admin

ICIT Brief: Hacking Healthcare IT in 2016: Lessons the Healthcare Industry can Learn from the OPM Breach

Among all of America’s critical infrastructures, the healthcare sector is the most targeted and plagued by perpetual persistent attacks from numerous unknown malicious hackers. The goal of these threat actors is to exploit vulnerabilities in insecure and antiquated networks in order to exfiltrate patient data for financial or geopolitical gain. In order to protect patient .. read more

ICIT Senate Briefing: Hacking Hospitals

            On November 19, the Institute for Critical Infrastructure Technology conducted a briefing at the U.S. Senate entitled “Hacking Hospitals” to address the growing threats facing healthcare organizations. During this briefing, senior Senate staffers and attendees from agencies including the Departments of Veterans Affairs, State, Homeland Security, Health and Human .. read more

ICIT Fellows convene to discuss NextGen cybersecurity with NASA Ames, Army Cyber Institute, Blackberry

At the closed door October 2015 Institute for Critical Infrastructure Technology Fellows Meeting, Fellows and government leaders convened to discuss the top threats facing critical infrastructure sectors and the technologies and strategies which can mitigate risk.  The top challenges identified include an expanding attack surface driven by IoT and increases in mobile devices, better organized .. read more

ICIT Brief: Know Your Enemies – A Primer on Advanced Persistent Threat Groups

We Connect the Dots between Nation State, Cyber Mercenary, Cyber Caliphate and Cyber Criminal Advanced Persistent Threats by James Scott, Sr. Fellow, ICIT Allegations of cyber-incidents, IP theft, and cyber-attack have significant tangible results and seismic geopolitical implications. Most compromised organizations do not detect breaches until eight months after the initial incident; consequently, typical attribution .. read more

On November 2nd, 2015, posted in: Uncategorized by Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Congresswomen Lee (TX) and Chu (CA) speak at “Town Hall” on Minority Representation in Cybersecurity

            As part of Cybersecurity Awareness month, the Institute for Critical Infrastructure Technology hosted a Town Hall on Minority Representation in Cybersecurity, a meeting sponsored by Congresswoman Sheila Jackson Lee (TX).  Congresswoman Lee was joined by Congresswoman Linda T. Sánchez, Chair of the Congressional Hispanic Caucus and Congresswoman and Judy Chu, .. read more

ICIT Brief: Who’s Behind the Wheel? Exposing the Vulnerabilities and Risks of High Tech Vehicles

The July 2015 remote hack of a Jeep Cherokee by security researchers from IOActive served as a catalyst which made vehicle cybersecurity a top priority for the automotive industry, consumers and lawmakers.  Since then, Chrysler has recalled 1.4 million Jeeps to patch vulnerabilities and lawmakers have proposed various pieces of legislation to address cybersecurity in vehicles, including the  Security and Privacy .. read more

On September 21st, 2015, posted in: Latest Posts by Tags: , , , , ,

ICIT Talking Points: “Is the OPM Data Breach the Tip of the Iceberg?” – for the House Committee on Science, Space and Technology

Throughout June 2015, the United States Office of Personnel Management failed to adequately answer inquiries from the American people, Congress, and Federal agencies, concerning the two breaches of its systems that have left the granular personal information of 22.1 million United States Citizens in the hands of an unidentified adversary.  After review of the July .. read more

Legislative Brief “Moving Forward: How Victims Can Regain Control & Mitigate Threats in the Wake of the OPM Breach”

In June 2015, the Nation learned that the personnel records of 21.5 million United States citizens had been exfiltrated by an unknown adversary from the Office of Personnel Management, one of the largest known breaches in the history of the U.S. Government.  The immediate public outcry included congressional hearings attributing the breach to OPM administrators and .. read more

Preparing the Battlefield: The Coming Espionage Culture Post OPM Breach

As part of its continued analysis of the OPM breach, ICIT’s most recent brief entitled “Preparing the Battlefield: The Coming Espionage Culture Post OPM Breach” discusses the significant impact the breach will have on America’s national security.  The large number of victims, many of whom hold security clearances, combined with the personal nature of the information stolen gives .. read more

