Mediaboss Marketing

NEW YORKThe economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. Thats why Neal Ziring, technical director for the NSAs Capabilities Directorate, wants to flip the financial equation on bad guys.

We need to conduct defenses in a way that kills an adversarys ROI, Ziring said. I want to get it down to the point where a threat actor says, I better choose carefully where I throw this malware first, because Im not going to get a third or fourth try. Today they dont have that concern.

In order to decimate a cybercriminals ROI on developing tools and attack playbooks, Ziring is calling on public agencies, companies and the security community to radically change the way they respond to cyberattacks.

In a keynote address Thursday at the Borderless Cyber conference, he said the cybersecurity community needs to work cooperatively to collectively respond to attacks in the same spirit they share threat intelligence. He argues, doing so will deprive cyber threat actors of the ability to use tools and tradecraft multiple times and starve criminals financially.

The future of cyber defense is having a shared response or coordinated response, Ziring said. We need to break out of todays enterprise mentality of every person for themselves.

The type of framework Ziring describes doesnt exist today, but two standards come close. Those are STIX (Structured Threat Information Expression) and TAXII (Trusted Automated eXchange of Indicator Information) which both deal with sharing data ahead of an attack. Neither address a key component that Ziring is calling for which is a public-private framework that creates a type of autoimmune system. If one node on the network is attacked, all other connected nodes are warned within seconds to defend against a similar attack.

There is no technological reason why this couldnt work. There are only practical obstacles like the need for interoperable standards that will enable us to do this in todays heterogeneous environments. And thats the bit we are solving right now with STIX and OpenC2, he said.

Still early in development, OpenC2 is a language that would enable the coordination and execution of command and control of defense components between domains and within a domain.

Universal support for that type of framework will take a major shift in industry mindsets. As one conference attendee noted, today breach data is a carefully guarded secret for many companies. Ninety-five percent of the dozens of breaches the attendee said he helped mitigate over the past year were kept private for fear it might hurt share prices and the companies reputation.

Ziring said the industry does not need new regulations to mandate breach transparency. The upside to information sharing is the carrot that he hopes will lure companies, sectors and communities to be part of the sharing framework. He notes there are already several critical infrastructure sectors that are required to report breaches to the DHS.

It would be better if we didnt have to create more regulation. Well have to take a wait and see approach for now, he said.

Currently, the type of framework Ziring describes is extremely rare. Within the financial services sector breach data is shared between members of a FS-ISAC (Financial Services Information Sharing and Analysis Center). When one member is attacked all other members are alerted and can fend off similar attacks before they happen.

Meanwhile, attack surfaces are growing with the rapid expansion of cloud, IoT and third-party services. Ziring said current defenses are not as scaleable as they need to be and cant match the automated nature of cyberattacks.

Using FS-ISAC as a model, Ziring envisions a future where industry-focused communities share visibility into threats. When an attack occurred, top-level community members would analyze the threat and send out counter measures to community members inoculating them within seconds or minutes from similar attacks. Its unreasonable to ask small business to be ready fight off a nation state attack themselves, he said.

To many in attendance, that top-level community member is the government. To that end, Ziring told attendees that NSA and DHS are committed to be a trusted partner in the framework through the development of standards such as OpenC2.

The government has a unique authority in this area. We are doing a lot today within the DHS and FBI. I believe government has a responsibility to share. Culturally, its going to be tough. But we need to do it, he said.

Read more:
NSA Advocates Data Sharing Framework - Threatpost

A recently declassified report revealed the U.S. National Security Agency failed to fully secure its systems since the Edward Snowden leaks in 2013.

The report detailed the findings of the Department of Defense inspector general's 2016 assessment of the NSA's security efforts around privileged user management. The heavily redacted report was declassified after Charlie Savage, a Washington correspondent for The New York Times, filed a Freedom of Information Act lawsuit. The assessment looked at how the NSA handles privileged access management, and, according to the report, the NSA was found wanting.

After Edward Snowden leaked over a million files in 2013, the NSA began an initiative, dubbed Secure the Net (STN), with seven privileged user management goals. The inspector general's assessment found that the NSA met only four out of the seven goals: developing and documenting a plan for a new system administration model; assessing the number of system administrators across the enterprise; implementing two-factor access controls over data centers and machine rooms; and implementing two-factor authentication controls for system administration.

