White House Homeland Security Advisor Thomas P. Bossert & Palo Alto Networks Chairman and CEO Mark McLaughlin to Speak at the Cambridge Cyber Summit

CNBC and The Aspen Institute to host top business, government and cybersecurity leaders at unique one-day conference on October 4 in Boston Englewood Cliffs, NJ, and Washington, DC, August 23, 2017 – CNBC and The Aspen Institute today unveiled the first set of speakers for the second-annual The Cambridge Cyber Summit on October 4th at the Edward M. Kennedy Institute in Boston, MA. This unique one-day summit brings together top technology leaders, CEOs and government officials to explore the latest in cybersecurity, with a particular focus on how the public and private sectors can work together to safeguard our economic, financial and government assets, while also maintaining convenience and protecting privacy. This year's slate of speakers represents many of the most influential leaders in the cybersecurity industry, including a keynote address by White House Homeland Security Advisor Thomas P. Bossert. Other speakers include Catherine P. Bessant, Chief Operations and Technology Officer, Bank of America; Mike Gregoire, CEO CA Technologies; Jason Matheny, Director, IARPA; Mark McLaughlin, Chairman and CEO, Palo Alto Networks; Joe Sullivan, CSO, Uber; as well as voices from the NSA, FBI, DHS, and foreign intelligence agencies. Additional speakers include: Dave Aitel, Founder & CTO, Immunity Monika Bickert, Head of Global Policy Management, Facebook John Carlin, Chair, Cybersecurity and Technology Program, The Aspen Institute; Former Assistant Attorney General for National Security Oleg Derevianko, Information Security Systems Partners (ISSP) Michael Fey, President and Chief Operating Officer, Symantec Dan Geer, CISO, In-Q-Tel Glenn Gerstell, General Counsel, NSA Andy Continue Reading

Georgia official accuses Department of Homeland Security of hacking attempt on state election systems

The state of Georgia on Thursday accused the U.S. Homeland Security Department of apparently trying to hack its election systems. In a letter to Homeland Security Secretary Jeh Johnson, Georgia Secretary of State Brian Kemp said a computer traced back to the federal agency in Washington tried unsuccessfully to penetrate the state office’s firewall one week after the presidential election. The letter speculated that what it described as “a large unblocked scan event” might have been a security test. It sought details, including whether the agency did in fact conduct the unauthorized scan, who authorized it and whether other states might have been similarly probed. Kemp cited the federal law against knowingly accessing a computer without authorization or exceeding authorized access, which is a felony. “At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network,” Kemp wrote. “Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network.” Kemp said this was “especially odd and concerning” given that he is a member of the U.S. Election Infrastructure Cybersecurity Working Group run by the federal agency. Homeland Security spokesman Scott McConnell said the department got Kemp’s letter and is “looking into the matter.” “DHS takes the trust of our public and private sector partners seriously, and we will respond to Secretary Kemp directly,” McConnell said. Forty-eight states accepted offers by the Homeland Security Department to scan their networks ahead of the presidential elections. The scans looked for vulnerabilities that hackers could exploit. The U.S. also described how states could patch their networks to make it more difficult to penetrate them. Georgia was among two Continue Reading

Homeland Security employees unable to access work computers

WASHINGTON — Department of Homeland Security employees in the Washington area were unable to access some agency computer networks on Tuesday, according to three sources familiar with the matter. It was not immediately clear how widespread the issue was or how significantly it affected daily functions at DHS, a large government agency whose responsibilities include immigration services, border security and cyber defense. Employees began experiencing problems logging into networks at 5 a.m. EST on Tuesday due to a problem related to the personal identify verification (PIV) cards used by federal workers and contractors to access certain information systems, one source said. At least four DHS buildings were affected, the source said, including locations used by U.S. Citizenship and Immigration Services. Another source said the cards did not appear to be responsible. DHS did not immediately respond to requests for comment. President Trump vowed to make cyber security a priority during his administration, following an election marred by hacks of Democratic Party emails that U.S. intelligence agencies concluded were carried out by Russia in order to help Trump, a Republican, win. At a White House event last month he said he would "hold my Cabinet secretaries and agency heads accountable, totally accountable, for the cyber security of their organizations." Trump had planned to sign a cyber security executive order last month but it was put on hold to allow more time for review. Continue Reading

FBI, Department of Homeland Security outline conclusion that Russian agencies, military hacked U.S. election

