Mediaboss Marketing

Microsoft announced that the NSA has cleared Windows 10 and the Surface tablet for classified use. The company also teased security improvements that will be discussed at the annual RSA Conference next week, where security experts from all over the world will gather.

Being cleared for classified use could help Microsoft do business with government agencies, independent contractors, and other groups that handle sensitive data. A place on the NSA's list of approved devices also gives Microsoft bragging rights--and the company put 'em to good use in its blog post:

Our customers are the most security-conscious in the world and demonstrating our commitment to meeting their needs is incredibly important to us. Today, Im excited to share that both Windows 10 and Surface devices including Surface Pro 3, Surface Pro 4 and Surface Book have been added to the NSAs Commercial Solutions for Classified Programs (CSfC) list. The CSfC program listing demonstrates Windows 10, as well as Surface devices (the only Windows 10 devices currently on the list), when used in a layered solution, can meet the highest security requirements for use in classified environments.

But that doesn't mean Microsoft is done battening down the hatches of its software and hardware. The company also teased a number of security improvements that have either recently debuted or are expected to be released this year. These include more control over devices via Surface Enterprise Management Mode (SEMM), expanded device management, and updates to Windows Defender Advanced Threat Protection (WDATP), among others.

Many of those updates share a common goal: letting businesses use Windows 10 to control end points and defend against common threats. Microsoft said updates to SEMM will let companies disable a tablet's camera or microphone, for example, whereas updated Windows Analytics will let them know if software updates are being installed like they should be. To abuse the obvious pun--Windows is getting some bars, locks, and other reinforcements.

Microsoft also touted some of the operating system's existing features, such as Windows Hello, which allows people to sign in to their PC via facial recognition or fingerprint scan instead of a password. Combine that with a feature that automatically locks a PC when a paired smartphone leaves its vicinity--which is already available to Windows Insider program members--and Microsoft can help prevent careless mistakes on Windows 10 devices.

More information about these updates is available from Microsoft's blog post, and still more will be revealed in the days leading up to the RSA Conference that will run February 13-17. The bottom line is this: Windows 10 and Surface got a vote of confidence from the NSA, and over the next couple months, Microsoft will make it easier for businesses to manage their own security instead of relying on their employees' competence.

Read the original post:
Microsoft Gets NSA Approval For Windows 10 And Surface - Tom's Hardware

Federal prosecutors in Baltimore are expected to seek an indictment as early as this week against a former National Security Agency contractor who is accused of carrying out the biggest theft of classified information in U.S. history.

The indictment against Harold T. Martin III is expected to contain charges of violating the Espionage Act by willfully retaining information that relates to the national defense, including classified data such as NSA hacking tools and operational plans against a known enemy of the United States, according to individuals familiar with the case.

Martin, 52, was arrested Aug. 29 at his home in Glen Burnie, Md., and he has been held in a detention facility since. A U.S. District Judge last fall declined Martins request to be released from jail pending an eventual trial or resolution of the case, ruling that he was a flight risk.

In a complaint unsealed in October, the government charged Martin with felony theft of government property and the unauthorized removal and retention of classified materials, a misdemeanor. The prosecutors said then that they expected that the indictment would also include charges of violations of the Espionage Act, offenses that carry a prison term of up to 10 years for each count.

Such charges, prosecutors said, if run consecutively, could amount to a sentence as high as 30 years to life in prison.

The Justice Department declined to comment Monday.

In court hearings and filings, prosecutors have characterized Martins actions as highly damaging to national security. Over the course of 20 years working with various federal agencies, Martin took irreplaceable classified material on a breathtaking scale, said Zachary A. Myers, an assistant U.S. attorney with the District of Maryland, at a detention hearing in October.

Myers said Martin took many thousands of pages of classified material as well as 50terabytes of digital data, much of which has special handling caveats.

Martin previously worked in the Navy, leaving active duty in 1992 and then held a variety of tech jobs with government contractors. He worked at the NSA from 2012 to 2015, where he was an employee of the intelligence contractor Booz Allen Hamilton.

For some portion of that time, Martin was in the NSAs elite hacker unit, Tailored Access Operations, which makes and deploys software used to penetrate foreign targets computer networks for foreign espionage purposes.

Some U.S. officials said that Martin allegedly made off with more than 75percent of TAOs library of hacking tools an allegation which, if true, would be a stunning breach of security.

James Wyda, one of Martins defense attorneys, declined to comment.

His attorneys have previously portrayed him as a patriot who took material home to become better in his job, not to pass them to a foreign spy agency and betray his country. The desire to improve became a compulsion, Wyda argued at the detention hearing.

This is the behavior of a compulsive hoarder who could not stop gathering and possessing the documents he treasured, Wyda said.

