Agencies improve, but still fall short of cybersecurity CAP goals

From: 1500AM

By Michael O’Connell

Most agencies are making progress in securing their information and protecting themselves from cyber threats, but they’re still falling short of the Cross-Agency Priority (CAP) Goals set by the Obama administration, according to a fourth-quarter update recently posted on

The Obama administration established 15 cross-agency priority goals when it released the 2015 budget last spring. The seven mission-oriented and eight management goals are laid out in a four-year timeframe.

Read Complete Article


Secret Service Withheld Monitoring Data from DHS

From: GovInfoSecurity

Agency Agrees to Furnish DHS with IT Security Information


The U.S. Secret Service last year refused to provide the Department of Homeland Security’s chief information security officer with information about vulnerabilities culled from the continuous monitoring of the protective service’s IT systems as required by the Federal Information Security Management Act.

An audit by DHS’s Office of Inspector General also showed that several DHS agencies operated systems with classified data without proper authorization; Heartbleed bug vulnerabilities existed in several systems; and two agencies continue to use the
now-unsupported Microsoft Windows XT operating system.


DHS IT Security Suffers from Noncompliance, Inspector General Audit Finds

From: HSToday.US

By: Anthony Kimery, Editor-in-Chief

The Department of Homeland Security’s (DHS) Office of Inspector General (OIG) disclosed in a new 62-page audit report that DHS “has made progress to improve its information security program, but noncompliance by several DHS component agencies is undermining that effort.”

OIG analysts’ Evaluation of DHS’ Information Security Program for Fiscal Year 2014 “cited a shift to risk-based management of information technology (IT) security and implementation of an agency-wide performance plan as positive developments.  However, the OIG raised concerns over a lack of compliance by components and urged DHS leadership to strengthen its oversight and enforcement of existing security policies.”


VA bringing latest cyber tools to bear to improve network defenses

From: 1500AM

By Jason Miller 

The Veterans Affairs Department is among the first agencies to turn on advanced cybersecurity capabilities known as Einstein 3 Accelerated.

VA’s move to the Department of Homeland Security’s E3A is part of its new strategy to answer long-standing criticisms about how it protects the data of millions of veterans. Most recently, VA failed its Federal Information Security Management Act audit for the 16th straight year.

Read Complete Article


Will CDM finally be ‘the realization of IT security’?

From: GCN

By William Jackson

For more than a decade, the federal government has been moving from a periodic, compliance-based approach to IT security to real-time awareness based on the continuous monitoring of IT systems and networks.

While progress  has been spotty so far, some security watchers say Phase 2 of the Homeland Security Department’s Continuous Diagnostics and Mitigation program, expected to be implemented in 2015, could be a major step forward.

Read Complete Article


NIST Revises Guide on Security Controls

From: GovInfoSecurity

Publication Seen as Aiding with Continuous Monitoring


New guidance published by the National Institute of Standards and Technology is aimed at helping federal agencies and other organizations in and out of government assess proper security and privacy controls, especially those tied to the continuous monitoring of IT systems for vulnerabilities.

The Federal Information Security Management Act,  the law that governs federal government IT security, requires government agencies to “reauthorize” the security of their IT systems every three years using a checkbox process to attest that proper
security controls were implemented. FISMA also requires inspectors general to review annually their respective agencies’ cybersecurity programs.


How Not to Be Sony Pictures

From: IEEE Spectrum

By Mark Anderson

The scope of the recent hack of Sony Pictures — in which unidentified infiltrators breached the Hollywood studio’s firewall, absconded with many terabytes of sensitive information and now regularly leak batches of damaging documents to the media — is only beginning to be grasped. It will take years and perhaps some expensive lawsuits too before anyone knows for certain how vast a problem Sony’s digital Valdez may be.

But the take-away for the rest of the world beyond Sony and Hollywood is plain: Being cavalier about cybersecurity, as Sony’s attitude in recent years has been characterized, is like playing a game of corporate Russian roulette.


Striking a balance with mobile device security

From: FCW

By John Moore

Agencies face a delicate balancing act when it comes to providing mobile security.

On the one hand, IT departments seek to extend endpoint security to a growing population of mobile devices. It’s easy to see why: Smartphones can go missing along with agency data, and mobile devices in general can introduce malware to enterprise networks. On the other hand, employees want the ease of use of consumer technology, and agency managers covet the potential productivity boost.



Now the Government’s Network Surveillance System Can Hack Back

From: Netxgov

By Aliya Sternstein

CenturyLink has begun automatically blocking malicious operations on federal networks, under a controversial Department of Homeland Security program that monitors Internet traffic governmentwide.

The progress comes after delays due to contract negotiations. DHS in 2013 tapped five telecommunications companies to computerize threat deflection, including major players AT&T and Verizon.

Read Complete Article


Vicki Schmanske, Lockheed Martin

From: 1500 AM

It’s been a little over a year since Lockheed Martin opened the doors to its continuous diagnostics and mitigation lab. Since then, Lockheed has been conducting workshops with chief information security officers, security operations center managers, and cyber analysts. Vicki Schmanske is the vice president of IT and Security Solutions at Lockheed Martin. On the Federal Drive with Tom Temin, she explained the threat landscape and what the DHS Continuous Diagnostics and Mitigation program can do for agencies looking to secure their enterprise networks.

Listen to complete interview

Older posts «