Tag Archive for: center

Arizona opens cyber command center in Phoenix

/in


State and federal law enforcement officials will use the center as a place to share information that can thwart hackers attempting to access private accounts.

PHOENIX — Arizona has unveiled its new headquarters for the state’s war on cyberattacks.

The Cyber Command Center, located in a non-descript, north Phoenix office building, will allow state cybersecurity experts to work alongside their federal counterparts to thwart daily threats of cyberattacks against state resources.

Under one roof

The Cyber Command Center is meant to allow increased information sharing between local, state, and federal agencies to investigate and respond to various cyberattacks.

“Unfortunately, we know that this is something our enemies want to exploit,” said Gov. Doug Ducey. “We’re the first state in the nation to put something like this together in terms of investment. It’s Homeland Security, its national security. We rely on these people and I have a lot of confidence that they can keep Arizona safe and be a model for other states.”

According to Tim Roemer, director of Arizona Department of Homeland Security, his agency fought against roughly 800,000 cyberattacks in September 2021.

“When I was briefed as a new governor by the FBI… they said we should quit calling it ‘cyberwarfare’ and ‘cybersecurity’ because this is the future of warfare and the future of security,” Ducey said.

A new kind of war

When hackers shut down Colonial Pipeline, a company that supplies roughly 45% of the east coast with fuel, it underscored how dangerous ransomware can be, and just how vulnerable computer systems can be to attacks.

Source…

State launches cyber security center

/in


Tim Roemer, the state’s director of homeland security, explains Oct. 4, 2021, how the newly created cyber command center will help protect the security of computers at all levels of government. (Capitol Media Services photo by Howard Fischer)

Arizona launched its new cyber command center Monday to deal with threats to state and local government computers.

But the head of the state Department of Homeland Security, who will be running it, insists that Arizonans should not worry that the state will be using all that expensive high tech equipment to spy on them. In fact, Tim Roemer said that protecting the data on government computers actually will help protect individuals.

“They’re actually one in the same,” he told Capitol Media Services. That’s because Roemer said his agency is legally responsible for protecting the data that Arizonans are required to provide the state, such as tax information and driver’s license number.

“You name, them, we have them,” he said. “If I fail, if we fail, that information gets sold on the dark web or it gets sold to criminals, now they’re going to use that to target you in your personal life and your work life as well.”

Consider, Roemer said, getting an email or text that purports to be from the Motor Vehicle Division, which has the number of your driver’s license and says unless you “click here” it will expire. That, he said, would appear to be legitimate.

“And once you click on it, you can be completely compromised,” Roemer said.

“You may not know it right off the bat,” he continued. “But that’s how they use the data to then go after you personally and professionally.”

It’s his job, Roemer said, to stop that before it happens.

And there are multiple attempts.

“In September alone, our Department of Homeland Security has detected and alerted on almost 70 million cyber threats,” said Gov. Doug Ducey. “They’ve blocked over 800,000 attacks on state websites.”

Those kinds of threats, the governor said, resulted in the state spending $11 million last year to establish a new cyber security program. On top of that was another $3.5 million for what Ducey called “enhanced cyber security tools…

Source…

Center for Internet Security (CIS) Releases Community Defense Model v2.0 for Cybersecurity

/in


EAST GREENBUSH, N.Y., Sept. 29, 2021 /PRNewswire/ — Enterprises naturally want to know how effective the CIS Critical Security Controls® (CIS Controls®) – 18 top-level Controls containing 153 Safeguards that provide a prioritized path to improve an enterprise’s cybersecurity posture – are against the most prevalent cyber-attacks. The Center for Internet Security, Inc. (CIS®) answers that question and more through its Community Defense Model (CDM) v2.0, released today.

The model shows that the CIS Controls defend against approximately 86% of all ATT&CK (sub) techniques found in the MITRE ATT&CK® framework. Furthermore, Implementation Group 1 (IG1) of the Controls, the definition of essential cyber hygiene (formerly basic cyber hygiene), provides enterprises a high level of protection, positioning them to defend against the top five attack types – malware, ransomware, web application hacking, insider privilege and misuse, and targeted intrusions.

Implementation Group 1 (IG1), the group that is least costly and difficult to implement, are the Safeguards that every enterprise should deploy. For enterprises that face more sophisticated attacks or that must protect more critical data or systems, these Safeguards also provide the foundation for the other two Implementation Groups (IG2 and IG3).

“This year’s CDM findings strongly reinforce the value of a relatively small number of well-chosen and essential defensive steps found in IG1,” said Curtis Dukes, CIS Executive Vice President and General Manager, Security Best Practices. “As such, enterprises should aim to start with IG1 to obtain the highest value and work up to IG2 and IG3, as appropriate.”  

The findings in the CDM demonstrate the security value of the CIS Safeguards against the top five attack types:

  • Malware: 77% of Malware ATT&CK (sub-)techniques can be defended through implementation of IG1.
  • Ransomware: 78% of Ransomware ATT&CK (sub-)techniques are defended through implementation of IG1.
  • Web Application Hacking: 86% of Web Application Hacking ATT&CK (sub-)techniques are defended through implementing IG1 Safeguards.
  • Insider Privilege and Misuse: IG1 defends against 86% of the Insider Privilege and Misuse…

Source…

TECNO establishes Security Response Center to improve the security ecosystem

/in


TECNO Mobile recently established official security response center (SRC), a platform for cooperation and exchanges between TECNO and security industry experts, researchers and organizations. This remarks a strategic move that reiterates TECNO’s consistent commitment on security and help upgrade TECNO’s security ecosystem to a higher level.

TECNO SRC has launched a bug bounty program to encourage external security researchers to submit vulnerabilities detected to the security team, and reporters are entitled to get an up to $7,000 reward based on the evaluation of the impact of vulnerabilities. More than 45 models under TECNO Mobile’s four smartphone lines -PHANTOM, CAMON, SPARK and POVA are listed for the bug bounty program.

Stephen Ha, general manager of TECNO said: “ At TECNO, our first priority is offering the most secure mobile experience to our users. SRC is of strategic significance for TECNO to create a comprehensive upgrade of TECNO’s security ecology. Through SRC, we have gone one solid step further on mobile security protection for our users in over 70 global emerging markets.” 

John Peng, head of security department said: “We understand that under current social circumstance, users’ privacy and information security are vital. TECNO has been continuously executing diversified plans in terms of enhancing our product security. By cooperating with international security professionals through the establishment of SRC, we are sure that we  can provide users more secure mobile using experience.”

Starting from coding, application and firmware, the security department carries out security management and audits at each stage of product design, development, testing and release. This is to ensure that all software installed on each device can pass a series of rigorous security checks, including the tests of TECNO security scanning platform, Google Play Protect, GMS BTS and VirusTotal. In addition, TECNO has been regularly sending 90-day security patch updates to users to ensure product safety and protect user equipment from malicious software.

Moving forward, TECNO plans to reach cooperation with the international vulnerability public testing platform…

Source…