You are a SPECIAL Librarian! You are a Military Librarian!

Tag Archive | "cybersecurity"


Hackers broke into third-party software in 2013 to open personal records on federal employees and contractors with access to classified intelligence, according to the government’s largest private employee investigation provider.

That software apparently was an SAP enterprise resource planning application. It’s unclear if there was a fix available for the program flaw at the time of the attack. It’s also not clear whether SAP—which was responsible for maintaining the application—or USIS would have been responsible for patching the flaw.

>>> Full story

Posted in Links, Web/TechComments (0)

Fact Sheet: U.S.-United Kingdom Cybersecurity Cooperation

The White House
Office of the Press Secretary

The United States and the United Kingdom agree that the cyber threat is one of the most serious economic and national security challenges that our nations face.  Every day foreign governments, criminals, and hackers are attempting to probe, intrude into, and attack government and private sector systems in both of our countries.  President Obama and Prime Minister Cameron have both made clear that domestic cybersecurity requires cooperation between governments and the private sector.  Both leaders additionally recognized that the inherently international nature of cyber threats requires that governments around the world work together to confront those threats.

During their bilateral meetings in Washington, D.C. this week, President Obama and Prime Minister Cameron agreed to further strengthen and deepen the already extensive cybersecurity cooperation between the United States and the United Kingdom.  Both leaders agreed to bolster efforts to enhance the cybersecurity of critical infrastructure in both countries, strengthen threat information sharing and intelligence cooperation on cyber issues, and support new educational exchanges between U.S. and British cybersecurity scholars and researchers.

Link to Fact Sheet

Posted in LinksComments Off on Fact Sheet: U.S.-United Kingdom Cybersecurity Cooperation

Research Links: Cybersecurity Policy

Research Links: Cybersecurity Policy
Source: Council on Foreign Relations

How can the United States protect cyberspace “control system of our country,” without restricting the open “flow of information on the Internet”? What should countries consider when developing international cybersecurity standards and protocol? What should their citizens know to protect their information and their rights? Cybersecurity Policy Research Links provide news, background information, legislation, analysis, and international efforts to protect government and the public’s information.

Posted in Current Events, LinksComments Off on Research Links: Cybersecurity Policy

Monthly Cyber Security Tips Newsletter – 2014 Cyber Security Outlook

As we look ahead toward the cyber threats facing us this year, some key challenges will result from the advancements in technology that are becoming part of our daily lives. Ranging from the Internet of Things to online currencies, devices and systems have never been more interconnected. Before we adopt these new technologies, we need to ensure we understand the security implications, and have appropriate layers of defense in place.    

Below are highlights of several of these new advancements and how they may affect us:  

The Internet of Things 

What is the Internet of Things?  Put simply, the Internet enables connectivity from virtually any end-user device or thing. The latest trend is connecting things such as small appliances, refrigerators, personal medical devices, wearable health trackers, and many other items. 

One of the most common examples of how the Internet of Things impacts our daily lives is the automobile, which has become a sophisticated computer device. Researchers have demonstrated the ability to hack an automobile’s systems to control the brakes, steering wheel, and even shut down the engine. Numerous discussion forums focus on the use of vehicle-to-vehicle (or V2V) technology, which will allow vehicles to talk to each other via wireless connectivity. 

Bluetooth, a standard feature in many automobiles with options to include a personal hotspot, can allow a modern smartphone to connect to the automobile’s stereo system to receive continuous Twitter feeds, or a system that may allow a technician to provide assistance in case of emergencies. Researchers have discovered ways to inject malicious codes/programs through CD players or iPod connectors. Theoretically, an infected song on your iPod or CD, when played in your automobile, potentially can spread malicious code from the automobile’s entertainment network to other components of the automobile without many restrictions. 

In another example of how the Internet of Things can impact us is from a recent news story that suggested electric tea kettles and other small appliances were able to exploit unencrypted WiFi and send data back to foreign servers [1].  

Internet-connected devices that are able to process sensitive personal information tend to be high priority targets for cyber criminals. It will become increasingly critical in 2014 to protect these devices from unintended or unauthorized connectivity. 


