Kemba Walden | |
---|---|
United States National Cyber Director | |
Acting | |
In office February 15, 2023 –November 17, 2023 | |
President | Joe Biden |
Preceded by | Chris Inglis |
Succeeded by | Drenan Dudley (acting) |
Personal details | |
Education | Hampton University (BA) Princeton University (MPA) Georgetown University (JD) |
Kemba Eneas Walden is an American lawyer who served as the acting National Cyber Director in 2023. She joined the Office of the National Cyber Director as its principal deputy in May 2022. Walden was previously counsel of the digital crimes unit at Microsoft.
Walden earned a B.A. from Hampton University. [1] She earned a Master’s in Public Affairs from Princeton University and a J.D. from the Georgetown University Law Center. [1]
Walden spent a decade in government service at the United States Department of Homeland Security,most recently at the Cybersecurity and Infrastructure Security Agency. [1] In February 2022,Walden was appointed as an inaugural member of the Cyber Safety Review Board, [2] [3] and she contributed to its review of the December 2021 Log4j event. [4] [5] Walden later served as counsel at the Digital Crimes Unit (DCU) of Microsoft [6] where she was responsible for launching and leading the DCU Ransomware Program. [7]
In May 2022,she joined the Office of the National Cyber Director,as its principal deputy. Upon the retirement of John C. Inglis on February 15,2023,she became the acting director. [8] [9] She was involved in the development of a National Cybersecurity Strategy. [10] [11] [12] [13]
On January 8,2024,Walden was announced as president of the newly-launched Paladin Global Institute,a cybersecurity research and advocacy institute. [14] [15] She contributed to the Institute of Security and Technology's Ransomware Task Force and contributed to its April 2021 “Combating Ransomware”report and serves as co-chair. [16] [17] [18] [19]
Computer security,cybersecurity,digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure,theft of,or damage to hardware,software,or data,as well as from the disruption or misdirection of the services they provide.
A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses,worms,Trojan horses,phishing,denial of service (DOS) attacks,unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection,the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.
A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry,from the financial sector,oil industry,to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.
Dmitri Alperovitch is an American think-tank founder,author,investor,philanthropist,podcast host and former computer security industry executive. He is the chairman of Silverado Policy Accelerator,a geopolitics think-tank in Washington,D.C.,and a co-founder and former chief technology officer of CrowdStrike. Alperovitch is a naturalized U.S. citizen born in Russia who came to the United States in 1994 with his family.
The Cyber Security Agency (CSA) is a government agency under the Prime Minister's Office,but is managed by the Ministry of Communications and Information of the Government of Singapore. It provides centralised oversight of national cyber security functions and works with sector leads to protect Singapore's Critical Information Infrastructure (CII),such as the energy and banking sectors. Formed on 1 April 2015,the agency also engages with various industries and stakeholders to heighten cyber security awareness as well as to ensure the development of Singapore's cyber security. It is headed by the Commissioner of Cybersecurity,David Koh.
Lazarus Group is a hacker group made up of an unknown number of individuals,alleged to be run by the government of North Korea. While not much is known about the Lazarus Group,researchers have attributed many cyberattacks to them since 2010. Originally a criminal group,the group has now been designated as an advanced persistent threat due to intended nature,threat,and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song,the unit is internally known in North Korea as 414 Liaison Office.
Deception technology is a category of cyber security defense mechanisms that provide early warning of potential cyber security attacks and alert organizations of unauthorized activity. Deception technology products can detect,analyze,and defend against zero-day and advanced attacks,often in real time. They are automated,accurate,and provide insight into malicious activity within internal networks which may be unseen by other types of cyber defense. Deception technology seeks to deceive an attacker,detect them,and then defeat them.
The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency,an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies,infrastructure operators,state and local governments,and international partners.
The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government,coordinating cybersecurity programs with U.S. states,and improving the government's cybersecurity protections against private and nation-state hackers.
Triton is malware first discovered at a Saudi Arabian petrochemical plant in 2017. It can disable safety instrumented systems,which can then contribute to a plant disaster. It has been called "the world's most murderous malware."
Jack Cable is an American computer security researcher and software developer who currently serves as a Senior Technical Advisor at the Cybersecurity and Infrastructure Security Agency. He is best known for his participation in bug bounty programs,including placing first in the U.S. Department of Defense's Hack the Air Force challenge. Cable began working for the Pentagon's Defense Digital Service in the summer of 2018.
Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face,the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability,technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.
Ryuk is a type of ransomware known for targeting large,public-entity Microsoft Windows cybersystems. It typically encrypts data on an infected system,rendering the data inaccessible until a ransom is paid in untraceable bitcoin. Ryuk is believed to be used by two or more criminal groups,most likely Russian,who target organizations rather than individual consumers.
Women in CyberSecurity (WiCyS) is a 501(c)(3) non-profit aimed at supporting the recruitment,retention and advancement of women in cybersecurity. It is a global community of men and women dedicated to bringing talented women and under-represented groups together to fill the cybersecurity jobs gap and make the field of cybersecurity more inclusive.
The Cyber Safety Review Board was established by the United States Secretary of Homeland Security. Modeled after the National Transportation Safety Board,it will meet in cases of significant cybersecurity incidents. The board's creation was announced upon President Joe Biden's signing of Executive Order 14028 on May 12,2021.
Lindy Cameron is a British civil servant and diplomat,serving from April 2024 as British High Commissioner to India. From 2020 to 2024 she was chief executive officer at the National Cyber Security Centre,and before that Director-General in the Northern Ireland Office and the Department for International Development.
APT40,also known as BRONZE MOHAWK,FEVERDREAM,G0065,GADOLINIUM,Gingham Typhoon,GreenCrash,Hellsing,Kryptonite Panda,Leviathan,MUDCARP,Periscope,Temp.Periscope,and Temp.Jumper,is an advanced persistent threat operated by the Hainan State Security Department,a branch of the Chinese Ministry of State Security located in Haikou,Hainan,China,and has been active since at least 2009.
The Office of the National Cyber Director is an agency in the United States Government statutorily responsible for advising the President of the United States on matters related to cybersecurity. It was established in 2021.
Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j,a popular Java logging framework,involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation,of which Log4j is a project,by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on 10 December 2021,the vulnerability circulated with the name "Log4Shell",given by Free Wortley of the LunaSec team,which was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10,the highest available score. The exploit was simple to execute and is estimated to have had the potential to affect hundreds of millions of devices.
Gregory Falco is an American inventor and researcher. Falco is a professor at Cornell University. He is a pioneer in the field of cybersecurity research and its aerospace applications. Falco is the founding chair of IEEE's Standard for Space System Cybersecurity.