Public Sector Cybersecurity Weekly Briefing 01-26-2018

Penetration Testing is a Reference Point, Not a Strategy
If penetration and other testing of your defenses is something you’re prioritizing this year, be aware: the information you will obtain is not revelatory, and simply addressing the specifics of whatever vulnerability was exploited will not appreciably change the outcome for the next penetration test (which may not be a test).

 

Harris County Tightens Cybersecurity After Almost Losing $900K in Phishing Attack
On Sept. 21, not three weeks after Houston was ravaged by Hurricane Harvey, the Harris County auditor’s office received an email from someone named Fiona Chambers who presented herself as an accountant with D&W Contractors, Inc. The contractor was repairing a Harvey-damaged parking lot, cleaning up debris and building a road for the county, and wanted to be paid. Chambers asked if the county could deposit $888,000 into the contractor’s new bank account. […] The incident now has become wrapped into an FBI investigation into a group that has attempted to extort local governments around the world, law enforcement officials said.

 

2 Cybersecurity Issues that Companies and Governments Must Tackle Together
As cybersecurity becomes a focus for world leaders, Yahoo Finance is running a series of posts detailing ideas from top cybersecurity experts. […] “Perform joint projects to solve pressing problems, which has the simultaneous benefit of creating ‘muscle memory’ between the public & private sector, which will serve nations well if/when those two sectors have to work closer together in a crisis situation.”

 

DC: Shutting Down Cybersecurity?

As reported by Jessie Bur in the Federal Times, Congress’s bad habit of funding operations through “continuing resolutions”—instead of through budgets that cover entire fiscal years—strains agencies’ ability to make sound decisions about acquiring cybersecurity technology. As a representative of the IT industry—admittedly, not a disinterested observer—recently said in congressional testimony, “Agencies cannot begin to spend dollars until they are appropriated.”

 

Defense Dept. Blocks 36M Malicious Emails Daily, Fends Off 600 Gbps DDoS Attacks

The agency also has thwarted distributed denial of service (DDoS) attacks as large as 600 Gbps “on internet access points, and unique and different ways of attacking us we hadn’t thought of before,” some of which are classified[.] […] The Pentagon anticipates the size of DDoS attacks to grow. “We call it the terabyte of death looming outside the door,” the report quoted Lynn as saying. “We’re prepared for it. It’s just a matter of time before it hits us.”

 

Six More Years of Surveillance

While the surveillance system hasn’t morphed into the Orwellian nightmare that critics fear—and has served its purpose as an effective anti-terror tool—the legal safeguards penning it up still feel flimsy. And as the Senate’s privacy hawk, Ron Wyden (D-Or), has pointed out, the system is too powerful for Congress to simply sign off on for another six years. The upshot is that Americans will have to rely on the same opaque legal procedures to keep Big Brother at bay for the foreseeable future.

 

Sorry, FCC: Montana is Enforcing Net Neutrality With New Executive Order
Montana will require Internet service providers to follow net neutrality principles in order to receive state government contracts. […] Montana’s attempt to enforce net neutrality rules could be challenged in court. But Bullock is attempting to sidestep the FCC’s preemption by making net neutrality a condition of state contracts rather than a law applying broadly to any Internet service.

 

Cyber Takes on New Prominence in Shutdown Government
A spokesperson for the Department of Homeland Security, which oversees both programs, referred FCW to OMB for all questions related to how the agency prepares for a shutdown. According to the latest DHS shutdown plan, the National Protection and Programs Directorate, which helps manage both CDM and AIS, would furlough approximately 45 percent of its total workforce and up to 80 percent of its cyber workforce in the event of a shutdown.

 

Florida Makes Info on 1K Kansas Voters Public, Lawmakers Ask DHS to Clarify Role Regarding Election Integrity Commission
Florida released partial social security numbers for close to 1,000 Kansas voters after receiving data from Kansas Secretary of State Kris Kobach as part of the Crosscheck program that identifies double voter registration. […] The commission was disbanded in early January after it faced resistance from states fearing privacy concerns and voter suppression as well as a wide array of lawsuits.

 

Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.