Archive for IT Security World

EXCLUSIVE TO DATA SECURITY PODCAST: Former White House Security Chief Comments on Sudden Resignation of Homeland Security’s National Cybersecurity Center Director

Posted in Exclusive with tags , , on March 8, 2009 by datasecurityblog

InfoSec World Conference, March 8th, Orlando Florida – In an exclusive in-person interview today with The Data Security Podcast, Howard Schmidt commented on the sudden resignation Friday of Rod Beckström as head of the National Cyber Security Center (“NCSC)”. Howard Schmidt served as the Cyber Security Advisor to the White House, and he was the Chief Security Strategist for the United States Computer Emergency Readiness Team (US-Cert) Partners Program for The NCSC. 

Rod Beckström wrote a strongly-worded resignation letter that has been made public. Mr. Beckström claims that the organization he was appointed to head, the NCSC, has been forced to subjugate its role as the nation’s leading cyber security body to the National Security Agency. The National Security Agency is part of the defence department. Rod Beckström felt that cyber security should be led by the civilian Department of Homeland Security, in the name of democracy and civilian control.

Schmidt said that Beckström, an entrepreneur and author prior to heading NCSC, had a “different perspective, coming from the private sector.”

“The NSA has done a great job on defense systems, and that [expertise] could be applied to other areas of cyber security,” Schmidt said.

Howard Schmidt thinks that NSA does have a legitimate role to play in the leading nation’s cyber security. While he does acknowledge Beckstrom’s concern about the NSA’s reputation of secrecy and eavesdropping on US Citizens, Schmidt thinks that controls can be put into place that “draws lines.” Schmidt suggested that these lines need to be “constantly monitored.”

He also said that the Obama administration promised transparency in government – that promise should extend to drawing those lines.

(Data Security Podcast says: To date, the Obama administration has been less than transparent in certain respects, and has reneged on promises to post all bills online for five days of public comment before the President signs them. Let’s hope for more transparent practices when it comes to cybersecurity.)

Learn more about the resignation in these stories by Declan McCullagh at Cnet, Noah Shachtman at Wired, and  Jaikumar Vijayan at Computer World.

More about the face-to-face interview on Episode 43 of the Data Security Podcast.

Data Security Podcast Episode 42 – Mar 02 2009

Posted in Breach, criminal forensics, Podcast, web server security with tags , , , , , , , , , on March 1, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program:  Poor infosec leads to Presidential security incident; Hall of Cyber Shame: State’s post info about delinquent taxpayers;  And the week’s news.

–> Stream, subscribe or download Episode 42 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System. Tell them you heard about them on the Data Security Podcast and get 50% off their service. Offer good until March 31st, 2009. Tales from The Dark Web Sponsored by DeviceLock Removable Media Security Software.

The Show Notes Page for Episode 42 of The Data Security Podcast

-From The News:  Consortium of US Federal Cybersecurity Experts Establishes Baseline Standard of Due Care for Cybersecurity – The Top Twenty Most Critical Controls. See this SANS Link for more, and to add in your comments to the standard. Article on the topic in Federal Computer Week that was mentioned in this segment of the program.

President Obama takes off from the South Lawn of the White House on his first flight aboard Marine One.

President Obama takes off from the South Lawn of the White House on his first flight aboard Marine One.

-From The News: Poor data security at a defence contractor leads to Presidential security incident involving sensitive information, including Marine One’s entire blueprints and avionics package . Kudos to the Peer-2-Peer security team at Tiversa for discovering the breach.

From The News: When people are afraid of loosing their job, ethics sometimes goes out the window. See the report at http://www.cyber-ark.com/constants/white-papers.asp . Scroll down to find the link titled: The Global Recession and its Effect on Work Ethics. (Free registration is required, no integrity validation of field info appears to be in place. Is that you Thomas_Jefferson@nsa.gov downloading the report?)

-From The News: Why we don’t live in Michigan, reason #775.  As if Michigan residents don’t have enough to contend with, as they watch their primary industry go down for the count…. Governor Jennifer Granholm wants to humiliate delinquent taxpayers by posting their identities online.  Hey Gov, with your people suffering job loss, bankruptcies and foreclosures, one would think you’d want to preserve whatever dignity they have left.  (P.S. There are 18 states who brag that this “cybershame” method results in tax collections. Probably some identity thefts too, since addresses and other personal information are there for the world to see.)

- Conversation: Ira Victor talks with Bill Greeves, IT Director for Roanoke County, VA, about MuniGovCon’09 – A Virtual Conference on Web2.0 taking place in Second Life on April 10, 2009 from 9:00 AM – 1:00 PM PST. Here is the main site: MuniGov.org

-Wrap-Up: After hearing about EasyVPN on the Data Security Podcast, Peter Nikolaidis’ posted this blog entry: Comodo’s EasyVPN Landing Page is an Attack Site? Comodo responds with this very open, and candid, mea culpa.

Next Week: Ira reports from IT Security World in Orlando Florida.

Data Security Podcast Episode 18 – Sep 16 2008

Posted in Podcast with tags , , , , , , on September 16, 2008 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: Law enforcement using social networking sites, virtual worlds, and multi-player game data to prosecute criminals and fight money laundering. Plus, the latest security news, including reports on virtualization / VM security from IT Security World in San Francisco.

–> Stream, subscribe or download Episode 18 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by DeviceLock

Program Notes for Episode 18

News:

The county recorder in Arizona has adopted a policy to prevent ID theft and protect privacy — after you’re dead. The Maricopa County Recorder no longer posts death certificates. Hats off. If only government entities would protect your privacy while you’re alive.

Authorities in New York City are urging citizens to help the cops beef up their crime surveillance efforts — by using camera phones to record crimes in progress.
Ira reports this week from IT Security World in San Francisco. Reports on virtualization / VM security, and the failures of traditional anti-virus.

Conversation: Lt. Chuck Cohen from The Indiana State Police on law enforcement using social networks, virtual worlds, and multi-user game platforms as a source of investigatory information in criminal cases.

Follow

Get every new post delivered to your Inbox.

Join 1,126 other followers