GAO on DATA Act: Improvements Needed in Reviewing Agency Implementation Plans and Monitoring Progress

Editor’s Note: The complete report GAO-16-698 is available here. Below is an excerpt.

From: GAO

Nextgov Event: Post-OPM Breach, Where Are We in Federal Cybersecurity?

From: Nextgov

By Frank Konkel


On Thursday, Aug. 11, Nextgov will discuss these efforts and the government’s cybersecurity standing 14 months after the most devastating hack in the federal government’s history. The event takes place at 1777 F Street, NW, in Washington, D.C.

Our speakers include:

  • Trevor Rudolph, chief of the Office of Management and Budget’s Cyber and National Security Unit (invited).
  • Marianne Bailey, principal director and deputy chief information officer for cybersecurity, Defense Department.
  • Sherrill Nicely, chief information security officer, CIA.

Read Complete Announcement


Automotive Industry Organization Releases Recommended Cybersecurity Best Practices

From: Lexology

Kathryn C. Mellinger

Auto-ISAC is not alone in its efforts to address potential cybersecurity risks imposed by connected vehicles. As we have previously discussed, in 2015 legislators introduced the SPY Car Act, which requires automakers to meet certain vehicle data security standards to combat potential hacking threats. The U.S. Department of Transportation (DOT) notes that it has been researching and testing vehicle communications for over a decade. In addition, through the Intelligent Transportation Systems Joint Program Office, the DOT has worked to fund almost $25 million in cyber security research between 2012 and 2014. The National Highway Traffic Safety Administration (NHTSA) also published information relating to its comprehensive approach to vehicle cybersecurity.

Final A-130 revisions focus on cybersecurity, privacy

From: Federal Times

After more than 15 years of advancement passed it by, the Office of Management and Budget released an update to Circular A-130, the government’s guiding policy for managing and maintaining IT resources.

Along with more emphasis on cybersecurity and treating data assets, the policy has been updated to reference new legislation — like the Federal IT Acquisition Reform Act (FITARA) and the Digital Accountability and Transparency Act (DATA Act) — as well as presidential directives, executive orders and new standards in technology.

Read Complete Article


How the cybersecurity defense-in-depth model fails agencies

From: | 1500 am

By Ron Gula

For years now, federal agencies have clung to a “defense-in-depth” model to protect their IT networks. Why? Because the concept essentially breaks down into two easy steps:

  1. Buy lots of firewalls, anti-virus products and other traditional solutions.
  2. Install them.

Never mind that the products aren’t designed to work together. Or that government IT teams often cannot deploy defense-in-depth solutions in a manner which fully maximizes their vendor-advertised potential. None of this seemingly matters to tech purchase decision-makers, who walk away believing they’ve built layers of fortification. But what they really have are layers of Swiss cheese, protection-wise.