Doug Bedell — April 16, 2014, 4:12 pm

How DHS Responded to ‘Heartbleed’

The U.S. Department of Homeland Security (DHS) has been as concerned as any other branch of government, or anyone in the private sector, over the possibility of the Internet security breach “Heartbleed” raising havoc with corporate and personal computer-based information. Here’s what DHS said of the “Heartbleed” situation, in a Web posting issued April 5:

“While there have not been any reported attacks or malicious incidents involving this particular vulnerability confirmed at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems. That is why everyone has a role to play to ensuring our nation’s cybersecurity. We have been and continue to work closely with federal, state, local and private sector partners to determine any potential impacts and help implement mitigation strategies as necessary.” In short, we’re on the case…

Doug Bedell — April 14, 2014, 1:14 pm

The Essential Security Setting: ‘Always On’

Security vigilance comes in one setting only – always on. That’s brought home by a pdf post from Domestic Security News noting the reality of differing arrival rates for vehicles at entry gates. On two occasions during “routine” morning delivery hours at a “sensitive public location” there was an 18 percent difference in unfamiliar vehicles entering.

“Sometimes,” the post observes, “we narrowly focus on a perceived threat we learned from training as well as news stories, such as the stereotypical vehicle bomb inside the Ryder or U-Haul rental truck, and we forget it is possible to load explosives into a vehicle other than what we see on television, such as the local UPS truck or daily dry cleaning van that we see everyday.”

UPS won’t like that reference, any more than your local dry cleaner will. But the reality is that threats can arrive by familiar means. Vigilance is unforgiving in that regard; “always on” is indeed the proper setting.

Doug Bedell — April 11, 2014, 1:37 pm

Internet Security: A Purported Solution to ‘Heartbleed’

You’ll no doubt be hearing about the “Heartbleed” Internet security breach that has endangered the security of personal information entrusted to supposedly secure websites and servers. Here, Government Security News promotes a presumably reliable software alternative, SAIFE, to protect user accounts while Internet security certificates are being updated.

‘”It’s unfortunate that so many people will be impacted by the Heartbleed bug when it is completely preventable,’ said (Ty) Lindteigen (SAIFE’ CEO0. ‘If companies would invest in technology solutions such as SAIFE, consumers will not have to worry about the security of their data in the future. Websites using SAIFE’s technology are secure and the consumers who use them do not have to worry about staying offline or having their personal information stolen.”‘

Doug Bedell — April 9, 2014, 11:31 am

Hospital Security Begins at Entryways

Hospitals are stressful places, for patients, their families and hospital staff members themselves. But they can at least be as secure as possible, places of safety as a prelude to healing. At the ISC West meeting (International Security Conference) just concluded, there was a panel on protecting hospitals from violence. Sad that the topic was called for, but it is.

Government Security News provides an account of a session focused on protecting hospitals from violence, especially shooter scenarios. A strong reporting reflex is called for, with hospital staffers being continually on the alert. Access control policies, too, are part of a desirable level of alertness. We’d add that they might begin at the entrance to parking lots, with adequate vehicle access control stations.

Doug Bedell — April 8, 2014, 11:14 am

Ultimate Computer Security Remains Elusive

Further computer security insights from Bruce Schneier: Be careful, he warns, about thinking you have undoubtedly secure computers. Schneier’s post, “‘Unbreakable’ Encryption Almost Certainly Isn’t,” makes for sobering security reading. He adds a couple of other sources for good measure and useful insight.

It’s not that computers can’t be made usefully secure. But surely secure is another matter.

Doug Bedell — April 4, 2014, 10:03 am

Bruce Schneier on Internet Security, as Experienced by Us

Bruce Schneier tries to sort through how actively the government and Internet proprietors are sharing information on individuals – willingly or unwillingly in the case of the web companies. He decides that both the government and the Internet sites have unclean hands when it comes to monitoring U.S. citizens.

“It would be better,” he writes, “if they (Google, Facebook, Microsoft and others) openly acknowledged their users’ insecurity and increased their pressure on the government to change, rather than trying to fool their users and customers.” A meaty piece on the state of Internet security.

Doug Bedell — April 2, 2014, 12:32 pm

Computer Systems Security a Field of Great Challenge

Government agencies are mindful of a shortage in cyber security skills. A writer on Government Security News sees automation as part of the answer. We don’t know – this is a pretty vexing question. Meanwhile, be confident of the capacities your IT people and suppliers and expect them to provide all the help with digital security that’s available to them.

Doug Bedell — April 1, 2014, 12:53 pm

Homeland Security Being Helpful to Taxpayers

This isn’t a case of one federal agency poaching on the turf of another. It’s the Department of Homeland Security (DHS) trying to be helpful to the customers of the Internal Revenue Service (IRS), we taxpayers, as this year’s tax season reaches its peak. Thus, DHS is providing a series of tips on “Ensuring Your Cyber Safety this Tax Season.”

Like, “Look out for phony messages on websites claiming to be from the IRS,” among other well-intended tips.

Doug Bedell — March 28, 2014, 11:53 am

Human Awareness a Critical Security Backup

Down toward the bottom of a Government Security News post on the link between physical security and cybersecurity is a critical reminder: Be aware of what’s occurring in your surroundings. We can all become so familiar with workplace settings that we take them for granted, and that’s unfortunate.

“People should have a certain level of awareness when working around physical sites,” says Dan Reuckert, a security consultant, in the post. “They should look out for activity around fences and gates. Access control devices and security cameras are needed. Wireless devices also need to be hardened.” It comes down to not taking security for granted. Yes, sensitive sites need to be hardened. But human awareness of what’s occurring at perimeters and entrances is an essential backup.

Doug Bedell — March 26, 2014, 10:15 am

Homeland Security Reading Lists

Want to do some security reading? Homeland Security Watch advises that the Center for Homeland Defense and Security website at the Naval Postgraduate School & The U.S. Department of Homeland Security “keeps track of the books used in its master’s degree program. The list is updated each time a new course begins.” Here’s a link to the current book list:

The books are grouped into a host of categories, from “Multi-discipline Approaches to Homeland Security” to “Strategic Planning and Budgeting for Homeland Security” and “The Psychology of Fear Management and Terrorism”.