One Chart Shows Why You Shouldn’t Trust the Feds With Your Data

Sergey Nivens/

We reported in January about the spike in government data breaches that has compromised the personal information of federal employees and citizens.

A report released Wednesday by the Government Accountability Office shows that security incidents involving personally identifiable information more than doubled between 2009, when there were 10,481 such breaches, and 2013, when the number climbed to 25,566.

Collectively, the breaches affect hundreds of thousands of people and cost taxpayers millions of dollars. For example, in July 2013, hackers stole a variety of information, including Social Security numbers, bank account numbers and security questions and answers associated with more than 104,000 individuals from an Energy Department computer system. According to Energy’s inspector general, the costs of assisting affected individuals and lost productivity stemming from the breach could top $3.7 million, GAO noted. 

Among other problems, GAO noted that only one of seven agencies reviewed by auditors correlated an assigned risk level with breaches of personal information and none of the seven consistently documented lessons learned from their breach responses.  

Op-Ed: Agency IT Budgets Aren’t Keeping Pace with Malware Threat

By Mohamad Elbarasse // March 20, 2014

Pavel Ignatov/

If federal agencies hope to fight malware and cybersecurity threats in 2015 they need to allocate more IT funds towards cyber.

Over the past few years government leaders have consistently prioritized and increased funding for cybersecurity initiatives. In the administration’s proposed budget for 2015, the cyber goals are no less lofty, but funding has not increased enough to effectively address the issue. In fact, cybersecurity spending is slated to drop by about $30 million. Lawmakers will have to increase budgets to attain the goals, or agencies will have to sacrifice some of their planned initiatives.

Recently, the Homeland Security Department released the first in a series of annual reports on cybersecurity trends from the U.S. Computer Emergency Readiness Team. According to the publication, “US-CERT Security Trends Report: 2012 in Retrospect,” the most significant conclusion from the analysis is that malware in particular is becoming more prevalent and its threat to cybersecurity more complex.

US-CERT collected data from both public and private sources, including the department’s EINSTEIN system. The data showed that roughly 8 percent of consumer grade users experienced a malware infection in 2012; one in five infections was caused by unintentional installation of malicious or infected ...

The Internet of Things Means More Things to Hack

By Jessica Herrera-Flanigan // March 14, 2014

High-tech, Wi-Fi-connected trash cans are placed around London to monitor commuters.
High-tech, Wi-Fi-connected trash cans are placed around London to monitor commuters. // Lefteris Pitarakis/AP

People often ask me if I “stay off the grid” by refusing to participate in online shopping and banking and express surprise when I tell them I don't bother. "Doesn’t it scare you?" they ask. "Aren’t you worried your information will be compromised?”

Yes and yes, but staying away from the Internet isn't much of an option. Plus, as the recent retail store credit card debacles have demonstrated, bad things can happen to shoppers no matter if they are online or physically in a store.

What scares me more than someone stealing my information as I shop on Zulily or Amazon is how quiet the drumbeat has been on securing the broader Internet of things.

In the past month we learned that hackers broke into the Target financial systems via an HVAC system. While the complete details are unknown, it is believed that a phishing attack using malware at an HVAC subcontractor allowed hackers to gain network credentials to reach Target’s financial systems.

As more of the items we use every day get online capabilities, our lives and the Internet of things are increasingly interconnected.  From my desk, I can control the temperature of my ...

Russia's Holding Back Cyber Capabilities in Ukraine

By Aliya Sternstein // March 10, 2014


There is a big difference between the known capabilities of Russian hackers -- such as cyber espionage -- and the debilitating software the country actually possesses, which could hamper U.S. efforts to predict Putin’s next move, say some security researchers. 

So, far Russia's alleged cyber operations amid unrest in Ukraine have caused more spectacle than destruction. Reportedly a “massive denial-of-service attack” paralyzed Ukraine’s National Security and Defense Council servers for several hours last week, but such temporary traffic floods cannot access data or damage systems. 

This doesn't mean Russia can't carry out a cyberattack that would physically or economically damage Ukrainian citizens. 

"Russia has the capability to completely shut down Ukraine's infrastructure," Jeffrey Carr, author of Inside Cyber Warfare and a government consultant, said during an interview. "But if they did that it would be inviting all kinds of sanctions."

Russian contacts have told Carr that laboratories in the country are at work on programs that could degrade industrial control systems, such as power plants, he said.

"I've been preaching this gospel to the federal government for years," said Carr, founder of Taia Global. "Most of our customers have been overseas. The UK's ...

Four Federal Cyber Escapades to Watch For This Spring

By Aliya Sternstein // March 5, 2014

Maksim Kabakou/

The Obama administration’s 2015 budget request hints at novel approaches to the cyber threat at civilian agencies and the Pentagon. Funding-related papers released on Tuesday to justify spending for congressional appropriators do not include the details. So, look for officials to color in the picture during House and Senate hearings in the weeks ahead. 

1. Deployment of new cyber mission forces

The Defense Department last year reorganized cyber warriors among three "cyber mission force" components. Now comes the challenge of recruiting and retaining personnel to boost the size of each of those components. The quadrennial defense review states, “The Cyber Mission Force will be manned by 2016.” Employees will be positioned among the following groups:

  • 13 Cyber Command National Mission Teams with 8 National Support Teams that thwart cyberattacks headed stateside
  • 27 Cyber Command Combat Mission Teams with 17 Combat Support Teams that aid combatant commands worldwide
  • 18 Cyber Command National Cyber Protection Teams that operate and safeguard the dot-mil domain and internal military networks
  • 24 Service-level Combat Mission Teams
  • 26 Combatant Command-level and Defense Information Network- level Cyber Protection Teams

2. A federal cyber campus

The administration will design a Federal Cyber Campus to "co-locate key civilian cybersecurity ...