Language Selection

English French German Italian Portuguese Spanish

Homeland Security budget boosts cybersecurity

Filed under
Security

Information security could get greater focus now that the House budget bill calls for creating a high-level cybersecurity position at the Homeland Security Department.

DHS would get $34.2 billion in fiscal 2006 as the result of a bill that received almost unanimous approval in the House last week. It is the department's first complete reauthorization since the Homeland Security Act creating DHS was passed in 2002.

By a vote of 424-4, House members approved a bill that, among other things, provides support for information sharing within DHS and with other federal, state and local agencies. It would accelerate the development of new technologies and aggressively recruit new talent.

A groundbreaking element in the bill makes cybersecurity a greater priority for the government. It would create an assistant secretary for cybersecurity in the Information Analysis and Infrastructure Protection Directorate. The person in that position would replace the current director of the National Cybersecurity Division and would oversee that division and the National Communications System.

The promotion of the cybersecurity chief is a "significant step forward to properly address the cybersecurity challenges of the nation," said Amit Yoran, former director of DHS' National Cybersecurity Division and founder of Yoran Associates, a consulting group.

"The new cybersecurity chief's greatest impact can be to better integrate cyber programs and thinking about cybersecurity across the department's initiatives," he said.

The next critical step for the new assistant secretary and the department is refining DHS' cybersecurity mission, Yoran said. They must target specific programs to reach those objectives and make sure those actions are accomplished, Yoran added.

Establishing better communication within the government and with and among the private sector, which owns nearly 90% of the nation's critical infrastructure, will be crucial for success, Yoran said.

Full Article.

More in Tux Machines

Games: Ostriv, Back to Bed, EVERSPACE, Hiveswap: Act 1

Openwashing and Microsoft FUD

BlueBorne Vulnerability Is Patched in All Supported Ubuntu Releases, Update Now

Canonical released today new kernel updates for all of its supported Ubuntu Linux releases, patching recently discovered security vulnerabilities, including the infamous BlueBorne that exposes billions of Bluetooth devices. The BlueBorne vulnerability (CVE-2017-1000251) appears to affect all supported Ubuntu versions, including Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus) up to 16.04.3, Ubuntu 14.04 LTS (Trusty Tahr) up to 14.04.5, and Ubuntu 12.04 LTS (Precise Pangolin) up to 12.04.5. Read more

Security: Updates, 2017 Linux Security Summit, Software Updates for Embedded Linux and More

  • Security updates for Tuesday
  • The 2017 Linux Security Summit
    The past Thursday and Friday was the 2017 Linux Security Summit, and once again I think it was a great success. A round of thanks to James Morris for leading the effort, the program committee for selecting a solid set of talks (we saw a big increase in submissions this year), the presenters, the attendees, the Linux Foundation, and our sponsor - thank you all! Unfortunately we don't have recordings of the talks, but I've included my notes on each of the presentations below. I've also included links to the slides, but not all of the slides were available at the time of writing; check the LSS 2017 slide archive for updates.
  • Key Considerations for Software Updates for Embedded Linux and IoT
    The Mirai botnet attack that enslaved poorly secured connected embedded devices is yet another tangible example of the importance of security before bringing your embedded devices online. A new strain of Mirai has caused network outages to about a million Deutsche Telekom customers due to poorly secured routers. Many of these embedded devices run a variant of embedded Linux; typically, the distribution size is around 16MB today. Unfortunately, the Linux kernel, although very widely used, is far from immune to critical security vulnerabilities as well. In fact, in a presentation at Linux Security Summit 2016, Kees Cook highlighted two examples of critical security vulnerabilities in the Linux kernel: one being present in kernel versions from 2.6.1 all the way to 3.15, the other from 3.4 to 3.14. He also showed that a myriad of high severity vulnerabilities are continuously being found and addressed—more than 30 in his data set.
  • APNIC-sponsored proposal could vastly improve DNS resilience against DDoS