ClearSky Cyberdefense Forum

http://www.nist.gov/customcf/get_pdf.cfm?pub_id=911736

The National Institute of Standards and Technology (NIST) published the finalversion of its guide to managing computer security incidents.

The publication, said the institute, is based on best practices from government, academic and business organizations, and includes a new section expanding on the important practice of coordination and information-sharing among agencies.

Government agencies face daily threats to their computer networks. The Federal Information Security Management Act (FISMA) requires government agencies to establish incident response competencies, and NIST said its researchers revised the guidance in the publication to cover challenges related to today’s evolving threats.

The revised NIST guide provides step-by-step instructions for new, or well-established, incident response teams to create a proper policy and plan, it said. NIST recommends each plan have a mission statement, strategies and goals, an organizational approach to incident response, metrics for measuring the response capability, and a built-in process for updating the plan as needed. The guide recommends reviewing each incident afterward to prepare for future attacks and to provide stronger protections of systems and data.

“This revised version encourages incident teams to think of the attack in three ways,” explained co-author Tim Grance. “One is by method—what’s happening and what needs to be fixed. Another is to consider an attack’s impact by measuring how long the system was down, what type of information was stolen and what resources are required to recover from the incident. Finally, share information and coordination methods to help your team and others handle major incidents.”

A draft version of the guide, said NIST, covered agencies sharing and coordinating information, but public comments called for more detailed information in this area, and the authors added a section on this topic to meet the requests. The guidance suggests that information about threats, attacks and vulnerabilities can be shared by trusted organizations before attacks so each organization can learn from others. By reaching out to the trusted group during an attack, one of the partners may recognize the unusual activity and make recommendations to quash the incident quickly. Also, some larger agencies with greater resources may be able to help a smaller agency respond to attacks.

The guide provides recommendations for agencies to consider before adding coordination and information sharing to the incident response plan, including how to determine what information is shared with other organizations and consulting with legal departments.

http://www.gsnmagazine.com/node/26951?c=cyber_security

BOSTON (Reuters) – A team of top hackers working for Intel Corp’s security division toil away in a West Coast garage searching for electronic bugs that could make automobiles vulnerable to lethal computer viruses.

Intel’s McAfee unit, which is best known for software that fights PC viruses, is one of a handful of firms that are looking to protect the dozens of tiny computers and electronic communications systems that are built into every modern car.

http://articles.chicagotribune.com/2012-08-20/classified/sns-rt-us-autos-hackersbre87j03x-20120819_1_computer-viruses-computer-attacks-damage-cars