Cybersecurity for Cyber-Physical Systems Workshop, April 23-24, 2012, Gaithersburg, Maryland

On April 23 and 24, 2012, the NIST ITL Computer Security Division will host a two-day workshop Cybersecurity for Cyber-Physical Systems about the cyber security needed for cyber-physical systems (CPSs), with a focus on results of research and real-world deployment experiences. The first day will have speakers that address CPSs across multiple sectors of industry (e.g., automotive, aviation, healthcare). The second day will focus on cyber security needs of CPSs in the electric Smart Grid. Abstracts and slide sets from presenters will be published in a NIST Interagency Report as proceedings of the conference.

Goals of the conference:

• To look at recent (2 – 3 years) research results and deployment experiences that have occurred in cyber-physical areas across multiple industries. (e.g., healthcare, manufacturing, automotive, electric Smart Grid)
• To determine if there are security requirements that are unique to CPSs as opposed to strictly cyber or physical systems.

GFIRST 2012, 8th Annual National Conference, August 19-24, 2012, Atlanta, Georgia

GFIRST 2012, 8th Annual National Conference, will be held August 19-24, 2012, at the Atlanta Marriott Marquis in Atlanta, Georgia. GFIRST (Government Forum of Incident Response and Security Teams) is a group of technical and tactical practitioners from incident response and security response teams responsible for securing government information technology systems and providing private sector support. GFIRST members work together to understand and handle computer security incidents and to encourage proactive and preventative security practices across government agencies. GFIRST promotes cooperation among the full range of Federal, State and local agencies, including defense, civilian, intelligence, and law enforcement.

GFIRST is a great place for public and private sector leaders serving in non-technical roles to become familiar with the fundamentals of cyber security and incident response. GFIRST is also an excellent resource for practitioners in incident response and information security from the public and private sectors to include:

• Academia with Cyber Security Specialties
• Chief Information Security Officers
• Chief Technology Officers
• Computer Forensic Personnel
• Critical Information Infrastructure Owners & Operators
• Cyber Incident Responders
• Cyber Security Association Members
• Cyber Security Experts
• Emergency Managers
• GFIRST Members
• Incident Response Directors
• Information System Security Managers
• Information System Security Officer
• Information Technology Administrators
• Information Technology Directors
• Inspector Generals
• ISAC Members
• Law Enforcement Personnel Supporting Cyber Security Issues
• Network Administrators
• Process Improvement Managers
• Security Engineers
• Software Developers & Managers

Quantum Computing Arms Race is On

Governments are racing to add a new weapon to cyber warfare arsenal - quantum computing, says a new market study Quantum Computing Market Forecast 2015-2020.

ICCS 2012, A White Hat Summit, January 9 - 12, 2012 New York City

This week the Federal Bureau of Investigation and Fordham University teamed up to host the third annual International Conference on Cyber Security (ICCS 2012) in New York City, the information center of the world. ICCS 2012 is an unparalleled opportunity that brought together global leaders in emerging cyber threat analysis, operations and enforcement.

Federal Information Systems Security Educators’ Association (FISSEA) “A New Era in Cybersecurity Awareness, Training, and Education”

The the 25th FISSEA Annual Conference A New Era in Cybersecurity Awareness, Training, and Education will be held from March 27 to March 29, 2012, at the NIST Main Campus, Green Auditorium & Lecture Room B, 100 Bureau Drive Gaithersburg, Maryland.

FISSEA – now a NIST program under the National Initiative for Cybersecurity Education (NICE) announced the 25th Annual Conference. This year’s theme, “A New Era in Cybersecurity Awareness, Training, and Education” will focus on security training on a budget, current cybersecurity projects, emerging trends and initiatives. Attendees will gain new techniques for developing and conducting training, professional development, networking, and an opportunity to meet industry partners at the Vendor Exhibit.

