Securing government networks and systems takes a village. Keeping pace with attacks and shortage of security talent has driven security operations to pool data resources and orchestrate actions across vendors, open source projects, and internal development efforts. It’s a community effort. Sharing threat information and codifying procedures to better fend off the enemy with no face. This kind of intel also improves detection efforts and response through collaboration across systems.

The Cyber Shield Act, commissioned by Senator Ed Markey, recommends the establishment of a voluntary program to institute uniform cybersecurity and data benchmarks for consumer devices. The goal of the bill is to improve consumer decision making from the point of purchase, standardized by industry and maintained by manufacturers – similar to an EPA energy rating on appliances, or NHTSA safety rating on automobiles.

Time is running out for federal contractors to comply with the Federal Controlled Unclassified Information (CUI) Program.

What does the CUI Program mean to contractors?

As of December 31, 2017, all federal contracts will require that businesses contracting with the federal government must comply with the Federal CUI rule (32 CFR Part 2002) which strives to eliminate ad-hoc policies and markings that agencies and departments apply to unclassified information that requires safeguarding or dissemination controls.

Another nameless, faceless adversary (or as the U.S Army calls them “the enemy with no face”) struck again in the last week of June. Hot on the heels of WannaCry attack in May, the Petya ransomware campaign brought widespread disruption to organizations, government agencies, and infrastructure worldwide.

It’s clear that smart technologies and the Internet of Things (IoT) are the future of our communities. But, is your agency ready for the billions – soon to be trillions – of sensors and devices connected to one another that will transform our society?

The risks of a breach or attack, particularly to vulnerable network endpoints, are worrying and costly.  Impacts include:

After hearing Congressman Langevin and NSA speak at the ICIT Annual Forum event it became obvious that the “Enemy with No Face” is getting in to our networks and what they want is our data. FinalCode is purpose built to protect files with encryption and Information Rights Management (IRM), sometimes called Enterprise Digital Rights Management (EDRM).

The theme of the recent ICIT Forum was “Rise of the Machines”, a call to recognize the vulnerability of an infrastructure increasingly under control of computers.  The steady increase in connected systems mandates a broad range of strategies – managing supply-chain risk, analysis of huge amounts of data through machine learning, dealing with the insider-threat problem, sealing up holes in applications.  I had the privilege of discussing threat intelligence sharing on a panel with Todd Helfrich of Anomali, John Kupcinsky of KPMG, and Ana Besk

It will come as no surprise to anyone that 2016 saw an alarming increase in targeted attacks aimed at politically motivated sabotage and subversion. This new level of ambition by cyber criminals is corroborated by the annual Internet Security Threat Report from DLT partner, Symantec. The perceived success of several campaigns – particularly the U.S.

“The enemy with no face”. No, it’s not the latest Dwayne “The Rock” Johnson Hollywood action movie, but the tagline from the U.S. Army’s latest cyber warrior recruitment ad.

As the worldwide fallout of the WannaCry ransomware virus continues and the blame game starts, the worldwide attack underscores the need for basic security hygiene, updating of operating systems, and regular patching writes DLT Chief Cybersecurity Technologist, Don Maclean.