Federal Blueprint Blog

David Rubal's picture
Written by
David Rubal

Email is one of the most common attack vectors used by hackers to get into government networks. The well-publicized, late 2014 attack on the US State Department is the latest notable example of purposeful attacks on email systems to obtain sensitive content and user’s Personally Identifiable Information (PII). In early 2015, it was revealed that the infiltration extended to White House and other agency email systems.

Here, hackers send targeted communications or “phish” for information they can use to perpetrate other attacks and establish a foothold in an agency. They may try to trick users into providing personal data – such as usernames and passwords, sensitive data, records, etc. – or entice them to click on a link or open a file that contains malicious code that automatically infects the endpoint.

Anonymous's picture
Written by
Federal BluePrint Editorial Team

Are you watching the World Cup?

It’s great to see how the best players in the world work together on defense to shut down their opponents. Cybersecurity is the same way. All the pieces have to work together in order to have a strong defense.

Encrypted Traffic – Seeing Downfield

David Rubal's picture
Written by
David Rubal

The use of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption for Internet and enterprise traffic is growing steadily. Modern cloud applications that use SSL communications by default – such as SharePoint, Exchange, WebEx, Salesforce.com, and Google Apps – are commonplace and rapidly growing.

Aubrey Merchant-Dest's picture
Written by
Aubrey Merchant-Dest

Recent events surrounding the OPM breach only serve to highlight the realities of computer network defense (CND), further supporting that it’s difficult to stop what we can’t describe to a machine via signatures and/or policy. We’ve all heard stories of malicious email getting though various layers of network and host defenses only to be characterized as ‘shady’ after close inspection of a vigilant individual, that’s right, a human. Yet somehow we continue to be wooed by new shiny point products, which aim to cure specific issues, hoping they will provide additive risk protection and security. What other choice do we have, right?

David Rubal's picture
Written by
David Rubal

Cyber and information security are top of mind as an increasing and continuous challenge across the U.S. Federal government. With every successful cyber attack like the one recently reported by the U.S. Office of Personnel Management, historic levels of personal employee information were compromised for over 4 million U.S. Government employees. This is only the most recent example in a growing story of active, ongoing and multiple-stage attacks on U.S. government agencies and entities. In this journey to proactively thwart attacks, agencies must evolve to think and execute differently to create a comprehensive approach to full life-cycle of cybersecurity (prevention, detection, mitigation and forensics) in order to fully protect citizen, employee, mission and classified information at all levels.

Anonymous's picture
Written by
Federal BluePrint Editorial Team

Sen. Rand Paul’s recent 11-hour filibuster illustrated the intense partisan divide in Washington over surveillance legislation and whether to reauthorize section 215 of the Patriot Act.

But surveillance isn’t the only piece of tech legislation worth talking about. Members of Congress are also discussing information sharing and data breaches, and both issues to watch as lawmakers consider numerous bills.