Discount Offers

Farb Gel UK Legal Self Defence Spray Personal Security Protection, Legal CS alt

£8.99
End Date: Tuesday Mar-28-2017 12:07:14 BST
Buy It Now for only: £8.99
Buy It Now | Add to watch list

Tactical ID Arm Band Security ID Badge Card Holder Doorman Armband SIA New

£2.49
End Date: Saturday Apr-1-2017 11:47:24 BST
Buy It Now for only: £2.49
Buy It Now | Add to watch list

SIA Security Notebook SIA Approved Licensed Security

£5.75
End Date: Wednesday Apr-19-2017 12:03:34 BST
Buy It Now for only: £5.75
Buy It Now | Add to watch list

Tactical ID Arm Band Security ID Badge Card Holder Doorman Armband SIA New

£2.49
End Date: Saturday Apr-1-2017 11:47:24 BST
Buy It Now for only: £2.49
Buy It Now | Add to watch list
0024176
Visit Today : 1
Visit Yesterday : 1
This Month : 28
This Year : 87
Total Visit : 24176
Hits Today : 3067
Total Hits : 1274489
Who's Online : 1

government

Germany’s cyber security chief on hacking, Russia and problems hiring experts

German Government Commissioner for Information Technology Klaus Vitt | German Federal Ministry of the Interior

Klaus Vitt discusses his role protecting Germany from cyber attacks.

By 1

3/20/17, 7:54 PM CET

Updated 3/20/17, 8:10 PM CET

This article is also available in: German2

Read more: Hacked information bomb under Germany s election3

BERLIN Meet the man in charge of protecting Europe s largest country against the ever-changing threat of hacking: the German government s IT commissioner, Klaus Vitt. During an interview with POLITICO at the German Interior Ministry, Vitt described the country s current cyber threat level as increasingly critical, announced plans to cooperate with private companies and explained why his analysts believe most professional hacking attacks on Germany come from Russia or China.

In September, Germany elects a new parliament . Could the vote be manipulated by cyber attacks?

We have analyzed all processes during election day . Wherever we found weak spots, we have introduced measures and taken precautions. In Germany, there are no electronic voting machines or automation .

The vote, therefore, is not that big of a target . However, there s never a security of 100 percent.

You re talking about potential attacks on the IT network on election night . Another issue is cyber attacks that could happen in the run-up to the election . People are concerned that stolen material from hacks could be used to compromise candidates . Do they have a reason to be afraid?

The danger is real . This is why our Federal Office for Information Security (BSI) advises parliamentarians and their groups in the parliament how to protect themselves . It starts with using virus protection software on your private computer but certainly doesn t end there.

Have cyber attacks increased during the last couple of years?

Yes, the threat situation is becoming increasingly critical . We still observe many security breaches in software and hardware, as analyzed in the BSI s annual report on the state of IT security . This in itself is critical . At the same time, however, our society, economy and state are increasingly becoming more digitalized, which also makes them more vulnerable . On top of that, attackers are becoming more professional, and they are using more intelligent malware.

In 2015, a broad-scale cyber attack on the Bundestag, the lower house of the German parliament, made headlines . What consequences did the government draw from the incident?

The Bundestag is in charge of its own IT security . However, there have been numerous consultations on how the parliament should make its network more secure, and the government took part in them . These recommendations were put into action very consistently . The network and its security components were completely rebuilt from scratch.

Could foreign intelligence services be involved in attacks like the one in 2015?

We are dealing with very professional attackers, that s why only in rare cases can you identify them indisputably . We analyze serious attacks very thoroughly to find out from where they originate . In order to do that, we take patterns from comparable attacks in the past as a reference . Based on such analogies, one can say with a certain probability where those attacks originate from and those analogies suggest that a majority of attacks comes from Russia or China, at least geographically.

How can Germany protect itself?

Attackers want to produce the largest effect possible . That s why they target their attacks primarily against critical infrastructure.

With Germany s IT security law introduced in 2015, we have created legislation that focuses on such infrastructures . On the one hand, it introduces minimum standards for IT security: how operators need to protect themselves against cyber attacks . There are regular checks to make sure they still follow those standards . On the other hand, they are obliged to inform authorities about any critical IT security incidents . If operators are affected, they need to alert the BSI about it, which in turn can analyze it, assess the threat and inform other operators as fast as possible so that they can protect themselves in time. I would like to apply a similar model to other companies which are not operating critical infrastructure and the public administration.

In November 2016, Germany introduced a cyber security strategy: a plan for the country on how to protect itself and how to best react to cyber attacks. What about attacks that have already happened and data that may have been taken?

