The Glider

No surprise: Former Massachusetts governor Mitt Romney is the overwhelming victor in Nevada’s caucuses with 47.6 percent of the vote, supported by a politically-active Mormon base but dominating across demographic groups.

Read full article >>

Just before 1:30 p.m. Aug. 3, a frustrated President Obama gathered Gene B. Sperling and the economic team in the White House and told them to design a jobs package he could offer the American public.

Obama had spent much of the year locked in negotiations with Republicans over the national debt, with little to show for the effort but a sagging approval rating. He had wanted to argue publicly for ideas to create jobs, but hesitated in the midst of negotiations. Liberal critics reprised a familiar critique of the Obama White House: that it too often bows to political constraints and forfeits what’s right for what’s possible or easy.

Read full article >>

As many of us have seen in the media recently, the United States and other world governments are deeply entrenched in discussions over proposed cybersecurity legislation. There are many different flavors of legislation currently being discussed by governments across the globe, of which I dont intend to cover here. In the US it appears the government has finally started to address cybersecurity issues that have been discussed in this forum for years. One piece of the legislation currently being discussed is a proposal sponsored by Rep. Dan Lungren (R-Calif.) is House Resolution 3674 - the Promoting and Enhancing Cybersecurity and Information Sharing Enhancement Act of 2011 or PrECISE. The thrust of the bill is to amend the current Homeland Security Act of 2002 which will give additional authority to the USGovernment in the national cybersecurity effort.


I want to highlight some of the ideas being presented in this bill and how they are going to be a huge win for the cyber security community. These are just a few of the items being discussed, but these will pay huge dividends in the security effort.



The coordination and sharing of information between the civilian and government agencies is one of the topics some of the bills being considered address, and is a critical component in the cybersecurity effort. As it is written in PrECISE SEC. 2. Sec.226 (2) foster the development, in conjunction with other governmental entities and the private sector, of essential information security technologies and capabilities for protecting Federal systems and critical infrastructure information systems, including comprehensive protective capabilities and other technological solutions. Organizations that have previously developed implementation strategies for information systems have a leg up on organizations that have not. The Black Hat community has excelled at this type of sharing, and has been an excellent vehicle for their efforts. They are not impeded by corporate policy, federal guidelines, or other governing regulations.



The silos of information that exist in the enterprise today have also led to silos of security information. The production, collection, and correlation of that information is often difficult because different vendor technologies, implemented at different stages, lead to disparate systems. PrECISE SEC. 2, Sec 226 Para. (3) states the need to acquire, integrate, and facilitate the adoption of new cybersecurity technologies and practices in a technologically and vendor-neutral manner to keep pace with emerging terrorist and other cybersecurity threats. There are many great minds and methods to approach this, and the solution will not be easy. It is a critical solution that needs to be addressed.



User awareness and education is critical for every aspect of information security. With the increase of reliance on technology throughout, the importance of user education increases accordingly. PrECISE SEC. 2, Sec 226 Para.(6) states and

-(C) training opportunities to support the development of an effective national cybersecurity workforce and educational paths to cybersecurity professions
User education and awareness training, coupled with the information sharing efforts mentioned in Para. (2) will go a long way towards improving the overall security of the information and systems we use every day.


I am excited to see the governments taking cybersecurity seriously, and hope the politicians can produce something that is useable and applicable to the world today. The implementation of some of the ideas discussed in this bill will be a huge undertaking, and needs to be done.As a society we have moved beyond the point where cybersecurity is merely desirable by the people who rely on technology. it is a fundamental need, and in some instances, desperately.
Tony Carothers
tony d0t carothers at g_mail (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted by Isaac Dawson on Feb 04

How hard of a time the FBI is going to have with removing anonymous from
their networks now? This whole leaked conference call recording reminded me
of an email Dave sent out (which I can't seem to find) where he mentioned
the longer an attacker is ingrained in your network, the harder they are to
remove.
-Isaac

Posted by dan on Feb 04

FYI. It is a good meeting.

--dan

------- Forwarded Message Body

I'm writing to remind you that the submissions deadline for the 5th
USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '12)
is just under three weeks away.

Please submit your work by Thursday, February 23, 2012, 11:59 p.m. PST.
http://www.usenix.org/leet12/cfpb

Now in its fifth year, LEET continues to provide a unique forum for the
discussion of...