During a keynote address on Nov. 8 at the 2017 CyberSat Summit, a Department of Homeland Security (DHS) official admitted that he and his team of experts remotely hacked into a Boeing 757.This hack was not conducted in a laboratory, but on a 757 parked at the airport in Atlantic City, N.J. And the actual hack occurred over a year ago. We are only now hearing about it thanks to a keynote delivered by Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate.“We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,” Hickey said in an article in Avionics Today. “[That] means I didn’t have anybody touching the airplane; I didn’t have an insider threat. I stood off using typical stuff that could get through security, and we were able to establish a presence on the systems of the aircraft.”While the details … [Read more...] about Homeland Security team remotely hacked a Boeing 757
Homeland security information network
The idea that any number of federal institutions are watching your every move on social networks like Facebook, Twitter is unnerving at best. The Department of Homeland Security is one of those agencies and today it testified before a House subcommittee to define and defend its role in social media monitoring.Rep. Patrick Meehan (R-Pa.), the House Committee on Homeland Security, Subcommittee on Counterterrorism and Intelligence subcommittee's chairman, opened the hearing by saying it was reported that DHS had instituted a program to produce short reports about threats and hazards.More: From Anonymous to Hackerazzi: The year in security mischief-making "However, in something that may cross the line, these reports also revealed that DHS had tasked analysts with collecting intelligence on media reports that reflect adversely on the U.S. Government and the Department of Homeland Security. In one example, DHS used multiple social networking tools — including Facebook, Twitter, … [Read more...] about Exactly what is Homeland Security watching for on Facebook, Twitter, YouTube?
Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions.In a hearing labeled "Hacking the Homeland: Investigating Cyber-security Vulnerabilities at the Department of Homeland Security," officials including DHS chief information officer Scott Charbo and Gregory Wilshusen, director of information security issues at the Government Accountability Office (GAO) are scheduled to detail their findings in response to requests from Congress to test the agency's IT security defenses.In a letter sent to Charbo on April 30, members of Congress led by Rep. Bennie G. Thompson (D-Miss.), chairman of the House Committee on Homeland Security, asked DHS to conduct a review of its information system security in the wake of news that the departments of commerce and state were successfully hacked during 2006.Details of those … [Read more...] about Homeland Security to detail IT attacks
The U.S. is headed toward a "cybersecurity disaster," according to a Bloomberg Government study. The Ponemon Institute said that to stop 95% of the cybersecurity attacks, companies would need to spend nine times as much, which would "boost spending to a group total of $46.6 billion from the current $5.3 billion." Bloomberg reported, "Hardening those systems would require a significant investment given the increasing stealth and sophistication of hackers." According to Lawrence Ponemon, chairman of the Ponemon Institute, "The consequences of a successful attack against critical infrastructure makes these cost increases look like chump change. It would put people into the Dark Ages."If our infrastructure is being hacked is not in question. It is and has been for years. China is our bigtime cyber-enemy. A recent counterintelligence report [PDF] basically said, "China and Russia cyberspies are hell-bent on espionage and trying to steal U.S. secrets in cyberspace." Nation states have … [Read more...] about Can Homeland Security prevent a cybersecurity critical infrastructure disaster?
A bipartisan group of senators representing three committees on Tuesday introduced long-awaited cybersecurity legislation, a comprehensive bill that would give the Department of Homeland Security new authorities over critical private-sector infrastructure and seek to encourage the sharing of information about threats and attacks between government and industry.The Cybersecurity Act of 2012 would direct the Department of Homeland Security to work in concert with industry members and relevant government agencies to conduct a series of risk assessments and determine which private-sector firms would be deemed to operate "covered critical infrastructure," a crucial designation that would determine whether a private-sector entity could be subjected to new regulatory oversight.The bill lays out a set of broad guidelines for DHS to use in its evaluations. A covered critical infrastructure provider would be an entity on which a cyber attack could result in "the interruption of life-sustaining … [Read more...] about Senators Unveil Cybersecurity Bill to Empower Homeland Security
Setting corporate cyber-security policy and taking actions around it must be a top concern for the board of directors at any company, not just the information-technology division, the Department of Homeland Security (DHS) indicated as a high-level official there backed a private-sector effort to raise awareness at the board level.Andrew Ozment, assistant secretary, Office of Cybersecurity and Communications at DHS, today said DHS endorsed the principles spelled out in the “NACD Directors’ Handbook on Cyber-Risk Oversight” published by the National Association of Corporate Directors, which has over 14,000 members who are directors for public, private and non-profit organizations. The DHS will include the NACD’s handbook on the U.S. CERT website as a source of information for businesses. In any organization, the board of directors is there to oversee its general direction, including how well upper management is performing.+More on Network World: Survey: Corporate … [Read more...] about Homeland Security wants corporate board of directors more involved in cyber-security
With the inauguration of our 45th President of the United States recently behind us, a new administration will be met with emerging and imminent threats to our homeland. As new leadership is appointed by the President and confirmed, the U.S. Department of Homeland Security (DHS) will maintain a clear understanding of their role within the national security apparatus, and will continue the difficult work of keeping Americans safe and critical infrastructure secure.John Kelly, the newly confirmed DHS Secretary and former Marine Corps four-star General, has recently addressed the numerous homeland security issues facing the country. His main focus will be on defeating terrorism, more robust cybersecurity protections, and infrastructure security and resiliency. DHS is a huge federal department with many moving parts. The agency includes Customs and Border Protection, Secret Service, Coast Guard, Transportation Security Administration, and numerous offices dedicated to cyber and physical … [Read more...] about The private sector is the key to success for the Department of Homeland Security
In what must surely be a gigantic black eye, congressional investigators said on Monday that dozens of computers belonging to the Department of Homeland Security (DHS) have been compromised by hackers.To add salt to the wound, a government contractor hired to protect the DHS computers instead tried to hide the incidences from the department.In a written statement by Democratic Reps. Bennie Thompson of Mississippi and James Langevin of Rhode Island:The results of our [committee] investigation suggest that the department is the victim not only of cyber attacks initiated by foreign entities, but of incompetent and possibly illegal activity by the contractor charged with maintaining security on its networks.Excerpt from CNN on the severity of the breaches: We know where it [the information] was taken from, but we don't know what was taken. We only know how many megabytes was taken," the staff member said. "Everything was on the LAN A, which was an unclassified network. To the … [Read more...] about Hackers compromise Homeland Security computers
Government, academic, and private-sector officials are collaborating on new ways to prevent and mitigate distributed denial-of-service (DDoS) attacks, based on research years in the making but kicked into high gear by the massive takedown this month of domain name system provider Dyn. SEE: Aerohive's new IoT security solution could have blocked Dyn DDoS attacks, company claims (TechRepublic) The largest attacks in summer 2015 were about 400 gigabits per second, but September 2016 saw an attack on security blogger Brian Krebs of more than 600Gbps, while Dyn said its own attack may have exceeded 1.2 terabits per second. Government-led research is focusing on the 1-terabit range but with systems that can scale higher, which is already needed due to the proliferation of vulnerable Internet of Things devices too easily commandeered by malicious hackers. But it means there's a ton of job security for Dan Massey, a computer science Ph.D. serving as program manager for the U.S. … [Read more...] about DDoS defenses emerging from Homeland Security
In light of the recent Target security breach, it is critical that all business owners ensure their point-of-sale (POS) systems are properly protected from cybercriminals. The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) said there are two ways cybercriminals have been targeting consumer data entered in POS systems, which consist of the hardware (i.e., the equipment used to swipe a credit or debit card, and the computer or mobile device attached to it) and the software that tells the hardware what to do with the information it captures. One way criminals steal data is by attaching a physical device to the POS system to collect card data, which is referred to as skimming. The other way cybercriminals steal data is by delivering malware to acquire credit- and debit-card data as it passes through a POS system, eventually sending the desired personal information back to the criminal. US-CERTofficials said once the cybercriminal receives the … [Read more...] about Homeland Security’s Advice on Protecting Your POS System