Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Energy CIO outlines security plans

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Energy CIO outlines security plans
Date: Thu, 29 Jun 2006 03:53:06 -0500 (CDT) 
http://www.fcw.com/article95092-06-28-06-Web

By Michael Hardy
June 28, 2006

Tom Pyke, chief information officer at the Energy Department, launched
a security revitalization program there when he took the position in
November 2005. Today that program is making strides in locking
intruders out of the department's systems, he told an audience at a
luncheon hosted by Input.

DOE has been in the spotlight recently because of a successful attack
in which cyberthieves stole personal data on about 1,500 contract and
agency employees. That incident happened in July 2005, Pyke said, but
it was not reported to agency leaders until recently. The
revitalization project was not connected to that theft, he added.

The thieves used an old-fashioned "social engineering" attack, sending
an e-mail message with malicious code in an attachment. An employee
clicked on the attachment, executing software that set up a "back
door" for the thieves to access the network of the National Nuclear
Security Agency, a semi-autonomous organization within DOE.

DOE includes a network of national laboratories, and about 60 percent
of the computer systems within the department are connected to
national security, which calls for extra protection, he said.

"We have a lot of the right policies and we have very bright people,"  
Pyke said. "It's just a matter of [my] helping refocus priorities."

DOE seems to be a favorite target of would-be hackers, with several
hundred thousand attempted attacks a day, he said. Most of those,
however, are routine and harmless, and fewer than 100 so far this year
have been deemed "incidents" needing a response.

The revitalization effort includes the increased use of encryption
software, regular analysis of every aspect of cybersecurity throughout
the department and the use of "red teams," employees who try to defeat
the defenses to identify weaknesses, he said.

Despite best efforts, however, agency leaders and the public need to
understand "there's no such thing as perfect cyberdefense," Pyke said.  
"We have made systems so complex that there will be vulnerabilities,
and sometimes those vulnerabilities will be exploited before we can
get protection in place."



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Energy CIO outlines security plans, InfoSec News <=
Previous by Date:  [ISN] Storage Company's Online Security Breach Exposed, InfoSec News
Next by Date:  [ISN] U.S. Cybersecurity Chief May Have a Conflict of Interest, InfoSec News
Previous by Thread:  [ISN] Storage Company's Online Security Breach Exposed, InfoSec News
Next by Thread:  [ISN] U.S. Cybersecurity Chief May Have a Conflict of Interest, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]