Top Stories

top secret file

US Allows More Talk About Surveillance Orders

The U.S. Department of Justice has acceded to requests from some large, technology firms, allowing them to post more specific information about government requests for data on their users, according to a report by The New York Times. In a statement released on Monday, Attorney General Eric Holder and James R. Clapper, the Director of National Intelligence, the new rules allowing some declassification followed a speech by President Obama calling for intelligence reform. “The administration is acting to allow more detailed disclosures about the number of national security orders and requests issued to communications providers, and the number of customer accounts targeted under those orders and requests including the underlying legal authorities,” the joint statement reads. “Through these new reporting methods, communications providers will be permitted to disclose more information than ever before to their customers.” [Read more Security Ledger coverage of the NSA surveillance story.] Previously, companies were prohibited from […]

Are Wearables The Future Of Authentication?

CIO Magazine has an interesting round-up piece that looks at the enterprise impact of wearable technology, which you can read here.   Much of this is what you’d expect: FitBit, Google Glass and the (coming) tsunami of smart watches that will soon wash over us. The Cliff’s Notes version is that adoption of wearables will be rapid in verticals that are positioned to leverage the technology early on – such as healthcare and retail. But the piece argues that enterprises risk ‘missing’ the wearable wave in the same way that they ‘missed’ (or at least didn’t plan for) the mobile computing revolution. What might planning entail? Pilots, apparently – maybe of Google Glass or a competing technology. [Read more Security Ledger coverage of wearable technology. ] An interesting side note concerns a possible enterprise ‘killer app’ for wearables; authentication. The article quotes Forrester Analyst J.P. Gownders saying that wearable technology, with integrated biometric […]

Cisco Eyes Security Services For Connected Cars

Connected vehicles are a big new area of investment. We saw evidence of that at the recent Consumer Electronics Show (CES) and we’re  hearing a lot more about it this week, as carmakers strut their stuff at the North American International Auto Show.   Security isn’t generally part of the conversation, but as we’ve noted here on more than one occasion: connected vehicles introduce a myriad of challenging security problems, from authentication to communications and system integrity, not to mention data privacy. [Read more Security Ledger coverage of connected vehicles here.] Now networking giant Cisco says that it sees a role for its technology in protecting vehicle area networks (VANs), just as the company’s networking equipment enabled and protected local and wide area networks (LANs and WANs) over the last two decades. In a blog post, Cisco said it is rolling out “a range of products and services” that it […]

When The Internet of Things Attacks! Parsing The IoT Botnet Story

I spent most of last week at a conference in Florida going deep on the security of critical infrastructure – you know: the software that runs power plants and manufacturing lines. (More to come on that!) While there, the security firm Proofpoint released a statement saying that it had evidence that a spam botnet was using “Internet of Things” devices. The company said on January 16 that a spam campaign totaling 750,000 malicious emails originated with a botnet made up of “more than 100,000 everyday consumer gadgets” including home networking routers, multi media centers, televisions and at least one refrigerator.” Proofpoint claims it is the “first time the industry has reported actual proof of such a cyber attack involving common appliances.” [Read: “Missing in action at Black Hat: the PC.”] Heady stuff – but is it true? It’s hard to know for sure. As with all these reports, it’s important […]

S4 badge

Experts: Despite Warnings, Slow Progress Securing Industrial Systems

Despite increased media attention to the security of industrial control systems and critical infrastructure, progress in securing those devices has been slow, experts say. Despite progress in some areas, critical infrastructure – including energy and transportation networks- remains vulnerable to attacks leveled at known security holes for months or years because of a lack of vendor response or customers who lack the incentive or know-how to patch vulnerable systems. That according to some of the world’s top experts in cyber security and industrial systems, who are gathering this week at an industry conference in Miami. The S4 Conference, sponsored by the firm DigitalBond, is one of the premiere conferences for cyber security as it pertains to industrial control systems and often coincides with disclosures from industrial system vendors about serious security holes in their products. The security of industrial control systems has been a top concern of IT security experts and government […]