A data breach of information belonging to the U.S. Customs and Border Patrol (CBP) that leaked photos of people and vehicles traveling over the United States border once again shows the risk associated with third-party access to sensitive or classified information. The breach–the result of a cyber attack on a third-party contractor who collected the images for the CBP–also raises issues of privacy and how much control and access should the government have over personally identifiable information, security experts said. News of the data leak broke widely on Monday, but CBP said said it actually occurred earlier. In an e-mail to Security Ledger, the agency said that on May 31, a subcontractor–revealed in reports to be Perceptics–transferred copies of license plate images and traveler images collected by CBP to the its company network without government knowledge or permission. Perceptics was soon after hit with a “malicious cyber-attack” that resulted in […]
Recent attacks on the third-party data system of several U.S. pipeline companies highlight the persistent need for better ways to secure industrial control systems (ICSs), particularly when third-party software is in use, security experts said.
In-brief: HARMAN, the automobile supplier, said it will buy Tower Security, a maker of security technology for connected vehicles.
U.S. Senator Tom Coburn (R-OK) used his final days in office to warn that the U.S. Department of Homeland Security (DHS) is struggling to fulfill its mission to protect the nation from cyber attack. The report, “A Review of the Department of Homeland Security’s Missions and Performance,” (PDF) was released on Saturday, as the retiring Senator from Oklahoma was leaving office. In it, the outgoing Senator said that DHS’s strategy and programs “are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat.” The warnings on DHS cyber operations were part of a larger critique of the Department in the report, in which Coburn called on reforms of Homeland Security focused on accountability and streamlining. Despite spending $700 million annually on a range of cybersecurity programs, Coburn said it is hard to know whether the Department’s efforts to assist the private sector in identifying, mitigating or remediating cyber […]
Online attacks that come by way of suppliers and other third party business partners are one of the biggest threats that modern organizations face. But too few firms are giving supply chain security the attention it deserves, a panel of legal and information security experts told attendees at a cyber security forum in Boston on Wednesday. Companies need to protect their exposure through third parties better, according to the panel: beefing up auditing of internal- and partner assets and including contractual protections that will indemnify them in the event that a breach at a supplier or business partner exposes data that materially affects their firm. The panel, “Fortifying the Supply Chain,” was part of a day long event at The Federal Reserve in Boston and sponsored by the Advanced Cyber Security Center, a technology industry consortium. It brought together top legal and information security experts, including FireEye researcher Alex Lanstein and Jim Halpert, the […]