ACSC Press Releases
Below are our latest press releases, and you can also click on the year to look through our archives.
Advanced Cyber Security Center Report Identifies Need for Board-Level Cyber Risk Management Standard
The Advanced Cyber Security Center (ACSC) today announced the findings of its first annual effective practice report, “Leveraging Board Governance for Cybersecurity, The CISO / CIO Perspective,” which calls for Boards to be active governance partners in “collaborative cyber defense.”
The ACSC had a busy first half of 2018 executing across all three of our primary focus areas - collaborative defense, workforce development, and public policy. Our members are active and involved in our workshops, forums and research and contribute critical and compelling insights to our monthly meetings. This information sharing with peers and across multiple sectors provides significant value to our members, particularly through the opportunities discussed below.
The ACSC works with industry, government and academic experts to explore strategies for strengthening election security and campaign reputation management.
Seasoned cyber security and technology executive compliments executive leadership on regional cyber security collaborative.
Lisa Johnson brings her 10 years of marketing, content, and event experience to the ACSC community.
ACSC Survey Finds Massachusetts Residents Deeply Concerned Over Privacy and Control of Personal Data
The Advanced Cyber Security Center (ACSC) today announced the results of a cyber security public opinion survey that finds Massachusetts residents deeply concerned over privacy and the control of their personal data. Titled “Cyber Security Post Equifax: Perceptions and Priorities from Massachusetts Residents,” the study examines public opinion on consumer and privacy matters related to cyber security.
The ACSC was invited to speak at the recent HIMSS Healthcare Security Forum (Boston, Sept. 11-13), the only peer-to-peer networking event focused on healthcare’s unique privacy and security challenges and threats. ACSC Executive Director Michael Figueroa took to the stage for a session titled “Getting Past Blame, offering a community strategy for hacking security.”
The 2017 Advanced Cyber Security Center (ACSC) Annual Conference will take place from 8:00 am to 5:30 pm on Thursday, November 2, at the Federal Reserve Bank of Boston. The event brings together more than 200 executives and experts from the region’s industry, investor, university, and government organizations to address best practices for combatting the most advanced cyber threats.
The ACSC supported the Army National Guard by hosting a cyber seminar as part of Exercise Cyber Yankee at Joint Base Cape Cod, a training exercise designed to simulate a cyber attack.
While Edward Snowden's leaks damaged US national security, the disclosures also led to crucial surveillance reforms. A pardon would signal to the world the US has learned from its mistakes and respects internet freedom, privacy, and human rights.
Secretary of Homeland Security Jeh Johnson said he's considering whether to designate the US election system as critical infrastructure, which could trigger greater cybersecurity at the ballot box.
The government is putting additional weight behind recruiting and retaining talent for information security jobs.
Cybersecurity budgeting should start with a holistic and comprehensive risk assessment. Once all threats and vulnerabilities are listed and prioritized, companies can proceed to properly managed RFP to select right security controls. A security control shall assure appropriate, efficient and continuous risk mitigation in accordance to corporate risk strategy and risk appetite. However, in reality things happen in much different and less effective way.
Cyberattacks on the country’s largest banks, from JPMorgan Chase & Co. to Bank of America Corp., grab the headlines. But the Federal Reserve Bank of Boston and other regulators worry that smaller banks, with less robust cybersecurity, provide easier targets for criminals, terrorists, and foreign states seeking to infiltrate the US financial system.
Defense Secretary Ashton Carter will visit a crucial front this week in the war the Pentagon considers its greatest potential threat: cyberspace.
Exelon Corp. and other major U.S. power producers are in discussions with regulators and stakeholders on a detailed plan for preventing and responding to cyberattacks designed to disrupt the country’s electric system.
BlackBerry is not the smartphone powerhouse it used to be, but it’s been making a concerted effort to hold on to its position as a go-to place for enterprise customers, specifically in highly secure environments. As part of that strategy, today the company announced that it has acquired Encription Ltd, a cybersecurity consultancy that delivers services globally but operates “from a secure location in Worcestershire” in the UK.
Team8, a cybersecurity startup based in Israel, said Tuesday it raised $23 million. The Series B round of financing includes investors AT&T T -0.33% , Accenture ACN -0.70% , Nokia NOK -1.78% , Japanese conglomerate Mitsui, and Singaporean government-owned Temasek.
More than 1.3 million Massachusetts residents had personal information compromised last year by cybercriminals, careless workers, and old-fashioned crooks, a fourfold increase from 2014 and the most since the state began tracking data breaches in 2007.
Hollywood Presbyterian Medical Center is the target on an ongoing cyberattack that has limited doctors' ability to access patient records.
Hollywood Presbyterian Medical Center is the target on an ongoing cyberattack that has limited doctors' ability to access patient records.
With cybersecurity becoming a topic of ever-increasing visibility and importance, information security professionals ask what protection they have when they make potentially unpopular disclosures of cybersecurity issues.
It is the first volume in the ABS CyberSafety™ series, which covers best practices in four key areas: cybersecurity, automated systems safety, data management and software assurance.
Without adequate resources, the new Cybersecurity Act of 2015 Act is merely a snapshot in time that does little to safeguard sensitive medical information.
These questions originally appeared on Quora - the knowledge sharing network where compelling questions are answered by people with unique insights. Answers by Ed Felten, Deputy U.S. Chief Technology Officer, on Quora.
The Homeland Security official discusses the potential impact of recent legislation
The cybersecurity of connected vehicles was called 'a massive future security problem just around the corner.'
'Thieves no longer need a crowbar to break into your car, they just need an iPhone,' says Sen. Markey
Here are the best ways to tackle security issues in your hospital.
At the end of a get out the vote campaign event in New Hampshire on Wednesday, Hillary Clinton was asked about her plans for protecting cyber security.
That “giant sucking sound” that can be heard is the tangled monster of data security and privacy issues pulling “all lawyers with expertise” into its grip, Juliet M. Hanna, associate general counsel at Fannie Mae, told attendees of the LegalTech conference in New York Tuesday.
Investors have been pouring money into companies selling “next-generation” security products.
The U.S. Food and Drug Administration today issued a draft guidance outlining important steps medical device manufacturers should take to continually address cybersecurity risks to keep patients safe and better protect the public health. From 1/15/16
It’s old news by now that Republican presidential candidate Ben Carson—despite his medical degree—has a tenuous relationship with science. So I didn’t exactly have great expectations for his campaign’s cybersecurity plan, modestly titled “Prescription for Winning the 21st Century Cyberspace Race.” To be honest, I wasn’t expecting a dedicated cybersecurity plan at all, much less an op-ed dedicated to the topic by Carson in Re/code this week.
The U.S. federal government, big banks, and big businesses are spending big bucks in a war against hackers and cyber criminals.
Brown University’s School of Professional Studies announces a new 16-month program leading to an Executive Master in Cybersecurity degree. Enrollment is underway for the fall session of the new degree program, created for individuals with five to 15 years of managerial experience and responsibility for information security.