A cyber attack can have different goals . One aim can be to extract information . If you have no possibility to prevent this, you need to cut off access to the internet . This was one of the measures taken during the cyber attack on the Bundestag . From this moment on, no more information can be extracted. However, in the aftermath, it s difficult to detect where malware could possibly have had access to and which data has been extracted.

What measures are you taking?

To guarantee an appropriate IT security level, we will consolidate the data centers and the networks of the national government and its institutions. Today, we have around 1,000 rooms with servers: large ones, medium-sized ones, small ones . We will centralize them at three or four highly-protected, locations . The same thing will be done with the networks . This is how we will protect the administration with a high standard of IT security.

Another measure is expanding our Cyber Defense Center opened in 2011 . The goal is to always have a clear description of what s happening in cyber space . To do that, we will analyze and assess cyber incidents, with all national security agencies exchanging technical information about the incidents with each other . Needless to say, cyber space is not limited to just Germany. And there s another plan we are pursuing: In Germany, we have large international companies with their own cyber security units, who observe cyber attacks, similarly to what our Cyber Defense Center does .

Four DAX companies have joined forces in the so-called German Cybersecurity Organization (DCSO) cooperation . Our idea is to work with them through exchanging technical information . However, we need a contractual basis for that . This is about highly sensitive data.

When in 2015, a Bundestag subcommittee met to discuss the hacking attack, a BSI official told the MPs that only around 15 employees inside his office had the expertise to analyze and deal with such an attack . This doesn t sound like a lot of people?

The BSI is only one unit in our Cyber Defense Center . We have more experts in the Federal Criminal Police, in the Armed Forces, and in both our domestic and the foreign intelligence agencies.

Talking about personnel: Part of the cyber security strategy is hiring more cyber security experts . How easy or difficult is it to find candidates with the necessary expertise?

There is a great demand for IT security experts . The BSI has hired several people recently . It wasn t easy to fill those positions placing an ad in some newspaper wouldn t be enough .

All those positions could be filled; in the meantime, however, we have new open positions.

How attractive a job is, however, is not only defined by its salary but also by how exciting or dynamic its environment is and by its compatibility with having a family.

The interview has been edited and condensed for clarity.

Related stories on these topics:

References

  1. ^ (www.politico.eu)
  2. ^ German (www.politico.eu)
  3. ^ Hacked information bomb under Germany s election (www.politico.eu)

Germany’s cyber security chief on hacking, Russia and problems …

German Government Commissioner for Information Technology Klaus Vitt | German Federal Ministry of the Interior

Klaus Vitt discusses his role protecting Germany from cyber attacks.

By 1

3/20/17, 7:54 PM CET

Updated 3/20/17, 8:10 PM CET

This article is also available in: German2

Read more: Hacked information bomb under Germany s election3

BERLIN Meet the man in charge of protecting Europe s largest country against the ever-changing threat of hacking: the German government s IT commissioner, Klaus Vitt. During an interview with POLITICO at the German Interior Ministry, Vitt described the country s current cyber threat level as increasingly critical, announced plans to cooperate with private companies and explained why his analysts believe most professional hacking attacks on Germany come from Russia or China.

In September, Germany elects a new parliament . Could the vote be manipulated by cyber attacks?

We have analyzed all processes during election day . Wherever we found weak spots, we have introduced measures and taken precautions. In Germany, there are no electronic voting machines or automation .

The vote, therefore, is not that big of a target . However, there s never a security of 100 percent.

You re talking about potential attacks on the IT network on election night . Another issue is cyber attacks that could happen in the run-up to the election . People are concerned that stolen material from hacks could be used to compromise candidates . Do they have a reason to be afraid?

The danger is real . This is why our Federal Office for Information Security (BSI) advises parliamentarians and their groups in the parliament how to protect themselves . It starts with using virus protection software on your private computer but certainly doesn t end there.

Have cyber attacks increased during the last couple of years?

Yes, the threat situation is becoming increasingly critical . We still observe many security breaches in software and hardware, as analyzed in the BSI s annual report on the state of IT security . This in itself is critical . At the same time, however, our society, economy and state are increasingly becoming more digitalized, which also makes them more vulnerable . On top of that, attackers are becoming more professional, and they are using more intelligent malware.

In 2015, a broad-scale cyber attack on the Bundestag, the lower house of the German parliament, made headlines . What consequences did the government draw from the incident?

The Bundestag is in charge of its own IT security . However, there have been numerous consultations on how the parliament should make its network more secure, and the government took part in them . These recommendations were put into action very consistently . The network and its security components were completely rebuilt from scratch.

