FISMA News

From: MetroNews.ca

University of Toronto researchers say a commercial cyber-espionage program marketed as a way for governments to spy on criminals is being used for broader surveillance and can now take over a range of smartphones and other mobile computing devices.

“People are walking around with tools for surveillance in their pockets,” said researcher John Scott-Railton, a doctoral student at the University of California Los Angeles’ Luskin School of Public Affairs, and the founder of The Voices Feeds, which helped activists get around Internet blockages during the Arab Spring.

From: CSO/Boggers

Matthew Hackling

Too much and you can over-extend and it can go “pear shaped”. Too little and you can be branded as uncommunicative and unreasonable. For large corporations the linkage of a brand and any security issue can have a negative effect on share price and immediate financial repercussions.

A large vendor with great responsibility providing supporting infrastructure recently addressed a zero day vulnerability with no media release until the security patch was issued. This made security operations personnel and security aware individuals around the globe very nervous.

Here are some guidelines to consider for your organisation:

From: FierceGovernmentIT

By Molly Bernhart Walker

Smartphones and tablets lack the “strong roots of trust” that are baked into  laptops and other technology, according to a report  (.pdf) published by the National Institute of Standards and Technology Aug.  23.

“These roots of trust are hardware and software components that are secure by  design and are trusted to perform one or more security-critical functions,”  writes NIST.

The agency is working to identify what capabilities roots of trust need in  order to secure next-generation mobile devices. Projects underway at the agency  will examine boot firmware protections, secure storage, device authentication,  and application and data isolation, among other topics, says NIST.

From: Information Week/Government

CIA’s investment arm has partnered with Adaptive Computing to develop a cloud OS for agencies’ use. OpenStack platform may be used.

By Patience Wait

In-Q-Tel, the investment arm of the CIA, has partnered with cloud management specialist Adaptive Computing to develop a “cloud operating system” for use by U.S. intelligence agencies.

Adaptive will integrate its Moab cloud management suite with an unspecified open source cloud platform–potentially OpenStack, CloudStack, or another alternative–to create the cloud OS.

Adaptive’s Moab Cloud Suite provides service provisioning, service catalogs, and policy management in cloud environments. The company holds patents in areas such as multi-tier applications, time-based policy enforcement, and hybrid and multi-tenant clouds.

From: Information Week/Government

State CIO association urges states to make better use of big data, warns of challenges in implementing programs.

By Patience Wait

State governments should begin laying the groundwork to utilize big data in ways that will benefit the public, according to a national association of state IT leaders.

In a just released report on the role of big data in state government, the National Association of State Chief Information Officers (NASCIO) is advising its members to develop an enterprise architecture and data governance policies to maximize the potential of the information their state agencies generate.

From: CJNews India

Indian government is famous for its knee jerk reactions. It always tries to cure the problem rather than preventing it from happening. Even the cure part of India government is far from perfect. In short, Indian government is neither interested in preventive nor a curative situation.

One such area that has been ignored for more than a five years by Indian government pertains to cyber security that is still an ignored world. Surprisingly, Praveen Dalal, leading techno legal expert of Asia and managing partner of ICT law firm Perry4Law, warned about this situation in the year 2006/07 itself but it seems the Indian government is too slow to react.

From: FederalNewsRadio.com 1500 AM

Every agency has reviewed their needs to consolidate data centers, and progress across the government is real. The Office of Management and Budget says agencies shut down 250 data centers and plans to close a total of 479 by the end of fiscal 2012.

The long-term goal is to close down 1,200 data centers out of more than 3,133 that existed as of June.  The goal is more than just shutting down servers and buildings. OMB expects agencies to transform business operations and meet mission better by moving to technologies such as virtualization and cloud computing.

Editor’s Note:  Australia apparently has no equivalent of the Paperwork Reduction Act.

From: ComputerWorld

Submissions for the inquiry into national security legislation have been publicly released.

Stephanie McDonald

A joint submission by the Australian Mobile Telecommunications Association (AMTA) and the Communications Alliance has detailed data retention reforms could cost the industry over half a billion dollars.

Its submission to a parliamentary inquiry into reforms into national security legislation states set-up costs for data retention would cost nearly $100 million.

From: CNET

 Team GhostShell says it published one million records, allegedly from banks, government agencies, consulting firms and others — and claims there’s more to come.

by BRETT BARROUQUERE, Associated Press

LOUISVILLE, Ky. (AP) — A federal  judge has ordered a former computer programmer for Toyota  from leaving the United States while the company investigates the damage done by  an alleged computer hacking incident.

U.S. District Judge Karen  Caldwell in Lexington also ordered Ibrahimshah Shahulhameed of Georgetown,  Ky., to forfeit any information and data he took from the computer system of  Toyota Motor Engineering & Manufacturing North America.

In a lawsuit filed in federal  court in Lexington, Toyota alleged that Shahulhameed illegally accessed the  website www.toyotasupplier.com after  being dismissed from his contract position on Thursday. The company claims  Shahulhameed reset the website and computer system to  automatically crash.