Time is running out for federal contractors to comply with the Federal Controlled Unclassified Information (CUI) Program.

What does the CUI Program mean to contractors?

As of December 31, 2017, all federal contracts will require that businesses contracting with the federal government must comply with the Federal CUI rule (32 CFR Part 2002) which strives to eliminate ad-hoc policies and markings that agencies and departments apply to unclassified information that requires safeguarding or dissemination controls.

Another nameless, faceless adversary (or as the U.S Army calls them “the enemy with no face”) struck again in the last week of June. Hot on the heels of WannaCry attack in May, the Petya ransomware campaign brought widespread disruption to organizations, government agencies, and infrastructure worldwide.

It’s clear that smart technologies and the Internet of Things (IoT) are the future of our communities. But, is your agency ready for the billions – soon to be trillions – of sensors and devices connected to one another that will transform our society?

The risks of a breach or attack, particularly to vulnerable network endpoints, are worrying and costly.  Impacts include:

After hearing Congressman Langevin and NSA speak at the ICIT Annual Forum event it became obvious that the “Enemy with No Face” is getting in to our networks and what they want is our data. FinalCode is purpose built to protect files with encryption and Information Rights Management (IRM), sometimes called Enterprise Digital Rights Management (EDRM).

The theme of the recent ICIT Forum was “Rise of the Machines”, a call to recognize the vulnerability of an infrastructure increasingly under control of computers.  The steady increase in connected systems mandates a broad range of strategies – managing supply-chain risk, analysis of huge amounts of data through machine learning, dealing with the insider-threat problem, sealing up holes in applications.  I had the privilege of discussing threat intelligence sharing on a panel with Todd Helfrich of Anomali, John Kupcinsky of KPMG, and Ana Besk

It will come as no surprise to anyone that 2016 saw an alarming increase in targeted attacks aimed at politically motivated sabotage and subversion. This new level of ambition by cyber criminals is corroborated by the annual Internet Security Threat Report from DLT partner, Symantec. The perceived success of several campaigns – particularly the U.S.

“The enemy with no face”. No, it’s not the latest Dwayne “The Rock” Johnson Hollywood action movie, but the tagline from the U.S. Army’s latest cyber warrior recruitment ad.

As the worldwide fallout of the WannaCry ransomware virus continues and the blame game starts, the worldwide attack underscores the need for basic security hygiene, updating of operating systems, and regular patching writes DLT Chief Cybersecurity Technologist, Don Maclean.

On May 12 a ransomware virus, WannaCry, was released on the Internet and rapidly spread to hundreds of thousands of Microsoft Windows based computers in over 150 countries.  The malware encrypts critical files on a computer, such as Excel, Word, and other important files, and seeks out backup copies for encryption as well.  Once it infects a system, it requires the victim to pay approximately $300 in digital currency (Bitcoin), and immediately tries to find other systems to infect.

The White House has recently issued an Executive Order, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”  The Order is broad in scope, and features positive provisions, some unfortunate omissions and a seemingly excessive set of reporting requirements.  Let’s take a look.