[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]<\/p>\n
* How to safely access and navigate the Dark Web
\n* SWIFT to Banks: Who You Gonna Call?
\n* Hackers bombard aviation sector with over 1,000 attacks per month
\n* Main issues involved in the EU\u2019s cybersecurity agenda
\n* Malware on ATMs: Dh7.3 million gone
\n* Why lawmakers are trying to make ransomware a crime in California
\n* Five tips for convincing your CEO to focus on business continuity
\n* GSA Accidentally Releases Google Drive Items Premium Content
\n* FCC Rules Reconcile Speech and Privacy, Must Support Security Research
\n* EU Approves Revised Pact For Data Transfer With US
\n* Data security and breach notification in Austria
\n* 5 Big Data Security Mistakes Your Startup Must Avoid
\n* How to close the PLC security gap
\n* Shadow IT: Friend or Foe?
\n* Which non-technical skills are most important to a career in security?
\n* Software Defined Security: Going Beyond Traditional Measures
\n* DOE proposes $15M fund to fight energy sector hacks<\/p>\n
How to safely access and navigate the Dark Web
\nHere’s how to safely access and browse the Dark Web:
\nStep 1: Plan ahead.
\nStep 2: Obtain a new USB flash drive.
\nStep 3: Prepare your local machine.
\nStep 4: Download Tails and TOR.
\nStep 5: Browse safely.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7bcd63c5e1&e=20056c7556<\/p>\n
SWIFT to Banks: Who You Gonna Call?
\nThe bank-owned, Brussels-based SWIFT cooperative, formally known as the Society for Worldwide Interbank Financial Telecommunication, announced the launch of the new team on July 11 as part of a customer security program unveiled by CEO Gottfried Leibbrandt in May.
\nThe program was a reaction to persistent security criticism leveled at SWIFT in the wake of the $81 million heist from Bangladesh Bank earlier this year – in which attackers used fraudulent SWIFT messages to drain funds from the bank’s Federal Reserve of New York account – and several other, similar incidents involving other banks.
\nSWIFT says its new forensics and customer security intelligence team will gather and feed anonymized intelligence to SWIFT-using banks to help them spot and block attacks.
\nThe team will also offer assistance to any banks conducting internal investigations on attacks that appear to be related to SWIFT’s products or services, in part, by conducting in-depth digital forensic investigations, backed by the two cybersecurity firms that have extensive experience in offering post-breach incident response services to hacked organizations.
\no share attack intelligence, however, SWIFT first needs more hacked banks to come clean.
\nTo date, at least six banks that have confirmed or suspected SWIFT-related hack attacks have come forward, although anecdotal reports say that a dozen or more related investigations may now be ongoing.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=cc9f7c9170&e=20056c7556<\/p>\n
Hackers bombard aviation sector with over 1,000 attacks per month
\nIn the US, Turkey, Spain, Sweden and recently in Poland, aircraft infected with malware or security breaches have provoked delays, loss of information and a wave of growing concern among public authorities, regulators and the industry.
\nIn one of the clearest indications to date of the magnitude of the challenge, Tytgat said aviation systems were subject to an average of 1,000 attacks each month.
\nBrian Moran, Boeing\u2019s Vice-President of Government Affairs for Europe, highlighted the \u201cimportance\u201d of transatlantic cooperation on the matter.
\nAt European level, the response will take shape in EASA\u2019s new cybersecurity centre, Tytgat indicated.
\nThe Aviation Computer Emergency Response Team (AV-CERT) will help understand the nature of the threats, collect evidence of previous cyber attacks, identify security flaws and vulnerabilities, analyse and develop responses to cyber incidents or vulnerabilities \u2013 whether workarounds, recommendations, or technical solutions.
\nAccording to Tytgat, the EASA and the FAA are drafting a common position \u201cvery urgently\u201d as a contribution to ICAO\u2019s proposal.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=bb466cf96e&e=20056c7556<\/p>\n
Main issues involved in the EU\u2019s cybersecurity agenda
\nThree main issues are combined in the modern EU cybersecurity agenda: stepping up cooperation among EU states, creating European cybersecurity single market and cybersecurity public private partnership.