Cybersecurity is one of the hottest fields in technology. And that means there’s plenty of competition for bright young people with the right skills. Government agencies are trying to improve their recruitment of these in-demand graduates by bankrolling scholarships for digital security students, including a new program at UMass Amherst. The $4.2 million grant-funded initiative will help train up to 28 students in cybersecurity at the school for two years each, beginning this fall.
President Barack Obama is set to sign the most substantial piece of cybersecurity legislation in years, after an intense sprint of 24/7 negotiations managed to get the bill ready in time to be attached to the government spending measure the House and Senate approved Friday.
A number of former senior national security officials are urging that the government embrace the move to strong encryption by tech companies — even if it means law enforcement will be unable to monitor some phone calls and text messages in terrorism and criminal investigations.
Twitter has begun notifying account holders who the company believes are being targeted by state-sponsored hackers, following in the footsteps of Google and Facebook as government-hired cyber spies continue to set their sights on social media.
Though often discussed in highly technical terms, cybersecurity and safeguarding patient data are arguably more human-centric than anything. The root cause of breaches is usually human error — an employee who falls for a phishing scam or shares a password, for example. Research from IBM shows 95 percent of all security incidents involve human error.
Both the public and private sector are finding the guide to be a vital tool.
In the wake of terrorist attacks in California and Paris, Sens. Dianne Feinstein and Richard Burr are reviving a controversial proposal requiring social media sites report terrorist activity to federal authorities.
Lockheed Martin Corp. has been planning to sell off or spin off its roughly $4 billion government information technology business since earlier this year. That would include its Cybersecurity unit.
The two countries aim to set up a ‘hotline mechanism’ for cybersecurity concerns and are taking other steps to discourage criminal hacking.
A proposed law meant to encourage companies to share information about cyberthreats with the U.S. government includes measures that could significantly limit what details, if any, the public can review about the program through federal and state public records laws.
THE VAST stores of digital information generated by everyday lives—communications data, CCTV footage, credit-card records and much more—are now yielding invaluable clues about the terrorist attacks in Paris and are helping guide the hunt for the surviving plotters. But prevention is better than cure. The attacks have highlighted the failure of the authorities to share information across borders and agencies. How can this be improved?
Cybersecurity company iSight has discovered a new malware virus that is able to entrench itself so deeply into point-of-sale systems that it will be overlooked by most antivirus software. The firm states that the new form of attack is the most advanced that it has ever seen.
With the ongoing and seemingly never-ending flood of cyberattacks, companies and governments the world over need experienced, skilled professionals to protect, defend, and strike back. But how do you get into the lucrative cybersecurity career? David Gewirtz has some advice.
Forget systems … it’s your own people who are your greatest security threats. Luckily, and with training, they can also be your first line of defense.
Microsoft CEO Nadella talks of company's role in an ‘ecosystem,’ saying partnerships and top-to-bottom protection and detection critical to battle emerging security threats.
The State Department is not meeting federal information security requirements, potentially endangering the sensitive data it protects, according to an audit commissioned by the agency’s inspector general.
Organizations must move beyond misaligned goals, poor collaboration, and organizational intransigence that hamper cybersecurity efforts at enterprise organizations.
Benchmark surveys: GCs, executives not prepared to defend against cyberbreaches - key protective steps
Although cybersecurity has become a more prominent issue for executives and boards of directors, three recent benchmark surveys − the BDO Board Survey, the 2015 Consero Group’s General Counsel Data Survey, and the 2015 US State of Cybercrime Survey − indicate that a number of cyber-preparedness gaps remain.
The severe shortage of cybersecurity talent is leaving the U.S. vulnerable to attacks. Women, in particular, are key to closing the security skills gap.
Attendees of the ACSC Annual Conference voted for the top two student innovations presented during the ACSC Cybersecurity Poster Session
Here’s a call out to Cooper and Kelly – two the most popular media figures covering the Republican and Democratic front runners: Get the candidates talking about cybersecurity.
New York regulators are considering a host of cybersecurity requirements for banks and insurers and urged other state and federal authorities to collaborate on establishing a framework of defenses for the financial sector.
If your cybersecurity strategy isn’t up to snuff, you could be exposing your business to financial ruin.
The Going Dark encryption debate surfaced again on Wednesday at a small security conference here, and as in previous iterations before larger technical audiences and even Congress, the issue continues to spin on a hamster wheel going nowhere.
Cybersecurity has been at the forefront of the news for several years. Coverage of the space usually focuses on a breach at a consumer-facing company, resulting in people’s credit cards, bank and personal records being stolen.
While an increasing number of companies have a basic data breach response plan in place, many plans do not cover important steps and executives lack confidence in their ability to manage a major breach, according to a new study.
The White House announced plans on Friday to modernize the federal government's out-of-date cybersecurity practices. Work has been underway for much of the Obama administration, but the Office of Personnel Management hack reported in June must have made it abundantly clear that things weren't progressing fast enough.
It took more than four years for the Senate to pass a cybersecurity bill. As the legislation grew stale amid compromise and contention on the Senate floor over the years, hackers continued to refine their criminal craft and develop more sophisticated methods of attack.
Yesterday, after more than a year of bickering, stalling and revising, the Senate passed its most significant cybersecurity bill to date 74–21.
Here are seven tips from Michael Kaiser, executive director of the National Cyber Security Alliance, to help you protect yourself and your private information.
Many companies need technology upgrades but are "starving" for the cash necessary to upgrade critical systems. That's the message from the author of a new study sponsored by the Georgia Tech Information Security Center.
Many companies need technology upgrades but are "starving" for the cash necessary to upgrade critical systems. That's the message from the author of a new study sponsored by the Georgia Tech Information Security Center.
The U.S. Senate on Tuesday began debating a long-delayed bill that would make it easier for corporations to share information about cyber attacks with each other or the government without concern about lawsuits.
It was heralded as the first concrete step taken by the United States and China on the thorny issue of online espionage.
Financial firms that have lax cybersecurity practices can expect a crackdown from regulators, the head of the Securities and Exchange Commission’s enforcement unit said Friday.
Federally funded education programs aren't effectively closing the cybersecurity skills gap, says panel
Some federally managed university education programs focused on cybersecurity cannot, in their current state, address the skills gap for operational cyber defense talent in the federal government, according to a report.
The administration has been pushing agencies to include more cybersecurity language in contracts, specifically in citing control standards like those advanced by the National Institute of Standards and Technology.
There can't be reliable cybersecurity insurance until companies can identify who is responsible for the continuous exploitation of stolen data, long-lasting attacks, and hardly-detectable APTs.
SecureWorks could begin trading by year-end and may be worth as much as $2 billion
According to the report, government can do more to explain and streamline different programs and scholarships available to students who want cyber skills.Tuesday, the Department of Homeland Security (DHS) Cybersecurity Strategy Act of 2015 (HR 3510) passed the House of Representatives which would direct the Secretary of the Department of Homeland Security to develop a departmental strategy to carry out cybersecurity responsibilities as set forth in law.
