New cyber authorities in new DHS legislation

Tom O'Keefecybersecurity, department of homeland securityBy Tom O’Keefe, consultant

A bill that has just made its way through the House would finally reauthorize the Department of Homeland Security, which has only been authorized once, in 2002.

There are several cyber provisions included in the House bill, which could mean a lot of opportunity for cybersecurity vendors if it ends up passing in the Senate (where it has, unfortunately, stalled before). But there’s a good chance that even if the bill doesn’t pass, we’ll see some of the additional authorities and responsibilities making their way to DHS components anyway.

Most of the specific provisions in the bill of interest here are ones that require certain components to own responsibility for cybersecurity of various locations. For example, the Transportation Security Administration would be responsible for assessing the cybersecurity of aviation systems, including airports and airlines, developing an information sharing project across the airline industry and assessing the vulnerabilities of the systems that house TSA PreCheck.

Read more of this post

When deception is a good thing

Silhouette of a hacker with binary codes on background

nick-mirabile-resized2By Nick Mirabile, director of cybersecurity

In 2013, a pro-Assad group known as the Syrian Electronic Army hacked into the Associated Press’ Twitter account and broadcast a fake report about explosions at the White House. It caused the Dow Jones industrial average to drop nearly 150 points, erasing $136 billion in market value.

This is cyber deception in action. Cyber attackers have long embraced deception with tactics such as social engineering help-desk employees to install Trojans or obtain users’ credentials. If deception can be used to attack, can it also be used in cyber defense?

Read more of this post

%d bloggers like this: