FISMA News

From: Emergency Management

State and local governments are closer than ever to having a single view available of the cyber-attacks and security vulnerabilities they are facing, thanks to groundbreaking work by a cross-sector organization that’s bringing them together.

The not-for-profit Multi-State Information and Analysis Center (MS-ISAC) is on the cusp of significant growth, said the organization’s chair, Will Pelgrin, and new participants will be able to utilize a new threat monitoring center recently launched by MS-ISAC that will give state and local governments better security intelligence in near real-time.

The National Science Foundation’s Cyberinfrastructure Advisory Committee will be meeting at NSF’s Arlington office on:

December 8, 2010 8:30 a.m. – 5:15 p.m.
December 9, 2010 8:30 a.m. – 11:45 p.m.

The Federal Register notice of the meeting is attached.
Meeting Notice

November 23, 2010 – Eric Chabrow, Executive Editor, GovInfoSecurity.com

The Department of Transportation’s chief information officer has questioned the effectiveness of Federal Information Security Management Act audits in securing government IT systems.

“Prior administrations attempted to address FISMA performance through short-term redirection, or by addressing immediate audit findings, without addressing the systematic issue limiting and impacting agency program performance,” DOT CIO Nitin Pradhan, in a memo prepared by CISO Andrew Orndorff, wrote in response to a DOT inspector general report critical of the department’s compliance with FISMA during fiscal year 2010.

Reporting mandate may widen with new cybersecurity bill

By OhMyGov! Nov 22 2010, 11:11 AM

As Congress works toward comprehensive legislation on cybersecurity, at least one aspect is ripe for controversy: requiring private companies to report attacks on their own networks to the government.

CISOs, CIOs Priorities Don’t Necessarily Mesh
November 19, 2010 – Bruce Brody

FISMA designates departmental and agencies chief information officers as the primary official responsible for their organizations’ IT security. Among the CIOs’ duties under the Federal Information Security Management Act: designating a senior agency information security officer. That explains why agencies have placed chief information security officers under CIOs or deputy CIOs, far down the chain of command. But is this the right place for information security in a federal agency?

WASHINGTON | Tue Nov 16, 2010 2:23pm EST

WASHINGTON (Reuters) – The United States faces a major threat in the future from cyber technologies that will require civil-military coordination to shield networks from attack, Defense Secretary Robert Gates said on Tuesday.

“I think there is a huge future threat. And there is a considerable current threat,” Gates told The Wall Street Journal CEO Council. “And that’s just the reality that we all face.”

The U.S. Defense Department estimates that over 100 foreign intelligence organizations have attempted to break into U.S. networks. Every year, hackers also steal enough data from U.S. government agencies, businesses and universities to fill the U.S. Library of Congress many times over, officials say.

The Hill
By Gautham Nagesh – 11/16/10 10:53 AM ET

A leading technology industry group is urging Congress to extend an expired federal research and development tax credit and pass cybersecurity measures during the lame-duck session.

“This Congress still has the opportunity to help hone America’s competitive edge in the global innovation economy,” said TechAmerica President Phil Bond. “The R&D Credit is a jobs credit — an extension should be a no-brainer in a time of uncertain recovery.”

By Grant Gross, IDG News

The U.S. Congress should focus on extending a research and development tax credit and on passing data breach notification regulations and other cybersecurity legislation during a brief session this month, a large technology trade group recommended.

Congress returns to Washington, D.C., this week for a so-called lame-duck session lasting about three weeks, and TechAmerica wants lawmakers to focus on some technology issues, in addition to income-tax and budget issues, officials of the 1,200-member trade group said Monday.

The Digital Government Institute has announced the following FISMA training seminar:

2011 FISMA: Understanding the New Process, Requirements and Responsibilities

February 14 – February 15, 2011

OMB and NIST over the past year have issued in Special Publication 800-37 the new standards for gaining approval for operating IT systems for all Federal organizations, including the DoD and Intelligence communities. This moved us from a 4-phase Certification and Accreditation (C&A) process to a 6-step Authorization process. This process has radically changed the way the U.S. government is securing and reporting the status of their IT systems. Increased emphasis is now being placed on including risk management, near-real-time awareness, automation, program management, and continuous monitoring concepts and solutions to secure Government IT systems. Also, there are new responsibilities and requirements at all levels within the government and supporting contractor organizations to meet the 2011 FISMA requirements. This 2-day course provides an awareness of strategies for meeting these new requirements.

Deutsche Welle
One day after its release, the software used to read new German ID cards is shown to be vulnerable to attack. The Federal Office for Information Security has removed links to the program from its website.

Jan Schejbal, a German computer security researcher living in Sweden, on Tuesday described a way to hack the new electronic German ID card software. The federal office responsible for the program stopped allowing the software to be downloaded on Wednesday.