Tuesday, the Department of Homeland Security (DHS) Cybersecurity Strategy Act of 2015 (HR 3510) passed the House of Representatives which would direct the Secretary of the Department of Homeland Security to develop a departmental strategy to carry out cybersecurity responsibilities as set forth in law.
The Senate is expected to take up a bipartisan cybersecurity bill later this month aimed at thwarting more massive hack attacks against the federal government and American companies, the bill's lead sponsors announced Tuesday.
Reports show federal agencies are unprepared for hackers and pending legislation won't help much.
A U.S. Government Accountability Office report released Tuesday revealed that federal agencies are struggling to implement effective cybersecurity measures and policies, a notion that will surprise few.
Top officials from the Defense Department and the intelligence community told a Senate panel that defense and deterrence are two of the highest priorities for bolstering the nation’s cybersecurity capabilities. Deputy Defense Secretary Bob Work testified on cybersecurity policy and threats before the Senate Armed Services Committee, Sept. 29, 2015. Joining him were Director of National Intelligence James R. Clapper and Navy Adm. Mike Rogers, commander of U.S. Cyber Command and director of the National Security Agency.
Women account for just one out of 10 cyber security professionals, as the gender gap widened over two years in a male-dominated field with a drastic workforce shortage, a survey showed.
oday, President Obama, appearing with Chinese President Xi Jinping, announced that the United States and China had reached an agreement to curb "cyber-enabled theft of intellectual property" between the two countries
Efforts to craft legislation that would promote sharing cyberthreat information between the private sector and government – without jeopardizing privacy, civil liberties and leaving organizations vulnerable to liability – isn’t there yet, according to critics.
The Securities and Exchange Commission (SEC) settled charges Tuesday with an investment adviser that allegedly failed to properly protect its clients’ data in what might be a first-of-its-kind enforcement action.
Apple Inc. has removed some applications from its App Store after developers in China were tricked into using software tools that added malicious code in an unusual security breach.
A change in culture is needed to protect against threats in the rapidly changing cyber domain, the Defense Department's chief information officer said here yesterday.
With data breaches becoming an unfortunate everyday occurrence, cybersecurity is no longer just an IT issue. Legal departments, which have a need to protect sensitive information, such as employees’ and clients’ personally identifiable information and nonpublic corporate information, are increasingly becoming involved in data security issues as the universe of risk exposure expands.
The insurance industry has a key role to play in helping U.S. companies strengthen cybersecurity, a senior Treasury Department official said Thursday.
If Congress succeeds in pushing through CISA, neither the bill in its current form – nor any of the amendments – will do much to increase the effectiveness or timeliness of cybersecurity information sharing.
Although recent cyberattacks have affected U.S. agencies, one Congressman believes that the Army Cyber Command is completely prepared to take on any future hacks.
A security researcher at Google made public the fact he had cracked Kaspersky’s anti-virus product before revealing the details to the Russian company.
Boston listed as #4 cybersecurity epicenter
Survey says business leaders probably don’t care as much about cybersecurity as they say they do
Earlier this month, the U.S. General Services Administration (GSA) issued a Request for Information (RFI) soliciting feedback from industry on ways to improve the sale of Cybersecurity and Information Assurance (CyberIA) products and services through GSA’s multi-billion dollar Information Technology (IT) Schedule 70. - See more at: http://www.natlawreview.com/article/gsa-seeks-industry-input-cybersecurity-schedule-offerings#sthash.dYH6Y8vn.dpuf
Industry groups are worried that an appeals court ruling giving the Federal Trade Commission permission to sue for shoddy cybersecurity will result in overregulation.
The United States is at risk of falling behind its enemies in the field of cybersecurity, military leaders said this week.
After a brief but heated battle, senators packed up for summer recess early this month without voting on a key cybersecurity bill. In announcing that the bill's consideration would be delayed, Majority Leader Mitch McConnell lined up 22 amendments that will get a vote when the bill comes up again in the fall, a product of intense negotiations over the bill's fate.The latest research from MarketResearch.com forecasts the global cybersecurity market to jump from $106.32 billion in 2015 to $170.21 billion by 2020.
Recently, the Internal Revenue Service revealed the data breach that happened in May via the agency’s “Get Transcript” program affected three times as many users as originally reported -- 334,000 accounts in all.
A survey of 100 security executives by Raytheon Cyber Products/Websense found 63% of respondents said their organization had suffered one or two breaches in the past year.
Federal agencies are increasingly engaged in cybersecurity issues and understand they have something to protect, said the White House's cybersecurity czar, but he added that most agencies, like their private-sector counterparts, are not protecting themselves as well as they should.
Rapid7 and Sophos go IPO while many cybersecurity firms pursue M&A and investments.
Cyberscecurity is a growing concern after a number of large companies lost customer data during breaches in recent years.
As we continue down the path toward complete connectivity — in which all devices, appliances and networks connect to each other and the Internet — it is evident that much of our longstanding technology can no longer keep up.
Department of Homeland Security Secretary Jeh Johnson on Wednesday reaffirmed his goal to make the latest version of a cybersecurity intrusion detection and prevention platform -- known as EINSTEIN 3A -- available to all federal civilian agencies by the end of 2015
This summer, approximately 1,300 middle and high school students plus a number of K-12 teachers will attend cybersecurity camps at universities in 18 states, learning about online threats, basic cyber defenses and the ethics of operating in the virtual world.
Information sharing legislation has stalled in the Senate but that hasn't stopped government and industry from collaborating on cybersecurity issues.
Emails, passwords, and client lists were dumped online over the weekend as controversial Italian company Hacking Team found itself victim of a massive hack.
U.S. banking regulators must hire and train more examiners with technology expertise so they can give more useful cyber security recommendations to small and mid-sized banks, a federal watchdog agency has warned.
Cybersecurity and healthcare IT are both burgeoning areas of business. Put them together and you have a volatile mix of emerging technologies, security and privacy risks, and regulatory requirements—but also a lot of opportunity for growth and improvements.
Studies show young adults' risky online behaviors leave them more prone to cyber threats.
The MIT Sloan School of Management has launched a consortium that touts interdisciplinary research and cooperation as keys to improving cybersecurity.
Tech chiefs come together to sift through security issues, ranging from cybersecurity to budgets to CISO roles.
The nation's best defense in cyberspace involves not only the military but private citizens and corporations, top security planners said in a closed-door meeting at the U.S. Army War College.
Most corporate cybersecurity efforts happen outside the official security department, says James Kaplan, a partner at McKinsey & Co. and co-author of “Beyond Cybersecurity: Protecting Your Digital Business.” Critical cybersecurity work touches all areas of a company, including risk management and application development, Mr. Kaplan said. He stopped by The Wall Street Journal’s office to discuss the current state of cybersecurity and how it can be more effective.
It is up to the United States to create conditions to resume regular talks on cyber security, China's foreign ministry said on Tuesday, as the two countries began three days of high-level meetings in Washington.
Video report of expenditures by government and by private sectors.
The massive breach of Office of Personnel Management systems that compromised the personal data of millions of Americans is still making headlines. But behind those headlines is a much bigger story about the government's systematic failure to protect itself from cybersecurity risks that have expanded at an alarming rate.