\nCommission clarified EU cybersecurity issues concerning all member states for a long-term period.
\nthe Commission proposed a new series of measures to reinforce cooperation to secure Europe’s digital economy and society, and to help develop innovative and secure technologies, products and services throughout the EU.
\nThe Commission\u2019s measures to further strengthen Europe\u2019s cyber resilience and its cybersecurity industry will include:
\n– Step up cooperation across Europe
\n– Support the emerging single market for cybersecurity products and services in the EU
\n– Establish a contractual public-private partnership (PPP) with industry
\nThree main issues combine the modern EU cybersecurity agenda: stepping up cooperation among EU states, creating EU\u2019s cybersecurity single market and cybersecurity public private partnership.
\nI. Cybersecurity cooperation.
\nThe Commission has already proposed steps on cybersecurity cooperation: e.g.
\nEU Cybersecurity Strategy and the forthcoming NIS Directive lay the groundwork for improved EU-level cooperation and cyber resilience.
\nHowever, the threat level is constantly evolving and handling a large-scale cyber incident involving several EU states simultaneously will be challenging.
\nEU level cooperation is therefore essential for dealing with both a possible large-scale cyber-attack in several EU states and smaller-scale but potentially more frequent cyber incidents.
\nCurrently knowledge and expertise on cybersecurity is available in a dispersed and unstructured way.
\nTo support the NIS cooperation mechanisms, the aim of an information hub is to pool this information and make it more easily available on request to all EU states.
\nThis hub would become a central resource allowing efficient information exchange among EU institutions and the states.
\nThe Commission, supported by ENISA, CERT-EU and with the expertise of its Joint Research Centre, will facilitate the creation and ensure the ongoing sustainability of the hub.
\nThe Commission also proposed the cybersecurity training: according to different estimates the demand for the cybersecurity workforce will rise to 6 million globally by 2019, with a projected shortfall of 1-1.5 million workers.
\nPublic authorities have a role to play in verifying the integrity of key public network infrastructures such as telecoms or energy smart grids, to detect issues, inform the party responsible for these networks and, if needed, provide assistance in fixing known vulnerabilities.
\nII. Cybersecurity single market.
\nThe European Commission proposes market measures related to cybersecurity, as Europe needs high-quality, affordable and interoperable cybersecurity products and solutions.
\nHowever, the supply of ICT security products and services within the single market remains very fragmented geographically.
\nOn the one hand, this makes it difficult for European companies to compete on the national, European and global level; on the other, it reduces the choice of viable and usable cybersecurity technologies that citizens and businesses have access to.
\nNo single EU country alone can overcome this fragmentation to help the industry achieve the economies of scale on a European level.
\nTherefore it is relevant to have an EU certification framework for ICT security products as certification plays an important role in increasing trust and security in products and services.
\nNational initiatives are emerging to set high-level cybersecurity requirements for ICT components on traditional infrastructure, including certification requirements.
\nThe cybersecurity sector depends a lot on innovative SMEs, and the problems affecting investment in this area weigh heavily on the capacity to develop the European cybersecurity industry.
\nThe innovative SMEs in the field are often unable to scale up their operations because of a lack of easily available funding to support them in the early phases of development.
\nCompanies also have limited access to venture capital in Europe and their available budget for marketing to improve their visibility, or to deal with different sets of standardisation and compliance requirements, is inadequate.
\nAbout 75% of respondents to the recent public consultation on cybersecurity felt they lacked sufficient access to financial resources to finance cybersecurity projects and initiatives.
\nIII. Cybersecurity Public Private Partnership.
\nEstablishing a Public-Private Partnership (PPP) on cybersecurity in the area of technologies and solutions for online network security is one of the 16 initiatives put forward in the Commission’s Digital Single Market strategy.
\nSpecific gaps persist in the fast-moving area of technologies and solutions for online network security and a more joined-up approach can help step up the supply of more secure solutions by industry in Europe and stimulate their take-up by enterprises, public authorities, and citizens.
