Yesterday, Mark Weatherford took over as Deputy Undersecretary for Cyber
Security at the U.S. Department of Homeland Security. For the first time
in many years, the U.S. cybersecurity program will be run by a
technologist rather than by a lawyer. There are good reasons to believe
that this change will herald an era of greater balance in national
cybersecurity leadership between NSA and DHS. DHS has made five very
important advancements in cybersecurity leadership, driven by
technologists. The most important one shifts over $400 million per year
away from paper-based checklist security and toward technology-based,
automated, continuous monitoring of security, providing continuous
situational awareness - a goal that DHS and NSA share. By combining the
buying power of civilian agencies through DHS and of military agencies
through NSA/DISA, total situational awareness and rapid risk reduction
can be made very inexpensive across the federal government. That
change, driven by DHS technologists, is in paragraph 28 of the directive
posted at the White House site:
Paragraph 28 in this White House directive answers the question: "Is a
security reauthorization still required every 3 years or when an
information system has undergone significant change as stated in OMB
Circular A-130?" Answer: "No. Rather than enforcing a static, three-year
reauthorization process, agencies are expected to conduct ongoing
authorizations of information systems through the implementation of
continuous monitoring programs. Continuous monitoring programs thus
fulfill the three year security reauthorization requirement, so a
separate re-authorization process is not necessary."
PS Because of the enormous security improvements to be gained through
continuous monitoring, and the huge potential cost savings, and because
of the powerful role played by Inspectors General (IGs) in determining
what security initiatives are given priority, an independent oversight
group has been established to evaluate IG and GAO reports on security
over the next several years, measuring how well the IGs assess the
continuous monitoring programs and how effectively they press agencies
to move away from the discredited three-year static process. The
independent group is led by Franklin Reeder who was the top IT official
and Chief of Information Policy at OMB (where he led the development of
the Privacy Act of 1974 and the Computer Security Act of 1987).
************************************************************************* SANS NewsBites November 22, 2011 Volume: XIII, Issue: 93 *************************************************************************
- --EURO SCADA & Process Control System Security Summit, Rome, Dec 1-2, 2011 Pre-Summit Courses November 26-30, 2011 Post-Summit Courses December 3-4, 2011 Gain the most current information regarding SCADA and Control System threats and learn how to best prepare to defend against them. http://www.sans.org/eu-scada-2011/
- --SANS San Antonio 2011, San Antonio, TX, November 28-December 5, 2011 7 courses. Bonus evening presentations include Effective Methods for Implementing the 20 Critical Security Controls; and Assessing Deception: Are They Lying to You? http://www.sans.org/san-antonio-2011/
- --SANS London 2011, London, UK, December 3-12, 2011 18 courses. Bonus evening presentations include IPv6 Challenges for Intrusion Detection and Understanding How Attackers Bypass Network and Content Restrictions. http://www.sans.org/london-2011/
- --SANS CDI 2011, Washington, DC, December 9-16, 2011 27 courses. Bonus evening presentations include Emerging Trends in Data Law and Investigations, and Critical Infrastructure Control Systems Cybersecurity. http://www.sans.org/cyber-defense-initiative-2011/
- --SANS Security East 2012, New Orleans, LA January 17-26, 2012 11 courses. Bonus evening presentations include Advanced VoIP Pen Testing: Current Threats and Methods; and Helping Small Businesses with Security. http://www.sans.org/security-east-2012/
- --SANS Monterey 2012, Monterey, CA January 30-February 4, 2012 6 courses. Bonus evening presentations include Who Do You Trust? SSL and TLS Under Attack; and IOS Programming Demo. http://www.sans.org/monterey-2012/
- --SANS Phoenix 2012, Phoenix, AZ February 13-18, 2012 7 courses. Bonus evening presentations include Desktop Betrayal: Exploiting Clients Through the Features They Demand; and Windows Exploratory Surgery with Process Hacker. http://www.sans.org/phoenix-2012/
Plus Perth, Atlanta, and Bangalore all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php **************************************************************************
TOP OF THE NEWS
More Details Emerge About Cyber Attack at Water Utility (November 19 & 21, 2011)
Anonymous Gains Access to Computer Forensics Specialists Mailing List Archive (November 19, 2011)
Members of the hacking collective known as Anonymous have gained access to the Google account of a retired supervisor of a cyber crime investigation organization in southern California and released 38,000 emails taken from that account. Among the information exposed in the hack is the International Association of Computer Investigation Specialists mailing list archive, which includes discussions from specialists around the world. -http://www.wired.com/threatlevel/2011/11/anonymous-hacks-forensics/
Wyden Says He Will Filibuster Protect IP Act if it Gets to the Floor (November 21, 2011)
US Senator Ron Wyden (D-Oregon) says he will filibuster the Senate's Protect IP Act (PIPA), which is similar to the House's Stop Online Piracy Act (SOPA). Wyden put a hold on the bill earlier this year, but there are rumors that there are enough votes to override the hold after the Thanksgiving recess. -http://www.wired.com/threatlevel/2011/11/wyden-pipa-filibuster/ [Editor's Note (Murray): This bill is very unpopular with the public. Demand Progress asserts that 20000 of their members have asked Senator Wyden to read their names as part of his threatened filibuster. On the other hand, the bill is popular among the legislators because it is backed by the very generous RIAA and MPAA. The rights of publishers, no matter how legitimate, do not trump all other interests. The legitimacy of the rights that one asserts is not measured by the contribution that accompanies the assertion.]
Legislators Investigating Possibility that Chinese Telecom Equipment Enables Spying (November 17 & 21, 2011)
Bradley Manning Court Date Set (November 21, 2011)
More than a year-and-a-half after he was arrested, Pfc Bradley Manning, who allegedly leaked classified documents to WikiLeaks, will have a public hearing at Ft. Meade in Maryland. The Article 32 hearing is set for December 16; it is similar to a civilian court grand jury hearing in that the judge will hear evidence to determine if there are sufficient grounds for a court-martial. If convicted on all charges, Manning could face life in prison. The hearing will be open to the media and the public except when classified information is discussed. -http://www.wired.com/threatlevel/2011/11/bradley-manning-hearing/
UK Police Shut Down 2,000+ Websites for Piracy and Theft (November 18 & 21, 2011)
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of InGuardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/