Most organizations are involved in a cyclical process of enhancing their cybersecurity posture focused around their sensitive data and processes. While enhancement involves roadmaps and milestones, a key element should also be evaluating your cybersecurity people, processes, and technology with the purpose of making transitional changes from a current state to a more secure future state.
The federal government's top technology official said June 15 that "the digitization of everything" will help accelerate a new technological model that infuses cybersecurity as a core component.
On the heels of a vast breach of the personal information of federal employees, the Senate failed Thursday to advance a cybersecurity measure, the third time in three years that a bipartisan effort to tackle the problem has fallen victim to procedural actions.
Kaspersky Lab said it believed the attack was designed to spy on its newest technologies. It said the intrusion involved up to three previously unknown techniques. The Russian firm added that it was continuing to carry out checks, but believed it had detected the intrusion at an early stage. Although it acknowledged that the attackers had managed to access some of its files, it said that the data it had seen was "in no way critical to the operation" of its products.
Senate Majority Leader Mitch McConnell is firing back at Senate Democrats’ procedural threats — by daring them to oppose a cybersecurity bill just days after a massive attack on the federal government’s computer systems was revealed. On Tuesday, McConnell announced his strategy to link the cybersecurity measure to a sweeping defense policy bill that’s now on the Senate floor. That could make it harder for Democrats to oppose the underlying bill, which they say uses a budget gimmick to boost defense funding.
The U.S. government has long known about its cybersecurity vulnerabilities, and the problem is only getting worse, President Barack Obama said Monday. "We have known for a long time that there are significant vulnerabilities, and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector," Obama said at news conference from the Group of Seven summit in Germany.
In 2011, two Dutch hackers in their early 20s made a target list of 100 high-tech companies they would try to hack. They found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter, and 95 other companies’ systems. They called their list the Hack 100. When they alerted executives of those companies, about a third ignored them. Another third thanked them, curtly, but never fixed the flaws, while the rest raced to solve their issues. Thankfully for the young hackers, no one called the police.
Hackers based in China are believed to be behind a massive data breach that could have compromised the personal data of at least 4 million current and former federal employees, U.S. officials said late Thursday.
Earlier this year, Highland Capital announced that in addition to hosting its competitive Summer@Highland accelerator in San Francisco this summer, it would also partner with a pair of MIT PhD students to launch a pilot accelerator in its Cambridge office specializing in cybersecurity startups. The program, Cybersecurity Factory, is being organized by Jean Yang and Frank Wang, and has just announced the two winning teams, both of which are Boston-based companies working on cloud encryption technology.
It's finally over. The Senate on Tuesday sent legislation reforming the nation's surveillance laws to President Obama's desk. The 67-32 vote for the USA Freedom Act came more than 36 hours after three parts of the Patriot Act expired, forcing the National Security Agency (NSA) to wind down its bulk collection of U.S. phone data. The bill will essentially end the phone data collection program altogether.
All identities are not created equal. There are regular users. And then there are superusers, people who wield far greater access and privilege in the organization’s IT environment.
It's now been almost two years since the Defense Department issued a final rule requiring contractors to inform the government when their systems have been involved in cybersecurity breaches and that government technical data has been stolen.
66% Are Not Confident Their Companies Are Properly Secured Against Cyberattacks
China will prepare a five-year cybersecurity plan to protect state secrets and data, the official China Daily said on Thursday, citing a senior official of the Ministry of Industry and Information Technology.
A string of high-profile hacks — the most recent on President Obama’s personal email account — have made cybercrime an ever-growing concern in the United States. Despite the publicity, most people still think of hacking as something which is done only to information systems like computers and mobile devices. In reality, hacking is no longer confined to the information world. The level of automation in modern physical systems means that even everyday automobiles are now vulnerable to hacking.
The discovery of computer bugs can be marketing boons for cybersecurity firms. But one critic says the industry should take a page from the health profession and select names for flaws that aren't designed to stoke fear or generate buzz.
Division of Investment Management Issues Cybersecurity Guidance-- Securities and Exchange Commission
On April 28, 2015, the staff of the Division of Investment Management of the SEC published a Guidance Update addressing cybersecurity risks and the need for funds and advisers to protect confidential and sensitive information concerning fund investors and advisory clients.
IEEE, the world's largest professional organization dedicated to advancing technology for humanity, today announced the release of Building Code for Medical Device Software Security, a set of guidelines to help companies establish a secure baseline for software development and production practices of medical devices. Authored by leading security research scientists Tom Haigh and Carl Landwehr, Building Code for Medical Device Software Security provides the blueprint to reduce or eliminate vulnerabilities that adversaries can exploit to gain access to medical devices.
The U.S. Department of Justice is stepping up its program to engage more actively with the private sector on dealing with cybercrime and cybersecurity breaches.
Men have long dominated the technology industry and the Cybersecurity Competition Federation (CyberFed) seeks to close that gender gap. To educate and inspire women to participate in cybersecurity competitions, CyberFed produces The CyberFed Show to showcase more women in the cybersecurity sector.
The rhetorical spiral of mistrust in the Sino-American relationship threatens to undermine the mutual benefits of the information revolution. Fears about the paralysis of the United States' digital infrastructure or the hemorrhage of its competitive advantage are exaggerated. Policymakers in the United States often portray China as posing a serious cybersecurity threat. In 2013 U.S. National Security Adviser Tom Donilon stated that Chinese cyber intrusions not only endanger national security but also threaten U.S. firms with the loss of competitive advantage.
Cybersecurity has become a big deal. Corporations have begun to worry about cybersecurity risks. In response, some major law firms have recently established or significantly bolstered practice groups in cybersecurity law. If you look closely, though, there isn’t much clarity about what ‘cybersecurity law’ actually means. In this post, I thought I would explain what I think of as the field of cybersecurity law.
As big businesses spend millions of dollars to plug holes in their technology and block cyber criminals from databases of private consumer information, hackers are increasingly targeting a different weakness: employees. They are sending official-looking e-mails to large health systems, banks, retailers, and vendors to try to trick employees into giving up passwords or other credentials. Armed with employee passwords, criminals can access mines of sensitive information and use it to steal identities and commit fraud. That is how data from about 3,300 patients was breached last year at Partners HealthCare. Several employees responded to so-called phishing e-mails and mistakenly allowed access to patient names, addresses, health insurance information, and Social Security numbers. It turns out that tricking an employee to give up a password is easier than hacking, cyber-security specialists said.
They're now CISOs, security officials in DHS and the NSA, researchers, and key players in security -- but women remain a mere 10% of the industry population. It's a perplexing -- and sometimes annoying -- question nearly every female information security professional hears over and over again: why are there still so few women in their field? Just 10% of information security pros worldwide are women today, according to the latest data from (ISC)2, despite the fact that women are getting more high-profile roles in the industry and that there are job opportunities aplenty. It's a reality that confounds and frustrates many women in the industry, who today represent a mix of researchers, chief information security officers, executives, and top government cyber security leaders.
