Emails raise more questions of Clinton infosec practices. From SC Magazine. A batch of recently released documents set off renewed discussions about Hillary Clinton’s information security practices as former U.S. Secretary of State. The documents, which were obtained by Judicial Watch through a Freedom of Information Act request, included 296 pages of declassified State Department documents. Contained in the released documents is an email discussion between Clinton and her then-Chief of Staff Cheryl Mills. After Clinton landed from a February 22, 2009 trip abroad, she and Mills tried unsuccessfully to connect through Clinton’s secure communication. After an hour of trying to connect, Clinton wrote to Mills, “Are you calling me? What #? I called ops and they gave me your ‘secure’ cells… but only got a long high pitched whining sound.”
- Why incident response plans fail. From TechCrunch. Following a cyber attack on critical infrastructure, emotions run high and the clock starts ticking. Suddenly what appears to be a well-structured incident response (IR) plan on paper can turn into a confusing “storming session” around who owns what. Rather than identifying, analyzing and eradicating the threat, organizations can easily become entangled in processes hindering response time and further endangering operations.The longer the “dwell time,” or the time an attacker remains within the system, the more damage the attacker can cause, whether it be data loss, impacts to operations or physical damage to assets. According to a recent survey done by the SANS Institute, 50 percent of organizations took two days or longer to detect breaches, and 7 percent didn’t know the length of an attacker’s dwell time.