From the Summer 2014 Issue

Healthcare is a Growing Target for Cybercrime, and It’s Only Going to Get Worse

Author(s):

Jeff Peters, Editor, SurfWatch Labs

2014 is off to a rough start for healthcare when it comes to cybercrime. A SANS-Norse report stated that healthcare organizations are facing an “epidemic of compromises.”1  A two-year study by Essentia Health, which operates roughly 100 facilities in the Midwest, concluded that most hospital equipment is easy to hack.2   And in April the FBI … Read more

From the Summer 2014 Issue

#CYBERSECURITY CULTURE

Author(s):

Michael Finney, , Mystic Waters Media

Towards the end of his life, Benjamin Franklin penned a letter to a friend. Inside of it he coined one of his most popular phrases, “Nothing can be said to be certain, except death and taxes”. If he were living in our times Franklin would almost definitely add cybersecurity threats to the list. The news … Read more

From the Summer 2014 Issue

Stalking Prey: An RF Hacker’s Perspective

Author(s):

Rick Mellendick, Chief Security Officer, PIAchievers

Nearly everyone has an RF signature, and it is becoming as common as your fingerprint. This signature is the culmination of device and device usage such as: Your cell phone’s frequency Names of the networks you connect to with yourdevices Bluetooth devices and the connections to andfrom them Your device or devices (e.g., laptop, phone, … Read more

From the Summer 2014 Issue

Three Digital Security Trends That Are Shaping the U.S. Nuclear Energy Industry

Author(s):

Herbert Richardson, Vice President of Security and Loss Prevention, AREVA, Inc.

Kelsey McCown, Change Management and Communication Specialist, AREVA, Inc.

Suzanne Delica, Engineer and Media Relations Specialist, AREVA, Inc.

The Heartbleed bug. The Stuxnet virus. Digital sabotage. The digital threats to our critical energy delivery infrastructure are growing daily. Our transparent energy supply is increasingly important to protect and digital security is becoming one of the biggest challenges facing utilities and industry suppliers today.  One example of an industry taking proactive steps for digital … Read more

From the Summer 2014 Issue

Cybersecurity Operations Strategy

Author(s):

B.B. Shariati, Cybersecurity faculty in the Department of Computer Science and Electrical Engineering (CSEE) UMBC, UMBC’s GPD Cybersecurity program at The Universities at Shady Grove

Don Bowers, Chief Scientist, National Security Operation, Leidos Corporation

Executive Summary  Cyber threat is pervasive, growing and real. Whether you are dealing with it professionally as a cyber-warrior or have been touched by cybercrime in your personal life. The “cyber threat is one of the most serious economic and national security challenges we face as a nation” (Obama, 2009). Cyber-attacks such as Advanced Persistent … Read more

From the Summer 2014 Issue

Thinking Ahead – Implementing the NIST Cybersecurity Framework to Protect from Potential Legal Liability

Author(s):

Markus Rauschecker, J.D., Cybersecurity Program Manager, University of Maryland Center for Health and Homeland Security

Private sector organizations should be motivated to implement the NIST Cybersecurity Framework not only to enhance their cybersecurity and to benefit from added incentives to do so, they should also implement the Framework to lower their potential risk of legal liability.  Failure by the U.S. Congress to pass meaningful cybersecurity legislation led the President to … Read more

From the Summer 2014 Issue

NERC Exercise Designed to Improve Grid Security

Author(s):

Brian Harrell, CPP, Director, Energy Security, Navigant

Cyber and physical threats are constantly evolving and require quick action and flexibility that comes from constant vigilance and collaboration with the government and industry.  The North American electrical grid is the largest machine on the planet and, as such, requires constant maintenance, monitoring and continuous learning. The North American Electric Reliability Corporation’s (NERC) mission … Read more

From the Summer 2014 Issue

Finding Clarity in Blurred Boundaries: From Activism to Cyberterrorism

Author(s):

Dr. Eric Yocam, CRISC, CISSP, Adjunct Professor, University of Fairfax

A meaningful boundary (or distinction) can be drawn among sometimes blurred descriptive terms including activism, hacktivism, cybervandalism and cyberterrorism.1 Are Hackers Really Ethical?  The term hacker’s ethic describes the moral values and philosophy that are standard in the hacker community. The hacker’s ethic also represents a form of unrestricted access, freedom of information, and improvement … Read more

From the Summer 2014 Issue

Cyber Deals Deconstructed: The Good, the Bad, and the Ugly of Cybersecurity Mergers & Acquisitions

Author(s):

Michael N. Mercurio, Esq., , Offit|Kurman

It’s the sales season in the cybersecurity industry.  Why? Just take a look at the headlines.  Edward Snowden leaked classified national security documents last year, prompting global interest in privacy matters. Retail chain Target suffered a devastating customer data breach months later. Then emerged the Heartbleed bug, which cyber-criminals exploited to obtain user passwords kept by … Read more

From the Summer 2014 Issue

Cybersecurity in the Supply Chain

Author(s):

Taylor Wilkerson, Program Manager, Supply Chain Management Program, LMI

For most of us, cybersecurity means network and data protection. We think of intrusion detection, firewalls, secure network design, secure and trained workforce, social engineering, and other security activities. Essentially, we view cybersecurity as the tools and activities that keep our networks and the data that they handle secured. But what if one of the … Read more