“Spooky action at a distance” is how Albert Einstein described one of the key principles of quantum mechanics: entanglement. Entanglement occurs when two particles become related such that they can coordinate their properties instantly even across a galaxy. Think of wormholes in space or Star Trek transporters that beam atoms to distant locations. Quantum mechanics posits other spooky things too: particles with a mysterious property called superposition, which allows them to have a value of one and zero at the same time; and particles’ ability to tunnel through barriers as if they were walking through a wall.
A cybersecurity company faked hacks and extorted clients to buy its services, according to an ex-employee.
The Department of Defense has just issued a new cyber strategy, which perhaps provides the best public presentation of how the United States thinks about cybersecurity. As always with these documents, what is left out is as important as what is put in. So how has U.S. strategic thinking about cybersecurity changed in the post-Snowden era?
Last week I wrote two blogs about cybersecurity, critical infrastructure organizations, and the US government. In the first blog, I mentioned some ESG research stating that 76% of cybersecurity professionals working at critical infrastructure organizations were somewhat or very unclear about the US government’s cybersecurity strategy (note: I am an ESG employee). In spite of this confusion, 83% of these same cybersecurity pros want to see the feds become more active with cybersecurity programs and defenses.
Cybercriminals are increasingly copying cyberespionage groups in using targeted attacks against their victims instead of large-scale, indiscriminate infection campaigns. This change in tactics has been observed among those who launch attacks, as well as those who create and sell attack tools on the underground market. A recent example of such behavior was seen in a cybercriminal attack against vendors of point-of-sale systems that researchers from RSA documented last week.
16 World Renowned IT Security Experts Provide Their Website Security Tips and What You Should NEVER Do
Everyone – including the experts – makes mistakes when it comes to information security. Whether it’s failing to properly secure your website for customers, or not implementing effective password managers, minor cybersecurity gaps can rapidly evolve into a much more serious security incident. As security experts from around the globe gather for the annual RSA Conference in San Francisco, Distil Networks has compiled a list of tips and things you should NEVER do.
Over the past year, colleges and universities across the country have received millions in funding from the government and foundations to launch cybersecurity initiatives. The result is a stark change for an industry made up of programmers who have often learned by trial and error.
Boston-based nonprofit health care system Partners HealthCare is notifying about 3,300 patients about a security breach.
Obama signed an executive order today authorizing a program of sanctions to battle digital assaults coming from overseas. While the order seems aimed at the Chinese, it might also be the president's most successful tool for thwarting cyberattacks.
Obama signed an executive order today authorizing a program of sanctions to battle digital assaults coming from overseas. While the order seems aimed at the Chinese, it might also be the president's most successful tool for thwarting cyberattacks.
One way we can move forward in Massachusetts is in partnership with the Advanced Cyber Security Center, a four-year-old industry, higher education and government consortium that seeks to ensure that Massachusetts has the research and educational strengths it needs to be a global cybersecurity leader.
Every month it seems another American company reports being a victim of a hacking that results in the theft of internal or customer information. But the legal profession almost never publicly discloses a breach.
“We certainly think we have the resources and capabilities to be one of those centers of gravity [in cybersecurity],” Benway says. “We think we are one of the centers of gravity. We do have the right mix of assets and resources to be a national leader in cybersecurity.”
Nagourney’s research was funded by a grant from the National Science Foundation (NSF) and the Advanced Cyber Security Center (ACSC). Her findings were first presented in September 2014 at a Workshop on Cybersecurity Risk Analysis for Enterprises, held at the Sloan School at MIT.
Yet the number of professionals in the field in Massachusetts is not enough to meet the demand, said Charlie Benway, executive director of the Advanced Cyber Security Center, a Bedford nonprofit consortium Mass Insight established in 2011.
Mick Costa, who works in cyber security for the Federal Reserve Bank of Boston, also works with a nonprofit consortium called the Advanced Cyber Security Center of Massachusetts, an outfit that educates businesses and organizations about cyber attacks. Costa spoke to North Shore business leaders Thursday at the North Shore Chamber of Commerce’s business expo, which featured 100 exhibitors at the DoubleTree by Hilton Boston North Shore.
The use of a personal email account by a high-ranking government official has also prompted questions about security. Baker may not be operating his own email server out of his Swampscott home, but on Wednesday in a speech to Mass Insight’s Global Massachusetts 2024 conference the governor highlighted cyber security as a “major challenge” in the digital age.
Andy Ellis, chief security officer at Akamai, doesn't try to hire perfect candidates. Here’s why.
Until its advertising software was discovered deep inside Lenovo personal computers two weeks ago, a little company called Superfish had maintained a surprisingly low profile for an outfit once named America’s fastest-growing software start-up.
The “frequency, scale, sophistication, and severity” of cyber attacks against the United States are increasing from “profit-motivated criminals, ideologically motivated hackers or extremists, and variously capable nation states like Russia, China, North Korea, and Iran,” said James Clapper, director of national intelligence, during testimony before the Senate Armed Services Committee on Thursday.
Bob Brennan, CEO of Burlington-based cybersecurity firm Veracode, talks about the state of cyber threats to companies worldwide and locally, and what his company can do to help. Video by Chen Shen, special to the Boston Business Journal.
This week researchers found that newer Lenovo laptops shipped with pre-installed software made by Superfish. The discovery is the latest reminder that our collective security depends on one another more than ever. As the news quickly rippled out, our Threat Infrastructure team at Facebook began performing an analysis of the details. Given our strong belief in the value of openness in security and learning from one another, we summarized some of our findings below to help guide future research on the subject.
Security, Privacy and the Law Update on President Obama’s “Summit on Cybersecurity and Consumer Protection,” Part II: The Executive Order
As a follow up to our summary of the key takeaways from the White House’s first Summit on Cybersecurity and Consumer Protection, the centerpiece of which was President Obama’s signing of a new Executive Order, “Promoting Private Sector Cybersecurity Information Sharing,” what follows is an analysis of that Order.
Businesses are unlikely to share a lot of timely and "actionable" cyber intelligence without liability relief, said Mike Brown, a vice president with the RSA security division of EMC Corp.
Michael Chertoff, who served as secretary of the U.S. Department of Homeland Security from 2005-2009, will deliver the first University of Delaware Cybersecurity Initiative Distinguished Lecture on Feb. 10.
Founding member of the ACSC and President & CEO of the Federal Reserve Bank of Boston Eric S. Rosengren discusses Cyber Security and Financial Stability in Cape Town, South Africa on January 30, 2015
Cybersecurity is another natural opportunity for a research center of excellence. Already a nonprofit consortium, the Advanced Cyber Security Center, has been launched, situated in Bedford, bringing together experts from industry, universities, and government to address cybersecurity threats. In robotics, Massachusetts has a fast-growing cluster, including some of the leading companies in the world.
While legislation can offer liability protection, the need for such protection as an incentive for sharing has been exaggerated. Companies can and do already share confidential threat information under the protection of nondisclosure agreements. The Advanced Cyber Security Center, based in Boston, is one such sharing arrangement. It includes companies like Pfizer, State Street, and RSA/EMC Corporation along with with the Federal Reserve Bank of Boston and the Commonwealth of Massachusetts.
