U.S. Cybersecurity Czar Says “There is No Cyberwar”
Obama’s new cybersecurity czar doesn’t much like the term “cyberwar,” calling it a “terrible metaphor” and a “terrible concept.” But just in case his dislike of the term didn’t get through, Howard Schmidt flat-out stated that “there is no cyberwar” during a Wired interview at the RSA Security Conference in San Francisco. Schmidt noted that the real cybersecurity threats are online crime and espionage. His words seem to stand in contradiction to a statement last week by Michael McConnell, former director of national intelligence, who told Congress that the U.S. was already in the midst of losing a cyberwar. Schmidt seemed more than willing to downplay McConnell’s Cold War mentality. Read the full Popular Science article here.

Homeland Security Chief Napolitano Seeks Citizen Cybercrime Fighters
Uncle Sam wants to recruit you to help fight cybercrime. Department of Homeland Security Secretary Janet Napolitano is calling on anyone with good ideas for boosting public awareness about the importance of making the Internet safer to step forward. “We are challenging our nation’s best and brightest to utilize their expertise and creativity to devise new ways to engage the public in the shared responsibility of safeguarding our cyber resources and information,” she said. Read the full USA Today article here.

Heartland Breach Still Hitting Banks
Around 5000 First National Bank of Durango customers have been unable to use their cards in stores, although they can still withdraw cash at ATMs. In a notice on its Web site, the bank says: “Please be aware that as a result of a security breach at Heartland Payment Systems that occurred over a year ago, debit cards issued by the First National Bank of Durango may have been compromised.” The warning continues: “It is important to note that there was not a security breach at First National Bank of Durango, our systems remain secure. The breach occurred at a 3rd party processor. Read the full Finextra article here.

Westin Hotel in LA Reports Possible Data Breach
People who stayed at the Westin Bonaventure Hotel & Suites in Los Angeles last year and used their credit or debit card to eat there should keep a close eye on their bank statements. Hotel officials disclosed Friday that the hotel’s four restaurants, along with its valet parking operation, may have been hacked at some time between April and December, disclosing names, credit card numbers and expiration dates printed on customers’ debit and credit cards. The Westin Bonaventure is in L.A.’s downtown financial district, near the Los Angeles Convention Center and the Staples Center. Read the full Computerworld article here.

Are You Sure You’re Prepared for a Data Breach?
We’ve all seen the sobering stats: Nearly 500 major data breaches have been reported in the United States since the beginning of 2009, impacting more than 220 million records. And that doesn’t even account for the many breaches that weren’t publicly reported. So chances are that your company will be hit by a breach, if it hasn’t already. In fact, some would say it is almost as inevitable as the finger of blame being pointed squarely at you, the company’s senior security professional and chief scapegoat, when a breach strikes. Read the full SC Magazine article here.

BBB Small Business Advice: Reduce the Damage Done by a Data Breach
While the volume of data breaches declined in 2009, data breaches at businesses—as opposed to the government or non-profit sector—are on the rise. Better Business Bureau recommends that small business owners take steps to protect their data and also develop a plan of action in order to react quickly and reduce the damage if a data breach does occur. There were more than 498 reported data breaches in 2009, according to the Identity Theft Resource Center. While this is an improvement from the 657 breaches in 2008, unfortunately, the share of data breaches occurring in the business sector, specifically, increased to 41 percent. Read the full Better Business Bureau post here.

Happy Monday!

RSA 2010: US Declassifies Comprehensive National Cybersecurity Initiative
The US government has declassified a description of the Comprehensive National Cybersecurity Initiative (CNCI) launched in secret in January 2008. The announcement was made by White House cyber security coordinator Howard Schmidt at the RSA Conference 2010 in San Francisco. “As of noon today you will be able to go to whitehouse.gov/cybersecurity and download the unclassified description of the CNCI and each of the 12 initiatives under the CNCI,” he said yesterday. Read the full ComputerWeekly article here.

Companies Urged to Share Data Breach Information
Sharing information with law enforcement after a breach is critical to successfully battling increasingly sophisticated and organized cybercriminals, security experts said during a panel discussion at the RSA Conference. The biggest challenge for law enforcement is trying to work with domestic companies victimized by breaches, said Kimberly Kiefer Peretti, senior counsel with the Department of Justice’s Computer Crime Section. “The only way we can fight this is to get good support. We’re not there as your enemy but your friend,” she said. Law enforcement does its best to respect a company’s needs and won’t interrupt business during an investigation, she added. Read the full SearchSecurity.com article here.

Three Security Themes to Watch for at the 2010 RSA Conference
Attackers aren’t getting more sophisticated, but their methods are getting more automated, wreaking havoc on corporate networks and the people who are supposed to protect them. Several themes may emerge when this year’s 2010 RSA Conference kicks off this week. Experts will explain what organizations can do to protect their networks in the wake of the Google attacks. Meanwhile, enterprises are building a mixture of public and private clouds, and vendors are eager to present ways that they can be better secured. What exactly is a private cloud or a hybrid approach is up to interpretation. Finally, Howard Schmidt, the White House appointed cybersecurity coordinator, is sure to set the tone early during the conference when he explains what the government is doing this year to protect critical systems from attack. Here’s a snapshot of the themes that could emerge this week. Read more of the SearchSecurity.com article here.

RSA 2010: Computer Health Check Could Stem Spread of Viruses
Microsoft has raised the idea of enforcing computer system “health checks” before they are allowed to connect to the internet as a way of curbing malware infections. “Many corporate computers are scanned for malware before they are allowed to connect remotely to internal networks. But the same is not true for most other computers that connect to the internet,” Steve Lipner, senior director of security engineering strategy at Microsoft, told Computer Weekly. Read the full article here.