Photo: NIST.gov

The National Institute of Standards and Technology will increase its focus on big data and increased use of mobile devices in 2012, a NIST lab director told InformationWeek. 

NIST Information Technology Laboratory Director Chuck Romaine said that NIST is working to issue standards for big data technologies.

NIST helped publish a report in 2009 that discusses how to harness big data. 

Romaine said NIST is is also working to develop standards in regard to wireless network technologies. 

According to InformationWeek, NIST will also work on a strategic planning process to engage private sector and industry in determining technologies the agency should focus on in the future.

Romaine said NIST, which creates standards under the Federal Information Security Management Act, will continue to focus on cybersecurity standards as he does not see it disappearing in the foreseeable future, the report said.

Photo: Juanjo Tugores

 In a 2010 strategic concept report, NATO said cyber attacks were becoming more damaging to government administrations and economies.

NATO leaders are meeting in Brussels, Belgium this week but cybersecurity measures from the organization are still not clear because NATO is not sure of what to do in the event of a major cyber attack, Wired reports.

NATO is also unsure of what it needs to protect.

“We need to think these things through,” said Jamie Shea, NATO’s deputy assistant secretary general for emerging security challenges, according to Wired.

Shea added that NATO is focusing primarily on developing defensive strategies in cyberspace.

NATO is also unsure of its level of involvement in the event of a cyberattack because countries such as the U.S. have mostly private information infrastructures for cyberspace.

Other countries in Europe have government involvement in developing information infrastructures.

U.S. Navy photo: James Antonucci

The United Cross Domain Management Office has added Raytheon’s data guard product WebShield to the office’s version 4.1 baseline list, Raytheon announced Tuesday.

The baseline list includes approved products using cross domain technologies that Defense Department and intelligence community agencies can use.

The UCDMO requires products be functional, have a government sponsor and have a three-year life cycle support agreement in order to be added to the baseline list.

WebShield provides Web traffic monitoring and secure Web search from both high-side and low-level networks.  Other WebShield features include:

• Multilevel web-based email
• Real-time data access and manipulation
• Secure chat
• Virus scanning
• Web-based application data transfers

dhs.gov

Nonprofit security professional organization (ISC)2 has expanded a program for assisting cybersecurity professionals in earning ceritifcations and skills for a future federal career.

 The group said it is including new certifications for its Associate of (ISC)2 Program.

The group says the program is open to all interested candidates and that it maps to the Cybersecurity Workforce Framework established by the federal government’s National Initiative for Cybersecurity Education Initiative.

“Our Cybersecurity Workforce Framework document lays a foundation for the various competences that comprise cybersecurity,”  said Dr. Ernest McDuffie, NICE national lead.

McDuffie also said the document gives certification companies and academic institutions a common starting point for mapping course work and certifications for recognized cyber skills.

The framework is open for public comment through Jan. 27. 

“The Associate program is a great way for those early in their careers to assess their knowledge and certification readiness and to show employers they are committed to practicing the highest standards and ethics in the field,” said W.Hord Tipton executive director of (ISC)2.

The network “will provide deeper and broader cyber capabilities and services to our clients on their terms – when they need it and where they need it,” said Joe Mahaffee, Booz Allen executive vice president and chief information security officer. 

Booz Allen said the initial network launch includes four centers in Maryland, four in Virginia and one in New Jersey.

Booz Allen said a center near Fort Meade, Md., the National Security Agency, the U.S. Cyber Command and the Defense Cyber Crime Center will focus on cyber, forensics, malware and software analytics.

The Cyber Security Operations Center in Northern Virginia is the primary location for the company’s networks and systems. Booz Allen said this center provides round-the-clock emergency response, mobile forensics, cyber analytics, intelligence and network monitoring.

Booz Allen sponsored a study developed by the Economist Intelligence Unit, which assessed 19 of the world’s leading economies. The company reported the U.S., U.K., Australia, Germany and Canada are “leading the way into the digital era.”

The study measures the success of digital adoption, cybersecurity and the degree to which economic environment promotes cyber power. 

Booz Allen indicated that the study aims to assist governments and businesses remain competitive in the cyber environment. 

Countries were assessed in categories including legal and regulatory environment, technology infrastructure, industry application and economic and social context.

Booz Allen’s Vice Chairman Mike McConnell explained in the release that “while cyber is a domain, a nation’s capabilities must be measured by more than their military might alone.”

The countries able to master the uses and security requirements of emerging technologies and societal shifts brought on by the cyber revolution will emerge as the cyber powers and the winners of the 21st century,” he added. 

The study found that cyber power relies on a solid foundation including technical skills. The U.S. has the best economy and social context to foster cyber power, according to the report. 

fgi.gov

The Air Force is performing a study on how it can improve its cyber capabilities, according to a request for information issued Wednesday.

The RFI is looking for submissions addressing the Air Force’s needs in the cyberspace for possible inclusion in the Air Force Cyber Vision 2025 study, which will identify best practices in the government and private sector, according to the solicitation. 

According to the RFI, the Air Force wants the study to address cyber capabilities as part of its core missions in air, space, cyber, and Command and Control Intelligence, Surveillance and Reconnaissance and engage with industry, academia and “government to leverage capabilities and experience.”