The cybersecurity startup scene in the Boston area could be summed up in one word: "frothy."
President Obama on Monday called for federal legislation intended to force American companies to be more forthcoming when credit card data and other consumer information are lost in an online breach like the kind that hit Sony, Target and Home Depot last year.
2014 was a pivotal year for media coverage of cybersecurity. Pervasive data breaches at major retailers and other institutions garnered consistent headlines across both trade media as well as mainstream press. For its efforts to facing pervasive cyber challenges, ACSC also received positive coverage in 2014 culminating in a Boston Business Journal op-ed piece on cyber resiliency and a feature story in Network World that highlights the ACSC and its direction in 2015.
Rather than throw cybersecurity education funding at Congressional districts, we need to invest strategically in centers of excellence like the Massachusetts-based Advanced Cybersecurity Center which brings together private sector, public sector, and leading academic institutions.
This notion, that "threat actors' are already in, is a paradigm shift in the way sophisticated enterprises approach cybersecurity. To echo this point, this month, the Advanced Cyber Security Center (ACSC) welcomed Michael Chertoff, former secretary of The U.S. Department of Homeland Security and the Executive Chairman of The Chertoff Group to keynote our annual meeting.
New England security group shares threat intelligence, strives to bolster region as cybersecurity mecca
The Advanced Cyber Security Center is a three year old organization with a bold mission to “bring together industry, university, and government organizations to address the most advanced cyber threats” and drive cybersecurity R&D in the New England region.
Hanscom Air Force Base Partners With The Military Task Force To Create The Hanscom Collaboration and Innovation Center
New center located at Hanscom Air Force Base to enhance partnerships around cyber security, public safety, and information technology
President Obama's pick to lead the Pentagon, former deputy secretary of defense Ashton "Ash" Carter, has been a big supporter of increasing the country's cybersecurity capabilities.
National Cybersecurity Experts Vote to Select Cybersecurity’s “Next Big Thing”
Americans say they are deeply concerned about privacy on the web and their cellphones. They say they do not trust Internet companies or the government to protect it. Yet they keep using the services and handing over their personal information.
A $10-billion-a-year effort to protect sensitive government data, from military secrets to Social Security numbers, is struggling to keep pace with an increasing number of cyberattacks and is unwittingly being undermined by federal employees and contractors.
Two months after it revealed that 56 million of its customers’ debit and credit cards had been compromised, Home Depot yesterday disclosed that hackers also stole 53 million email addresses — information that, coupled with customers’ financial data, could be used to hack their family and friends, as well as banks, businesses and government agencies, one expert said
Mass Insight and the 3-year-old nonprofit Advanced Cyber Security Center plan a formal launch of the consortium next year. They so far have letters of support from the University of Massachusetts, Northeastern University, MIT Computer Science and Artificial Intelligence Laboratory, State Street Corp., the Federal Reserve Bank of Boston, .406 Ventures and the city of Boston.
The conference was sponsored by Advanced Cyber Security Center, a Boston-based group of business representatives, government officials, and academics who share information and research about online threats.
Press Release: ACSC welcomes Michael Chertoff, former secretary of the U.S. Department of Homeland Security and Executive Chairman of The Chertoff Group for keynote at the ACSC Annual Conference on November 5, 2014 at the Federal Reserve Bank of Boston.
News roundup: New research shows a dramatic increase in the cost of cybercrime and data breach remediation. Plus: Security as a service popularity surges, Snowden journalist touts the importance of free security software, and more.
A cyberattack this summer on JPMorgan Chase compromised the accounts of 76 million households and seven million small businesses, a tally that dwarfs previous estimates by the bank and puts the intrusion among the largest ever
A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271 and has been given the name Shellshock by some. This affects Debian as well as other Linux distributions. You will need to patch ASAP.
Anna Nagurney and Senay Solak from the operations and information management department, Mila Getmansky Sherman of the finance department, and Wayne Burleson from electrical and computer engineering, supported the conference with proceeds from a $40,000 grant from the Advanced Cyber Security Center, a nonprofit consortium based in Bedford.
The event was sponsored through a grant that we received from the Advanced Cyber Security Center (ACSC): Professors Wayne Burleson of the College of Engineering, Mila Sherman of the Finance Department, and Senay Solak, and I of the Department of Operations and Information Management at UMass Amherst.
When the North Atlantic Treaty Organization — NATO — wrapped up its summit in Wales earlier this month, the member-states issued a lengthy communique expressing solidarity on major defense challenges. One of the challenges mentioned was cybersecurity. The alliance stated that “cyber defence is part of NATO’s core task of collective defence,” presenting concerns so severe that they might lead to invocation of Article Five of the North Atlantic Treaty — the article calling on all members to come to the defense of a threatened nation.
The bulk of mobile applications (75 percent) will fail basic security tests over the next 15 months or so – through the end of 2015 – leaving businesses vulnerable to attack and violations of their security policies, according to a report from Gartner.
Burlington-based Veracode on Thursday announced $40 million in new funding to fuel further growth, one of the largest rounds of venture capital funding secured by a Boston-area tech company in 2014.
The information technology sector has boomed for a number of years now, creating a shortage of workers with degrees and experience in the computer sciences. From startups to established tech firms, companies can’t find enough qualified IT workers for their needs, said Brendan King, chief executive of King & Bishop Inc., a Waltham recruiting company.
Nearly one in five Massachusetts residents had their personal or financial information stolen in data breaches last year, a figure driven by a massive data theft at Target Corp. stores, according to a state report set for release Thursday, as cybercrime becomes more frequent, sophisticated, and malicious.
The Greater Boston area ranks second in the nation in tech employment and fourth in tech-related venture capital funding among major U.S. markets, according to a report released Friday from commercial real estate firm Jones Lang Lasalle.
Rumors of a data breach at a major New York bank started circulating more than a week ago in cybersecurity circles. So for insiders, news that JPMorgan Chase had been victimized was more confirmation than revelation, the latest headline from a digital crime wave that shows no sign of ebbing.
More than 1,000 American businesses have been affected by the cyberattack that hit the in-store cash register systems at Target, Supervalu and most recently UPS Stores, the Department of Homeland Security said in an advisory released on Friday.
New England’s Advanced Cyber Security Center and the Western Cyber Exchange Demonstrate Major Cybersecurity Advancement
In an unprecedented victory for cyber security, the Advanced Cyber Security Center (ACSC) in Boston, Mass., and the Western Cyber Exchange (WCX) Network Laboratory in Colorado Springs, Colo., successfully and securely exchanged cyber threat messages using leading cyber analytic tools.
A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.
Big data is about more than big numbers. Meet Fortune’s first class of Big Data All-Stars: 20 extraordinary people who we think are the best at connecting the dots, digging deep, and discovering the information that will transform the way businesses operate.
In response to a shortage of cyber professionals in the U.S., the National Security Administration is reaching out to a younger crowd: college students. Beginning in 2012, the NSA started its National Centers of Academic Excellence in Cyber Operations Program at select universities across the nation to attract students to the field.
