Cloud

3/23/2016
12:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

What The Feds Said At RSA

A look at some of the insights top US government officials from the White House, DoD, NSA, FBI, and other agencies shared at the RSA Conference in San Francisco last month.
Previous
1 of 9
Next

Source: iStock
Source: iStock

US government officials were all over the RSA Conference this year--many as guest speakers and panelists—including White House cybersecurity coordinator Michael Daniel, Secretary of Defense Ash Carter, and various officials from the Department of Homeland Security, the FBI, NSA, and the US Secret Service.

If there was one theme that their talks and comments had in common, it was that they were all keen on demonstrating a more open government that really gets that it must partner with the cybersecurity industry. That means declassifying and sharing more of its own threat intelligence, working more closely with organizations hit by cyberattacks (and before they’re in full incident response mode), and closer ties to the researcher community.

As Defense Secretary Ash Carter put it when announcing the department's unprecedented bug bounty pilot at the RSA Conference, DoD technologists need to “think outside the five-sided box.”

Here’s a look at what some of the federal government officials said at RSA that shows they may well be thinking outside the Nation’s Capital in their cybersecurity policies and efforts.

 

 

Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Click here for pricing information and to register.

 

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/27/2016 | 11:33:37 AM
New Dept?
I wonder if Daniel's (et al.) comments suggest a paving of the way for a Department of Cybersecurity or something of the like (which, at this point, I'm not sure is a bad idea; DoD and Homeland could certainly stand to have some help).
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.