The Air Force is seeking the “cyber advantage” in its air, space, C2ISR and cyber missions. This means cyber superiority in areas such as “doctrine, workforce development (education and training), acquisition and support.”

Responses that address cyber solutions should address “adversary threats which may exploit, disrupt, deny or degrade Air Force data, networks, systems and mission in the near- mid and far-term range.”

Submissions should focus on advanced solutions and ideas in early development stages and should also focus on future development.

NIST image

Companies are taking any and every precaution to protect their information from cyber attackers.

The Washington Post recently reported that while data loss decreased from last year, breaches have reached their highest numbers due to cyber criminals attacking smaller businesses.

Matt Cullina, chief executive of business and data risk management firm Identity Theft 911, suggested to the Post that small firms do their homework regarding cybersecurity insurance.

“Most small business packages don’t cover data breaches or really anything data related,” Cullina said. “Many have an exclusion called the ‘intangible property exclusion,’ which basically says data is intangible. You can’t touch it, you can’t feel it, so if it’s damaged, there’s no way to calculate the cost to replace it later.”

He added that some vendors are expanding their services to include cybersecurity insurance. Chubb Group of Insurance Companies recently added cybersecurity insurance to its services. Cullina suggested that small businesses consider the coverage since companies are expanding their services.

IDT 911 Senior Vice President Brian McGinley told the Post that while cybersecurity insurance is fine, companies should take preventative measures to protect their business and data.

“You have to demonstrate that you understand your network structure and your vulnerabilities, use updated anti-virus software, and that you have some semblance of documentation,” McGinley said. 

The Post noted the types of coverage currently available. First-party coverage handles the cost a company has to pay in response to the loss of information about clients or employees. Third-party coverage covers legal defense costs, fines and penalties. 

From Lockheed Martin

A cybersecurity breach at intelligence think tank Stratfor over the weekend struck close to the central point of debate over how to secure domestic networks, Josh Smith wrote in the National Journal today.

Smith wrote that this debate “has revolved around the division between government and private sector security,” where businesses want more cybersecurity protections, but largely do not want the government regulating and protecting private networks and information.

The issue is particularly relevant to companies who have access to classified government information or help protect, manage or operate infrastructure critical to national security.

Although it does not exist to work with classified information, Stratfor keeps close ties with government agents, international corporations, contractors and other major players in national security and defense.

Anonymous, the loosely assembled group of hackers who has claimed responsibility for the breach, released a list of company clients that included the Defense Department, Lockheed Martin, Los Alamos National Laboratory and the United Nations, the New York times reported Dec. 25.

While an Associated Press report found Anonymous was most likely unable to steal proprietary information from any Stratfor customer, sensitive information could still have been compromised.

A declared spokesman for Anonymous wrote in an online post that the “wealth of (stolen) data includes correspondence with untold thousands of contacts who have spoken to Stratfor’s employees off the record over more than a decade.”  

Some defense contractors and the government recently participated in a pilot program where they shared cybersecurity information and Congress will soon consider a bill that will formally allow cyber exchange between more private sector companies and the government.

But, the Stratfor breach has some questioning if more drastic measures are needed to shore up domestic networks, including the possibility of more direct government involvement.

“When you have a major firm specializing in cybersecurity getting hacked this way, it gives you an idea of how difficult this problem is and how much ground still needs to be covered to better secure our cyber networks,” Rep. Jim Langevin, D-R.I., said in an e-mail to National Journal.

Smith noted an October Symantec and National Cyber Security Alliance report that found that although the majority of cyber attacks are on small businesses, most companies with fewer than 500 employees are unprepared to handle a cyber attack. 

“The scary thing is that no matter what you do, every system has some level of vulnerability,” Jerry Irvine, a member of the National Cyber Security Task Force told the New York Times. “The more you do from an advanced technical standpoint, the more common things go unnoticed. Getting into a system is really not that difficult.”

FEMA photo

The Defense Department is allowing a second mobile platform to access its networks, but it is not quite yet a “bring your own device” approach.

The Pentagon’s Security Technical Implementation Guide covers Dell’s version of Android 2.2, according to Stars and Stripes. This version is the only Pentagon-approved version. 

Dell’s Venue smartphone is the only device the company currently sells that runs Android 2.2, as Dell recently stopped producing its Streak series of tablets that ran this version.

However, the Pentagon’s approval is conditional. The phones cannot be used to send or receive classified information and web browsing must be done through a Pentagon proxy server.

Stripes reports this is the first time the Pentagon has approved a smartphone other than BlackBerry. BlackBerry has long been favored because of its encrypted email and other security features.

The Pentagon chose Android, an open source software developed by Google, because it allows users to modify programs and install third-party software. Pentagon technology experts want to install antivirus software and other security features on Android phones, according to a Dec. 9 Stars and Stripes story.

Apple’s iOS operating system does not allow users to install third-party security software on the iPhone. Currently, iOS is only approved for testing and pilot projects within the Defense Department. The Defense Information Systems Agency, which oversees mobile device use on Pentagon networks, has not indicated when iOS may be approved for broad use, according to Stripes.