DHS outlines $202 million plan to beef up cybersecurity

From: Federal Times

The Department of Homeland Security has outlined a $202 million program to arm federal agencies with new tools to continuously monitor their computer networks for security threats. Contracts for monitoring services will be awarded as early as next year.

The tools will enable agencies to monitor their systems every 24 to 72 hours, and to diagnose and prioritize the biggest security weaknesses. Such programs are already in operation at two agencies, the State and Justice departments.

When it comes to continuous monitoring capabilities, “we are a little bit uneven across [the] dot-gov” domain, said John Streufert, director of DHS’ National Cybersecurity Division.


FedRAMP Continuous Monitoring Strategy & Guide Released

NIST, GSA, DHS and DOD have released ver 1.0 of their Continuous Monitoring Strategy & Guide, attached below.  The Guide,

describes the FedRAMP strategy for CSPs to use once they have received a FedRAMP Provisional Authorization. CSPs must continuously monitor their cloud service offering to detect changes in the security posture of the system to enable well-informed risk-based decision making. This guide instructs CSPs on the FedRAMP strategy to continuously monitor their systems.

The Guide includes a discussion of the role of US CERT in incident handling:


Federal Continuous Monitoring Project Unveiled

From: GovInfoSecurity

DHS Initiative to Examine Networks of Federal Civilian Agencies

By Eric Chabrow

The U.S. Department of Homeland Security is initiating a program to provide continuous monitoring capabilities to civilian, non-intelligence agencies in the federal government.

DHS will deploy sensors to agencies, generating the needed 60 billion to 80 billion vulnerability-and-configuration-setting checks every one-to-three days across the .gov network, according to a fact sheet issued by the department.


DHS Draft Technical Requirements for Continuous Monitoring and Cloud Boundary Defense

Attached below is a Pre-Decisional, Discussion Draft DHS Continuous Monitoring document.  According to DHS,

The attached technical requirements for continuous monitoring and cloud boundary defense serve as a proposed path forward for implementing federal information systems and cloud cybersecurity.

From: SANS Institute

DHS Releases Detailed Specification for Software Tools for Continuous


GAO Finds Monitoring Shortfalls at IRS

Editor’s Note:  The GAO Management Report, attached below, discusses shortcomings in IRS monitoring programs.  Key “Results in Brief”  discussing monitoring are quoted below.  The Report contains significant additional discussion related to IRS system monitoring policies.


Applications Of Splunk Live DC

From: The Data Center Journal

Rakesh Dogra

Technology finds its greatest potential in the user community. An event like Splunk Live DC therefore is an example of such an event where the user is the main focus. Splunk as a capability focusses immensely on the user. Three use cases of Splunk therefore came into the limelight at the event.Cisco used the technology to bolster the operations of the CSIRT or Cisco Computer Security Incident Response Team. The CSIRT was able to look for anomalies by gathering event data and enjoying a holistic approach to the same.


Japanese boffins plumb darknet for cyber attack alerts

From: The Register

DAEDALUS system monitors unused IP addresses

By Phil Muncaster

Japanese boffins at the National Institute of Information and Communications Technology (NICT) have been showing off a new real-time alert system designed to help security teams spot and visualise cyber attacks more effectively.

The DAEDALUS (Direct Alert Environment for Darknet And Livenet Unified Security) system has been in the making for several years, and detects threats via large-scale monitoring of the internet’s unused IP addresses, which NICT calls the ‘darknet’.

Here’s an explanation from a 2009 research paper:


Sallie Mae Wins Information Security Executive(R) Security Project of the Year Award with nCircle Implementation

nCircle’s Enterprise-wide Continuous Monitoring and Vulnerability Management Program Increases Security and Compliance

SAN FRANCISCO, Jun 21, 2012 (BUSINESS WIRE) — nCircle, the leader in information risk and security performance management solutions, today announced that T.E.N. awarded Sallie Mae the Information Security Project of the Year for their implementation of nCircle IP360(TM). The award showcases projects for outstanding achievements in risk management, data asset protection, compliance, privacy and network security deployed and completed over the last 12-18 months. Nominees and final winners were recognized at the at the ISE(R) Central Awards 2012 held on June 6, 2012 at the Sheraton Dallas Hotel, Dallas, Texas.


The Need for Continuous Monitoring

From: Info Security

USAID gets detention after failing FISMA test

The US Agency for International Development (USAID) is working to improve its network security monitoring in response to a failing grade on the Federal Information Security Management Act (FISMA) scorecard, according to Jerry Horton, the agency’s chief information officer.

In last year’s FISMA scorecard, USAID received an “F” for not implementing a continuous network monitoring program in place and not providing automated data feeds to the CyberScope tool, according to the Office of Management and Budget’s FISMA report to Congress. The CyberScope tool automates FISMA reporting; OMB originally gave agencies a Nov. 15, 2010, deadline to implement a system that could provide automated data feeds to the tool, although few agencies actually met the deadline.


National security systems should move to cloud, says White House advisory committee

Editor’s Note:  To see NSTAC’s Highest Priority recommendations to the President, please see FISMA Focus here.

From: FierceGovernmentIT

The president should direct agencies that oversee national security and  emergency preparedness, or NS/EP, programs to move mission-critical systems to  the cloud, recommends  (.pdf) a May 15 report to the president from the White House’s national security  telecommunications advisory committee.

The report says all NS/EP-related cloud service level agreements should  address continuous availability and assured capacity, identity management,  periodic third-party audit, continuous monitoring, encryption of data at rest,  security process transparency, and the certification and accreditation of  hosting systems and processes.

Older posts «