1-888-PIVOT-POINT | 1-888-748-6876

These Government links are part of a weekly series, Ethical Hacker Roundup, featuring recent information security and cybersecurity related articles that we’ve read over and thought worth sharing.

These articles were emailed to us, shared on Twitter @pivotpointsec and our Google+ page, and read in RSS subscriptions this week.

Blocked UN Treaty Means the Internet Will Stay Free… For Now

Proponents of a free and open Internet got good news today, as the US, Canada, Costa Rica, the Czech Republic, Denmark Egypt, Kenya, the Netherlands, New Zealand, Poland, Qatar and Sweden blocked a proposed global telecom treaty that would have empowered national governments to monitor and control the web. The major proponents of the failed treaty were Russia, China and the United Arab Emirates.

The treaty was debated for two weeks at an International Telecoms Union (ITU) conference in Dubai. Originally intended to update outmoded current telecom treaties, the effort evolved into what many democratic nations deemed an overreach.

The US response was (in part): “The internet has given the world unimaginable economic and social benefit during these past 24 years. All without UN regulation. We candidly cannot support an ITU Treaty that is inconsistent with the multi-stakeholder model of internet governance.”

10 Worst Government Data Breaches of 2012 Recalled

Government agencies from local election boards to NASA suffered significant data breaches in 2012. Here are the top three, according to Microsoft News:

#3: Utah health programs
Capitalizing on servers left unprotected during an upgrade, Eastern European hackers succeeded in stealing 780,000 Medicaid records from Utah’s Department of Technology Services. Among the records stolen were many pertaining to children. Since child identity theft is often not discovered until the victim is an adult, this breach could have long-term as well as immediate financial consequences.

#2: California Department of Child Support Services

Contractors Iron Mountain and IBM lost storage devices in transit that contained the names, addresses, Social Security numbers and other sensitive data of over 800,000 people. The tapes were believed to have fallen out of an improperly secured shipping container during a disaster recovery exercise.

#1: South Carolina state government

When a hacker stole a database from South Carolina’s Department of Revenue, 75% of state residents were put at risk of identity fraud. A staggering 3.6 million Social Security numbers and 387,000 payment card records were exposed, along with sensitive information for 657,000 businesses.

Just released: Cybersecurity Handbook for Cities and Counties

In the wake of a well-publicized cyberattack earlier this year, (see above), Utah governor Gary Herbert said that hackers had mounted 1 million attacks per day on state IT systems prior to the breach. With threats increasing in frequency and complexity, and cybersecurity costs spiking in the face of IT budget and staffing cuts, information systems and data maintained by cities, counties and other smaller government agencies are particularly vulnerable.

Based on the activities of task forces making up the Digital Communities program, a partnership among public- and private-sector IT professionals working to support local governments, a “Special Report: Cybersecurity Handbook for Cities and Counties” is now available on the Digital Communities and Government Technology magazine websites.

The report defines the current threat landscape, describes the most common cyberattacks that small agencies face, and outlines some of the most important and cost-effective approaches for mitigating the majority of threats. To know that your agency’s information systems are secure from malicious attacks targeting sensitive information, Security Certification and Accreditation is the most comprehensive approach.

Government IT Security

Pivot Point Security has the right combination of Information Security/Compliance domain expertise, government knowledge and experience, and organizational character to help you define and execute on the best course of action to know you’re secure and prove you’re compliant. See how we can help.