May 1, 2015
Partners HealthCare Notifies 3,300 Patients of Email Breach
Boston-based nonprofit health care system Partners HealthCare is notifying about 3,300 patients about a security breach.

April 22, 2015
Raytheon VP: New cybersecurity joint venture will be 'formidable' against breaches
Obama signed an executive order today authorizing a program of sanctions to battle digital assaults coming from overseas. While the order seems aimed at the Chinese, it might also be the president's most successful tool for thwarting cyberattacks.

April 1, 2015
Opinion: Sanctions may be Obama's best idea yet to battle cyberattacks
Obama signed an executive order today authorizing a program of sanctions to battle digital assaults coming from overseas. While the order seems aimed at the Chinese, it might also be the president's most successful tool for thwarting cyberattacks.

March 26, 2015 ACSC
Guest Opinion: UMass is a line of defense from cyber-attacks
One way we can move forward in Massachusetts is in partnership with the Advanced Cyber Security Center, a four-year-old industry, higher education and government consortium that seeks to ensure that Massachusetts has the research and educational strengths it needs to be a global cybersecurity leader.

March 26, 2015
Citigroup Report Chides Law Firms for Silence on Hackings
Every month it seems another American company reports being a victim of a hacking that results in the theft of internal or customer information. But the legal profession almost never publicly discloses a breach.

March 25, 2015 ACSC
The race to build the Silicon Valley of cybersecurity
“We certainly think we have the resources and capabilities to be one of those centers of gravity [in cybersecurity],” Benway says. “We think we are one of the centers of gravity. We do have the right mix of assets and resources to be a national leader in cybersecurity.”

March 12, 2015 ACSC
Sell By Date: Research Finds Stolen Data is a Perishable Commodity
Nagourney’s research was funded by a grant from the National Science Foundation (NSF) and the Advanced Cyber Security Center (ACSC). Her findings were first presented in September 2014 at a Workshop on Cybersecurity Risk Analysis for Enterprises, held at the Sloan School at MIT.

March 12, 2015 ACSC
Charlie Baker cites increase in cyber attacks in Mass.
Yet the number of professionals in the field in Massachusetts is not enough to meet the demand, said Charlie Benway, executive director of the Advanced Cyber Security Center, a Bedford nonprofit consortium Mass Insight established in 2011.

March 12, 2015 ACSC
Security expert: Sharing is caring in fending off cyber attacks
Mick Costa, who works in cyber security for the Federal Reserve Bank of Boston, also works with a nonprofit consortium called the Advanced Cyber Security Center of Massachusetts, an outfit that educates businesses and organizations about cyber attacks. Costa spoke to North Shore business leaders Thursday at the North Shore Chamber of Commerce’s business expo, which featured 100 exhibitors at the DoubleTree by Hilton Boston North Shore.

March 11, 2015
Baker outlines email habits, touts cybersecurity as job base
The use of a personal email account by a high-ranking government official has also prompted questions about security. Baker may not be operating his own email server out of his Swampscott home, but on Wednesday in a speech to Mass Insight’s Global Massachusetts 2024 conference the governor highlighted cyber security as a “major challenge” in the digital age.

March 9, 2015
Akamai CSO takes a creative approach to finding security pros
Andy Ellis, chief security officer at Akamai, doesn't try to hire perfect candidates. Here’s why.

March 9, 2015 ACSC
Shortage of security pros worsens
“The size and scope of the problem has grown dramatically as the threat has increased and as we've seen more high-profile breaches,” says Charlie Benway, executive director of the Advanced Cyber Security Center (ACSC).

March 1, 2015
How Superfish’s Security-Compromising Adware Came to Inhabit Lenovo’s PCs
Until its advertising software was discovered deep inside Lenovo personal computers two weeks ago, a little company called Superfish had maintained a surprisingly low profile for an outfit once named America’s fastest-growing software start-up.

February 27, 2015
The Growing Cyber Threat
The “frequency, scale, sophistication, and severity” of cyber attacks against the United States are increasing from “profit-motivated criminals, ideologically motivated hackers or extremists, and variously capable nation states like Russia, China, North Korea, and Iran,” said James Clapper, director of national intelligence, during testimony before the Senate Armed Services Committee on Thursday.

