10 Sep 2019

Mitigating Risks To America’s Cognitive Infrastructure

This is the second of a series on our nation’s most neglected critical infrastructure, our cognitive infrastructure. The first post dove into the nature of the challenge and why it is so important for our future that the threats to our cognitive infrastructure are understood and addressed. This post flows from that one and suggests ways the nation can mitigate many of these risks.

Read More
21 May 2019

DHS warns of ‘strong concerns’ that Chinese-made drones are stealing data

The US Department of Homeland Security is warning that drones manufactured in China are a “potential risk to an organization’s information,” because they are capable of sending sensitive flight data to servers that may be accessed by the manufacturer as well as by other parties, such as the Chinese government.

Read More
06 May 2019

2020 Campaign Staffers Being Trained to Handle Cyber Threats

The US Department of Homeland Security (DHS) is reaching out to the campaigns of presidential candidates for 2020 in an attempt to help them protect themselves against interference campaigns by state-backed hackers and other threat actors. The DHS is offering to share threat intelligence with campaigns and test the security

Read More
01 May 2019

DHS Orders Agencies to Patch Critical Flaws Within 15 Days

US government agencies need to patch critical security flaws within 15 days and high-severity vulnerabilities within 30 days under BOD 19-02, a new Binding Operational Directive issued by the Department of Homeland Security (DHS). The period for fixing critical issues was cut in half, because the previous directive (BOD 15-01)

Read More
15 Apr 2019

Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software

VPN applications offered by Cisco, Palo Alto, F5 and Pusle are putting users at risk by failing to securely store session cookies, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Carnegie Mellon’s CERT are warning. If threat actors can obtain access to a session cookie,

Read More
11 Apr 2019

US Government Warns of New North Korean Malware

The US Department of Homeland Security (DHS) has published a report about a newly uncovered malware strain that is linked to the infamous North Korean hacking group Hidden Cobra aka Lazarus. The malware, dubbed Hoplight, is a backdoor Trojan that has the ability to: “Read, Write, and Move Files; Enumerate

Read More
09 Apr 2019

Trump Shakeup Impacts Cybersecurity Policy

Cybersecurity experts are worried that the recent departures of US Department of Homeland Security (DHS) Secretary Kirstjen Nielsen and Secret Service Director Randolph Alles will undermine the continuity of the US cybersecurity policy. Both the DHS and the Secret Service play vital cybersecurity roles, since their responsibilities include the protection

Read More
25 Mar 2019

Watchdog: FEMA Wrongly Released Personal Data of Victims

The Homeland Security Department’s Office of Inspector General has discovered a massive data breach at the Federal Emergency Management Agency (FEMA), affecting 2.3 million survivors of hurricanes and wildfires. FEMA exposed sensitive personal information to a contractor without there being a legitimate reason for sharing the data. The exposed data

Read More
20 Mar 2019

Cyber Threats Are Emerging Faster Than DHS Can Address Them, Secretary Says

US Secretary of Homeland Security Kirstjen Nielsen on Tuesday warned that her department is failing to keep up with the growing number of cyber threats. “The rate at which the threats and risks are emerging is outpacing our ability to identify and assess and address them,” she said, adding that

Read More
07 Mar 2019

New CISA director outlines top 5 priorities for protecting U.S. critical infrastructure

Christopher Krebs, the head of the newly formed Cybersecurity and Infrastructure Security Agency (CISA) that is part of the US Department of Homeland Security (DHS) has outlined 5 priorities for how the agency plans to protect critical infrastructure. The first priority is to prevent tech firms from hostile countries such

Read More