A Bitcoin is a digital currency stored in a downloadable wallet on a user’s personal computer or with an online wallet service provider. Each wallet has a unique identifier that allows users to transfer bitcoins to other users’ wallets. Bitcoin is a decentralized, peer-to-peer payment system, currently with no regulatory authority. It is gaining popularity, with mainstream businesses adopting it as an alternative form of payment or investment.      

 While the long-term use of Bitcoin is uncertain, for at least the near term in 2014, the increasing adoption and publicity will continue to draw the interest of cyber criminals who target Bitcoin users’ wallets for theft, or compromise systems to generate bitcoins via malware infection.      

 Mobile Transaction Risks 

 Every new smartphone, tablet or other mobile device provides an opportunity for a potential cyber attack. New features such as Near Field Communications (NFC), as well as AirDrop and Passbook for Apple, will continue to expand in 2014, increasing the opportunities for cyber criminals to exploit weaknesses. NFC and AirDrop allow for similarly configured smartphones to communicate with each other by simply touching another smartphone, or being in proximity to another smartphone. This technology is being used for credit card purchases, boarding passes, and file sharing, and will most likely be incorporated into other uses in 2014.     

 Risks of these technologies could include eavesdropping (through which the cyber criminal can intercept data transmission such as credit card numbers) and transferring viruses or other malware from one NFC/AirDrop-enabled device to another.  


 Before adopting any of the myriad new technologies that are rapidly being deployed, it’s important to understand the implications and risks. While interconnectivity can yield many benefits, the risk could outweigh the benefit if the devices, systems, and technologies are not properly secured.  

 Additional Resources: 

 NYS Office of Information Technology Services Enterprise Information Security Office Newsletters :

Georgia Tech: Emerging Cyber Threats Report:

 Sophos: Security Threat Report 2014

 Websense: 2014 Security Predictions

 Symantec: 2014 Predications


    Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS. 


Brought to you by: the Center for Internet Security  

 William F. Pelgrin, President and CEO

Posted in Current Events, Links, Web/TechComments Off on Monthly Cyber Security Tips Newsletter – 2014 Cyber Security Outlook

Monthly Cyber Security Tips Newsletter – Cyber Hygiene with the Top 20 Critical Security Controls

