Recapping the July 4 Attack and Calling for a Cyber Step-Up
Welcome back Cybersecurity News readers…
Over the long weekend, the AP reported that US officials have ruled out the idea that North Korea was behind last year’s July 4 denial-of-service (DoS) cyber attacks on US and South Korean government and corporate websites.
The origin of the attacks, which hit sites including the US Treasury Department and the Federal Trade Commission, was declared a “dead end” by Don Jackson, director of threat intelligence for cybersecurity consulting firm SecureWorks.
According to Jackson, the hackers “pulled it off so well, managed it so well — this was someone who has experience at running these types of attacks.” Jackson further noted that, with its cyber insight, South Korea may have been the disguised delinquent.
Meanwhile, retired Gen. Wesley Clark advised, “There are a number of national intelligence agencies who are creating cybercapabilities. It’s a natural area of exploration.” Not ruling out North Korea, Gen. Clark warned, “I wouldn’t underestimate North Korea’s potential in this space.”
Regardless of the hack attribution, Federal Computer Week found one thing certain: “US cybersecurity R&D needs a master plan.” According to the FCW article, the Government Accountability Office released a report (PDF) today announcing “Without a current national cybersecurity R&D agenda, the nation is at risk that agencies and private sector companies may focus on their individual priorities, which may not be the most important national research priorities.”
And while the GAO report goes on to mention that the DHS is struggling with acquisition, an article by Federal News Radio notes the department’s new take on transparency. According to the radio news site, DHS made the decision to release its once-private guide to protecting privacy in an effort to assist other organizations in developing an information security plan.
The report (PDF) includes “numerous strategies DHS employs to minimize its impacts on citizens’ privacy, such as frequent certifications to ensure that all personally identifiable information (PII) is secure and accurate, relevant, timely, complete and reduced to the minimum necessary.”
Additional cybersecurity news from the weekend follows…
Apple App Store suffers hack attack (Information Week)
Senator Patrick Leahy asks Capitol Police to investigate hoax email announcing his death (Vermont Public Radio)
How federal cybersecurity management is changing (Federal News Radio)
Cyber threats command congressional attention (San Jose Mercury News)
New York puts up $2.78 million for cyber training (The New New Internet)
More firms targeted by advanced persistent threats, study finds (Search Security)
Cyber hygiene tips for vacation (The New New Internet)