Post Tags: cyber news, cyber weekly roundup, cybersecurity news, Glitch, Rowhammer
By Colby Proffitt
1.) For better cybersecurity, be nice to your CFO (May 1, 2018)
https://fcw.com/articles/2018/05/01/cfo-cyber-aga.aspx?s=fcwdaily_020518
Summary: Nearly every federal employee, even those whose IT experience begins and ends at using a computer for work, is capable of contributing to the protection of U.S. government networks.
Why it matters: When it comes to cybersecurity, CIOs and CISOs typically steal the limelight, whether they want to or not. This article, however, is a nice reminder of the critical role CFOs play in an organization’s overall cyber stance. Even if CIOs and CISOs have the best cyber strategy and roadmap, they will still need funding. Despite the fact that breaches and ransomware attacks are in the news on a daily basis, it’s important that federal agencies and industry alike make it a point to keep everyone informed and educated when it comes to cyber – at the executive level where business decisions are made, but also at the operational level, where every employee can either improve or devastate the organization’s overall cyber posture.
2.) The Internet of Things’ Role on Battlefields and at Sea (May 1, 2018)
https://www.nextgov.com/ideas/2018/05/internet-things-role-battlefields-and-sea/147877/
Summary: The internet of things, that loose assortment of tiny sensors now embedded in seemingly everything, can collectively do a lot.
Why it matters: The potential uses of IoT devices continues to expand, with both the Army and Navy considering use cases as well as technical feasibility. While RFPs are starting to be released, there’s still a lot of uncertainty around how IoT will be used in the military – but this article only hints at the risks of using IoT – and it’s yet to be determined if IoT causes more problems than it solves. The government and military have to not only figure out how manage the IoT devices already in use, while also determining how to best leverage IoT and new technologies to stay ahead of our cyber enemies and keep the data generated and processed by IoT devices secured.
3.) Pentagon Bans Chinese Phone Sales on US Military Bases (May 2, 2018)
https://americansecuritytoday.com/pentagon-bans-chinese-phone-sales-us-military-bases-multi-video/
Summary: The Pentagon announced that military exchange service stores and concessionaires will no longer sell Huawei and ZTE phones and telecommunications equipment.
Why it matters: Recent events are a reminder of the ever-present challenge of supply chain management. There aren’t a lot of details around what the specific security concerns are, but they seem to center around the location capabilities – potentially locating and tracking military members when the phone is in their possession. Potentially prompted by the aftermath of the Fitbit breach, it will be interesting to see if any other vendors or re-sellers are added to the list in the coming months.
4.) Data May Be The New Oil But Artificial Intelligence Is The Engine That It Fuels (May 4, 2018)
Summary: Russian President Vladimir Putin stated in 2017 that the country that establishes superiority in artificial intelligence will become the ruler of the world. More recently, Tesla CEO Elon Musk and renowned psychologist Steven Pinker engaged in some rather heated debates over AI use, risks and regulation, with Musk warning that while the benefits of the new tech are revolutionary, the exponential increase in hardware ability and software talent also make AI a potential source of incredible risk.
Why it matters: Whether it’s automation, machine learning, IoT, AI, or another new technology, it’s critical that federal agencies understand the new tech, determine potential use cases that can lead to improvements, and fully comprehend the risks associated with each. As this article points out, AI can bring big benefits to the federal space if harnessed and directed appropriately, but only with intensive collaboration between industry and government.
5.) GLitch: New ‘Rowhammer’ Attack Can Remotely Hijack Android Phones (May 3, 2018)
https://thehackernews.com/2018/05/rowhammer-android-hacking.html
Summary: For the very first time, security researchers have discovered an effective way to exploit a four-year-old hacking technique called Rowhammer to hijack an Android phone remotely.
Why it matters: This news is important not just because it marks a first, but also because it involves the exploitation of hardware, making it impossible to patch. Thankfully, researchers – not malicious actors – were the ones to uncover the exploit, yet another testament to the very real cyber race we live in every day.