Cyber Hygiene with the Top 20 Critical Security Controls
In this digital age, we rely on our computers and devices for so many aspects of our lives resulting in a need to be proactive and vigilant to protect against cyber threats. However, in order to be as secure as possible, we need to use good cyber hygiene – that is, making sure we are protecting and maintaining systems and devices appropriately and using cyber security best practices.
Many key best practices are outlined in the Top 20 Critical Security Controls, managed by the Council on Cyber Security. These Controls assist in mitigating the most prevalent vulnerabilities that often result in many of today’s cyber security intrusions and incidents. The Center for Internet Security (CIS) provides free, PDF-formatted configuration guides (Benchmarks) that can be used to implement the Controls and improve cyber security.
Below are several best practice strategies for strengthening defenses.  The numbers that follow each best practice are the related Control and the CIS Benchmark. The CIS Mitigation Strategies Crosswalk link below details a complete mapping of the Controls to Benchmarks.
Update Your Applications, Software, and Operating Systems
Even though you may be diligent in keeping your software up-to-date, you are still at risk from malware infections. Malware can infect your computer from a variety of different vectors, including compromised websites, malicious attachments in email, and infected thumb drives. This is why strong malware defenses are crucial. Anti-virus and anti-spyware will scan your files to see if there’s any malware in the files. It may even tell you if you’re about to download a potentially malicious file. Update your anti-virus software regularly. Keeping applications, software, and operating systems patched will help keep you more secure by providing you with the most recent and secure version.
Critical Security Control(s): 2, 3, 5
Securely Configure Your Systems and Devices
The “out-of-the-box” configurations of many devices and system components are default settings that are often set for ease-of-use rather than security. This often results in vulnerabilities that offer easy targets for hackers to exploit, often using automated programs that scan for holes. To mitigate risk, systems and devices should be configured according to industry-accepted system hardening standards.
Critical Security Control(s): 3
Secure Your Browser and Browser Add-ons
Cyber attackers search for programming errors and other flaws in web browsers and associated plug-ins in order to exploit them. These vulnerabilities, if successfully exploited, can give cyber criminals access – and sometimes control over – your computer system. To minimize these risks, keep your browser(s) updated and patched, and set to auto update.  In addition, keep any programs (known as plug-ins) updated and patched, block pop-up windows, as this may help prevent malicious software from being downloaded to your computer, and consider disabling JavaScript, Java, and ActiveX controls when not being used. Activate these features only when necessary.
Critical Security Control(s): 2
Back Up Your Data
Be sure to back up your important data so you can retrieve it if your computer fails. Most operating systems provide backup software designed to make the process easier. External hard drives and online backup services are two popular vehicles for backing up files. Remember to back up data at regular intervals and periodically review your backups to determine if all your data has been backed up accurately.
Critical Security Control(s): 8
Secure Your Wireless Network
Before the days of wireless (Wi-Fi) home networks, it was rather easy to see who was linked into your home network; you could simply follow the wires. You wouldn’t allow a stranger to connect to your wired network, so check to see who is connected to your wireless network. The first step is to lock down your wireless network with a strong password and encryption. This will prevent people who don’t have the password from connecting to your network.
While there are fewer wires to follow, you can still follow some digital breadcrumbs to see who is connected to your network. Connect to your router (for more information refer to the manufacturer’s user guide) to see who the clients (the connected devices) are. Are there more devices connected to your network than you expect? If there are some devices you don’t recognize, change your security settings and passwords. Don’t forget about your printers, many of which can connect to your network and are Wi-Fi enabled.
Critical Security Control(s): 7
Protect Your Administrative Accounts
Administrator or “admin” accounts give a user more control over programs and settings for a computer than a typical user account. If an intruder accesses an admin account, he could potentially take over your computer. Non-administrator accounts, or guest accounts, can limit the ability of someone gaining unauthorized access. It is important to change the default password on your admin accounts and to always log on to your computer as a non-administrator or non-admin account.
Another aspect to protecting admin accounts is to change default passwords on your devices. Many of them are published on the Internet, so be sure to change them to something unique and strong. Default passwords are especially prevalent in routers, wireless access points and other networked devices.
Critical Security Control(s): 3, 12
Use Firewalls
Many computer defaults are set for ease of use, which is convenient not only for us, but also for cyber criminals. Cyber criminals can use weak or unnecessary services as a first step to compromising your computer. Many computers and routers already come with a firewall built in to prevent malicious access to these services. It is recommended that you set the firewall to the securest level you think is appropriate: if this is a laptop you’ll use for traveling and connecting to public networks, it is recommended that you choose the strictest level of security and only allow exceptions for services you need. You can always relax the controls if necessary.
Critical Security Control(s): 10
For More Information:
Brought to you by the MS-ISAC

Posted in Current Events, Links, Web/TechComments Off on Monthly Cyber Security Tips Newsletter – Cyber Hygiene with the Top 20 Critical Security Controls

CRS — The 2013 Cybersecurity Executive Order: Overview and Considerations for Congress

The 2013 Cybersecurity Executive Order: Overview and Considerations for Congress (PDF)
Source: Congressional Research Service (via Open CRS)

The federal role in cybersecurity has been a topic of discussion and debate for over a decade. Despite significant legislative efforts in the 112th and 113th Congress, no major legislation on this topic has been enacted since the Federal Information Security Management Act (FISMA) in 2002, which addressed the security of federal information systems. In February 2013, the White House issued an executive order designed to improve the cybersecurity of U.S. critical infrastructure (CI). Citing repeated cyber-intrusions into critical infrastructure and growing cyberthreats, Executive Order 13636, Improving Critical Infrastructure Cybersecurity, attempts to enhance security and resiliency of CI through voluntary, collaborative efforts involving federal agencies and owners and operators of privately owned CI, as well as use of existing federal regulatory authorities.

Posted in LinksComments Off on CRS — The 2013 Cybersecurity Executive Order: Overview and Considerations for Congress

Blog Archives