Hybrid cloud is hard — but worth it in the long run, feds say

From: FedScoop

Early adopters of cloud said getting to a hybrid cloud model was filled with struggles. But the fruits of those labors have been worth the fight, they said.

By Greg Otto

LAS VEGAS — Some of the biggest proponents of cloud computing in the federal government know their data centers are not going to be shut down overnight.

So, agencies must figure out how to take advantage of the agility of the cloud while they’re still dependent on legacy data storage systems. That’s easier said than done, said two executives from early cloud adopters within the federal government.


Report finds many nuclear power plant systems “insecure by design”

From: Ars Technica

Use of VPNs in some reactors, lack of security measures pose risks.


A study of the information security measures at civilian nuclear energy facilities around the world found a wide range of problems at many facilities that could leave them vulnerable to attacks on industrial control systems—potentially causing interruptions in electrical power or even damage to the reactors themselves. The study, undertaken by Caroline Baylon, David Livingstone, and Roger Brunt of the UK international affairs think tank Chatham House, found that many nuclear power plants’ systems were “insecure by design” and vulnerable to attacks that could have wide-ranging impacts in the physical world—including the disruption of the electrical power grid and the release of “significant quantities of ionizing radiation.” It would not require an attack with the sophistication of Stuxnet to do significant damage, the researchers suggested, based on the poor security present at many plants and the track record of incidents already caused by software.


Warren Buffett enters the cybersecurity insurance market

From: Insurance Business America

Insurance giant Warren Buffett is entering one of the most lucrative spaces in the industry.

Buffett’s Berkshire Hathaway Specialty Insurance unveiled on Tuesday two new insurance policies providing coverage for cyber liability and breach response, alongside resources for risk management.

Read Complete Article


Build public trust by tightening security preparedness

From: GCN

By Stephen Treglia

Government agencies have been subject to criticism of late due to the ongoing struggles with data protection. While the public sector accounted for only 11 percent of all data breaches in 2014, according to a survey by the Identity Theft Resource Center, government data breaches are among the most highly criticized. In the private sector, the loss of trust after a data breach results in greater customer churn and reduced profits. In the public sector, relationships are not bound by the same economics; those affected by a data breach either have no fiscal resource to express their loss of trust or no alternative service provider. What we see instead is a loss of faith in the competency of governments as a whole. In order to bolster confidence among their constituents, government agencies need to dramatically increase their accountability towards data security.


Correcting Federal Databases: A Procedural Guide

From: CircleID

By Bruce Levinson

Federal databases, such as those being compiled by the Consumer Financial Protection Bureau and the Federal Trade Commission, contain data about many people and businesses. Although some of this data may be protected personal information (PPI), there is also extensive information in federal databases that is publicly disseminated via the internet. If the information is wrong, it has the potential to be a vector of tortious mischief.

There are major federal initiatives aimed at securing of the data contained in them. But what if a record in a federal database is inaccurate? What if the inaccurate information concerns you or your business? What do you do?


Department of Defense (DoD)-Defense Industrial Base (DIB) Cybersecurity (CS) Activities

From: Federal Register


Interim Final Rule.


DoD is revising its DoD-DIB Cybersecurity (CS) Activities regulation to mandate reporting of cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor’s ability to provide operationally critical support, and modify eligibility criteria to permit greater participation in the voluntary DoD-Defense Industrial Base (DIB) Cybersecurity (CS) information sharing program.



Cyber-attack targets on govt officials, telco company revealed by GCSB

From: New Zealand Herald

Nicholas Jones

A powerful cyber-attack has targeted certain officials in a government department in a possible effort to access sensitive information.

Another major IT firm received help from the Government Communications Security Communications Bureau (GCSB) after it was discovered their computer network had been compromised for some time.

Read Complete Article


GAO: Small businesses working with DoD need cybersecurity guidance

From: FierceGovernmentIT


The Defense Department office that oversees small business defense contractors should provide cybersecurity resources to help them protect their networks, but other priorities are delaying DoD’s efforts, congressional investigators said in Sept. 24 report.

While the Office of Small Business Programs, or OSBP, within the Defense Department isn’t required to educate small businesses on cybersecurity, the Government Accountability Office said in its report (pdf) that officials there recognize that cybersecurity is “an important and timely issue.”

Read Comlete Article


DHS working with FedRAMP, CIO Council to boost agency use of cloud computing services

From: FierceGovernmentIT


A Homeland Security Department official testified Sept. 22 that the department is stepping up efforts to help federal civilian agencies increase their use of cloud computing services beyond just email and website management collaboration tools.

Mark Kneidinger, who is the federal network resilience director within DHS’s cybersecurity and communications office, said the department is currently working with the Federal Risk and Authorization Management Program, or FedRAMP, and Federal Chief Information Officers Council on two activities to help agencies move mission-critical legacy applications into the cloud so they can save money, become more efficient and enhance security.


Despite major breaches, new report gives government cybersecurity high marks

From: FierceGovernmentIT


A new report finds that, despite recent high-profile breaches, the federal government has the second highest cybersecurity performance rating when compared to private sector industries.

According to Bitsight’s third annual “Insights Industry Benchmark Report”, even though federal government breaches have splashed across the headlines recently, they are not as numerous nor as severe as those affecting other spaces, like education and energy. In fact, the only private sector space performing at a higher level than the government is finance.

Read Complete Article

Older posts «