Could foreign intelligence services be involved in attacks like the one in 2015?

We are dealing with very professional attackers, that s why only in rare cases can you identify them indisputably . We analyze serious attacks very thoroughly to find out from where they originate . In order to do that, we take patterns from comparable attacks in the past as a reference . Based on such analogies, one can say with a certain probability where those attacks originate from and those analogies suggest that a majority of attacks comes from Russia or China, at least geographically.

How can Germany protect itself?

Attackers want to produce the largest effect possible . That s why they target their attacks primarily against critical infrastructure.

With Germany s IT security law introduced in 2015, we have created legislation that focuses on such infrastructures . On the one hand, it introduces minimum standards for IT security: how operators need to protect themselves against cyber attacks . There are regular checks to make sure they still follow those standards . On the other hand, they are obliged to inform authorities about any critical IT security incidents . If operators are affected, they need to alert the BSI about it, which in turn can analyze it, assess the threat and inform other operators as fast as possible so that they can protect themselves in time. I would like to apply a similar model to other companies which are not operating critical infrastructure and the public administration.

In November 2016, Germany introduced a cyber security strategy: a plan for the country on how to protect itself and how to best react to cyber attacks. What about attacks that have already happened and data that may have been taken?

A cyber attack can have different goals . One aim can be to extract information . If you have no possibility to prevent this, you need to cut off access to the internet . This was one of the measures taken during the cyber attack on the Bundestag . From this moment on, no more information can be extracted. However, in the aftermath, it s difficult to detect where malware could possibly have had access to and which data has been extracted.

What measures are you taking?

To guarantee an appropriate IT security level, we will consolidate the data centers and the networks of the national government and its institutions. Today, we have around 1,000 rooms with servers: large ones, medium-sized ones, small ones . We will centralize them at three or four highly-protected, locations . The same thing will be done with the networks . This is how we will protect the administration with a high standard of IT security.

Another measure is expanding our Cyber Defense Center opened in 2011 . The goal is to always have a clear description of what s happening in cyber space . To do that, we will analyze and assess cyber incidents, with all national security agencies exchanging technical information about the incidents with each other . Needless to say, cyber space is not limited to just Germany. And there s another plan we are pursuing: In Germany, we have large international companies with their own cyber security units, who observe cyber attacks, similarly to what our Cyber Defense Center does .

Four DAX companies have joined forces in the so-called German Cybersecurity Organization (DCSO) cooperation . Our idea is to work with them through exchanging technical information . However, we need a contractual basis for that . This is about highly sensitive data.

When in 2015, a Bundestag subcommittee met to discuss the hacking attack, a BSI official told the MPs that only around 15 employees inside his office had the expertise to analyze and deal with such an attack . This doesn t sound like a lot of people?

The BSI is only one unit in our Cyber Defense Center . We have more experts in the Federal Criminal Police, in the Armed Forces, and in both our domestic and the foreign intelligence agencies.

Talking about personnel: Part of the cyber security strategy is hiring more cyber security experts . How easy or difficult is it to find candidates with the necessary expertise?

There is a great demand for IT security experts . The BSI has hired several people recently . It wasn t easy to fill those positions placing an ad in some newspaper wouldn t be enough .

All those positions could be filled; in the meantime, however, we have new open positions.

How attractive a job is, however, is not only defined by its salary but also by how exciting or dynamic its environment is and by its compatibility with having a family.

The interview has been edited and condensed for clarity.

Related stories on these topics:

References

  1. ^ (www.politico.eu)
  2. ^ German (www.politico.eu)
  3. ^ Hacked information bomb under Germany s election (www.politico.eu)

US military leak exposes ‘holy grail’ of security clearance files

US Military Leak Exposes 'holy Grail' Of Security Clearance Files NEW YORK — A unsecured backup drive has exposed thousands of US Air Force documents, including highly sensitive personnel files on senior and high-ranking officers. Security researchers found that the gigabytes of files were accessible to anyone because the internet-connected backup drive was not password protected.

The files, reviewed by ZDNet, contained a range of personal information, such as names and addresses, ranks, and Social Security numbers of more than 4,000 officers . Another file lists the security clearance levels of hundreds of other officers, some of whom possess “top secret” clearance, and access to sensitive compartmented information and codeword-level clearance1. Phone numbers and contact information of staff and their spouses, as well as other sensitive and private personal information, were found in several other spreadsheets.

The drive is understood to belong to a lieutenant colonel, whose name we are not publishing . ZDNet reached out to the officer by email but did not hear back.