The feds on Thursday detailed how U.S. officials concluded Russian military and intelligence services were behind a massive election-related cyber assault on the U.S. The 13-page analysis provides technical details about the cyber crowbars and infrastructure the hackers used to “compromise and exploit networks and end points associated with the U.S. election, as well as a range of U.S. government, political, and private sector entities.” Earlier this month, the CIA concluded that election hacks targeted Democrats in an effort to help Donald Trump win the White House. The report the FBI and Department of Homeland Security jointly released Thursday outlines the alleged online campaign, codenamed Grizzly Steppe, and backs up an October FBI and DHS statement claiming the hacks were “consistent with the Russian-directed efforts.” Officials in Moscow have repeatedly denied any involvement. Two sets of Russian intelligence groups took part in the hacking of “a U.S. political party” — a reference to the Democratic National Committee, which had thousands of emails stolen and later published by sites like WikiLeaks during the presidential election, the report says. One group, known as Advanced Persistent Threat 29 or “APT 29,” is identified as the Federal Security Service, the successor to the KGB. The group broke into the Democrats’ system in 2015. The second group, referred to as “APT 28,” is linked to the GRU, Russia’s military intelligence service. APT 28 reportedly breached the email of Hillary Clinton’s campaign chairman John Podesta by duping him into clicking on a phony Google login and volunteering his digital credentials. Once APT 28 and APT 29 gained access, both groups “harvest(ed) credentials and other valuable information from their targets,” according to the report. WikiLeaks and other sites then Continue Reading

Leslie Jones website hack being investigated by Homeland Security, ICE

U.S. Immigration and Customs Enforcement and Homeland Security investigators are looking into the hack of actress-comedian Leslie Jones' website. ICE said Thursday that its New York office is investigating the hack that exposed personal information and intimate photos of the "Saturday Night Live" star, along with hateful and racist images. ICE Public Affairs Officer Rachael Yong Yow said the agency does not release information related to active investigations. Jones' website was taken offline after the hack was exposed Wednesday. The "Ghostbusters" actress was also targeted on Twitter last month with a barrage of racial slurs and obscene photos. She called on the social networking service to do more to curb harassment, and Twitter banned several users as a result. Continue Reading

Hacker publishes contact info for 20,000 FBI employees, one day after massive Department of Homeland Security data dump

An unknown hacker published contact information for about 20,000 FBI employees Monday— just a day after leaking data from the Department of Homeland Security and threatening a Justice Department breach. The data dump appeared on a week-old Twitter account, @DotGovs, claiming to be an anti-Israel hacker. The user tweeted an encrypted list of names, phone numbers and email addresses for DHS employees. 63,000 S.S. NUMBERS HACKED AT UNIVERSITY OF CENTRAL FLORIDA The Daily News dialed more than 20 numbers published on the list. Several calls went to the wrong person or disconnected lines. But most connected to the respective person named in the data dump, either directly or through voicemail.Those reached on the phone declined comment. The FBI referred questions to the Justice Department, which said it is"looking into the unauthorized access" of its system but does not believe any "sensitive personally identifiable information" was stolen. The hack comes one day after an identical data dump released contact information for more than 9,000 DHS workers. The hacker reached out to Motherboard Sunday, saying he stole details about tens of thousands of federal employees by hacking into a Justice Department email. He then called someone in the web department, posing as a new employee who needed help navigating web portals, and found his way to snatching 200GB of files, he said. The Daily News called dozens of names on the DHS list, most of which went to the respective employee named in the leak. The hacker gave no motive for the purported hack and has not been identified. It's unclear if it is the same person behind the @DotGovs account. Justice Department and DHS reps declined comment to the Daily News about the leaked phone numbers that matched with workers there. The DotGovs account, which is under the username “Penis”, first tweeted Jan. 30, writing: “Change your thoughts, and Continue Reading

License plate scanner networks capture movements

LOS ANGELES – A rapidly expanding digital network that uses cameras mounted to traffic signals and police cruisers captures the movements of millions of vehicles across the U.S., regardless of whether the drivers are being investigated by law enforcement.The license plate scanning systems have multiplied across the U.S. over the last decade, funded largely by Homeland Security grants, and judges recently have upheld authorities’ rights to keep details from hundreds of millions of scans a secret from the public.Such decisions come as a patchwork of local laws and regulations govern the use of such technology and the distribution of the information they collect, inflaming civil liberties advocates who see this as the next battleground in the fight over high-tech surveillance.“If I’m not being investigated for a crime, there shouldn’t be a secret police file on me” that details “where I go, where I shop, where I visit,” said Michael Robertson, a tech entrepreneur fighting in court for access to his own files. “That’s crazy, Nazi police-type stuff.”A San Diego judge tentatively denied Robertson’s request under California’s open records law, saying all scans are part of ongoing police investigations and that divulging them could compromise criminal cases. Arguments in the case were expected Friday afternoon.Superior Court Judge Katherine Bacal’s initial judgment comes less than a month after another state judge, using the same reasoning, denied a petition by the ACLU of Southern California and the Electronic Frontier Foundation for one week of records on all vehicles collected by the Los Angeles Police Department and Los Angeles County Sheriff’s Department. The ACLU says that network adds 3 million scans each week to a database shared with dozens of other agencies that now includes details from more than 455 million encounters.About 7 in 10 law enforcement agencies used license Continue Reading

