A survey of 200 federal government, military and intelligence information technology and information technology security professionals shows that staff members pose a larger threat to computer systems than external threats.
President Barack Obama has put the cybersecurity ball into Congress’ court, seeking legislation that pushes what some industry experts have clamored for in the quest to better protect the nation’s information network. The president has unveiled details for new laws toward better cybersecurity, which includes a heavy focus on increased information sharing between government and industry. Some experts have said better protections lacking a robust information-sharing plan—and the related safeguards—between the private sector and government. It's a good start, but not quite enough.
Sensational data breaches such as the recent hacking of Sony Pictures Entertainment, in which employees’ personal information such as Social Security numbers, salary details and emails not only were stolen but publicly disseminated, make for great headlines and capture people’s attention—mainly because the public can relate to the breaches. The headline-grabbing attack leaves people thinking that this could happen to them.
The Defense Information Systems Agency (DISA) has released a draft of suggestions and recommended revisions to its cloud computing security requirements guide (SRG), which documents the agency’s cloud security requirements for the Defense Department. When accepted, the new SRG would supersede and rescind the previously published cloud security model.
The U.S. intelligence community is moving toward a hypernetwork of sensors and data collectors that ultimately will constitute an Internet of Things for the community and its customers. If it is successful, the intelligence community would have more data, processed into more knowledge, available more quickly and with greater fidelity for operators and decision makers.
While a more secure cyberspace will emerge through an evolutionary process, the U.S. government must take immediate action to influence the rate of change.
For the U.S. Defense Department, the Internet of Things means that everything—battlefield uniforms, office thermostats and major weapon systems, for example—are networked, providing tremendous amounts of data for situational awareness while also preventing challenges for cybersecurity and data storage and analysis.
The Internet of Things, the latest iteration of the overarching dream of an omnipresent network architecture, offers an uncertain future in both opportunities and challenges. That uncertainty is growing as the network concept itself expands in scope and reach.
The U.S. Army has established a Cyber Chief Information Officer Focal within the acquisition community, responding to the ever-expanding role cyber now has in the service branch.
Many information technology organizations are taking a different approach to cybersecurity that radically reduces the time to detect and respond to attempted cyber attacks.
A new program aims to help veterans seeking work in the field of cybersecurity earn certifications. "The scholarship opens doors for veterans seeking continued service to their country ... and at the same time helps to fill the growing need for cybersecurity professionals."
The private and financial sectors are pressing for better governmental answers to the costly cybersecurity challenges still plaguing the nation. They want the White House to create, as a minimum first step, an interagency or oversight group to facilitate information sharing. This small step is seen as a critical link between industry and government to organizing the fragmented cybersecurity efforts needed to quash mounting attacks.
Cyber is becoming more critical in battle every day, and the U.S. Army is adjusting its Network Integration Evaluation to reflect that reality. The service branch is introducing new digital features to the training event from the laboratory to the field.
Adm. Michael Rogers, USN, who leads both the National Security Agency and U.S. Cyber Command, predicts a damaging attack to critical infrastructure networks within the coming years. If an attack happens, the agency and Cyber Command will coordinate a response along with other government agencies and potentially the private sector organizations that own many of the networks.
The U.S. Defense Information Systems Agency is being tasked with an operational role in the cyber domain, namely network defense. The new role creates a formal relationship between the agency, U.S. Cyber Command and the military services; integrates network operations and defense; and should ultimately improve security.
The Defense Department is expected very soon to release a new policy revising the role DISA plays in brokering cloud services. The changes are designed to speed cloud service acquisitions. DISA no longer will be the sole acquisition agency, but it will continue to ensure network access to cloud service providers is secure and reliable, agency officials say.
Might the recurring data breaches plaguing one large retailer after another be a dress rehearsal for a catastrophic attack that could cripple, if not destroy, the United States and its critical infrastructure? The doomsday rhetoric presented by cybersecurity experts at an issue forum Thursday hosted by the Fairfax County Chamber of Commerce, while not so calamitous, served as a wake-up call to the enduring cybersecurity vulnerabilities.
Strong credentials that people trust will unlock new government and private sector activities. That was the message this morning from Jeremy Grant, senior executive adviser, National Strategy for Trusted Identities in Cyberspace (NSTIC).
Whether a well-established company or one just getting started with cybersecurity risk management programs, those in the industry often can use a little help navigating the cumbersome and technical systems. This snapshot features pointers to clarify existing guidance and help organizations manage cybersecurity risk.
The nation’s critical infrastructure and industrial-control systems have become such potential high-value targets for terrorists that their vulnerability threatens the fabric of society. And, as they increase in both importance and vulnerability, these systems cannot be protected using conventional information security measures.