CloudPassage unveiled Halo NetSec, an automated solution that provides advanced network access control for servers running in public clouds including Rackspace and Amazon EC2.
Cloud computing ha…
View full post on Help Net Security – News
As many of us have seen in the media recently, the United States and other world governments are deeply entrenched in discussions over proposed cybersecurity legislation. There are many different flavors of legislation currently being discussed by governments across the globe, of which I dont intend to cover here. In the US it appears the government has finally started to address cybersecurity issues that have been discussed in this forum for years. One piece of the legislation currently being discussed is a proposal sponsored by Rep. Dan Lungren (R-Calif.) is House Resolution 3674 – the Promoting and Enhancing Cybersecurity and Information Sharing Enhancement Act of 2011 or PrECISE. The thrust of the bill is to amend the current Homeland Security Act of 2002 which will give additional authority to the USGovernment in the national cybersecurity effort.
I want to highlight some of the ideas being presented in this bill and how they are going to be a huge win for the cyber security community. These are just a few of the items being discussed, but these will pay huge dividends in the security effort.
The coordination and sharing of information between the civilian and government agencies is one of the topics some of the bills being considered address, and is a critical component in the cybersecurity effort. As it is written in PrECISE SEC. 2. Sec.226 (2) foster the development, in conjunction with other governmental entities and the private sector, of essential information security technologies and capabilities for protecting Federal systems and critical infrastructure information systems, including comprehensive protective capabilities and other technological solutions. Organizations that have previously developed implementation strategies for information systems have a leg up on organizations that have not. The Black Hat community has excelled at this type of sharing, and has been an excellent vehicle for their efforts. They are not impeded by corporate policy, federal guidelines, or other governing regulations.
The silos of information that exist in the enterprise today have also led to silos of security information. The production, collection, and correlation of that information is often difficult because different vendor technologies, implemented at different stages, lead to disparate systems. PrECISE SEC. 2, Sec 226 Para. (3) states the need to acquire, integrate, and facilitate the adoption of new cybersecurity technologies and practices in a technologically and vendor-neutral manner to keep pace with emerging terrorist and other cybersecurity threats. There are many great minds and methods to approach this, and the solution will not be easy. It is a critical solution that needs to be addressed.
User awareness and education is critical for every aspect of information security. With the increase of reliance on technology throughout, the importance of user education increases accordingly. PrECISE SEC. 2, Sec 226 Para.(6) states and
-(C) training opportunities to support the development of an effective national cybersecurity workforce and educational paths to cybersecurity professions
User education and awareness training, coupled with the information sharing efforts mentioned in Para. (2) will go a long way towards improving the overall security of the information and systems we use every day.
I am excited to see the governments taking cybersecurity seriously, and hope the politicians can produce something that is useable and applicable to the world today. The implementation of some of the ideas discussed in this bill will be a huge undertaking, and needs to be done.As a society we have moved beyond the point where cybersecurity is merely desirable by the people who rely on technology. it is a fundamental need, and in some instances, desperately.
Tony Carothers
tony d0t carothers at g_mail
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View full post on SANS Internet Storm Center, InfoCON: green
Researchers at the Ruhr-University Bochum have managed to extract the secret encryption algorithmns used by satellite phones, and discovered that it’s a lot less secure than one might hope.…
View full post on The Register – Security
DigitalPersona announced the newest version of DigitalPersona Pro Enterprise has support for a variety of new authentication credentials. With the software, organizations can now mix and match differe…
View full post on Help Net Security – News
The 10.7.3 update is recommended for all OS X Lion users and includes general operating system fixes that improve the stability, compatibility, and security of your Mac.
The OS X Lion 10.7.3 Upda…
View full post on Help Net Security – News