Group items tagged

Lolita C. Baldor, Associated Press, On Sunday May 29, 2011, 4:13 am EDT

Hackers launched a "significant and tenacious" cyber attack on Lockheed Martin, a major defense contractor holding highly sensitive information, but its secrets remained safe, the company said Saturday.

Lt. Col. April Cunningham, speaking for the Defense Department, said the impact on the Pentagon "is minimal and we don't expect any adverse effect."

"Years ago when we started writing checks, we might have been tackling five to 10 a day," says Paul Wood, a senior analyst with Symantec Hosted Services. "It's now well over 10,000 a day and growing." According to McAfee's 2010 Q2 Threat Report, the company identified 10 million pieces of malware in the first half of this year and is tracking close to 45 million in its malware database.

Vulnerability assessment products are also behind the curve, as Greg Ose and Patrick Toomey, both Neohapsis application security consultants, found when they recently set out to measure the relative effectiveness of various vulnerability scanners. "It's a question frequently raised by our customers," Toomey says. "They know the tools aren't going to catch all of the problems, but can they count on them to catch, say, 80% of the bad ones?" What Ose and Toomey discovered was far worse than even they had anticipated. Out of the 1,404 vulnerabilities accounted for by the Common Vulnerabilities and Exposures project during the sample period, there were only 371 signatures. In the best cases, the tools were in the 20% to 30% effectiveness range.

Toomey's observations are in line with those of security researcher Larry Suto, who earlier this year reported that Web application vulnerability scanners missed almost half (49%) of the vulnerabilities present during his tests.

The federal cybersecurity workforce could grow to more than 61,000 employees by 2015, in part due to new demands, such as mobile computing, cloud services and social media, according to a new report. The federal government-specific results of the 2011 Global Information Security Workforce Study, conducted by (ISC)2 and Frost & Sullivan, indicate that federal information security professionals are being stretched too thin by their work to secure the increasing amount of critical information flowing through government networks. The new demands placed on cyber professionals as a result of the government's push for mobile devices, cloud computing and social media could result in a federal cyber workforce that is 61,299 strong by 2015, the report noted. The survey of 145 C-level federal executives also found that the most serious challenges facing federal IT departments are application vulnerabilities (73 percent), mobile devices (66 percent), viruses and worm attacks (64 percent), cyber terrorism (58 percent) and internal employees (58 percent).

Hord Tipton, executive director of (ISC)2, said

"We need new people, and we need younger people," he said. "The government needs defined career paths to help find the skills it needs, get them classified, evaluate what those jobs are worth and put good standards in place." The study also found that certification is far more important to the federal government than it is to other sectors. For example, 63 percent of CIOs and CISOs said security certifications were "very important," compared to 45 percent of worldwide survey respondents.