Chief information security officers have one of the toughest jobs in the business world: They must stay one step ahead of criminal masterminds in Moscow and military hackers in Shanghai, check off a growing list of compliance boxes and keep close tabs on leaky vendors and reckless employees who upload sensitive data to Dropbox accounts and unlocked iPhones.
The Senate Select Committee on Intelligence voted Tuesday to approve a controversial cybersecurity bill known as the Cyber Information Sharing Act (CISA).
The industrial control systems of hundreds of European and US energy companies have been infected by a sophisticated cyber weapon operated by a state-backed group with apparent ties to Russia, according to a leading US online security group.
Confer and The MITRE Corporation Join Forces to Accelerate Threat Sharing and Operationalize Threat Intelligence
CRITs has already established itself as a key tool in active defense. The Advanced Cyber Security Center (ACSC)—a non-profit consortium, comprised of 27 New England area industry, university, and government organizations, established to address the most advanced cyber threats—leverages CRITs to share threat intelligence among its members.
The restuarant chain may be the latest victim of point-of-sale card heisters.
The likely annual cost of cybercrime and economic espionage to the world economy is more than $445 billion — or almost 1 percent of global income, according to estimates from a Washington think tank.
The past five decades have seen extraordinary advances in computer science and artificial intelligence, but one of the most important was the advent of the Internet.
GOVERNOR PATRICK PARTICIPATES IN CYBER SECURITY PANEL TO DISCUSS SECURITY INITIATIVES IN MASSACHUSETTS
The Commonwealth of Massachusetts through the Executive Office of Public Safety and Security, Massachusetts Army National Guard, the Information Technology Division and the University of Massachusetts are members of the Advanced Cyber Security Center. The center is a nonprofit consortium that brings together industry, university and government partners to address the most advanced cyber threats.
In the Obama administration’s most direct confrontation with China over its theft of corporate secrets, the Justice Department on Monday unsealed an indictment of five members of the Chinese People’s Liberation Army and charged them with hacking into the networks of Westinghouse Electric, the United States Steel Corporation and other companies.
Target Corp. announced today that CEO Gregg Steinhafel has stepped down from his position, effective immediately, less than five months after it was discovered the retail giant had been struck by a massive data breach.
Congratulations to ACSC member Chris Perretta of StateStreet for winning BBJ’s 2014 top CIO award!
The White House, hoping to move the national debate over privacy beyond the National Security Agency’s surveillance activities to the practices of companies like Google and Facebook, released a long-anticipated report on Thursday that recommends developing government limits on how private companies make use of the torrent of information they gather from their customers online.
Congressman Derek Kilmer (WA-6) and Congresswoman Niki Tsongas (MA-3) announced today they will introduce legislation to make the Department of Defense information technology systems stronger, more efficient and more secure.
Non-profit information sharing organizations such as Boston’s Advanced Cybersecurity Center, the Bay Area Security Council, and ChicagoFirst have shown value in building smaller trust networks across sectors in metropolitan areas. And many for-profit information sharing organizations are also stepping into the game.
The word “Heartbleed” meant nothing at the start of the week. Today it is one of the hottest topics on the Internet — a simple security bug in an obscure piece of software that could compromise the personal information of millions.
Federal officials and IT-security industry executives are worried that more attacks like the Bit9 hack could be coming soon. They say cyber attacks are posing an increasing threat to small and midsized firms.
Allied Minds, Inc., a Boston technology capital investment firm that funds early-stage technologies from U.S. national labs, has partnered with The MITRE Corp., a not-for-profit organization that operates six federally funded research labs, with the aim of commercializing technologies, starting those in the cyber and mobile security field.
Funding for Hanscom Air Force Base and Barnes Air National Guard Base will support economic growth for municipalities, aid national security efforts
Despite rising anxiety over the possibility of a cyberattack on the power grid, the industry and government are not set up well to counter the threat, according to a report produced by leading energy security experts.
The administration selected the Massachusetts Institute of Technology to help it understand the privacy implications of big data, in which computers — deep inside the NSA or in the offices of Amazon.com Inc. — analyze massive collections of personal information to either uncover potential terror threats or figure out shopping habits.
A cyber criminal ring targeting small retailers in 11 countries stole data on 49,000 payment cards using a malicious software known as "ChewBacca" before the operation was shut down, according to a cyber research firm.
The number of reported data breaches hit a record level in Massachusetts last year.
Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today released its Third Quarter, 2013 State of the Internet Report.
A report released last summer by the Massachusetts Biotechnology Council listed the state as the leading biotechnology cluster in the world, with more than 56,000 jobs — over half in research — and 1,174 drugs under development.
In this presentation, Nagurney describes the multidisciplinary research conducted as part of an Advanced Cyber Security Center grant on Cyber Security Risk Analysis and Investment Optimization.
In a deal that may have broad repercussions for companies and governments fending off sophisticated hackers and state-sponsored digital attacks, FireEye, a provider of security software, has acquired Mandiant, a company known for emergency responses to computer network breaches.
Better cybersecurity information sharing has long been a priority for the security industry, but significant hurdles have always halted the progress of sharing initiatives. At the annual ACSC conference, security leaders from government, education and private industry made another attempt at cracking the info-sharing chestnut.
Firms trying to share information about the wrong things--vulnerabilities and compromises
Caulfield was speaking about the Advanced Cyber Security Center (ACSC) which hosted its annual conference at the Fed here Tuesday. The ACSC is a cross-sector group of more than 30 public and private sector security officers who meet monthly to facilitate information sharing.
A bad guy turned good is a valuable asset, and Governor Deval Patrick is looking for people like Red to help nab cyber criminals — except he’s hoping they’ll skip the years of real lawbreaking and just practice hacking legally through the Governor’s Cyber Aces Championship.
The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
The Board of Directors of the Advanced Cyber Security Center (ACSC), a non-profit consortium bringing together industry, university, and government partners to address the most advanced cyber threats, has concluded a comprehensive, six-month search by selecting Charlie Benway as the ACSC’s new executive director effective immediately.
Courion Joins Advanced Cyber Security Center to Help Companies Prevent Sophisticated Cyber Security Attacks
Collaborates with experts from healthcare, energy, defense and financial services to develop next-generation defenses by augmenting security solutions with intelligent IAM
A hacking group accused of being operated by the Chinese army now seems to be going after industrial control systems.
Hacktivist group Izz ad-Dim al-Qassam Cyber Fighters's strategy said to be driving up raw number of attacks and depressing their duration
A US court has charged four Russians and a Ukrainian for stealing more than 160 million credit card numbers, which the prosecution says has resulted in hundreds of millions of dollars in losses for major corporations worldwide.
America’s research universities, among the most open and robust centers of information exchange in the world, are increasingly coming under cyberattack, most of it thought to be from China, with millions of hacking attempts weekly.
The ACSC Q2 Threat Sharing Survey demonstrates the positive impact of participation in the ACSC.