\nThe PPP on cybersecurity will:
\n\u00b7 build trust among Member States and industrial actors
\n\u00b7 align the demand and supply sectors for cybersecurity products and services
\n\u00b7 develop common, sector-neutral and replicable building blocks
\nThe European Cyber Security Organisation (ECSO) was launched on 13 June 2016 in Brussels.
\nECSO is a fully self-financed non-for-profit association (ASBL) under Belgian law.
\nIt is industry-led, with members including large European companies, SMEs and startups, research centres, universities, clusters and associations as well as local, regional and national administrations from the EU and European Economic Area (EEA) and the European Free Trade Association (EFTA) and Horizon 2020 associated countries.
\nThe founding members are the European Organisation of Security, Alliance pour la Confiance Num\u00e9rique, Guardtime acting for the Estonian Association of ICT, and Teletrust.
\nThe partnership agreement is signed today in Strasbourg.
\nFurther information about the association will be made available at http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b95d079ac0&e=20056c7556.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f23df50f04&e=20056c7556<\/p>\n
Malware on ATMs: Dh7.3 million gone
\nThieves suspected of installing a computer programme that got cash machines in Taiwan to churn out more than $2 million (Dh7.34 million) were being hunted by police on Tuesday, officials said.
\nThe masked robbers ransacked more than 30 ATMs at the Taipei-based First Commercial Bank, walking away “with bags packed with cash”, the bank said in a statement.
\nSurveillance images showed “two men wearing face masks and hats walking away with bags packed with cash directly withdrawn from ATMs”, First Commercial said in the statement.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=544968f59e&e=20056c7556<\/p>\n
Why lawmakers are trying to make ransomware a crime in California
\nState legislation to outlaw ransomware is drawing broad support from tech leaders and lawmakers, spurred by an uptick in that type of cybercrime and a series of recent attacks on hospitals in Southern California.
\nThe bill, authored by state Sen.
\nBob Hertzberg (D-Van Nuys), would update the state\u2019s penal code, making it a felony to knowingly use ransomware, a type of malware or intrusive software that is injected into a computer or network and allows a hacker to hold data hostage until money is paid.
\nSo far, the bill has faced no opposition in the Assembly, and must be sent to Gov.
\nJerry Brown\u2019s desk by the time the Legislature adjourns at the end of August.
\nBut security researchers said the cases would be difficult for any one law enforcement agency to pursue \u2014 attacks can be launched from servers spread across multiple countries.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9b9c3b87a6&e=20056c7556<\/p>\n
Five tips for convincing your CEO to focus on business continuity
\n1) Competitors: ‘They’re doing it…’
\nYour CEO isn’t going to take lightly to his\/her key competitor having a better business continuity plan than theirs, so exploit that: show them the facts.
\nJust as Steve Jobs once said, “a lot of times, people don’t know what they want until you show it to them”.
\n2) Case studies
\nWhen it comes to business continuity, we’re talking about presenting hard facts and real life situations on what happened to the company down the road during that emergency.
\n3) Desktop simulation
\nA really great way to introduce some tests and first-hand experience is via desktop.
\nIf your CEO is the sort of person who loves seeing results straight away, this is the way to go.
\n4) Flaunt your intranet!
\nIf your company has adopted the intranet (whether it’s in active use or not), this is a fantastic platform for you to promote your ideas and message around resilience: and for free.
\nIt’s also going to be a way to get the team using the platform for news and information themselves.
\n5) From the floor boards up
\nNothing says ‘listen to me’ like a good old fashion viral campaign.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4098e56a16&e=20056c7556<\/p>\n
GSA Accidentally Releases Google Drive Items Premium Content
\nBetween October 2015 and March 2016, more than 100 Google Drive items in use by 18F, part of the General Services Administration, were accidentally made available to people both inside and outside GSA, according to a May report by the Office of the Inspector General at GSA.
\nccording to 18F, in October 2015, one of its Slack administrators enabled an option in the program that would let it automatically generate document previews when employees share Google Drive documents and items on Slack.
\nThe option is commonly used in many organizations.