ICIT Brief: OPM Demonstrates that Antiquated Security Practices Harm National Security

The Institute for Critical Infrastructure Technology has published its official analysis of the Office of Personnel Management breach, Handing Over the Keys to the Castle: OPM Demonstrates that Antiquated Security Practices Harm National Security.  This research brief provides insights on several of the most important aspects of the breach, some of which are not being .. read more

Securing Federal Data Post OPM: Lunch & Learn Summary + Slides

                This week the Institute for Critical Infrastructure Technology held a Lunch and Learn called “Securing Data for Today’s Federal Agency” which focused on the increasingly daunting task of protecting federal data in an age of information sharing and increased threats both inside and outside an agency.  An .. read more

Brief: Keeping Smart Cities Smart – Preempting Emerging Cyber Attacks in U.S. Cities

The Institute for Critical Infrastructure Technology, working closely with IOActive and other Fellows, has published its latest legislative briefing titled “Keeping Smart Cities Smart: Preempting Emerging Cyber Attacks in U.S. Cities“.   As more and more U.S. cities adopt ‘smart’ technologies,  America finds its urban centers  increasingly at risk for cyber-attacks which could bring entire .. read more

NIST Issues Revisions to ICS Security Guide; ICIT launches Initiative to Support

The National Institute of Standards and Technology (NIST) issued its second revision to its Guide to Industrial Control Systems (ICS) Security, a major source of guidance for critical infrastructure sectors which own and operate computer controlled industrial equipment. Many of the changes are driven by the internet connectivity of ICS machines and devices, or “Internet of Things”, .. read more

OPM Data Breach Interview: Federal News Radio Interviews Dan Waddell, Institute for Critical Infrastructure Technology Fellow

  The OPM Data Breach that has affected millions of current and former federal employees wasn’t about acquiring bank records or credit card information. Instead, signs point to cyber espionage. Dan Waddell, ICIT Fellow and director of government affairs at (ISC)2 joined Emily Kopp on the Federal Drive to discuss the magnitude of the breach. Click HERE .. read more

Legislative Brief: “Preventative Measures- Ensuring Information Security Prior to mHealth Development”

The Institute for Critical Infrastructure Technology  issued its latest legislative briefing titled “Preventative Measures- Ensuring Information Security Prior to mHealth Development”.  The brief is an analysis of the proliferation of mobile technologies in the healthcare ecosystem, addressing the benefits mobility brings to patients and health providers as well as data privacy risks that exist if these technologies are .. read more

ICIT Announces Summer Initiatives

The Institute for Critical Infrastructure Technology announced its summer initiatives today, covering a broad range of critical infrastructure topics in support of the legislative calendar, various federal and state government initiatives and the needs of critical infrastructure sectors around the country. If your organization is interested in providing expertise to any of the initiatives below, contact .. read more

On June 8th, 2015, posted in: Latest Posts by

ICIT Speaks at U.S. Senate “Health Sector Fly-In” on Cybersecurity

          The Institute for Critical Infrastructure Technology co-hosted and spoke at the inaugural Health Sector Fly-In Tuesday June 2, 2015, which was held at the United States Senate  and sponsored by Senator Lamar Alexander (TN).  As a member of the Healthcare and Public Health (HPH), Sector Coordinating Council (SCC) and the SCC Cyber .. read more

ICIT Fellows Talk on the Convergence of Physical and Cyber Security at the British Embassy

          Members of the Institute for Critical Infrastructure Technology spoke on the convergence of physical and cyber security at the British Embassy June 2, 2015, at a meeting attended by representatives from the United States government, the British government, and critical infrastructure sectors including Energy and Finance. The event featured a presentation by Danyetta Magana .. read more

Analysis of H.R. 1560 Title I (Protecting Cyber Networks Act) and Title II (National Cybersecurity Protection Advancement Act)