Worries over medical-device cybersecurity have largely focused on plugged-in equipment primarily used in hospitals, such as computed tomography scanners and heart monitors that are vulnerable to viruses traveling across medical networks.
With every phone call they make and every Web excursion they take, people are leaving a digital trail of revealing data that can be tracked by profit-seeking companies and terrorist-hunting government officials.
The US Department of Homeland Security needs to use its authority to incentivize and enable the creation of trusted federations of companies, like the Advanced Cyber Security Center in Massachusetts, that share cyberthreat information and best practices for cyberprotection.
For the first time since 2005, the U.S. National Institute of Standards and Technology (NIST) has revised the federal cybersecurity standards.
U.S. banks urged the Federal Reserve to take the lead in defending the financial services industry from cyber attacks by working with federal counterterrorism, intelligence and law enforcement agencies, documents show.
The White House has backed away from its push for mandatory cybersecurity standards in favor of an approach that would combine voluntary measures with incentives for companies to comply with them.
The Obama administration plans to boost U.S. spending on computer network security, including a 21 percent increase at the Pentagon, after reports of rising cyber attacks and electronic theft of secrets linked to China.
With China hacking the US, the US hacking China, and LinkedIn and Facebook and credit card companies and Google and who knows who else all vomiting our data all over the web, I was intrigued when a new report on data loss ran across my desk from auditing firm KPMG.
Thanks to the warnings of senior lawmakers and Obama admiistration officials, Americans are growing more aware of online vulnerabilities that could lead to a “cyber Pearl Harbor” attack.
When the Soviet Union launched the first satellite in 1957, it set off an intellectual arms race that led to more than $1 billion of federal investment in science education. Within a decade, Americans were sending their own expeditions to outer space.
Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies, and this is the usual answer: almost all of them.
Chinese hackers infiltrated The New York Times’s computer systems, getting passwords for its reporters and others.
At the quarterly update and dinner, WCX will provide a progress report on its efforts to collaborate with the Advanced Cyber Security Center in Boston. The two organizations have teamed up to increase local and national resilience to threats from cyber attacks.
Pat Falcone, Associate Director, National Security & International Affairs Division at the White House OSTP singled out the ACSC as the "most impressive" and one of the best models she has seen for bringing together regional entities around the topic of cyber security.
The ACSC is pleased to announce the submission of the proposal entitled, Cybersecurity Risk Analysis based on Financial Engineering and Big-Data Analytics (CRAFA), led by the University of Massachusetts Amherst, represented by PIs Wayne Burleson, Anna Nagurney, Mila Getmansky, Senay Solak, Yanlei Diao, and the Massachusetts Institute of Technology, represented by PI Andrew Lo.
New publication from the Pentagon's research arm details a foundation for cyberwarfare.
The Advanced Cyber Security Center — a New England consortium of university, industry, and government leaders focused on meeting cyber security challenges — this month named University of Massachusetts Amherst PhD student Georg T. Becker of as the winner of its "Best Cyber Security Solution" competition.
“The development of a science of cybersecurity could take decades,” Fred B. Schneider, the Samuel B. Eckert professor of computer science at Cornell University and a Pentagon adviser, wrote recently in “The Next Wave,” a nonclassified publication of the National Security Agency. “The sooner we get started, the sooner we will have the basis for a principled set of solutions to the cybersecurity challenge before us.”
The Advanced Cyber Security Center (ACSC), New England’s premier consortium of university, industry, and government leaders collaboratively facing cyber security challenges, has named Georg T. Becker of University of Massachusetts Amherst as the winner of its Best Cyber Security Solution.
Hundreds of thought leaders from government, academia and the tech industry joined together at the Federal Reserve Bank of Boston to discuss the new agenda of the Advanced Cyber Security Center.
Organizations need to move from a static, perimeter-based approach to a more analytical-based defense strategy, according to experts at the second annual Advanced Cyber Security Center Conference.
While some industry groups such as the Financial Services Information Sharing and Analysis Center (FS-ISAC) and cross-industry groups such as the Advanced Cyber Security Center (ACSC) facilitate the exchange of threat information, for the most part organizations are still hamstrung by legal constraints and other business factors that prevent an adequate flow of actionable information.
$10+ Million Collaborative University-Industry Research Projects Highlight the Advanced Cyber Security Center Annual Conference
More than 250 leaders from industry, academia, and government joined Gregory Bialecki, Secretary of The Massachusetts Executive Office of Housing and Economic Development today to welcome Dr. Steven King from the U.S. Department of Defense and Scott Tousley from the U.S. Department of Homeland Security for the Advanced Cyber Security Center Annual Conference: Organizing Public-Private Assets to Solve Grand Challenges at the Federal Reserve Bank of Boston.
Security attacks often arrive unannounced, but a well-established security plan and implementation can help mitigate these often costly situations. A recent discussion I had on the IBM for Midsize Businesses group on Linkedin, however, aimed to offer midsize business leaders guidance on how to protect their business, and their data.
John McKenna of Liberty Mutual speaking about the benefits of collaborating with industry and university members within the ACSC.
From its offices at MITRE in Bedford, Mass., the Advanced Cyber Security Center (ACSC) is developing innovative ways to identify, analyze, and respond to cyber threats.
Dr. Shrobe argues that because the industry is now in a fundamental transition from desktop to mobile systems, it is a good time to completely rethink computing. But among the biggest challenges is the monoculture of the computer “ecosystem” of desktop, servers and networks, he said.
The attack, intelligence officials say, was a wake-up call. “It proved you don’t have to be sophisticated to do a lot of damage,” said Richard A. Clarke, the former counterterrorism official at the National Security Council. “There are lots of targets in the U.S. where they could do the same thing. The attacks were intended to say: ‘If you mess with us, you can expect retaliation.’ ”
Defense Secretary Leon E. Panetta warned Thursday that the United States was facing the possibility of a “cyber-Pearl Harbor” and was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government.
Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co. (JPM) and Wells Fargo (WFC) & Co., have breached some of the nation’s most advanced computer defenses and exposed the vulnerability of its infrastructure, said cybersecurity specialists tracking the assaults.
The ACSC is somewhat unique. It's been forming for 3 years, and it brings together security experts from area nonprofits, universities and financial services companies — places like Fidelity, John Hancock and State Street Bank.
The same team that attacked Google in the Aurora campaign in 2009 is still active and has been conducting a long-term campaign targeting defense contractors, financial services companies, energy companies, human rights organizations and government agencies using a seemingly inexhaustible supply of zero day vulnerabilities.
The ACSC is helping to match local high school CyberPatriot teams with mentors who can provide technical expertise.
Despite well-publicized data thefts in recent years, major US companies are as vulnerable as ever to hacker attacks, and many executives say their businesses lack the resources to protect themselves, according to a report from the Waltham-based computer security company CounterTack Inc.
DoE asks utilities for sensitive cybersecurity data, promises to share it anonymously with other utilities
A blackout in Manhattan. A major dam failure. Mayhem at a chemical plant. Those are all potential, and entirely plausible, consequences of a cyber attack, according to a range of current and former national security officials, including the top American commander in charge of cyber security.