SSA shelves panel’s IT recommendations, drawing IG criticism

Aug 30

From: Federal Computer Week

by Matthew Weigelt

The Social Security Administration spent more than half a million dollars to convene a panel of experts to help plan ahead for IT systems, then dismantled it and shelved most of the recommendations, claiming inadequate resources, according to a new audit by SSA  Inspector General Patrick O’Carroll.

The panel, called the Future Systems Technology Advisory Panel, cost SSA more than $550,000, and issued four reports and 78 recommendations before Social Security Administration Commissioner Michael Astrue pulled the plug in January, the IG said.

Read the full post
Comments (0)

New group to tackle security challenges of big data

Aug 30

From: ITWire

By Stuart Corner

The Cloud Security Alliance (CSA) and Fujitsu Laboratories of America have formed the Big Data Working Group to “address the need for collaborative research and solutions to today’s big data security challenges.”

The group (cloudsecurityalliance.org/research/big-data/) intends to address security and privacy issues that it says have been magnified by the velocity, volume, and variety of big data, such as large-scale cloud infrastructures, diversity of data sources and formats, streaming nature of data acquisition and high volume inter-cloud migration.

Read the full post
Comments (0)

Pressure Builds for Presidential Action on Cybersecurity

Aug 29

From: Government Technology

Sen. Dianne Feinstein, D-Calif., sent an open letter Tuesday, Aug. 28, to President Barack Obama, urging him to take action to secure America’s computer networks, the latest development in the White House’s fractious efforts to pass some kind of cybersecurity legislation before the year’s end.

Earlier this month, the Senate failed to pass a cybersecurity bill that would’ve created voluntary security standards for critical infrastructure corporations, allowing companies and government to share information that provides intelligence to aid efforts to protect energy and utility systems.

Read the full post
Comments (0)

FIPS 140-3 (Second Draft), Security Requirements for Cryptographic Modules; Request for Additional Comments

Aug 29

Editor’s Note:  NIST will publish in tomorrow’s Federal Register a request for aditional comment on certain sections of draft Federal Information Processing Standard (FIPS) 140-3.  Comments will be due in 30 days.  The Federal Register notice is attached here.  The following is from the notice:

NIST is requesting additional comments only on the following sections and sub-sections to resolve gaps and inconsistencies between the comments.

Read the full post
Comments (0)

Toward an Impregnable Grid

Aug 29

From: EnergyBiz.com

Larry Castro

THE NATURE OF THE CYBER THREAT to our nation’s electric grid and the efforts at both the national level and state regulator levels to address this threat are well documented.

A recently reported example of these evolving vulnerabilities is that of the Niagara Framework. The Framework, a suite of interface software used to connect users to a wide range of SCADA-associated functions across a broad scope of industries, including those in and supporting the electric power sector, links at least 11 million individual devices and machines in 52 countries worldwide to the Internet. Such a vast network of users makes it ripe for exploitation by determined threat actors. The potential for vulnerabilities such as those found in Niagara to compromise the security of the grid has been recognized by Congress. At a recent Senate Energy and Commerce hearing,

Read the full post
Comments (0)