Risk
3/18/2010
11:40 AM
50%
50%

DHS To Share Intelligence With Some CIOs

A Department Of Homeland Security pilot program allows some state, local, and private-sector officials to access classified information about cyberthreats.

Some public- and private-sector CIOs and chief security officers (CSOs) now have access to intelligence about security threats to critical infrastructure from state and local fusion centers through a new Department of Homeland Security (DHS) pilot program.

Through the program, underway now, CIOs and CSOs from state and local governments as well as private-sector organizations that partner with the federal government will periodically be allowed to read classified e-mails from fusion centers regarding cyber threats, said Amy Kudwa, a DHS spokeswoman.

Fusion centers coordinate counter-terrorist information and data collected by both government agencies and private companies.

CIOs and CSOs taking part in the program may also participate in quarterly cybersecurity briefings and discussions via secure video teleconference and/or audio teleconference, and access classified communications channels in the event of a cybersecurity incident, she said.

Greg Schaffer, the DHS assistant secretary for Cybersecurity and Communications, first publicly referenced the pilot in his remarks at the RSA Conference in San Francisco earlier this month.

The DHS hasn't decided whether or not the pilot will become an actual program and has set no deadline for making that decision, Kudwa said.

The DHS collaborated with the Department of Justice in 2003 to set up fusion centers that coordinate counter-terrorist information and data collected by both government agencies and private companies.

According to the DHS, it has invested more than $327 million to fund fusion centers, of which there are now more than 70, between fiscal 2004 and fiscal 2008.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0547
Published: 2015-07-04
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

CVE-2015-0548
Published: 2015-07-04
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

CVE-2015-4196
Published: 2015-07-04
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.

CVE-2015-4525
Published: 2015-07-04
The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.

CVE-2015-4231
Published: 2015-07-03
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report