\nHowever, for the previews to be created and made searchable, Slack puts the files in its databases.
\nThe report characterizes the incident as a data breach.
\nThe 18F blog post says, “Enabling this integration was a mistake, but the consequences were not a data breach or hack.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7167f0a54e&e=20056c7556<\/p>\n
FCC Rules Reconcile Speech and Privacy, Must Support Security Research
\nLast week, CDT submitted its second set of comments to the Federal Communications Commission (FCC) as it considers a new rulebook for protecting consumer privacy in the use of broadband.
\nThe FCC\u2019s Notice of Proposed Rulemaking (NPRM) on this issue is an important first step towards providing broadband consumers with the assurance they need that their ISP will not track their online activities \u2013 the websites they frequent, the apps they download, the searches they perform \u2013 or sell that information to third parties without their knowledge and consent.
\nCDT previously submitted comments in this rulemaking process.
\nWhile the proposed rule permits sharing customer data for network management purposes without opt-in consent, it does not provide security researchers with sufficient access to CPNI and PII in order to protect customers\u2019 safety and security online.
\nCDT argues that a narrow exemption for researchers to access CPNI and PII without customer approval is necessary to keep the Internet in good health.
\nSuch an exemption could be narrowly crafted to limit the amount of sensitive data accessed by researchers and requiring researchers to protect research data, ensuring that broader consumer privacy rationales are not undermined.
\nWe think it\u2019s important for the FCC to provide an explicit security research exception to send a clear signal that protecting our broadband network infrastructure and applications is valuable and should continue in the future.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f95bcb2a59&e=20056c7556<\/p>\n
EU Approves Revised Pact For Data Transfer With US
\nA new commercial data transfer pact between the US and European Union was given the green light from the EU, replacing the earlier accord known as Safe Harbour, reports BBC News.
\nIt will now be formally adopted early next week, said European Commission Justice Commissioner Vera Jourova.
\nThe approval of Privacy Shield has ended months of uncertainty for many tech companies including Google, Facebook and Apple.
\nHowever, there are concerns from some quarters over the revised pact: digital rights group Privacy International (PI) says \u201cthe new Privacy Shield remains full of holes and hence offers limited protection to personal data.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f61c9f15e8&e=20056c7556<\/p>\n
Data security and breach notification in Austria
\nThe Data Protection Act sets out technical and organisational measures that data controllers must undertake to secure personal data against:<\/p>\n
unauthorised access;
\naccidental or unlawful destruction, manipulation, disclosure and transfer; and
\nother unlawful processing.
\nThe data controller must inform the data subjects concerned in an appropriate manner as soon as it becomes aware that data under its control has been systematically and seriously misused and such misuse may cause the data subjects to suffer damages.
\nThe disclosure obligation does not apply if only minor damage is likely to occur and the costs of disclosure would require disproportionate effort.
\nThe data controller must inform only the natural and legal persons whose data is affected by the breach; there is no general obligation to notify the Data Protection Authority.
\nHowever, telecommunications operators are obliged to directly inform the Data Protection Authority in such event.
\nIn general, the DSB is competent for the enforcement of Austrian data protection law.
\nAnyone may submit a claim to the DSB for a violation of privacy or data protection law by a data controller or processor.
\nThe DSB may conduct onsite audits (although these are uncommon) or request clarification from the data controller or processor in order to verify the concerns (the most common course of action).
\nTo ensure compliance with the Data Protection Act, the DSB may issue recommendations to remedy the violation within a reasonable period.
\nIf a DSB recommendation is not met within this period, the DSB may:
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8920a105b6&e=20056c7556<\/p>\n
5 Big Data Security Mistakes Your Startup Must Avoid
\nMistake #1: Relying on Antivirus and Firewalls Only
\nMistake #2: Not Understanding the Threat
\nMistake #4: Assuming That a Data Center Isn\u2019t Right for You
\nMistake #5: Not Using Encryption
\nData protection needs to be a primary concern of any startup from day one.
\nIt is not something that can be dealt with \u201clater,\u201d or managed with consumer-grade tools.