The data was secured last week after a notification2 by MacKeeper security researcher Bob Diachenko. Among the most damaging documents on the drive included the completed applications for renewed national security clearances for two US four-star generals, both of whom recently had top US military and NATO positions.

US Military Leak Exposes 'holy Grail' Of Security Clearance Files US Military Leak Exposes 'holy Grail' Of Security Clearance Files

Both of these so-called SF86 applications3 contain highly sensitive and detailed information, including financial and mental health history, past convictions, relationships with foreign nationals, and other personal information. These completed questionnaires are used to determine a candidate’s eligibility to receive classified material. Several national security experts and former government officials we spoke to for this story described this information as the “holy grail” for foreign adversaries and spies, and said that it should not be made public.

For that reason, we are not publishing the names of the generals, who have since retired from service. Nevertheless, numerous attempts to contact the generals over the past week went unreturned. “Some of the questions ask for information that can be very personal, as well as embarrassing,” said Mark Zaid, a national security attorney, in an email .

The form allows prospective applicants to national security positions to disclose arrests, drug and alcohol issues, or mental health concerns, among other things, said Zaid. Completed SF86 forms aren’t classified but are closely guarded . These were the same kinds of documents that were stolen in a massive theft of sensitive files4 at the Office of Personnel Management, affecting more than 22 million government and military employees.

“Even if the SF86 answers are innocuous, because of the personal information within the form there is always the risk of identity theft or financial fraud that could harm the individual and potentially compromise them,” said Zaid.

One spreadsheet contained a list of officers under investigation by the military, including allegations of abuses of power and substantiated claims of wrongdoing, such as wrongfully disclosing classified information. A former government official, who reviewed a portion of the documents but did not want to be named, said that the document, in the wrong hands, provided a “blueprint” for blackmail. Even officers who have left in recent years may still be vulnerable to coercion if they are still trusted with historical state secrets.

“Foreign powers might use that information to target those individuals for espionage or to otherwise monitor their activity in the hopes of gaining insight into US national security posture,” said Susan Hennessey, a Brookings fellow and a former attorney at the National Security Agency. Government officials use the form as a screening mechanism, said Hennessey, but it also offers applicants the chance to inform the government of past indiscretions or concerns that eliminate the possibility of blackmail in the future, she added. “These are people whose lives can depend on sensitive information being safeguarded, so the notion they would fail to put country over self in that kind of circumstance is far-fetched and supported by relatively few historical examples,” she said. “Still, it is the obligation of the government to keep this kind of information safe, both in order to protect the privacy of those who serve and their families and to protect them against being placed in difficult situations unnecessarily,” said Hennessey.

Though many of the files were considered “confidential” or “sensitive,” a deeper keyword-based search of the files did not reveal any material marked as classified. A completed passport application for one of the generals was also found in the same folder, as well as scans of his own and his wife’s passports and driving licenses. Other data included financial disclosures, bank account and routing information, and some limited medical information.

Another document purported to show the lieutenant colonel’s username and password5 for a sensitive internal Dept . of Defense system, used to check staff security clearances. Another document listed the clearance levels6 of one of the generals.

And, a smaller spreadsheet contained a list of Social Security numbers, passport numbers, and other contact information on high-profile figures and celebrities, including Channing Tatum.

The records were collected in relation to a six-day tour to Afghanistan by Tatum in 2015 . An email to Tatum’s publicist went unreturned. The drive also contained several gigabytes of Outlook email files, covering years worth of emails . Another document purported to be a backup. Nevertheless, this would be the second breach of military data in recent months. Potomac, a Dept . of Defense subcontractor, was the source of a large data exposure7 of military personnel files of physical and mental health support staff . Many of the victims involved in the data leak are part of the US Special Operations Command (SOCOM), which includes those both formerly employed by US military branches, such as the Army, Navy, and Air Force, and those presumably still on active deployment. It’s not known how long the backup drive was active .

Given that the device was public and searchable, it’s not known if anyone other than the security researchers accessed the files.

The Office of Personnel Management, which processes security clearance applications, referred comment to the Pentagon.

A Pentagon spokesperson would not comment in an email Monday.

References

  1. ^ codeword-level clearance (www.documentcloud.org)
  2. ^ after a notification (goo.gl)
  3. ^ so-called SF86 applications (www.cbsnews.com)
  4. ^ a massive theft of sensitive files (www.zdnet.com)
  5. ^ lieutenant colonel’s username and password (www.documentcloud.org)
  6. ^ the clearance levels (www.documentcloud.org)
  7. ^ a large data exposure (www.zdnet.com)