cyber_security   220

« earlier    

Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says
MARCH 15, 2018 | The New York Times | By NICOLE PERLROTH and DAVID E. SANGER.

The Trump administration accused Russia on Thursday of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.....Russian hacks had taken an aggressive turn. The attacks were no longer aimed at intelligence gathering, but at potentially sabotaging or shutting down plant operations.....Though a major step toward deterrence, publicly naming countries accused of cyberattacks still is unlikely to shame them into stopping. The United States is struggling to come up with proportionate responses to the wide variety of cyberespionage, vandalism and outright attacks.
Russia  security_&_intelligence  cyberattacks  David_Sanger  U.S._Cyber_Command  cyber_security  vulnerabilities  hackers  power_grid  infrastructure  NSA 
22 hours ago by jerryking
America’s intelligence agencies find creative ways to compete for talent - Spooks for hire
March 1, 2018 | Economist |

AMERICA’S intelligence agencies are struggling to attract and retain talent. Leon Panetta, a former Pentagon and CIA boss, says this is “a developing crisis”......The squeeze is tightest in cyber-security, programming, engineering and data science.....Until the agencies solve this problem, he says, they will fall short in their mission or end up paying more for expertise from contractors. By one estimate, contractors provide a third of the intelligence community’s workforce.....Part of the problem is the demand in the private sector for skills that used to be needed almost exclusively by government agencies, says Robert Cardillo, head of the National Geospatial-Intelligence Agency (NGA). To hire people for geospatial data analysis, he must now compete with firms like Fitbit, a maker of activity-measurement gadgets. .....The NGA now encourages certain staff to work temporarily for private firms while continuing to draw a government salary. After six months or a year, they return, bringing “invaluable” skills to the NGA, Mr Cardillo says. Firms return the favour by quietly lending the NGA experts in app development and database security. .....
war_for_talent  talent  data_scientists  security_&_intelligence  cyber_security  Leon_Panetta 
12 days ago by jerryking
Risk Management Collection - NCSC Site
"Welcome to the NCSC's guidance on Risk Management for Cyber Security. In this collection, we'll be outlining the fundamentals of risk management, and describing techniques you can use to manage cyber security risks."
security  risk  risk_management  guidelines  government  cyber_security  dopost 
8 weeks ago by niksilver
Marty Chavez Muses on Rocky Times and the Road Ahead
NOV. 14, 2017 | - The New York Times | By WILLIAM D. COHAN.

Mr. Chavez is about as far from the stereotypical Wall Street senior executive as you can imagine, and that is one reason his musings about the future direction of Wall Street are listened to carefully.

He grew up in Albuquerque, one of five children, who all went to Harvard. He got a doctorate in medical information sciences from Stanford University. (At that time, he was known by his full name Ramon Martin Chavez.)

In 1990, Mr. Chavez came out, the day after he defended his doctoral dissertation. – “Architectures and Approximation Algorithms for Probabilistic Expert Systems.” He is one of the few openly gay executives on Wall Street. ......In his current role as Goldman's CFO, Marty views his job as a simple one that is hard to get right: “I’m not paid or evaluated on the accuracy of my crystal-ball predictions,” he said. “I’m paid to enumerate every possible outcome and do something about every possible outcome well in advance, when it’s still possible to do something, because once it’s happened it’s too late.”....Unlike many of his peers on Wall Street, Mr. Chavez does not complain about the extent of the regulation that hit the financial industry as a result of Dodd-Frank. Generally speaking, he says, the regulations have helped banks “confront their problems and capitalize and bolster their liquidity,” making them “stronger as a result,” and the financial system safer and more profitable.....Instead of complaining about the extra expense and manpower required to comply with the mountain of new regulations, Mr. Chavez chooses instead to think about it differently. “If you approach the regulations as ‘Oh, we’ve got to comply,’ you’ll get one result,” he said. He prefers thinking about the regulations as, “This makes us and the system and our clients safer and sounder, and yes it’s a lot of work, but what can we learn from this work and how can we use this work in other ways to make a better result for our shareholders and our clients? Everywhere we look we’re finding these opportunities and they’re very much in keeping with the spirit of the times.”

