SEC’s new cybersecurity guidance falls short

The Securities and Exchange Commission (SEC) issued new guidance in February, urging senior executives and board members to pay closer attention to cybersecurity.  However, while the recommendations are more stringent than previous ones, they don’t go far enough and lack teeth, critics say. In a set of recommendations about disclosures of cybersecurity risks back in 2011, the […]

Hacking Back & the Digital Wild West

The Internet is a modern day Wild West. Individuals, businesses, and governments face extraordinary challenges protecting themselves in the digital Wild West, and history has shown that law enforcement is under-resourced to tackle all but the most pressing criminal cases. What’s the answer? U.S. Congressional Representatives Tom Graves and Kyrsten Sinema are proposing legislation — the Active Cyber […]

U.S. cybersecurity threat risk remains high — no signs of lessening

The United States’ cybersecurity in both the public and private sectors is at continual risk, according to Director of National Intelligence (DNI) Daniel R. Coats. And the country should expect attacks from both nation state and non-state actors. Furthermore, the “potential for surprise” will continue to increase as billions more devices are connected to the internet […]

US sets up dedicated office for energy infrastructure cybersecurity

The US government is setting up a new Office of Cybersecurity, Energy Security, and Emergency Response (CESER) at the US Department of Energy. The CESER office will focus on energy infrastructure security and enable more coordinated preparedness and response to natural and man-made threats. “$96 million in funding for the office was included in President […]

Two Billion Files Leaked in US Data Breaches in 2017

Nearly 2 billion files containing the personal data of US citizens were leaked last year—and that number could be significantly underreported. In 2017, a total of 551 breaches affected organizations, with over 1.9 billion files leaked, according to research from Citrix ShareFile. Using data collected from the Privacy Rights Clearinghouse and the 2017 Cost of Data Breach Study by […]

Pentagon considers nuclear response to retaliate for large cyber attacks

According to the draft for the Pentagon’s 2018 Nuclear Posture Review, the U.S. would consider using nuclear weapons to respond to non-nuclear attacks. While the Pentagon’s proposed policy change suggests the U.S. should “only consider the use of nuclear weapons in extreme circumstances to defend the vital interests of the United States or its allies and […]

FBI Director: Cryptocurrency, Nation-State Attacks, Among Agency’s Top Cybersecurity Concerns

FBI Director Christopher Wray outlined a list of growing cybersecurity concerns his agency faces during a speech this week at the International Conference on Cyber Security in New York. A rise in nation-state sponsored computer intrusion attacks, growing frequency in “blended threats” involving nation-states that hire cybercriminals to do the work, advancements in artificial intelligence, […]

US Gov Outlines Steps to Fight Botnets, Automated Threats

The US Departments of Commerce and Homeland Security have published a report focused on the challenges and steps toward fighting botnets and other automated, distributed threats, the National Institute of Standards and Technology (NIST) announced last week. Their report is a response to Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The EO […]

DHS insider breach resulted in theft of personal info of staff and people involved in investigations

The US DHS Office of Inspector General (OIG) has confirmed that the “privacy incident” discovered in May 2017 resulted in the theft of personally identifiable information of DHS employees and individuals associated with investigations. The incident was the result of an attempted inside job by three DHS OIG employees who, according to the New York Times, stole the […]

​240,000 Homeland Security employees, case witnesses affected by data breach

The United States Department of Homeland Security (DHS) has confirmed the breach of the DHS Office of Inspector General (OIG) Case Management System (CMS), affecting approximately 247,167 individuals employed by DHS in 2014, as well as individuals including subjects, witnesses, and complainants associated with DHS OIG investigations from 2002 through 2014. DHS issued a statement […]