By Colby Proffitt
1.) US Navy Launches Inspection Program for Cyber Operations Preparedness (June 6, 2018)
Summary: The U.S. Navy debuted early this year a program that allows the service branch to conduct and direct for the first time mission-based and threat-focused inspections of cyber operations.
Why it matters: This article doesn’t offer a lot of details of what exactly the new program will do specifically, but it does mark a fundamental shift in how the Navy is approaching cyber preparedness. How exactly the program will function and the tools it will use to accomplish its mission are yet to be revealed, but we can expect that other branches will follow suit in taking a more proactive approach to monitoring, evaluating, and acting on cyber risks.
2.) Facial Recognition to Aid in Border Security this Summer (Multi-Video) (June 6, 2018)
Summary: Customs and Border Protection will implement a biometric program called the Vehicle Face System (VFS) to scan drivers’ faces as they leave the US.
Why it matters: This project is currently moving though the necessary privacy reviews and is part of the larger Biometric Exit Program, which could ultimately make facial scans necessary for US citizens as part of The Biometric Pathway – not just visa holders. While there are obvious privacy concerns – the government is developing another way to track who goes where – the capture and storage of facially recognized photos could be a significant target for malicious actors, and it’s yet to be determined if the benefits of such a program outweigh the risks.
3.) VPNFilter Malware Still Has Its Sights Set On Your Router (June 7, 2018)
Summary: VPNFilter is more dangerous than originally thought. Users should reboot their routers to keep their home network and devices secure.
Why it matters: If you haven’t been following this story, be sure to check out the list of affected devices – as it’s grown over the course of this week. While most of the malicious activity has occurred in the Ukraine, any listed device is a potential target. This article offers some insight into how to stay safe, including specific procedures for home users.
4.) Marcus Hutchins, WannaCry-killer, hit with four new charges by the FBI (June 7, 2018)
Summary: Marcus Hutchins, the British malware analyst who helped stop global Wannacry menace, is now facing four new charges related to malware he allegedly created and promoted it online to steal financial information.
Why it matters: Just as the negative impacts of hacker’s actions seem to resurface months and even years later, it’s a bit refreshing to see that some of the legal consequences can linger just as much. But what this story doesn’t specifically highlight is just how enticing it can be to be one of those malicious actors. With the challenge of attribution still very real, and the likelihood of being apprehended relatively small, and the potential financial gains increasingly tempting, it calls into question what the U.S. can do to incentivize and entice would-be hackers to take on the white-hat and help prevent future attacks instead of causing them. According to INFOSEC Institute, certified ethical hackers (CEH) max out around $130K, while malicious actors can rake in as much as $90K in a single month.
5.) Goldman Sachs enlists staff for cyber security war games (June 6, 2018)
Summary: Goldman Sachs is turning to cyber security war games to make sure its 8,000 technology staff are up to speed on the hacks and viruses that could delete bank data, compromise privacy or otherwise threaten vital operations.
Why it matters: Cyber War Games may be the new buzzword, but gamification isn’t new. It’s proven effective in some organizations as a way of incentivizing internal teams to compete against one another in an effort to do everything from ID potential vulnerabilities on the network to locate potential insider threats. The effectiveness of gamification, however, hasn’t been consistent over the years. What this article points out, however, and what’s more important than an effective gamification model, is hiring employees with an appetite for cyber defense – an understanding of what’s at stake, and the realization that a data breach or hack are only a click away.