According to the report, dated Aug. 29, 2016, not all of the four privileged user management initiatives were fully met. "[The] NSA did not have guidance concerning key management and did not consistently secure server racks and other sensitive equipment in the data centers and machine rooms in accordance with the initiative requirements and policies, and did not extend two-stage authentication controls to all high-risk users," the report read.

Additionally, the assessment found that three of the seven STN initiatives for strong privileged user management were not accomplished. The NSA was supposed to "fully implement technology to oversee privileged user activities; effectively reduce the number of privileged access users; and effectively reduce the number of authorized data transfer agents."

There were 40 STN initiatives in total, though the assessment focused on the seven related to privileged access management. The conclusion reached in the assessment was, while the NSA was successful in part, it "did not fully address all the specifics of the recommendations."

Learn everything you need to know about privileged access management in the enterprise

Find out how to manage and monitor privileged user accounts

Test your privileged user management knowledge with this quiz

View original post here:
Privileged user management trips up NSA - TechTarget

Submitted by:Whatcom Community College

Whatcom Community College (WCC) has been selected by the National Security Agency (NSA) to lead efforts to improve and expand cybersecurity education nationwide as one of four Centers of Academic Excellence in Cyberdefense (CAE-CD) National Resource Centers. In this role, WCC will function as a super hub, helping to support and guide 10 regional centers. Whatcom will lead the CAE-CD mentor program, guiding university and college administrators and faculty through the rigorous application for the CAE-CD designation. The NSA bestows the designation, which recognizes colleges and universities that meet industry-recognized standards of education and training in the cyberdefense field, with curriculum mapped to the NSAs latest requirements.

The College will receive up to $1 million in federal grant funding, which will significantly expand the number of participating institutions in the United States. As one of four national centers funded to support various aspects of the initiative, WCC was designated as a National Center of Academic Excellence in Information Assurance/Cyber Defense 2-year education (CAE2Y) in 2011 and, again, in 2014. Whatcom was among the first community colleges in the nation to earn the designation.

WCC has years of experience and is a national leader in cybersecurity education. Our CIS and cybersecurity programs are models of excellence, WCC President Kathi Hiyane-Brown said. Were honored to share our program models with other academic institutions to help prepare qualified employees for the cyberdefense workforce, which is vital to our national security.

The grant project will leverage the mentor model program that WCC developed under previous grants. The program will connect candidate institutions with a qualified mentor who will assist the applicant in improving their cybersecurity program and completing the CAE-CD application. This process helps to ensure that the application is of high quality and meets NSA standards prior to submission. Through this process, colleges and universities can save time, effort, resources and frustration, and achieve a meaningful designation that will help attract faculty and students and even spur economic development in their region.

WCC offers a bachelor of applied science (BAS) in IT Networking as well as two-year degrees and certificates in computer information systems and cybersecurity (with opportunities to transfer to regional universities). WCC is also the lead institution for CyberWatch West a National Science Foundation (NSF) regional center for cybersecurity education and for C5 (Catalyzing Computing and Cybersecurity at Community Colleges), also funded by the NSF. More than 110 universities, colleges, high schools and educational organizations belong to the CyberWatch West consortium. For more information about WCCs computer information systems and cybersecurity programs, visit whatcom.edu/cis.

View post:
NSA Names Whatcom as One of Four Centers of Academic Excellence in Cyberdefense National Resource Centers - whatcomtalk.com

One day following the explosive revelations of Edward Snowden that the National Security Agency (NSA) had been engaging in mass surveillance of hundreds of millions of Americans without probable cause, I brought suit against then-President Barack Obama and his intelligence agencies. The case was randomly assigned to the Honorable Richard J. Leon of the U.S. District Court for the District of Columbia, one of the few non-Obama-Clinton appointees left in this tribunal. To accelerate the case I then filed a motion for preliminary injunction, asking Judge Leon to temporarily enjoin the defendants illegal surveillance of the populace, during the time the case would otherwise proceed to discovery and then trial.

After Judge Leon reviewed my pleadings, which required that he take action to adjudicate my motion for preliminary injunction with 21 days, he held a status conference. At that conference, he forcefully instructed the Obama Justice Department lawyers in the Federal Programs Branch that he would move the case along quickly and that they should not seek to delay his ruling by asking for non-meritorious requests for extensions. Labeling the case as one at the pinnacle of national importance, Leon advised the Obama Justice Department lawyers to forget about not working on weekends and evenings, and he then set an accelerated briefing schedule.