Like any good senior Goldman executive, he does worry. (Lloyd Blankfein, the Goldman chief executive, once told me he spent 98 percent of his time worrying about things with a 2 percent probability.)

His biggest concern at the moment is the risk of “single points of failure” in the vast world of cybersecurity. He worries about any individual “repository of information” that does not have a backup and that can “be hacked.”

He does not even trust Goldman’s own computer system; he treats it as a potential enemy.

.....What also makes Goldman different from its peers is the firm’s love affair with engineers. At the moment, he said, engineers comprise around 30 percent of Goldman’s work force of about 35,000. It’s what drew him to Goldman in the first place — to work on Goldman’s in-house software, “SecDB,” short for “Securities Database,” an internal, proprietary computer system that tracks all the trades that Goldman makes and their prices, and regularly monitors the risk that the firm faces as a result.

He said the system generates some million and a half points of data that were used to calculate, for the first time, the firm’s “liquidity coverage ratio” — now 128 percent — and that were shared with regulators every day. He’s been busy trying to figure out how the newly generated data can be used to help him understand what the firm’s liquidity will be a year from now.

That way, he said, in his principal role as Goldman’s chief financial officer, he can perceive a problem in plenty of time to do something about it. “We’re able to get much better actionable insights that make the firm a less risky business because we’re able to go much further out into the future,” he said......
Goldman_Sachs  Martin_Chavez  Wall_Street  SPOF  think_differently  CFOs  actionable_information  engineering  databases  information_sources  SecDB  proprietary  Dodd-Frank  regulation  cyber_security  improbables 
november 2017 by jerryking
Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core
NOV. 12, 2017 | The New York Times | By SCOTT SHANE, NICOLE PERLROTH and DAVID E. SANGER.

“These leaks have been incredibly damaging to our intelligence and cyber capabilities,” said Leon E. Panetta, the former defense secretary and director of the Central Intelligence Agency. “The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected.”
data_breaches  hacking  vulnerabilities  counterintelligence  counterespionage  moles  malware  ransomware  Fedex  Mondelez  Edward_Snowden  security_&_intelligence  Russia  Leon_Panetta  NSA  cyber_security  cyber_warfare  cyberweapons  tools  David_Sanger 
november 2017 by jerryking
Pentagon Turns to High-Speed Traders to Fortify Markets Against Cyberattack
Oct. 15, 2017 7| WSJ | By Alexander Osipovich.

"What it would be like if a malicious actor wanted to cause havoc on U.S. financial markets?".....Dozens of high-speed traders and others from Wall Street are helping the Pentagon study how hackers could unleash chaos in the U.S. financial system. The Department of Defense’s research arm, DARPA, over the past year and a half has consulted executives at high-frequency trading firms and quantitative hedge funds, and people from exchanges and other financial companies, participants in the discussions said. Officials described the effort, the Financial Markets Vulnerabilities Project, as an early-stage pilot project aimed at identifying market vulnerabilities.

Among the potential scenarios: Hackers could cripple a widely used payroll system; they could inject false information into stock-data feeds, sending trading algorithms out of whack; or they could flood the stock market with fake sell orders and trigger a market crash......Among potential targets that could appeal to hackers given their broad reach are credit-card companies, payment processors and payroll companies such as ADP, which handles the paychecks for one in six U.S. workers, participants said.....The goal of Darpa’s project is to develop a simulation of U.S. markets, which could be used to test scenarios, Such software would need to model complex, interrelated markets—not just stocks but also markets such as futures—as well as the behavior of automated trading systems operating within them....Many quantitative trading firms already do something similar.......
In 2009, military experts took part in a two-day war game exploring a “global financial war” involving China and Russia, according to “Currency Wars: The Making of the Next Global Crisis,” a 2011 book by James Rickards. ....“Our charge at Darpa is to think far out,” he said. “It’s not ‘What is the attack today?’ but ‘What are the vectors of attack 20 years from now?’”
Pentagon  financial_markets  financial_system  pilot_programs  vulnerabilities  DARPA  traders  hedge_funds  Wall_Street  hackers  books  rogue_actors  scenario-planning  cyber_security  cyber_warfare  cyberattacks  high-frequency_trading  scenario 
october 2017 by jerryking
SEC Chief Wants Investors to Better Understand Cyberrisk - WSJ
Sept. 5, 2017 | WSJ | By Dave Michaels.

