Lawmakers want to pull clearance control from OPM

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

By Byron Aco­hi­do, ThirdCertainty

Law­mak­ers are debat­ing whether to strip the Office of Per­son­nel Man­age­ment of its con­trol of secu­ri­ty clear­ances after hack­ers breached near­ly 20 mil­lion back­ground check forms housed at the agency. Reps. Ted Lieu, D-Calif., and Steve Rus­sell, R-Okla., who both like­ly had their secu­ri­ty clear­ance details tak­en, are prep­ping a bill to move the secu­ri­ty clear­ance data­base away from the OPM, per­haps to the Defense Depart­ment, where it was housed until 2004. “OPM was nev­er designed to deal with nation­al secu­ri­ty,” Lieu said. OPM Direc­tor Kather­ine Archule­ta resigned Fri­day, July 10, after reveal­ing that the data breach was vast­ly larg­er than orig­i­nal­ly thought. Beth Cobert, cur­rent­ly the U.S. chief per­for­mance offi­cer and a deputy direc­tor at the Office of Man­age­ment and Bud­get, is now act­ing direc­tor. Sources: The Hill; CNN

sh_wine cellar_400

Time to whine a little about wine

As many as 250,000 cus­tomers who used cred­it cards at dozens of Napa Val­ley winer­ies had their finan­cial infor­ma­tion and per­son­al data stolen. The intrud­er gained access to names, credit/debit card num­bers, billing address­es and dates of birth from clients using eCel­lar Sys­tems cre­at­ed by Miss­ing Link Net­works. Approx­i­mate­ly 70 winer­ies use eCel­lar to man­age inven­to­ry and pur­chas­es, in tast­ing rooms, with wine clubs and online. The thief did not have access to any driver’s license num­bers, Social Secu­ri­ty num­bers or PINs, said Paul Thienes, CEO of Miss­ing Link Net­works. “We have iden­ti­fied and secured the method that was used to breach our plat­form,” he said. Source: The Napa Val­ley (Calif.) Register

Still taking stock of the problem

Fol­low­ing the com­put­er-relat­ed shut­down of the New York Stock Exchange on July 8, the NYSE cit­ed prob­lems with a soft­ware release. But while the mar­ket has large­ly recov­ered, the NYSE is launch­ing an inter­nal inves­ti­ga­tion. The Secu­ri­ties and Exchange Com­mis­sion also will con­duct a review. The NYSE has ruled out a cyber attack, but a high-rank­ing offi­cial at the SEC said the stock mar­ket reg­u­la­tor is not ready to rule out a cyber breach. SEC Chair­woman Mary Jo White told the SEC’s direc­tor of trad­ing and mar­kets, Steve Lupar­el­lo, to meet with senior NYSE offi­cials. The NYSE and the SEC declined to dis­cuss details of the meet­ing. Source: Newsweek

flagi podstawowe

Getting in where they’re not welcome

Com­put­er hack­ers like­ly work­ing for the Syr­i­an regime and Hezbol­lah have pen­e­trat­ed com­put­ers of Israeli and Amer­i­can activists work­ing with the Syr­i­an oppo­si­tion. Al-Akhbar, a news­pa­per back­ing Hezbol­lah, pub­lished arti­cles pur­port­ing to divulge cor­re­spon­dence between Men­di Safa­di, a Druze Israeli, with mem­bers of the Syr­i­an oppo­si­tion. Safa­di acknowl­edged that his com­put­er was hacked. The com­put­er of Moti Kahana, an Israeli-Amer­i­can activist lob­by­ing the U.S. gov­ern­ment to enforce a no-fly zone in south­ern Syr­ia, also has been hacked. Kahana said he returned from a trip to find that screen­shots from his com­put­er had been uploaded. “This can risk people’s lives, includ­ing Amer­i­can cit­i­zens,” he said. Source: The Times of Israel

Under contract may mean overly confused

Cyber­se­cu­ri­ty com­pli­ance for gov­ern­ment con­trac­tors is increas­ing­ly chal­leng­ing. Com­pa­nies face cur­rent and emerg­ing oblig­a­tions from a vari­ety of exec­u­tive orders, stan­dards from the Office of Man­age­ment and Bud­get and the Nation­al Insti­tute of Stan­dards and Tech­nol­o­gy, rule­mak­ing in the Fed­er­al Acqui­si­tion Reg­u­la­tion and agency sup­ple­ments, con­tract terms, and leg­isla­tive action. Con­trac­tors should focus not only on cyber-com­pli­ance prac­tices but also on ways to mit­i­gate the finan­cial impacts of cyber inci­dents. Those invest­ments should com­ple­ment more tra­di­tion­al cyber com­pli­ance mea­sures (e.g., sys­tem secu­ri­ty and train­ing). Source: Mon­daq

Premera logo

With a breach comes lawsuits, litigation

Pre­mera pol­i­cy­hold­ers whose infor­ma­tion was accessed in a recent data breach could be at risk of iden­ti­ty theft for a long time, says Gary Graif­man, of Kantrowitz Gold­hamer & Graif­man in charge of con­sumer class-action lit­i­ga­tion. Law­suits have been filed alleg­ing, among oth­er things, that Pre­mera was neg­li­gent in its han­dling of pol­i­cy­hold­er infor­ma­tion, that it failed to fol­low data-breach noti­fi­ca­tion laws, and that it vio­lat­ed con­sumer-pro­tec­tion laws. Some law­suits also allege that Pre­mera knew about issues in its secu­ri­ty sys­tems before the breach, but failed to upgrade its secu­ri­ty or fix those flaws. Source: Lawyers and Settlements

sh_updagte_400

Patch me up

For the sec­ond time in a week, Adobe Sys­tems plans fix a zero-day vul­ner­a­bil­i­ty in its Flash Play­er soft­ware, which came to light after hack­ers broke into and post­ed hun­dreds of giga­bytes of data from Hack­ing Team, a con­tro­ver­sial Ital­ian com­pa­ny that’s been accused of help­ing repres­sive regimes spy on dis­si­dent groups. Adobe said it plans to issue anoth­er Flash patch is week. The com­pa­ny said the flaw is present in the lat­est ver­sion of Flash for Win­dows, Mac and Lin­ux sys­tems, and that code show­ing attack­ers how to exploit this flaw is online. Source: Krebs on Security