Judge Leon made good on his promise and ruled promptly, finding that the mass surveillance by Obama and his NSA was unconstitutional and violative of the Fourth Amendment. He added that this was so illegal as to be almost Orwellian, a reference to the landmark book 1984, by George Orwell, in which he coined the term for a tyrannical government: Big Brother.

The initial preliminary injunction entered on Dec. 16, 2013, was entered again later when I amended the complaint to conform with the edicts of the appellate court, the U.S. Court of Appeals for the District of Columbia Circuit, where the Obama Justice Department went after Leons ruling to try to slow down implementation. This second preliminary injunction, as well as the first, provoked Congress to enact a law that attempted to prevent further illegal and unconstitutional surveillance. It is called the USA FREEDOM Act.

However, now we have learned, as I suspected all along, that Obama and the NSA, with the Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI), continued to commit crimes by secretly conducting this illegal surveillance. This was revealed by disclosures obtained by Circa News, with reporters John Solomon and Sara Carter uncovering these continuing crimes.. And, my whistleblower client Dennis Montgomery, a former NSA and CIA contractor during the George W. Bush and Obama White House years, also revealed that this illegal surveillance was a constant by the FBI under the direction of former directors Robert Mueller and then James Comey as Montgomery himself worked with the FBI as well as the other intelligence agencies during these years.

And, this unconstitutional surveillance extended not just to millions of innocent Americans in general, but also other prominent persons such as Donald J. Trump, his family, the chief justice of the Supreme Court, other SCOTUS justices, 156 judges and thousands of others, such as the family of Nevada rancher Cliven Bundy, my client. Anyone who was seen as critical of or a phantom threat to the government, or who had taken action to clean up corruption, such as myself, was put under the looking glass of the so-called Deep State.

The potential for coercion and blackmail under these circumstances was seen to be great. As one example, how does one explain the 12th hour flip of Chief Justice John Roberts, where he voted with leftist justices to rubber-stamp Obamacare, a clearly unconstitutional law? What did the Deep State potentially have on Roberts that got him to jump ship and craft a majority opinion that was a textbook example of rank intellectual judicial dishonesty? This ruling almost destroyed the American economy as well as innocent peoples lives, who were thrown off their health insurance policies or could no longer afford to be covered, as the price of premiums later skyrocketed. This is just one example of the potential consequence of the Big Brother criminal surveillance of the Deep State.

As a result of the new revelations that the illegal spying has continued, despite the enactment of the USA FREEDOM Act, my client Dennis Montgomery and I have brought a new suit, this time adding James Comey along with the FBI and the intelligence agencies as defendants. Comey was included not just because he orchestrated the illegal surveillance during his years as Obamas FBI director, but also because he covered up an investigation caused by Montgomery, in which he was entrusted to supervise. Montgomery, under grant of immunity, had turned over 47 hard drives and over 600 million pages of information, much of which was classified, to Comey. FBI Special Agents Walter Giardina and William Barnett also interviewed my client, under oath, and his testimony was videoed. But despite this having occurred over two years ago, no action by Comeys FBI was taken, and the investigation was apparently buried. The reason? Comey had obviously directed his agents to deep six the investigation as it would show his and former FBI Director Robert Muellers criminal conduct.

Given this obstruction and criminality, I recently filed suit on behalf of Montgomery and myself as our cellphones and computers have been obviously hacked and violated by Comeys FBI and the intelligence agency defendants in the last months, as they knew that my client, with my help, was offering his testimony to the intelligence and judiciary committees on Capitol Hill. But when Congress as usual failed to do its job, perhaps scared that the FBI and intelligence agencies would leak information harmful to senators and representatives, Montgomery and I had to take matters into our own legal hands and filed a new case before Judge Leon.

Friday, I again appeared before this courageous judge for an early status conference, and I will report on this in Freedom Watch publications that can be found at http://www.freedomwatchusa.org.

But for the time being, what can be said is that Comey, Mueller and their FBI, along with the rogue intelligence agencies, again are before the bar of justice. They and the others who have illegally violated our privacy must be held accountable under the rule of law. Indeed, if anyone has obstructed justice, it appears not to be President Trump, but his criminally minded chief accuser Comey and his equally corrupt special counsel friend Robert Mueller. And as a side note, contrary to the Kool-Aid swallowed by some ill-informed commentators in the media and elsewhere in the swamp that infests the nations capital, these are not men of great integrity! Just ask Dennis Montgomery, my co-plaintiff!

