DHS CIO Spires put ‘on leave’, Enterprises running Java versions that are months out of date, analysis finds and more

By Ryan Kamauff

Here are the top cyber news and stories of the day.

• DHS CIO Spires put ‘on leave’ – “FedScoop has learned that Department of Homeland Security’s Chief Information Officer Richard Spires has been put on immediate ‘on leave’ status with no further explanation as to why. Inquiries made to DHS officials about the matter this morning confirmed his ‘on leave’ status and that Margie Graves the agency’s Deputy CIO has been asked to step in as Acting CIO.” Another disruption in the DHS’s cyber realm follow’s Mark Weatherford’s step down from the Agency. This could really change the way that DHS confronts the issue. Via FedScoop, more here.
• ERP implementation continues to challenge the military – The GAO DoD report on ERP systems has found numerous deficiencies. “Navy ERP, which along with the now-canceled Air Force ERP known as the Expeditionary Combat Support System, experienced shortcomings in cost, schedule and performance, the GAO says.” Lifecycle costs have been growing, without any noticeable impact on bottom lines and resource utility. Via FierceGovernmentIT, more here.
• Enterprises running Java versions that are months out of date, analysis finds – “Despite the widespread and well-publicised exploitation of vulnerabilities in Java, large numbers of organisations continue to use versions that are weeks, months or even years out of date, a Websense survey of its customers has reported.” At least two-thirds of the enterprises had Java versions at least six months out of date, or longer. With the recent Java exploits, this is obviously a huge issue. Via ComputerWorld, more here.
• IT pros must be responsible for cloud data security needs – “The recent revelation that Amazon Simple Storage Service (S3) customers could expose their data simply by setting their accounts to public instead of private highlights just how important it is for IT pros to take responsibility for securing their own data.” Encryption can be one way to solve some issues, but is obviously not the be all and end all. Via Search Cloud Computing, more here.
• Mega DDoS attacks on the rise — Kaspersky – “DDoS attacks like the one that resulted from an altercation between a Dutch company and Spamhaus this week are on the rise, according to a statement from Kaspersky Labs.” DDoS attacks are an inexpensive weapon of destruction in the cyber realm. They seriously disrupt business actions and limit the usefulness of web presences. DDoS attacks are becoming more widespread and damaging as web services are more essential to business success. Via ComputerWorld, more here.
• BYOD and Increased Malware Threats Help Driving Billion Dollar Mobile Security Services Market in 2013, According to ABI Research – “Mobile malware has advanced to a new level of sophistication as smart devices continue to gain ground. The number of unique mobile threats grew by 261% in just two quarters. Increasingly complex malware is taking advantage of a wider range of mobile functionalities to exploit vulnerabilities on the device and in the network. Organizations allowing BYOD policies and without proper mobile device management capabilities are at great risk from covert interception and corruption.” Securing mobile devices will become more and more important as they are more ubiquitous. Via MarketWatch, more here.
• Huawei Network Security Becomes Issue in Sprint Softbank Merger – “The pending agreement, which was reported in the New York Times on March 28, makes it clear that approval of the merger hinges on meeting national security concerns. For its part, Softbank has reported that it has already excluded Huawei from wireless networks it builds in Japan. Sprint does not use Huawei in its own networks, but does in its Clearwire subsidiary. Sprint has agreed to replace the existing Huawei telecom equipment at Clearwire.” We will most likely continue to see issues with national security providers and foreign sourcing. Via eWeek, more here.
• National Security Agency: ‘We Need to See What’s Going on’ – “The military’s top cyber official this week made an urgent appeal for Congress to pass computer-security legislation, warning that the current legal framework discourages private-sector firms from sharing vital information about looming threats to the relevant government agencies and other businesses.” “Through an act of Congress, Alexander envisions a system of automated information exchanges where threat information packaged in a “metadata-like format” is sent between businesses and government authorities at “network speed.”” This possible solution would better inform active defenses as well as provide more capabilities to network defenders. Via ComputerWorld, more here.
• DARPA releases network security solicitation to operate through bad wireless nodes – “Military communications experts at the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., have released a formal solicitation for a wireless network security program to help voice and data wireless networks continue to function if the network has bad wireless nodes.” This could help provide better networks for disadvantaged users on the edge (or beyond) traditional networks. Via Military Aerospace, more here.

Original post