New Initiative to Protect Electric Grid from Cyber Threats

The Department of Energy announced an initiative to protect the electrical grid from cyber attacks. The “Electric Sector Cybersecurity Risk Management Maturity” project, a White House initiative led by the Department of Energy in partnership with the Department of Homeland Security (DHS), will leverage the insight of private industry and public sector experts to build on existing cybersecurity measures and strategies to create a more comprehensive and consistent approach to protecting the nation’s energy delivery system.

This initiative will develop a “maturity model” that allows utility companies and grid operators to measure their current capabilities and analyze gaps in their cyber defenses. Maturity models, which rely on best practices to identify an organization’s strengths and weaknesses, are widely used by other sectors to improve performance, efficiency and quality.

Cybersecurity and Software Engineering Provider Acquired by Raytheon

Henggeler Computer Consultants, Inc., a cyber security and software engineering company, has been acquired by Raytheon, further extending Raytheon’s capabilities in the domains of cybersecurity, enterprise architecture and systems engineering. This is the Raytheon’s second cybersecurity-related acquisition in December and the tenth since 2007. On December 5, 2011, Raytheon purchased Madison, Ala.-based Pikewerks Corporation, which features a range of analysis and investigation capabilities as well as software protection and forensics solutions.

Raytheon Company, with 2010 sales of $25 billion, has significantly strengthened its positions as a cybersecurity contractor in the defense, homeland security and other government markets since 2007. Federal cyber security business is burgeoning in the face of growing cyber security concerns.

Cyber-Ark Raises $40 million

Cyber-Ark Software, an information security provider for protecting and managing privileged accounts and sessions, critical applications and sensitive information, has raised $40 Million in in a financing round led by Goldman Sachs. The company has reportedly achieved a considerable growth in revenues reaching about $40 million in 2011.

U.S. Senate Approves $443 million for Cyber Security and Cyber Education

The U.S. Senate today approved $443 million for cyber security and cyber education as part of the FY12 Homeland Security Appropriations bill in a view of growing number of cyber attack against government infrastructure. The funding passed the Senate as part of the year-end appropriations package. It now goes to the president to be signed into law. Of the $443 million, $23 million is invested in cyber security education, outreach and awareness. This funding supports cyber security workforce development and the Cyber Innovation Center (CIC) in Bossier City, La., which has been an integral part in the Department of Homeland Security’s efforts to develop these critical programs. CIC was awarded a $300,000 grant in July to support cyber security educational programs, which serve as a Nation-wide model.

DARPA to Increase Cybersecurity Investments by 50% Over Next Five Years

Since 2009, Defense Advanced Research Projects Agency (DARPA) has steadily increased its cyber research efforts. The Agency’s budget submission for fiscal year 2012 increased cyber research funding by $88M, from $120M to $208M. Over the next five years, the Agency plans to grow its top line budget investment in cyber research from 8 percent to 12 percent with focus on offensive capabilities to address military-specific needs..

The DARPA Cyber Analytic Framework, completed over a period of months through original research and detailed investigation, concluded that “the U.S. approach to cyber security is dominated by a strategy that layers security on to a uniform architecture. We do this to create tactical breathing space, but this approach is not convergent with an evolving threat,” said Regina E. Dugan, DARPA Director. Over the past 20 years, using lines of code as a proxy and relative measure, the effort and cost of information security software has grown exponentially—from software packages with thousands of lines of code to packages with nearly 10 million lines of code. By contrast, over that same period, and across roughly 9,000 examples of viruses, worms, exploits and bots, the analysis revealed a nearly constant average of 125 lines of code for malware.

“This is not to suggest that we stop doing what we are doing in cyber security. On the contrary, our existing efforts are necessary,” said Dugan. “These efforts represent the wisdom of the moment. But if we continue only down the current path, we will not converge with the threat.”

Informed by these insights and with a willingness to accept the DARPA’s responsibility to contribute, DARPA has recruited a cyber team composed of experts from diverse fields including the “white hat” hacker community, academia, labs and non-profits, and major commercial companies, in addition to the Defense and intelligence communities.

The DARPA’s activities are part of a larger collection of efforts within National Security at the National Security Agency, the newly formed U.S. Cyber Command, within the military Services, the private sector, universities, non-profits, and as appropriate, DHS.