Tag Archive for: Systemic

We need systemic mobile IT security

/in


While the cyber security landscape in 2020 was undeniably shaped by the COVID pandemic and widespread fears that disinformation could delegitimize a democratic election, the first quarter of 2021 was dominated by the “Sunburst” hack that compromised many federal departments and agencies. Amidst those compelling concerns, however, I believe that another vital infrastructure security issue has been largely overlooked. COVID, disinformation, and supply chain vulnerabilities have all underscored the criticality of systemic IT security for mobile devices.

It is time for all federal departments and agencies to fully embrace teleworking and mobile connectivity as one form of standard operating procedure. We cannot afford to be caught off guard again by the next pandemic or another exigency.

As a result of my own 16-year career in the Intelligence Community, I am painfully aware of how difficult the issues of teleworking and “bring your own device” (or “BYOD”) can be for certain organizations — but whether it is for continuity of operations in a crisis, improved efficiency, or quality of life issues for workforce retention, the shift to remote and mobile connectivity that COVID accelerated is here to stay. It is imperative that federal policies allow CTOs, CIOs, or CISOs to evaluate new requirements and procurement officers to acquire (or mandate in the case of BYOD) the needed security solutions.

As Dr. Thomas Wingfield, former Deputy Assistant Secretary of Defense for Cyber Policy, eloquently stated in a speech last November, “Organizations need to move from a paradigm of cybersecurity, to one of cyber resilience.”

Federal CISOs can no longer hope to have a well-delineated perimeter that they can securely administrate; instead, they will need to ensure functional resilience for mobile and IoT devices that are technically and legally beyond their control.

At a December 2020 AFCEA webinar entitled “Paper Security vs. Real Security,” several prominent information assurance leaders spoke to that very concept of federal workplace resilience in the contexts of COVID, BYOD, and FedRAMP. My own recommendation for operating in a zero-trust mobile environment is aimed at…

Source…

Twitter Security Failure Prompts Call for Regulating Internet Giants as Systemic Risks

/in


Twitter Inc. suffered from cybersecurity shortfalls that enabled a “simple” hack attributed to a Florida teenager to take over the accounts of several of the world’s most famous people in July, according to a report released on Wednesday.

The report by New York’s Department of Financial Services also recommended that the largest social media companies be deemed systemically important, like some banks following the 2008 financial crisis, with a dedicated regulator monitoring their ability to combat cyberattacks and election interference.

“That Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer,” said Linda Lacewell, the financial services superintendent.

Twitter did not immediately respond to a request for comment. It has acknowledged that some employees were duped into sharing account credentials prior to the hack.

New York Governor Andrew Cuomo ordered a probe following the July 15 hack of celebrity Twitter accounts, in an alleged scam that stole more than $118,000 in Bitcoin.

Those whose accounts were hacked included U.S. presidential candidate Joe Biden; former President Barack Obama; billionaires Jeff Bezos, Bill Gates and Elon Musk; singer Kanye West, and his wife Kim Kardashian, the reality TV star.

Lacewell said hackers obtained log-in credentials after calling several employees, pretending to work in Twitter’s information technology department, and claiming to be responding to problems with the company’s Virtual Private Network, which had become common because employees were working from home.

“The extraordinary access the hackers obtained with this simple technique underscores Twitter’s cybersecurity vulnerability and the potential for devastating consequences,” the report said.

Twitter’s lack at the time of a chief information security officer also made the San Francisco-based company more vulnerable, the report said.

Florida prosecutors said Graham Ivan Clark was the mastermind behind the hack, and charged the 17-year-old Tampa resident as an adult with 30 felonies.

Clark has pleaded not guilty. Federal prosecutors charged two others with aiding the hack.

(Reporting by Jonathan Stempel in New…

Source…