Martins theft was discovered more than a year after another breach at TAO, in which a longtime employee was discovered to have taken without authorization significant quantities of the units hacking tools. The breach was not thought to be as serious as Martins, but it caused concern within the intelligence community.

See the original post here:
Prosecutors to seek indictment against former NSA contractor as ... - Washington Post

If the National Security Agency and Cyber Command were to split, NSA Executive Director Corin Stone explained thatany disagreements between the agencies would be decided by the secretary of defense and the director of national intelligence, to ensure fair judgment.

There have been conflicting opinions on the decision on whether to split the NSA from U.S. Cyber Command, which have traditionally operated as separate agencies under a dual-hat system with the same head. Stone said that Cyber Command is tasked with protecting Department of Defense networks, and the NSA conducts foreign signals intelligence and protects other national security systems, which are already separate jobs.

If the dual hat splits, it wont make a huge difference, frankly, Stone said in the Steptoe Cyberlaw Podcast last week.

Stewart Baker, former National Security Agency general counsel and partner at Steptoe & Johnson, questioned what would happen if the two agencies disagreed on a course of action. For example, how would the situation be resolved if Cyber Command wanted to take down an enemys network but the NSA wanted it to remain open because it was collecting useful intelligence information from the network.

It makes it more sensible to have a civilian head, Baker said, referring to the current head of both the NSA and Cyber Command, Adm. Michael Rogers.

Baker said that it would be unfair if the military branch, Cyber Command, received more authority from a leader with a military background.

Stone said that this wouldnt be the case because in the event of a disagreement between the different agencies, the two would voice their reasoning to the secretary of defense and the director of national intelligence, who would then make a decision together.

The NSA is also trying to monitor what information goes in and out of the agency without alienating employees.

The NSA has suffered from security leaks due to employeesEdward Snowden and Harold Martin, which has forced the agency to focus more on what data is leaving Fort Meade. The NSA has also had to consider intimidating its trustworthy employees during the dip in morale following these security leaks.

Its about defeating the enemy and making sure were not doing anything to enable [them], Stone said.

Snowden and Martin, both NSA contractors, were charged with stealing classified government information. Stone said that monitoring the movement of information has become more difficult with the use of flash drives and other technology that makes data mobile.

Any leaks, any unauthorized disclosures has an impact on morale, Stone said. Weve got a dedicated workforce. Theyre extremely sophisticated technical experts working very long hours on tough, tough problems, sometimes for years at a time and when someone is a peer or a colleague or someone they knew or someone they didnt know decides to break trust with the U.S. government, with the American people, and with their peers and colleagues, thats something that does deal a blow to morale.

Stone said that there has to be some layer of trust between the agency and employees because carrying flash drives has become commonplace and the agency cant inspect every one. Stone also said that the employees at NSA especially care about protecting citizen information.

The NSA is also working to increase transparency following these leaks by encouraging employees to discuss its mission with the public to be less of a mystery. This method also helps with hostile audiences, according to Baker.

If somebody is standing there and theyre talking like you, and they sound like you, and theyre just an ordinary person like you, its hard to hate them, Stewart said.

The NSAs current organizational system, which was revamped in 2016 under the name NSA21, integrates offensive and defensive cyber operations. Stone said that she believes that the focus on each side is balanced and allows the agency to tackle threats faster.

We have already seen more agility based on that integration, Stone said.

NSA has updated its goals in other ways, including fostering creativity and providing more support to its personnel throughout their careers. Stone said that the NSA has been supporting its employees by focusing on diversity efforts.

The NSA runs free GenCyber camps for students from elementary through high school to learn about cybersecurity. The NSA has also been reaching out to students at Historically Black Colleges, such as Morgan State University and Howard University, to consider careers at the agency.

Stewart said that the NSA already has some level of diversity because of the many different military and civilian backgrounds of its employees. Stone said there was more that could be done, but agreed in that respect.

We do have a level of diversity thats extraordinary, Stone said.

View original post here:
NSA Executive Explains Logistics of Possible Cyber Command Split - MeriTalk (blog)

William Warren Whitescarver, who owned a defined contribution and pension plan business and had been a code-breaker during the Cold War, died of cancer Monday at his Ruxton home. He was 81.

Born in Baltimore and raised in Homeland and Roland Park, he was the son of James Field Whitescarver, a World War I aviator and chemical engineer, and Annie Crewe Warren, a Virginia native.

Mr. Whitescarver attended the Gilman School, where he learned to play golf and participated in squash and tennis. He was a 1954 graduate of St. James School in Hagerstown. He then joined the Army and served in the 101st Airborne Division at Fort Jackson, S.C.

Because of his aptitude in mathematics and puzzle solving, Mr. Whitescarver was assigned to the Army Security Agency School at Fort Devens, Mass., where he was trained as a cryptanalyst shortly after the end of the Korean War.