Media wishing to interview Larry Klayman, please contact media@wnd.com.

Excerpt from:
Why I sued Comey and the NSA, again! - WND.com

CNNs claiming Democratic and Republican sources for this, but even if its gospel truth, I cant imagine itll do Trump any (further) damage on Russiagate. WaPo first reported a few weeks ago that he asked DNI Dan Coats and NSA chief Mike Rogers to intervene with Comey to try to get the FBI to back off its Russia investigation. The idea that the president might have tried to enlist one part of the intelligence community to slow down a federal probe being conducted by another part is a serious charge.

But CNN doesnt repeat that charge. They claim that Coats and Rogers told Bob Mueller and the Senate Intel Committee behind closed doors (after their famous public testimony) that Trump asked them only to speak up publicly and affirm that theres no evidence that he personally colluded with Russia. If you strain hard, you can try to stretch that into some sort of obstruction ploy Comey had refused to clear Trump publicly, after all, because the FBI investigation was still ongoing but no average voter is going to fault Trump for feeling exasperated that his deputies wouldnt lift the cloud of suspicion over him if they had reason to believe hes been falsely accused. If they thought that he had colluded and then he asked him to lie and say that he hadnt, obviously that would be a different matter. But if all he was asking was for them to tell the exculpatory truth and if it really was a request, not a direct order then whats the red-letter scandal in his interactions with Coats and Rogers?

Coats and Rogers also met individually last week with the Senate intelligence committee in two closed briefings that were described to CNN by Democratic and Republican congressional sources. One source said that Trump wanted them to say publicly what then-FBI Director James Comey had told the President privately: that he was not under investigation for collusion. However, sources said that neither Coats nor Rogers raised concerns that Trump was pushing them to do something they did not want to do. They did not act on the Presidents alleged suggestion

One congressional source expressed frustration that Coats and Rogers didnt answer the questions in public, especially since what they ended up expressing in private was that they did not feel that the President pressured either of them to do anything improper.

Rogers interaction with the President is also documented in a memo written by his deputy at the NSA, Richard Ledgett.

Coats and Rogers each found Trumps request odd and uncomfortable, in CNNs words, but evidently neither believed he crossed a line. And theres no claim here that he ordered or even asked them to lean on Comey on his behalf. He wanted them to clear his name after having been told repeatedly by Comey that he wasnt personally a target of the FBI investigation. That may not have been proper protocol but everyone can sympathize with the impulse.

By the way, tomorrows the deadline for the White House to turn over any Oval Office recordings of Trump and Comey. If Trump ignores it, whats the House Intel Committees next move?

[E]ven with a subpoena, the panel stands little chance of actually compelling Trump to turn over anything he doesnt voluntarily want to produce, according to legal experts, setting lawmakers up for a high-stakes choice: Let it go, and look like they are giving the president a pass; or pursue the subpoena, and risk exposing the legislative branchs weakness in the midst of a historic probe of the president

There are exemptions for federal officials claiming executive privilege on behalf of the president and no figure in the White House is closer to the president than than the president himself. Congress can try to circumvent that hurdle by passing what is known as a contempt resolution ordering the matter to a court but against a Republican president, that is a tall order in a GOP-led Congress.

The best-case scenario for the Committee is that they somehow get Paul Ryan to go along with a contempt resolution and the court battle over whether executive privilege entitles Trump to withhold any recordings drags on for years. That is to say, this is less a matter of squeezing evidence out of Trump than it is a test of Republican loyalty to the president. Will they challenge him by issuing a subpoena, knowing that if they win in court, the audio could further damage Trumps presidency and their own electoral chances, or will they roll over by refusing to issue a subpoena, leaving potential evidence of obstruction untouched? Theres going to be a court fight over the tapes between Mueller and the White House eventually, I assume. Maybe thatll be the House GOPs out: If Muellers going to take this on, why do we have to get in the middle of it?

The likeliest outcome here, actually, will be the White House declaring tomorrow that there are no tapes of Trump and Comey. Newt Gingrich hinted to the AP in an interview that he thinks Trumps tweet about Oval Office tapes was a bluff, designed to rattle a political enemy much as Trumps foray into Birtherism was designed to rattle Obama. Well see.

Read more here:
Report: DNI, NSA chief told Mueller that Trump asked them to say publicly that there was no collusion with Russia - Hot Air