Sunday, October 26, 2014

ISIS

This week blog will discuss the threats of ISIS and what Police agencies may face in the near future. In New York City a hatchet-toting Jihadist, who had ties to ISIS, attacked four Police officers.             While these threats are real, the threat of cyber is something that may occur here in the United States. I read a few articles titled “ISIS is ramping up efforts to mount a massive cyber attack”, “ISIS Cyber Ops: Empty threat or reality”. These articles state the threat and capability of ISIS attacking major infrastructure in the United States, which includes utilities and financial, is real. ISIS is massive when it comes to social media with this social media footprint a cyber attack is imminent. While Police Officers are dealing with physical threats and weapon carrying assailants, the cyber threat poses another threat that Law Enforcement Officers should prepare for.
Reference:
Paganini, P. (Sep. 14, 2014) Security Affairs. ISIS is ramping up efforts to mount a massive cyber attack. Retrieved from http://securityaffairs.co/wordpress/28300/cyber-crime/isis-cyber-caliphate.html.
  

McFarlin, J. (Sep. 25, 2014) Security Week. ISIS Cyber Ops: Empty Threats of Reality? Retrieved from http://www.securityweek.com/isis-cyber-ops-empty-threat-or-reality.

Sunday, October 19, 2014

Hello again, I just read an interesting article dealing with a CJIS, Criminal Justice Information System, mandate that should be implemented by police agencies this October. The computers that have access to any FBI database should have a multifactor authentication system. I am not a computer IT specialist, but this is 2014 and I would have thought that this should have been already in place.  Here is a direct quote from the article “Computer security is one of the primary concerns for many of the nation's companies and government agencies. Billions of dollars is spent each year on preventing external threats from entering protected networks. But the sad truth is that most computer network breaches are caused by sloppy internal security policies and procedures” (Griffith, 2014).
            The article goes on to say that police vehicles that are equipped with laptop computers need an additional security login measure when officers access them. This lack of authentication is leaving a lot of these computers vulnerable to attacks.
            After reading this article it shows how much police agencies are lacking when it comes to cyber security.
Reference:
Police Technology Magazine. Griffith, D. (2014), Cyber Security: Locking down the Databases, Retrieved from http://www.policemag.com/channel/technology/articles/2014/08/cyber-security-locking-down-the-databases.aspx

            

Sunday, October 12, 2014

New Jersey State Police - Attacking Cyber Threats

     I just read some information from the New Jersey State Police site. It looks like they (NJSP) are taking an active role going after cyber threats. Here is the title of the cyber unit and an explanation of what their job entails.
    Cyber Crimes Unit - "The Cyber-Crimes Unit (CCU) is composed of State Police enlisted detectives, civilian analysts, and task forces from other police agencies. The CCU has two investigative squads and additional personnel dedicated to the FBI Regional Computer Forensic Laboratory (RCFL). The mission of the CCU Investigation squad is to conduct and assist in investigations where computers, networks, telecommunication devices, and other technological instruments are the vehicle or target for the commission of criminal acts against network resources critical to the function of corporate or government entities". Here is a list of crimes the unit investigates. Computer Intrusions, Data theft, Online ID Theft, Unlawful Access, Account Hijacking, Cyber Terrorism, Cyber Stalking, Social Networking/Email account intrusions.
I read this site and it made me think; “now this is what police agencies should be doing”. I have to try to get someone from my Department Headquarters (Pennsylvania State Police), to take a look at this site maybe this will motivate them to imitate what NJ is doing.
Reference:
                        Special Investigations Section, Cyber Crimes Unit. Retrieved from                                                          http://www.njsp.org/divorg/invest/cyber-crimes-unit.html

Sunday, October 5, 2014

Information Security Awareness Training

     Well my cyber training is still postponed with no reschedule date, as of yet, so I will discuss the importance of Information Security Awareness training. I believe this is an important subject for any organization to partake in, however, the training should coincide with what the organization is trying to accomplish. 
     I think police departments across the U.S. should send their officers to some form of security awareness training. The training can be accomplished online; this will prevent individuals from not being at work for an extended period of time. There are several private agencies that offer this training for a fee and there are some that are free. 
     If the organizations that accredit police agencies will add Information Security Awareness training as part of an accreditation curriculum then the police agencies will make it mandatory to attend these training.