\nTo ensure the success of your business and prevent unnecessary costs that could irreparably harm your company, make data security and protection a priority and avoid these major mistakes.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=92f425fbb4&e=20056c7556<\/p>\n
How to close the PLC security gap
\nAbout the author
\nAlan Morris is consulting engineer at Morris and Ward in Chevy Chase, Maryland.
\nContact him at morris.ward@verizon.net.
\nAn industrial control system (ICS) is used to control equipment in a local area such as a production plant, while a supervisory control and data acquisition (SCADA) system is used to control equipment in a wide geographical area such as an electric power grid.
\nA SCADA system may be thought of as a subset of ICS.
\nMalware has been developed by hackers to attack the ICS of critical facilities, such as by the Dragonfly and the Havex malware hacker groups, to destroy equipment and threaten human life.
\nThe attacks can be carried out by nation-state and non-state hacker teams with little or no risk of detection or attribution.
\nCritical facilities include, for example, nuclear power plants, hydroelectric dams and oil\/gas pipelines.
\nAn example of a destructive malware incident is the 2010 Stuxnet malware attack on the ICS of the Natanz nuclear enhancement plant in Iran.
\nThere, Stuxnet was designed to alter the programming stored on the memories of the PLCs of the Natanz ICS, to cause dangerous changes in rotational speeds of the refining centrifuges, causing 1,000 centrifuges to destruct.
\nFacilities seek to protect their control systems against malware attack with defensive software, including firewalls and whitelisters.
\nHacker teams have computerized methodologies, such as fuzz testing and using Shodan, to find connectivity paths and zero-day faults through which to reach their targets of rewriteable PLC memories.
\nThe rewriteable memories of PLCs are fixed in place on a circuit board of the PLC, are programmed in place and are reprogrammed in place.
\nWhen, instead, non-rewriteable memories are utilized in PLCs, the PLC must be configured such that a programmed non-rewriteable memory can be inserted into or removed from an exterior socket on the PLC.
\nThe non-rewriteable memories of a new-design PLC must be removable and insertable, using connecting sockets in the PLC.
\nThe memory connecting socket is necessary because, once programmed, the program stored on the non-rewriteable memory cannot be rewritten.
\nIf change of programming for the memory in a PLC is needed, a new non-rewriteable memory will need to be programmed and taken by the technician to the PLC, for insertion in the socket of the PLC.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=616ffaa224&e=20056c7556<\/p>\n
Shadow IT: Friend or Foe?
\nShadow or stealth IT doesn\u2019t really lurk in the darkest corners of our organizations.
\nOn the contrary, shadow IT hides in plain sight.
\nWe see it every time one of our colleagues pulls out their personal smartphone or tablet and uses a free mobile app to share confidential business information across an unsecured network.
\nAt that moment your business is completely exposed to hackers, cybercriminals and your competitors.
\nYou\u2019re almost certainly in breach of data protection legislation.
\nWorst case scenario, you find yourself on the wrong end of a lawsuit when angry customers take you to task because you failed to protect their personal data.
\nIn truth, the biggest threat to a company\u2019s data security comes from its own staff.
\nCareless employees, easy access to technology and lack of corporate guidance leaves many organizations dangerously and needlessly exposed to data breaches.
\nIdentity governance tech firm SailPoint says that 71% of company employees have access to data they shouldn\u2019t. 80% of data is unstructured and resides in multiple locations.
\nIn 2015 the average organisational cost of a single lost file or stolen data record was $154 according to research by IBM and the Ponemon Institute.
\nThat\u2019s an increase of nine percent on the year before.
\nHowever, some data is worth considerably more to cybercriminals for identity theft and fraud purposes.
\nTo maximize the potential gains from shadow IT and mitigate the risks businesses need to be smarter and more adaptable.
\nAs more staff and businesses adopt Cloud solutions it only makes sense to keep your anti-malware and anti-virus software updated.
\nRather than resisting the tide, businesses and IT departments should look at how they can safely embrace BOYD\/BYOA (that\u2019s Bring You Own Device\/Bring Your Own App) policies and procedures.
