Skip to main content
  1. Home
  2. Computing
  3. News

Top US cybersecurity official quits

Trevor Mogg
By

The US Computer Emergency Readiness Team (US-CERT) isn’t looking quite so ready at the moment as its director has just quit. US-CERT, part of the Department of Homeland Security (DHS), is charged with the task of protecting US government agencies and networks from cyberattacks.

According to an Information Week report on Monday, the former DHS official, Randy Vickers, left his post at the end of last week. He’d been in the position since April 2009.

Recommended Videos

The report said that in an email announcing the news, sent to staff by DHS’s acting assistant secretary for cybersecurity and communications Bobbie Stempfley, no explanation was given as to why Vickers had decided to resign.

Related

In the past few months, however, a number of government agencies have been hit by hackers in a string of embarrassing cyberattacks.

In June the LulzSec hacker group hit the CIA website with a denial-of-service attack, and shortly before that the website of InfraGard, a non-profit organization that serves as a partnership between the FBI and private business, was hit by the same group.

In the same month, officials working at the White House were at the center of a phishing attack where hackers, believed to be located overseas, tried to trick users of Gmail into giving away their passwords.

Federal contractors dealing with confidential government information have also been targeted by hackers – earlier this month Booz Allen Hamilton lost 90,000 email addresses and passwords after a security breach orchestrated by another hacking group, Anonymous.

On its website, US-CERT cites its mission as “to improve the nation’s cybersecurity posture, coordinate cyber information sharing and proactively manage cyber risks to the nation while protecting the constitutional rights of Americans.”

US-CERT deputy director Lee Rock will fill Vickers’ position until a new director is announced.

In the email sent to staff on Friday, Stempfley wrote: “Lee has been the deputy director for US-CERT for over a year and we are confident that our organization will continue its strong performance under his leadership.”

Describing the performance as “strong” may be scoffed at by some observers, but there’s little doubt that in the world of cybersecurity, this must be one of the toughest jobs going. Whichever brave soul takes on the role full-time, hopefully they’ll have been able to learn a lot from the recent string of cyberattacks.

Editors' Recommendations

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more
No, 1Password wasn’t hacked – here’s what really happened
A person using the 1Password password manager on a laptop while sat on a couch.

Password managers have been struggling with security breaches in recent months, with LastPass suffering a particularly bad hack as a notable example. So when 1Password users got an alert last week saying their Secret Keys and passwords had been changed without their knowledge, they were understandably panicked. Luckily, all was not what it seemed.

That’s because AgileBits, the company behind 1Password, has just explained exactly what went wrong during that event. And while it wasn’t as bad as everyone first thought, it still doesn’t paint AgileBits in a particularly good light.

Read more
This free service just hit a huge website security milestone
global internet usage one zettabyte computer server room information cloud web net

One of the most important security features that protect your personal data as you browse and interact with various websites is enabled by a free service from a company called Let's Encrypt. As the name implies, this involves encrypting data to make it more difficult for your information to be intercepted in a readable form.
Website encryption is incredibly important on shopping websites since you usually need to fill out a form with your email address, shipping address, and phone number in order to get updates on the order status and receive the items you've ordered. Even more sensitive than your contact information and address, your payment information is needed to pay for that awesome, new tech, kitchen gadget, or toy.

In the early internet, encryption wasn't as common as it is today, and Let's Encrypt has played a huge role in making website security universal across the World Wide Web. Starting in 2015, Let's Encrypt took steps to ease the burden of encryption which came at a significant cost that was prohibitive for small businesses compared to the relative ease of creating a website today. Beyond the expense of ordering a Secure Sockets Layer certificate (SSL), which could cost hundreds of dollars each year, it wasn't easy to install this technology on a website. That meant most small websites were not encrypted.

Read more