Feb
14

Senate Bill May Require ‘critical’ Networks to Adopt Cyber Standards

From: PC World

By Grant Gross

A bill in the U.S. Senate would require operators of so-called critical infrastructure networks to adopt cybersecurity practices if evaluations by the U.S. Department of Homeland Security find their security lacking.

The new bill, introduced Tuesday by four senators, would cover operators of systems that, if compromised, would cause mass death, evacuation or major damage to the U.S. economy, said the sponsors, including Senator Joe Lieberman, a Connecticut independent and chairman of the Senate Homeland Security and Governmental Affairs Committee.

Feb
14

Senators to introduce long-awaited cybersecurity bill next week

From: Federal Times

Three senators are expected to introduce a long-awaited cybersecurity bill next week that will overhaul the way the government protects critical networks.

Sens. Susan Collins, R-Maine, Joe Lieberman, I-Conn., and John Rockefeller, D-W.Va., are now putting final touches on the bill, which mirrors a reform proposal outlined by the White House in May.

The bill would authorize the Department of Homeland Securityto beef up security standards for privately owned critical networks, such as those affecting transportation and water systems, said Leslie Phillips, spokeswoman for the Senate Homeland Security and Governmental Affairs Committee. Companies operating such systems, however, could appeal DHS’ regulation of them, Phillips said.

Feb
08

Kendall: Cyber acquisition is unique

From: FierceGovernmentIT

Defense Department is drafting a plan it will soon present to Congress to more effectively acquire cyber defense capabilities, according to Frank Kendall, acting under secretary of defense for acquisition, technology and logistics.

“What we’re going to try to put in place is a way to respect the fact that cyber has to move at a much faster pace than anything else we do,” said Kendall Feb. 6, during a Center for Strategic and International Studies event in Washington, D.C.

Feb
08

Hacker releases Symantec source code

(Reuters) – A hacker released the source code for antivirus firm Symantec’s pcAnywhere utility on Tuesday, raising fears that others could find security holes in the product and attempt takeovers of customer computers.

The release followed failed email negotiations over a $50,000 payout to the hacker calling himself YamaTough to destroy the code.

The email thread was published on Monday, but the hacker and the company said their participation had been a ruse. YamaTough said he was always going to publish the code, while Symantec said law enforcement had been directing its side of the talks.

Feb
08

NIST Report Recommends New Privately Led Steering Group to Drive Trusted Identities in Cyberspace

From NIST Tech Beat: February 7, 2012

 Contact: Jennifer Huergo
301-975-6343

The National Institute of Standards and Technology (NIST) released its recommendations for a new, privately led steering group to tackle the complex policy and technical issues necessary to create an online environment where individuals and organizations will be able to better trust one another. In a report released Feb. 7, 2012, NIST also announced its intent to issue a Federal Funding Opportunity for an organization to convene the steering group and provide it with initial secretarial, administrative and logistical support.

Feb
07

GSA details FedRAMP cloud security program

Editor’s Note:  The FedRAMP Concept of Operations (CONOPS) document may be found here.

From: Federal Times

The General Services Administration provided more details on Tuesday about a new mandatory security assessment program for federal cloud providers.

A 47-page concept of operations document about the Federal Risk and Authorization Management Program (FedRAMP) managed by GSA, details how agencies and cloud vendors can initiate the FedRAMP process, how the program will work and what is required of all parties involved in the process.

One thing vendors should expect are new service level agreements that hold them legally responsible for meeting and maintaining FedRAMP requirements, according to the document.   

Feb
07

Federal Standards Body Focuses On Big Data, Cloud

From: Information Week

National Institute of Standards and Technology’s new IT Lab Director Chuck Romine says agency is focusing on big data, cloud computing, mobility, and cybersecurity in the coming year.

By J. Nicholas Hoover

The National Institute of Standards and Technology’s IT Laboratory, which works on IT standards and metrics as well as federal cybersecurity programs, will be placing a new focus on big data and mobility technologies this year and will continue its work on cybersecurity and cloud computing, according to IT Lab Director Chuck Romine.

Feb
03

Cyber Security Success Must Come from Highest Executive Levels, Government and Industry Experts Conclude

From: immixGroup, Inc

Solutions Include Monitoring, Purging of Older Technology, Real-Time Awareness, Communication, and Coordination

McLean, VA, February 2, 2012-Success in cyber security requires buy-in from the highest levels – not just among the IT staff, but at the CFO and CEO level, according to government and industry panelists in a recent federal cyber security seminar. Network monitoring, patching or purging outdated software and hardware, communications, and coordination are all essential tools for good risk management policies and practices.

» Newer posts