Public Sector Cybersecurity Weekly Briefing 12-01-2017

Infosec Trends to Watch for in Local Government
The critical infrastructure that is maintained and operated by local government is enabled by and dependent upon information technology systems. These technologies support running water, electrical grids, and first responder telecommunications. […] Given the importance of the technology systems, we need to keep our eyes open to the trends in how they are managed. In this Part 1 of this series, I call out the practices of yesterday that will disappear, and I take a first look at where those practices are going.

 

Four Ways State and Local CIOs can Boost Cybersecurity
1. Get the basics right, then tackle IoT
2. Break down organizational silos
3. Reduce the number of tools
4. Create dedicated security roles

 

Arkansas County is Fighting Cyber Crime with New Techniques
The division intends to use bitcoins for undercover operations in various capacities online, detective Olin Rankin said. Benton County Sheriff Shawn Holloway said the currency is another tool to keep the community safe. The sexual exploitation of children online and similar crimes are growing concerns in the area, he said at a conference Oct. 17.

 

Report: FBI Failed to Warn U.S. Officials Targeted by Russia’s Fancy Bear Hackers
As the AP noted, sources said when Fancy Bear allegedly targeted Hillary Clinton’s presidential campaign, FBI agents did visit her headquarters but offered “little more than generic security tips the campaign had already put into practice and refused to say who they thought was behind the attempted intrusions.” The FBI also did not dig very deeply into DCLeaks, an alleged Fancy Bear front which has published numerous leaks of government officials’ email accounts.

 

The ‘Huge’ Hole in the Government’s Russian Software Ban
The Trump administration’s order barring certain Russian software from government networks doesn’t fully cover one troubling vulnerability — the teeming ranks of government contractors. That omission could leave open gateways for hackers looking to pilfer government secrets, cybersecurity specialists warn, something that has reportedly happened in recent years with contractors from the CIA and the NSA.

 

Trump’s New Cybersecurity Rules Are Better Than Obama’s 
The Trump administration clearly listened to these critiques, and the unclassified version of the “VEP Charter” issued this week is more comprehensive and transparent than its predecessor. In the debate over whether to favor offensive capabilities or defensive efforts, the document states that disclosure serves the national interest in the “vast majority” of cases.

 

Experts: States Need Federal Help to Protect Voting Machines from Russian Hackers
“In many electronic voting systems in use today, a successful attack that exploits a software flaw might leave behind little or no forensic evidence,” warned Matthew Blaze, an associate professor of computer and information science at the University of Pennsylvania. “This can make it effectively impossible to determine the true outcome of an election or even that a compromise has occurred.”

 

Vote-Hacking Fears Help State Officials Get Security Clearance
The federal government is “clear-eyed” that threats to election systems remain an ongoing concern after Russia’s meddling in the 2016 election[.] […] After the U.S. intelligence community reached its conclusion on hacking in the 2016 election, the federal government in January designated election systems as “critical infrastructure,” a move that opened up federal assistance to election officers around the country.

 

Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>