Cyber News Roundup: Black Hat Conference takes center stage

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

It was a busy week in Las Vegas for the Black Hat USA 2018 Conference. For those who braved the heat (it was 107 degrees on Thursday afternoon!), the event was full of news. Computer Reseller News posted a list of the top 20 cybersecurity products announced, IBM’s X-Force Red Team discussed research about devices commonly used by municipalities and found 17 major vulnerabilities, and Google, Microsoft and Red Hat presented the steps they took after the disclosure of the Meltdown and Spectre attacks earlier this year.

One of the more interesting keynotes was led by Parisa Tabriz, Google’s director of engineering, who spoke about the need for tech giants to provide more security for online users. Instead of putting the burden on the individual, her goal is to have tech companies prioritize security on the internet.

“The end of the journey is for people creating content on the web, the vast majority of them don’t even have to think about it – it’s just by default,” Tabriz said. “I don’t know when that will happen, but I think things are moving in the right direction.”

Read more coverage from Black Hat 2018 here.

Tackling the talent shortage in cybersecurity

The more we read about cyberthreats, the more we hear about the shortage of talented IT professionals who can save the world from hackers. Hiring cybersecurity experts isn’t easy since both technical knowledge and experience are needed. In addition, as we noted in the July 25 blog post Bringing Diversity to the Cybersecurity Workforce, there is a lack of diversity when it comes to hiring women and minorities in the cybersecurity sector.

According to The Cybersecurity Talent Gap Is An Industry Crisis in Forbes Magazine, “there will be as many as 3.5 million unfilled positions in the industry by 2021.” Some possible options for filling the hiring gap is to hire women and former members of the military, and the increased use of artificial intelligence to leverage the expertise of current cybersecurity experts.

Another way to tackle this issue is to start training the IT experts of tomorrow for careers in cybersecurity. In Oregon there is the  NW Cyber Camp for high school students, the Bachelor of Science in Information Technology from the Oregon Institute of Technology, the Bachelor of Science, Computer Science program at the University of Oregon, the Bachelor of Science in Computer Science program at Portland State University, and the Electrical Engineering and Computer Science program at Oregon State University which has an emphasis on Cybersecurity.

Nationally, there are many online programs that cater to people who have busy schedules and aren’t able to lead a traditional college student life. There are many websites that list colleges that offer online programs for security including U.S. News & World Report, Cyber Degrees, and Guide to Online Schools.

Northwest concerns about election security breaches

With recent announcements about sanctions against Iran and Russia, there are growing concerns about rogue nations interfering with the upcoming elections in the U.S. The Seattle Times highlighted concerns about Iran causing problems for the U.S. as retaliation for new sanctions imposed this week that target financial transactions, Iran’s automotive sector, and the purchase of commercial planes and metals, including gold.

According to Norm Roule, former Iran manager for the office of the Director of National Intelligence, he believes that operatives in Tehran will lead the charge against the U.S. “I think there is a good chance Iran will use cyber, probably not an attack that is so destructive that it would fragment its remaining relationship with Europe, but I just don’t think the Iranians will think there is much cost to doing this,” Roule said. “And it’s a good way to show their capacity to inflict economic cost against the United States.”

Similarly, the Oregonian wrote about President Trump’s call for increased cybersecurity to protect the upcoming elections based on the reports of Russian meddling in the 2016 election. In a letter to Senate Democrats, U.S. National Security Advisor John Bolton stated that “President Trump has not and will not tolerate interference in America’s system of representative government.”

Both Republicans and Democrats have publicly stated that the U.S. government’s approach to securing elections is fragmented, with little coordination across agencies.

Cyber Oregon partner blog post of interest

• Sword & Shield: What do I do if my Network is Hacked?