Tag

training

Browsing

There were a lot of security incidents in 2017 leading towards more awareness of the dangers and risk. But now that this knowledge is being presented in mainstream media, what comes next?

The National Cyber Security Alliance, where Kaiser serves as executive director, helped create the awareness campaign in 2004, but nothing has been more effective than the hacks of 2017 at making security a household word.

“It was my job to be responsible for things like raising awareness of cybersecurity risk,” said Reitinger, CEO of the Global Cyber Alliance and a former cybersecurity director at the Department of Homeland Security.

Yahoo gave the public 3 billion reasons to worry about security.

“Pretty much everybody was affected. That’s what brought security into the mainstream lexicon.”

Remember, Equifax was completely aware of its security flaws, but it didn’t fix them.

There are just so many moving parts to the security equation, it is an exceedingly difficult problem to solve. I do not know we will ever reach security enlightenment; there will always be security issues to tackle. What we can do is collectivity lower the risk by being more cognizant of the dangers involved in using online tools.

One of the biggest problem with the US military is senior leadership needs cyber security awareness training so that DoD can adequately prevent breaches similar to the recent Joint Chiefs of Staff incident (emphasis added):

In fact the military does give security training a high priority, but as in many organizations, there are weak spots. One has to guess (since the JCS isn’t discussing the breach) that the Joint Chiefs followed a familiar pattern in which the guys at the top were too busy to get the security training everyone else got. The fact that they had to have an emergency training session on phishing after the breach points this out.

But what’s being overlooked even as the military fixes this problem is the similar issue at companies where the C-level executives are apparently immune from corporate security training requirements. They’re too busy, you see. Their time is too expensive to waste with training.

But in fact it’s the data held and used by the C-suite that’s likely the most critical to the success of the business. Even if the hackers can’t hack the cash registers, they can still hack the CEO’s email.

This is a blind spot in corporate governance if there ever was one. The authors of the Harvard Business Review article point this out. Unfortunately, I suspect the people who need it the most will also be too busy to read it.

I have been saying this all along, ever since my time with the US government. Admirals and Generals are the easiest targets because they receive the least amount of training, often times believe they are above the law, and rarely ever comprehend or are interested in the cyber security training they do attend.

Surely the attackers know this already and are actively exploiting the vulnerability.

Cyber Guard exercise expands to whole-of-nation defense as more than one-hundred organizations from government, industry, academia, and the international community met to conduct the fourth annual Cyber Guard exercise from June 8 – June 26:

“Cyber Guard is designed to exercise the interface between the Department of Defense — the active and Reserve and Guard components — that are focused on the cyber mission, and to partner with other elements of the U.S. government as well as state and local authorities,” U.S. Cyber Command Commander Navy Adm. Michael S. Rogers said in a statement.

“The greatest challenge in this exercise is, how do we build those partnerships between organizations that don’t necessarily have a common background, a common verbiage, a common set of terms, so how are we going to harness the power of governmental capacity to include our own department in defending critical infrastructure in the private sector of the United States,” Rogers said.

The exercise took place at a Joint Staff J7 facility in Suffolk, Va., which was designed to support a wide range of military tests and exercises.

Increasing the number of exercises, and the participants involved, will identify important gaps needing to be closed so the US military and its partners can adequately defend the nation in the event of a real cyber attack.

C4ISR on the Army finally building a cyber range so it can adequately train its upcoming cyber warriors and be prepared for the future of warfare:

The facility will open late this summer, according to an Army announcement. It was spurred by a request from the 7th Cyber Protection Brigade.

“The cyber range delivers a persistent, continuously maintained environment to reduce the timeline and costs between training planning and event execution,” the Army’s announcement reads. “When it is expanded for Army-wide use this summer, the range will have the capability to provide an operationally realistic environment with functionality for remote participation via CECOM’s Learning Management Platform.”

The range offers an “operationally realistic environment with repeatable processes,” according to the announcement. Participants will have access to enterprise tools and services not typically available in smaller scale test labs. The facility also will feature threat scenario development and threat automation capabilities.