The chairman of the Securities and Exchange Commission said Tuesday that regulators and Wall Street need to do more to educate investors about the serious risks that companies and the financial system face from cyberintrusions.

Jay Clayton, speaking at an event sponsored by New York University’s School of Law, said investors still don’t fully appreciate the threat posed by hackers. “I am not comfortable that the American investing public understands the substantial risk that we face systemically from cyber issues and I would like to see better disclosure around that,” Mr. Clayton said.
SEC  cyber_security  cyberthreats  cyberrisks  risks  hackers  cyberintrusions  regulators  Wall_Street  data_breaches  disclosure 
september 2017 by jerryking
Maersk CEO Soren Skou on how to survive a cyber attack (reader responses)
The article doesn't tell anything of value. It's a shortcoming regarding the standard of the FT. This CEO doesn't say anything despite that he took part in confcalls. Wow. 

As an outsider it would...
letters_to_the_editor  Maersk  cyber_security  cyberattacks  FT  interpretative  from notes
august 2017 by jerryking
Global shipping boss charts course through troubled waters
August 14, 2017 | Financial Times | by Richard Milne.

When AP Moller-Maersk came under cyber attack this year, chief executive Soren Skou was presented with a very basic problem: how to contact anyone. The June attack was so devastating that the Danish conglomerate shut down all its IT systems. The attack hit Maersk hard. Its container ships stood still at sea and its 76 port terminals around the world ground to a halt. ...Skou had no intuitive idea on how to move forward....Skou was “at a loss”, but he decided to do three things quickly.
(1) “I got deep in.” He participated in all crisis calls and meetings. “To begin with, I was just trying to find out what was happening. It was important to be visible, and take some decisions,” he says. Maersk is a conglomerate, so IT workers needed to know whether to get a system working for its oil business or container shipping line first.
(2) He focused on internal and external communication. Maersk sent out daily updates detailing which ports were open and closed; which booking systems were running and more. It also constructed a makeshift booking service from scratch.
(3)Skou says he made sure frontline staff in the 130 countries it operates in were able to “do what you think is right to serve the customer — don’t wait for the HQ, we’ll accept the cost”.

He says that he has learnt there is no way to prevent an attack. But in future, the company must “isolate an attack quicker and restore systems quicker”. He adds that Maersk will now approach its annual risk management exercises in a different spirit. “Until you have experienced something like this — people call them ‘black swan’ events — you don’t realize just what can happen, just how serious it can be.”

Danish conglomerate AP Moller-Maersk is planning to expand into transport and logistics ...

....Mr Skou’s plan for Maersk is about shrinking the company to grow — a “counterintuitive” approach, he concedes. Maersk’s revenues have stagnated since the global financial crisis and the solution has been to jettison what has often been its main provider of profits, the oil business.

In its place, Mr Skou has already placed his bet on consolidation in the shipping industry.....His real push is in bringing together the container shipping, port terminals, and freight forwarding businesses so as to make it “as simple to send a container from one end of the world to the other as it is to send a parcel with FedEx or UPS”. That requires quite a cultural shift in a group where independence was previously prized.....Another priority is to digitalise the group. “It is pretty messy,” Mr Skou says cheerfully. Unlike most businesses selling to consumers who offer few possibilities to change much, almost everything is up for negotiation between Maersk and its business customers — from delivery time, destination, cost, speed, and so on. “It’s easy to talk about digitalising things; it’s quite difficult to do in a B2B environment. It’s hard to digitalise that complexity,”
crisis  crisis_management  malware  cyber_security  cyberattacks  conglomerates  black_swan  improbables  CEOs  Denmark  Danish  IT  information_systems  think_threes  post-deal_integration  internal_communications  counterintuitive  digitalization  shipping  ports  containers  Maersk 
august 2017 by jerryking
Businesses must quickly count the cost of cyber crime
8 July /9 July 2017 | Financial Times | Brooke Masters.