Government unveils ‘IT Dashboard’ website that exposes U.S. information technology spending

The U.S. government spends over $70 billion a year on information technology projects, but how much of that money is wasted thanks to inefficient processes, lackluster management, or antiquated ideas? The Obama administration is looking to shine a light on its IT investments with a new Web site that will provide detailed information about how federal funds are allocated, where they are spent, and whether the projects are living up to their expectations. "One of the biggest challenges we see today … is how we make sure that the investments we're making in IT actually produce the dividends that were promised," Vivek Kundra, the nation's chief information agency, said during Tuesdays's Personal Democracy Forum in Manhattan. Kundra was on hand to unveil the IT Dashboard, a Web site that will let users drill down on IT spending for 27 agencies across the board – from the Department of Homeland Security and the Department of Defense to NASA and the Smithsonian Institution. Last year, over $30 billion in IT projects were wasted, Kundra said, but the government provided little data beyond a single list of the projects that were in trouble. "Thirty billion dollars of taxpayer money – that's unacceptable," he said. "What the Obama administration is committed to is laying a new foundation when it comes to transparency, accountability and responsibility – especially when you look at how we manage IT investments." The site provides a "performance dashboard" for all agencies, with a pie chart that provides details on the percentage of projects that are normal, that need attention, or that have significant concerns. That data is then broken down by whether the troubles are finance-related, off schedule, or simply have not yet been evaluated. The Department of Defense, for example, is spending $9.6 billion in fiscal year 2009 on 62 major IT projects. Of those 62 projects, 79 percent are rated as normal and 16 percent need Continue Reading

Mind-reading systems: The next big thing in air security?

A would-be terrorist tries to board a plane, bent on mass murder. As he walks through a security checkpoint, fidgeting and glancing around, a network of high-tech machines analyzes his body language and reads his mind. Screeners pull him aside. Tragedy is averted. As far-fetched as that sounds, systems that aim to get inside an evildoer's head are among the proposals floated by security experts thinking beyond the X-ray machines and metal detectors used on millions of passengers and bags each year. On Thursday, in the wake of the Christmas Day bombing attempt over Detroit, President Barack Obama called on Homeland Security and the Energy Department to develop better screening technology, warning: "In the never-ending race to protect our country, we have to stay one step ahead of a nimble adversary." The ideas that have been offered by security experts for staying one step ahead include highly sophisticated sensors, more intensive interrogations of travelers by screeners trained in human behavior, and a lifting of the U.S. prohibitions against profiling. Some of the more unusual ideas are already being tested. Some aren't being given any serious consideration. Many raise troubling questions about civil liberties. All are costly. "Regulators need to accept that the current approach is outdated," said Philip Baum, editor of the London-based magazine Aviation Security International. "It may have responded to the threats of the 1960s, but it doesn't respond to the threats of the 21st century." Here's a look at some of the ideas that could shape the future of airline security: --- MIND READERS The aim of one company that blends high technology and behavioral psychology is hinted at in its name, WeCU - as in "We See You." The system that Israeli-based WeCU Technologies has devised and is testing in Israel projects images onto airport screens, such as symbols associated with a certain terrorist group or some other image only a would-be terrorist Continue Reading

Democrats chide Bush administration over port security plan

WASHINGTON - Senate Democrats accused the Bush administration on Thursday of bungling a much-needed port security program that has cost tens of millions of dollars and still isn't up and running. The plan, overseen primarily by the Transportation Security Administration, calls for issuing high-tech, tamperproof ID cards to workers to gain access to secure areas of U.S. ports. The program, critics say, is beset by delays, cost overruns and missed deadlines. The program has cost taxpayers more than $94 million, or about $60,000 per ID card, complained New Jersey Democrat Frank Lautenberg. "This kind of mismanagement is not fair to our workers. It's not fair to our ports," Lautenberg said at a Senate Commerce Committee hearing. "It's not the level of security that we need in our country." Lautenberg said the high-tech security access cards will be tested in a pilot program at the Port of New York and New Jersey. "The Port of New York and New Jersey is the largest port on the East Coast and the third largest in the nation," he said. "It is imperative we do everything in our power to provide our port with the most advanced security technology that is available." Anthony Coscia, chairman of the Port Authority board, said the agency has been fighting to get the program in place to test new technology at its port facilities, which will now be one of five pilot sites. "Given our widely variable weather conditions and our high level of activity, our port is an ideal location to test the reliability of this state-of-the-art equipment and the real world impact it will have on productivity," he said. The program, begun in the wake of the Sept. 11 terrorist attacks, has undergone limited testing. Congressional investigators reported that 1,700 ID cards have been issued to workers during testing, well short of the program's goal of screening 75,000 workers and assigning them cards. TSA chief Kip Hawley defended the agency's efforts and said implementing the Continue Reading