Cloud

3/23/2016
12:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

What The Feds Said At RSA

A look at some of the insights top US government officials from the White House, DoD, NSA, FBI, and other agencies shared at the RSA Conference in San Francisco last month.
Previous
1 of 9
Next

Source: iStock
Source: iStock

US government officials were all over the RSA Conference this year--many as guest speakers and panelists—including White House cybersecurity coordinator Michael Daniel, Secretary of Defense Ash Carter, and various officials from the Department of Homeland Security, the FBI, NSA, and the US Secret Service.

If there was one theme that their talks and comments had in common, it was that they were all keen on demonstrating a more open government that really gets that it must partner with the cybersecurity industry. That means declassifying and sharing more of its own threat intelligence, working more closely with organizations hit by cyberattacks (and before they’re in full incident response mode), and closer ties to the researcher community.

As Defense Secretary Ash Carter put it when announcing the department's unprecedented bug bounty pilot at the RSA Conference, DoD technologists need to “think outside the five-sided box.”

Here’s a look at what some of the federal government officials said at RSA that shows they may well be thinking outside the Nation’s Capital in their cybersecurity policies and efforts.

 

 

Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Click here for pricing information and to register.

 

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/27/2016 | 11:33:37 AM
New Dept?
I wonder if Daniel's (et al.) comments suggest a paving of the way for a Department of Cybersecurity or something of the like (which, at this point, I'm not sure is a bad idea; DoD and Homeland could certainly stand to have some help).
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2607
PUBLISHED: 2018-05-21
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users...
CVE-2018-1108
PUBLISHED: 2018-05-21
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
CVE-2018-11330
PUBLISHED: 2018-05-21
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.
CVE-2018-11331
PUBLISHED: 2018-05-21
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
CVE-2018-7687
PUBLISHED: 2018-05-21
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.