Blog     e-Newsletter       Resource Library      Directories      Webinars  Apps     EBooks
   AFCEA logo


Cybersecurity Breaches Making Users More Savvy, but Vulnerabilities Persist

December 17, 2014
By Sandra Jontz

Sensational data breaches such as the recent hacking of Sony Pictures Entertainment, in which employees’ personal information such as Social Security numbers, salary details and emails not only were stolen but publicly disseminated, make for great headlines and capture people’s attention—mainly because the public can relate to the breaches. The headline-grabbing attack leaves people thinking that this could happen to them.

DISA Issues Draft of Revised Cloud Security Requirements, Seeks Industry Input

December 15, 2014
By Sandra Jontz

The Defense Information Systems Agency (DISA) has released a draft of suggestions and recommended revisions to its cloud computing security requirements guide (SRG), which documents the agency’s cloud security requirements for the Defense Department. When accepted, the new SRG would supersede and rescind the previously published cloud security model.

Soldiers Stand Up New Cyber CIO Focal

December 1, 2014
By Rita Boland

The U.S. Army has established a Cyber Chief Information Officer Focal within the acquisition community, responding to the ever-expanding role cyber now has in the service branch.

Sponsor Blog: Big Data Analytics a Better Bet to Battling Cyber Attacks

November 17, 2014
By Jay Aceto

Many information technology organizations are taking a different approach to cybersecurity that radically reduces the time to detect and respond to attempted cyber attacks.

(ISC)2 Foundation Announces First Recipients of U.S.A. Cyber Warrior Scholarship For Veterans

November 17, 2014
By Sandra Jontz

A new program aims to help veterans seeking work in the field of cybersecurity earn certifications. "The scholarship opens doors for veterans seeking continued service to their country ... and at the same time helps to fill the growing need for cybersecurity professionals."

Fragmented Government Efforts Stymie Cybersecurity Progress

December 1, 2014
By Sandra Jontz

The private and financial sectors are pressing for better governmental answers to the costly cybersecurity challenges still plaguing the nation. They want the White House to create, as a minimum first step, an interagency or oversight group to facilitate information sharing. This small step is seen as a critical link between industry and government to organizing the fragmented cybersecurity efforts needed to quash mounting attacks.

While federal efforts abound, they are coordinated haphazardly, with gaps and no overarching governance—in spite of a preponderance of existing documents, plans, regulations and actions, according to experts.

A year has passed since the breach of Target Corporation’s information security in which hackers stole 40 million credit and debit card numbers, and yet no national coordinated clearinghouse exists for the formal sharing of information and lessons learned that might mitigate future attacks. A spate of high-profile data breaches has hit big retailers and financial institutions, but cybersecurity in the United States remains a lax patchwork of ill-defined rules and dubious regulations.

But this is not for a lack of trying, some experts say. For years, officials as high as the president of the United States designated cybersecurity as one of the most serious economic and national security challenges—even though, of the 21 top issues listed on the home page in October, cybersecurity ironically is not among them.

Protecting Soldier Networks From Threats, Inside or Outside

December 1, 2014
By Rita Boland

Cyber is becoming more critical in battle every day, and the U.S. Army is adjusting its Network Integration Evaluation to reflect that reality. The service branch is introducing new digital features to the training event from the laboratory to the field.

During the most recent evaluation, which occurred in October and November, several cyber features made their debut. For the first time, the Army Research Laboratory Survivability/Lethality Analysis Directorate (ARL/SLAD) became part of the lab-based risk-reduction efforts in the lead up to the hands-on portion of the event. That work is helping to find earlier vulnerabilities that previously would have been discovered during the field portion of the Network Integration Evaluation (NIE) so experts can resolve any issues before giving the technologies to soldiers. “Is it going to find everything? No, no lab test is ever going to find everything, but I think it is allowing us to move the ball down the road from the perspective of being more proactive to find these issues,” says Jennifer Zbozny, chief engineer for the Program Executive Office for Command, Control and Communications-Tactical (PEO C3T).

The lab-based risk reduction that took place before NIE 15.1 is one of the biggest pushes to do more cybersecurity work in the evaluations. By moving assessments into the laboratory, soldiers save time on the ground. It also helps ensure that updates are loaded before the fieldwork and that mitigation measures are in place when necessary.

Cyber Commander Expects Damaging Critical Infrastructure Attack

December 1, 2014
By George I. Seffers

Adm. Michael Rogers, USN, who leads both the National Security Agency and U.S. Cyber Command, predicts a damaging attack to critical infrastructure networks within the coming years. If an attack happens, the agency and Cyber Command will coordinate a response along with other government agencies and potentially the private sector organizations that own many of the networks.

DISA Targeted to Tackle Network Defense Role

December 1, 2014
By George I. Seffers

The U.S. Defense Information Systems Agency is being tasked with an operational role in the cyber domain, namely network defense. The new role creates a formal relationship between the agency, U.S. Cyber Command and the military services; integrates network operations and defense; and should ultimately improve security.

Clarifying DISA's Cloud Computing Role

October 29, 2014
George I. Seffers

The Defense Department is expected very soon to release a new policy revising the role DISA plays in brokering cloud services. The changes are designed to speed cloud service acquisitions. DISA no longer will be the sole acquisition agency, but it will continue to ensure network access to cloud service providers is secure and reliable, agency officials say.


Subscribe to RSS - Cybersecurity