"My father said he had to master several languages, including Chinese," said a daughter, Virginia Whitescarver Pittman of Glyndon. "He said his work was like solving a puzzle. He looked for repeated letters or patterns. For him, there was always a way to take a language apart."

After he left military service, Mr. Whitescarver earned a bachelor's degree at the John Hopkins University. While a student, and for several years after graduation, he worked for the National Security Agency.

"He would go to cocktail parties, but he couldn't discuss anything he was doing," his daughter said. "He said it was tough to get dates because there was nothing to talk about."

In 1956, he married Virginia Conradt "Connie" Boyce, who was later board manager of the Woman's Industrial Exchange. The couple owned hunting and steeplechase horses.

Mr. Whitescarver left the NSA and joined the old Mercantile-Safe Deposit and Trust Co., where he worked in employee benefit plans.

"My father had a mind for mathematics," his daughter said.

In 1969, he left the bank and became a consultant to Herget and Co. in Charles Center. He later worked in the Baltimore-Washington office of Meidinger and Associates, another actuarial firm, also located in downtown Baltimore. In order to increase his knowledge of the field, he earned a master's degree in tax law at the University of Baltimore.

In 1985, Mr. Whitescarver co-founded Benefits Designers of Maryland. He had a Redwood Street office.

He worked with local employers to create retirement savings plans and custom-tailored investments for their workers. Among his clients was the Maryland Thoroughbred Horsemen's Association. As part of his duties, he visited the state's race courses and counseled workers on retirement plans.

"He was an early leader in the field of defined contribution and pension plans," said another daughter, Annie Whitescarver Brown of Ruxton, a T. Rowe Price vice president. She said she entered the field of finance because of her father.

"He pushed me forward in my knowledge of this industry. He was an articulate man and good writer who could explain a complicated financial concept."

He sold his business in 2007, and then joined Chapin, Davis; he became its vice president of investments and a member of its board. He worked in an office in the Village of Cross Keys. His wife also worked there, and their offices faced each other.

Mr. Whitescarver taught law at the University of Baltimore. He was chair of the Episcopal Diocese of Maryland's Compensation Review Committee.

Gov. Robert L. Ehrlich Jr. named him to the board of the Maryland Supplemental Retirement Plans, and he was a past chair of its investment committee.

Mr. Whitescarver enjoyed tenpin bowling, tennis and golf. He earned the nickname "Skipper" after one of his shots skipped across a pond at the Green Spring Valley Hunt Club course.

In 1999, with his longtime partner, Thomas Swindell, he won the Green Spring Valley Hunt Club's Invitational Tournament. He also rated golf courses for Golf Week magazine, traveling to Australia, Ireland, South Africa and throughout the U.S.

"My father started as a caddie at the old Baltimore Country Club course in Roland Park in the 1940s. He would tell stories about how Falls Road cut the course in half," said another daughter, Mary Warren Whitescarver Scholtes of Phoenix in Baltimore County. "He was also a graceful dancer and could sweep a novice partner across any dance floor."

His daughters said their father was a humorist and storyteller. They said he had a contagious laugh accented by his twinkling blue eyes.

A life celebration will be held from 2 p.m. to 4 p.m. Saturday at the Green Spring Valley Hunt Club.

In addition to his three daughters, survivors include a sister, Frances Cook of Denver, and six grandchildren. His wife of 49 years died in 2015.

jacques.kelly@baltsun.com

See the article here:
William W. Whitescarver, Army and NSA code-breaker and retirement investment planner, dies - Baltimore Sun

On Monday, The Washington Post reported one of the most stunning breaches of security ever. A former NSA contractor, the paper said, stole more than 50 terabytes of highly sensitive data. According to one source, that includes more than 75 percent of the hacking tools belonging to the Tailored Access Operations. TAO is an elite hacking unit that develops and deploys some of the world's most sophisticated software exploits.

Investigators have floated several theories. One holds that Martin directly provided the tools to the person or group responsible for the leak. An alternate theory is that the leakers obtained the software by hacking Martin. As reported in October, Martin was charged with felony theft of government property and unauthorized removal and retention of classified material. Monday's Washington Post article says that prosecutors will likely file charges of "violating the Espionage Act by 'willfully' retaining information that relates to the national defense, including classified data such as NSA hacking tools and operational plans against 'a known enemy' of the United States."

An unnamed US official told the paper that Martin allegedly hoarded more than 75 percent of the TAO's library of hacking tools. It's hard to envision a scenario under which a theft of that much classified material by a single individual would be possible.

Listing image by National Security Agency

Link:
Former NSA contractor may have stolen 75% of TAO's elite hacking tools - Ars Technica