The Institute for Critical Infrastructure Technology (ICIT) today issued a briefing to members of the U.S. House of Representatives, U.S. Senate, Federal Agencies and other Critical Infrastructure Sector Leaders titled “Progress as Two Steps Forward and One Step Back: Analysis of H.R. 1560 Title I and Title II (H.R. 1731).”   The briefing is a detailed .. read more

ICIT Meets with Representatives Comstock, Lofgren, Massie, Poe; to speak at British Embassy and U.S. Senate

The Institute for Critical Infrastructure Technology met last Friday with senior technology and intelligence leads from U.S. House of Representatives members Barbara Comstock (MD), Ted Poe (TX), Zoe Lofgren (CA) and Thomas Massie’s (KY) offices to provide advisory on issues ranging from surveillance technology, threat intelligence, and privacy / civil liberties. Last week’s passage of .. read more

DHS, ICIT and Federal Agency Leaders Collaborate on ISAOs

              On Thursday April 30th, the Institute for Critical Infrastructure Technology (ICIT) hosted its monthly Fellow Meeting with featured thought leader Michael Echols, Director of Special Initiatives, Critical Infrastructure and Key Resources Cyber Operations Management (CIKR-COM) at the Department of Homeland Security (DHS). Mr. Echols led an interactive discussion with .. read more

ICIT Fellows Meet with Congressmen Van Hollen and Mooney to Deliver Threat Information Sharing Brief

                ICIT met separately with Congressmen Alex Mooney (WV) and Congressmen Chris Van Hollen (MD) (respectively) to hand deliver copies of ICIT’s Threat Information sharing brief late last week. The brief was also sent to members of the Congressional Cybersecurity Caucus in anticipation of this week’s votes on .. read more

ICIT Briefs Congress on HR691 Telehealth Modernization Act of 2015

ICIT briefed members of the Rural Health Caucus on HR691  –  Telehealth Modernization Act of 2015, where Fellows provided expertise on rural health, telemedicine, and privacy issues surrounding telehealth initiatives.  ICIT Fellows advised for strong security and access management, interoperability between EHRs, patient access to data, and the securing of data pathways themselves. Click here .. read more

HHS, ICIT Fellows Collaborate on Privacy and Data in Healthcare

              Thursday, March 26, the Institute for Critical Infrastructure Technology (ICIT) hosted their monthly Fellow Meeting, with featured thought leaders Dr. Kafi Wilson, MHA (ICIT Fellow and CEO, KWMD) and Laura Elizabeth Rosas (Lead Public Health Advisor, Health IT Team, Substance Abuse and Mental Health Services Administration [SAMHSA], U.S. .. read more

ICIT Fellows Brief Congressional and Senate Members on H.R.3696 Cybersecurity and Critical Infrastructure Protection Act of 2014

Week of March 2, 2015:  ICIT presented to members of the Congressional Cybersecurity Caucus and a member of Senate on H.R. 3696: Cybersecurity and Critical Infrastructure Protection Act, in order to discuss certain aspects of the bill which it believes will be included in 2015 legislation. These meetings gleaned important findings and requests for additional briefings .. read more

Department of Energy CIO (acting) Shares Defense in Depth Strategy at ICIT Fellow Meeting

  March 4, 2015:  Last week, the Institute for Critical Infrastructure Technology (ICIT) hosted their monthly Fellow Meeting. The featured thought leader was Donald Adcock, Chief Information Officer (Acting) for the Department of Energy. In the discussion, Mr. Adcock called for organizations to add “breadth” to their “Defense in Depth” strategies as a means to .. read more

On March 2nd, 2015, posted in: Latest Posts by Tags: , , , , , ,

HP, WatchDox, Covenant Announced as ICIT Fellows

February 10, 2015 –   The Institute for Critical Infrastructure Technology (ICIT) announces the addition of HP, Watchdox, and Covenant Security Solutions as ICIT Fellows, organizations who bring highly qualified experts, technologies and solutions to support the niche advisory ICIT provides the policy community in the fields of critical infrastructure technology and cyber security. “With .. read more