Security of “high-impact” federal systems not exactly rock-solid

From: Network World


GAO: The loss of high impact” systems could cause individuals, the government, or the nation catastrophic harm


An underlying reason for these weaknesses is that the agencies had not fully implemented elements of their information security programs. For example, security plans did not always address controls specific to high-impact systems, those with significant security responsibilities did not always complete specialized training, systems ‘assessments were not comprehensive, and continuous monitoring strategies were incomplete.”



NATO Symposium on “Cyber Defence Situation Awareness” CALL FOR PAPERS

From: Partnership for Conflict, Crime and Security Research

Sofia, Bulgaria on 3 – 4 October 2016

The aim of the symposium is to bring together experts and practitioners from NATO member military agencies along with industry leaders and academic visionaries to present and discuss the state-of-the-art developments and hard challenges in cyber defence situational awareness, cyber security and the application and exploration of cyber security metrics, dynamic risk assessment, visualisation and visual analytics in cyber defence. The meeting will result in a raised awareness of our common efforts and the development of collaborative opportunities.


For Commerce, cyber is a marriage with DHS

From: FederalNewsRadio.com | 1500 AM

Ask the CIO: Download audio

Jason Miller


Rod Turk, the Commerce Department’s chief information security officer, said the goal isn’t to undermine what the Homeland Security Department is providing, but rather to make sure his agency is as prepared as possible when the tools do arrive.



From: Politico | Morning Cybersecurity


With help from Alex Byers and Kate Tummarello


A recent bill report on the Senate legislation touts spending increases over fiscal 2016 for the U.S. Computer Emergency Readiness Team, continuous diagnostics and monitoring of federal networks, as well as Einstein, DHS’s intrusion detection system.

Read Complete Article


Statement for the Record Social Security Administration: Information Systems Review

From: United States House of Representatives Committee on Oversight and Government Reform

Statement for the Record

Social Security Administration: Information Systems Review

Gale Stallworth Stone, Deputy Inspector General,  Social Security Administration


Before I review the reporting metrics that revealed significant deficiencies in SSA’s information security controls, I want to highlight the importance of the Agency’s efforts to implement NIST’s Information System Continuous Monitoring (ISCM) strategy. Continuous monitoring helps organizations maintain ongoing awareness of information security, vulnerabilities, and threats to support risk-management decisions. ISCM calls for organizations to implement tools and processes that maintain situation awareness of all systems; maintain an understanding of threats and threat activities; assess all security controls; collect and analyze security-related information; and communicate security status across the organization.