February 24, 2015
Veracode CEO Bob Brennan on cyber threats (Video)
Bob Brennan, CEO of Burlington-based cybersecurity firm Veracode, talks about the state of cyber threats to companies worldwide and locally, and what his company can do to help. Video by Chen Shen, special to the Boston Business Journal.

February 20, 2015
Windows SSL Interception Gone Wild
This week researchers found that newer Lenovo laptops shipped with pre-installed software made by Superfish. The discovery is the latest reminder that our collective security depends on one another more than ever. As the news quickly rippled out, our Threat Infrastructure team at Facebook began performing an analysis of the details. Given our strong belief in the value of openness in security and learning from one another, we summarized some of our findings below to help guide future research on the subject.

February 17, 2015 ACSC
Security, Privacy and the Law Update on President Obama’s “Summit on Cybersecurity and Consumer Protection,” Part II: The Executive Order
As a follow up to our summary of the key takeaways from the White House’s first Summit on Cybersecurity and Consumer Protection, the centerpiece of which was President Obama’s signing of a new Executive Order, “Promoting Private Sector Cybersecurity Information Sharing,” what follows is an analysis of that Order.

February 12, 2015
Obama to encourage companies to share cyber threat data
Businesses are unlikely to share a lot of timely and "actionable" cyber intelligence without liability relief, said Mike Brown, a vice president with the RSA security division of EMC Corp.

February 11, 2015 ACSC
Security expert Michael Chertoff discusses cybersecurity challenges, solutions
Michael Chertoff, who served as secretary of the U.S. Department of Homeland Security from 2005-2009, will deliver the first University of Delaware Cybersecurity Initiative Distinguished Lecture on Feb. 10.

January 30, 2015 ACSC
Press Release: Cyber Security and Financial Stability
Founding member of the ACSC and President & CEO of the Federal Reserve Bank of Boston Eric S. Rosengren discusses Cyber Security and Financial Stability in Cape Town, South Africa on January 30, 2015

January 26, 2015 ACSC
Massachusetts’ profile as an innovator could reach new levels
Cybersecurity is another natural opportunity for a research center of excellence. Already a nonprofit consortium, the Advanced Cyber Security Center, has been launched, situated in Bedford, bringing together experts from industry, universities, and government to address cybersecurity threats. In robotics, Massachusetts has a fast-growing cluster, including some of the leading companies in the world.

January 21, 2015 ACSC
Obama’s Former Privacy Director Decries America’s Data Security
While legislation can offer liability protection, the need for such protection as an incentive for sharing has been exaggerated. Companies can and do already share confidential threat information under the protection of nondisclosure agreements. The Advanced Cyber Security Center, based in Boston, is one such sharing arrangement. It includes companies like Pfizer, State Street, and RSA/EMC Corporation along with with the Federal Reserve Bank of Boston and the Commonwealth of Massachusetts.

January 12, 2015
Cybersecurity startup scene in Boston is 'frothy,' RSA exec says
The cybersecurity startup scene in the Boston area could be summed up in one word: "frothy."

January 11, 2015
Obama to Call for Laws Covering Data Hacking and Student Privacy
President Obama on Monday called for federal legislation intended to force American companies to be more forthcoming when credit card data and other consumer information are lost in an online breach like the kind that hit Sony, Target and Home Depot last year.

January 8, 2015 ACSC
ACSC In The News
2014 was a pivotal year for media coverage of cybersecurity. Pervasive data breaches at major retailers and other institutions garnered consistent headlines across both trade media as well as mainstream press. For its efforts to facing pervasive cyber challenges, ACSC also received positive coverage in 2014 culminating in a Boston Business Journal op-ed piece on cyber resiliency and a feature story in Network World that highlights the ACSC and its direction in 2015.

January 5, 2015 ACSC
What Should the 114th Congress Do About Cybersecurity in 2015?
Rather than throw cybersecurity education funding at Congressional districts, we need to invest strategically in centers of excellence like the Massachusetts-based Advanced Cybersecurity Center which brings together private sector, public sector, and leading academic institutions.