\nCompanies must make more of an effort to communicate the benefits and dangers of using consumer-grade apps for work purposes.
\nSimilarly, employees need to take a greater burden of responsibility for the technologies they bring into the workplace.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3f0076e6a2&e=20056c7556<\/p>\n
Which non-technical skills are most important to a career in security?
\nAs another school year comes to a close, I find myself reminiscing about the people I\u2019ve interacted with over the last nine months, as they explored their interest in Information Security careers.
\nI\u2019ve had the privilege of interacting with quite a few exceptional students who will be exceptional assets to any companies that are lucky enough to attract them.
\nWhile they all have excellent technical chops, there was something more that truly made them \u201csparkle\u201d.
\nWhat is it these people had in common that made me feel that the industry would be so enriched by their presence?
\n-Thirst for knowledge
\n-Willingness to ask questions
\n-Loving the work for its own sake
\n-Creative self-promotion
\n-Communicating empathetically
\n-The courage to break stuff
\n-Willingness to say no
\n-The desire to help people
\n[ A bit of self promotion, if you want to see Paul’s skill matrix for SOC teams, let me know.It includes Security, IR and soft skills]
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c4108e0179&e=20056c7556<\/p>\n
Software Defined Security: Going Beyond Traditional Measures
\nOrganizations today are evolving and rapidly adopting new technologies.
\nWhether introducing flexibility to their employees or new services to their customers, companies are redefining the organizational boundaries.
\nBut what this brings is an increase in their threat footprint.
\nOrganizations now need to look towards leveraging emerging technologies such as Software Defined Networking (SDN) in order to efficiently and dynamically address security threats and attacks.
\nThe SDN controller can also make use of Network Function Virtualization (NFV) concepts, which allow for the deployment of sophisticated network functions in commodity hardware, managed through the application of service chaining.
\nThis ensures that the traffic flows are dynamically directed to the right network elements if and when needed.
\nThis overall model is described as Software-Defined Security (SDSec).
\nBy leveraging technologies like SDN and NFV \u2013 and therefore advancing to an evolved security architecture \u2013 organizations can take advantage of the benefits and opportunities that were either not possible in the past, or were too expensive to be justified.
\n– Central management of security
\n– Efficient and dynamic mitigation of security threats and attacks.
\n– Hardware cost reduction.
\n– Use of existing network appliances.
\n– Dynamic configuration of existing network nodes for the mitigation of an attack.
\n– Harmonized view of logical security policies.
\n– Visibility of information from one source.
\n– Integration with sophisticated applications.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4228efa36d&e=20056c7556<\/p>\n
DOE proposes $15M fund to fight energy sector hacks
\nA proposed $15 million Energy Department fund announced Tuesday looks to improve the cybersecurity posture of the sector\u2019s most vulnerable companies: smaller utility firms that typically supply energy to municipalities that operate with fewer resources than their bigger counterparts.
\n\u201cWe need game changing innovation in the [electrical grid cybersecurity] space,\u201d Deputy Energy Secretary Elizabeth Sherwood-Randall said Tuesday at a Bloomberg cybersecurity conference in Washington, D.C., Tuesday.
\nIndustry competitors are already sharing threat intelligence data and other security information amongst themselves and with the federal government, explained Marcus Sachs, senior vice president and chief security officer for the nonprofit North American Electric Reliability Corporation.
\nThe next step is to include more voices in this ongoing and important conversation concerning the physical and digital security of critical U.S. infrastructure, said Suzanne Spaulding, Department of Homeland Security under secretary for the National Protection and Programs Directorate.
\nThe proposed DOE fund, which is subject to congressional appropriations and could be as much as $15 million, will be managed and employed by prominent industry advocacy groups the American Public Power Association and the National Rural Electric Cooperative Association.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=638531b204&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=fe55969d00)<\/p>\n
Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] * How to safely access and navigate the Dark Web * SWIFT to Banks: Who You Gonna Call? * Hackers bombard aviation sector with over 1,000 attacks per month * Main issues…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1247","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1247"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1247\/revisions"}],"predecessor-version":[{"id":3734,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1247\/revisions\/3734"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}