Transparency without the full facts can be dangerous....Cyber attacks are frightening and hard for investors to evaluate. Quantify, to the extent possible, the impact as quickly as you can.
malware  Mondelez  cyber_security  WPP  transparency  cyberattacks  brands 
august 2017 by jerryking

« earlier    

related tags

accel  actionable_information  alumni  andreessen_horowitz  apple  arms_race  asia_pacific  asian  australia  autocrats  bank_of_canada  banks  bf  big_law  bitcoin  black_markets  black_swan  blacklists  blackmail  blackrock  blindfla  blockchain  boards_&_directors_&_governance  books  bounties  brands  brokerage_houses  business-continuity  campaign_2016  campaigns  capabilities  ceos  cfos  china  chinese  cia  cios  cloud_computing  coding  competitiveness_of_nations  conglomerates  connected_devices  containers  counterespionage  counterintelligence  counterintuitive  criminality  crisis  crisis_management  cryptography  cyber_security_tls  cyber_warfare  cyberattacks  cybercrime  cyberintrusions  cyberrisks  cyberthreats  cyberweapons  danish  dark_web  darpa  data  data_breaches  data_scientists  databases  david_sanger  deception  defensive_tactics  delegitimization  denmark  destabilization  deterrence  digital_currencies  digital_shadows  digitalization  disappointment  disclosure  disinformation  disruption  dnc  dodd-frank  domain  donald_trump  dopost  drones  e-commerce  economic_warfare  edward_snowden  encryption  engineering  espionage  europe  exploits  fbi  fedex  financial_advisors  financial_institutions  financial_markets  financial_system  fireeye  five_eyes  from  fsb  ft  game_changers  geopolitics  goldman_sachs  government  gru  guidelines  hackergate  hackers  hacking  hacks  hedge_funds  high-frequency_trading  hillary_clinton  humint  identity_theft  idf  idt  illumio  improbables  inaugurations  indonesia  industrial_espionage  industrial_internet  influence_campaigns  information_sources  information_systems  information_warfare  infrastructure  insurance  internal_communications  international_system  internet  interpretative  iphone  iran  isight  isis  israel  israeli  it  ivey  james_clapper  james_comey  kaspersky_lab  kellyanne_conway  konrad_yakabuski  ktp  law_firms  left_of_the_boom  leon_panetta  lessons_learned  letters_to_the_editor  london  london_bridge  m&a  maersk  malware  manhattan_project  martin_chavez  massive_data_sets  masters  mcafee  measurements  media  mergers_&_acquisitions  metrolinx  michael_hayden  microsoft  mobile_applications  mobile_phones  moles  mondelez  motivations  my  mydata  national_security  nato  network_risk  neuroscience  new_zealand  noise  north_korea  nsa  nyt_how_to  obama  offensive_tactics  oil_industry  one-size-fits-all  outcomes  outsourcing  overreach  paradigm_shifts  paranoia  passwords  patrick_martin  pentagon  personal_data  personal_finance  philip_delves_broughton  phishing  pilot_programs  ports  post-deal_integration  power_grid  pre-emption  preet_bharara  privacy  productivity  professional_service_firms  proprietary  public_sector  punitive  putin  quantum_computing  ransomware  regulation  regulators  remote_monitoring  retailers  retaliation  retribution  risk-management  risk  risk_management  risks  rogue_actors  russia  saas  samsung  sanctions  scenario-planning  scenario  sean_spicer  sec  secdb  securities_industry  security  security_&_intelligence  sensors  sent  sharing_economy  shin_bet  shipping  sigint  small_business  sme  social_media  software  software_bugs  sony  spof  spycraft  spymasters  start_ups  stuxnet  subscriptions  surveillance  symantec  talent  tanzania  terrorism  text_fingerprint  think_differently  think_threes  thinking_holistically  threat_intelligence  threats  tips  tls  tools  traders  transparency  trump  twitter  u.s.  u.s._cyber_command  uk  unit_8200  united_kingdom  vault7  vc  venture_capital  virtual_currencies  vladimir_putin  vulnerabilities  wall_street  war_for_talent  white_house  wikileaks  wiretap  wpp  wwii 

Copy this bookmark: