Doug Bedell — September 23, 2016, 9:26 am

College Training in Cybersecurity

So where do you get training in cybersecurity or send your employees for training? Ericka Chickowski on Information Week’s Dark Reading blog runs through her listing of the “Top Colleges for Cybersecurity.” This isn’t an exclusive list, but it might give you an idea of what to look for when you’re considering academic training in cybersecurity.

Hit the books hard!

Doug Bedell — September 22, 2016, 9:07 am

Federal Cyber Security Incidents Soaring

stethoscope on black laptop keyboard
Following up on our last post on cyber – or computer – security, here’s parallel word from In Homeland Security that the number of cyber incidents reported by federal agencies “jumped more than 1,300 percent, from 5,503 to 77,183, over the 10 years through fiscal 2015.”

Here’s more in a quote from Gregory C. Wilshusen, director of information security issues for the Government Accounting Office: “Over the last several years, we have made about 2,500 recommendations to agencies aimed at improving their implementation of information security controls. These recommendations identify actions for agencies to take in protecting their information and systems.

“For example, we have made recommendations for agencies to correct weaknesses in controls intended to prevent, limit, and detect unauthorized access to computer resources….However, many agencies continue to have weaknesses in implementing these controls, in part because many of these recommendations remain unimplemented. As of September 16, 2016, about 1,000 of our information security-related recommendations have not been implemented.”

If there is cyber complacency in certain sectors of the U.S. government, grouse about it, but give your own systems another scan as well. It’s a continually changing world.

Doug Bedell — September 19, 2016, 12:13 pm

Growing Cyber Threat Requires Cyber Protection

SecurityInfoWatch provides a cogent, worrisome, picture of our “cyber physical world,” for that’s what our environment has become.

“The physical environment,” notes an InfoWatch post, “has become saturated with computing and communication entities that interact among themselves, as well as with users. Virtually everything people interact with has – or will have very soon – the ability to source information and respond to appropriate stimuli.”

And in this cyber-rich world, sometimes called the Internet of Things, lies increasing hazard.

“Faster, more intelligent and pervasive networks are connecting everything from smart cities to industrial control. The Internet of Things is linking together everything from street lighting to automobiles. The physical world has never been more accessible to cyber threats than it is now.”

It’s that last sentence, on cyber threats, that’s truly chilling. Don’t operate a business or home computer network without some form of intruder protection built in. (Norton Internet Security would be an example.)

Doug Bedell — September 14, 2016, 11:12 am

Building Security Should Be High on Organizational Checklists

The Federal Emergency Management Agency is perhaps best know for its response to natural disasters. But FEMA is concerned with various aspects of security, including building vulnerability. Building (or facility) security may not be foremost among priorities during busy workdays, but it should be high up there.

FEMA posts an extensive “Appendix A: Building Vulnerability Assessment Checklist” as part of FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings that someone in organizations housed in given buildings should be closely familiar with. Just a suggestion, of course, but even so…

Doug Bedell — September 12, 2016, 6:43 pm

Another Security Threat: USB ‘Kill Sticks’

Security isn’t only required at fence lines and entryways, it also can be challenged by a device that fits easily into one’s pocket – a USB kill stick. Bruce Schneier sounds the alarm on the kill stick device, developed by a Hong Kong company.

“It works like this:,” Schneier explains, “when the USB Kill stick is plugged in, it rapidly charges its capacitors from the USB power supply, and then discharges — all in the matter of seconds.” The jolt can wipe out any device with a USB port – a computer, a copy machine or an airline entertainment system. Use your imagination. Trouble is, bad guys probably will.

Doug Bedell — September 8, 2016, 10:06 am

Airport Workers Getting Emergency Training, at LAX For Now

Security often requires partnership, and it’s refreshing to see a labor-management partnership taking shape at Los Angeles International Airport (LAX) that should enhance the safety of air travelers.

Government Security News reports on a “groundbreaking partnership” between LAX and the Service Employees International Union-United Service Workers West “to train front-line airport service workers to respond effectively in any type of emergency situation.”

The initiative appears to stem from the workers themselves, bless them. “Service workers at airports across the country,” says an airline services employee at LAX, “have been calling for emergency preparedness training because we know firsthand that passengers often look to us as first responders for any airport emergency.” So why not be effectively ready for any that might occur?

Doug Bedell — September 5, 2016, 11:12 am

Drones Have a Busy Future

It’s easier now to become a commercial drone pilot, so look for the use of drones to climb and cause new security concerns. Government Security News advises that “Small UAS (unmanned aerial systems) Rule…went into effect Monday, August 29, 2016 (and) simplifies the process of becoming a commercial drone pilot. Under the new regulations, commercial drone operators will no longer have to obtain a traditional pilot’s license and receive case-by-case permission from regulators. Commercial drone pilots will now only need to pass a certification test and abide by various flying restrictions.

“Michael Bannon, Chief Executive Officer of Drone USA, stated: ‘Small UAS Rule will completely change the Commercial Drone market and within the first day of the new regulations going into effect the FAA reported receiving over 3,000 new applicants preregistering to take the certification test…'”

Doug Bedell — August 26, 2016, 2:03 pm

Smile, You’re On Somebody’s Camera

Video surveillance is becoming part of the growing security dimension of our digitally modern lives. SecurityInfoWatch advises that “The deployment of urban video surveillance is the fastest growing segment of the video world. The expansion in large metropolises to smaller burgs is unrelenting. In fact, former New York Mayor Michael Bloomberg once said that Americans should get used to ‘more visibility and less privacy,’ because ‘there will be cameras every place’ in the next five years in urban spaces.”

Even if a locale doesn’t have many of its own video security cameras, it can probably contract with other agencies to provide photos if and when it needs them. “Whenever we have a criminal case,” says Arlington, VA’s Police Chief Murray Farr, “the police department works very closely with its private partners to obtain any of (the) video that may have been captured within the vicinity of the event. We also have contracts with the Metropolitan Transit Authority to obtain video information on the Metro line, along with the Virginia Department of Transportation for the highways in the Commonwealth.”

So keep smiling, you may well be on somebody’s camera.

Doug Bedell — August 24, 2016, 3:11 pm

On Guard Against Hackers

Securosis discusses the constant, and evidently growing, presence of hackers and spammers on the Internet, and perhaps your computers. We note this post not to be alarmist, but so that you’ll keep your guard up against anything that appears insecure, or aberrant, about your system.

Doug Bedell — August 22, 2016, 1:34 pm

‘Intelligence Certifications’ Becoming Expected

Businessman or designer using laptop computer at desk in office
No, they’re not the result of IQ tests. More typically, intelligence certifications are issued by schools, the federal government and certain professional organizations to confirm capacity in intelligence and security reckoning.

In Public Safety notes that “For those looking to recruit or hire intelligence personnel, finding ways to discriminate between candidates’ varying qualifications is a never-ending challenge. It’s extremely difficult to determine and define which analysts are good, great, or exceptional.”

Thus the growth of intelligence certifications, which the In Public Safety post notes are becoming increasingly common and, indeed, expected. Their purpose is to help identify “great intelligence professionals”.