Archive for July, 2011

US-CERT Director Leaves Abruptly

By Elizabeth Montalbano, InformationWeek

U.S. Computer Emergency Readiness Team (US-CERT) director Randy Vickers resigned his position Friday, effective immediately, according to an e-mail to US-CERT staff sent by Bobbie Stempfley, acting assistant secretary for cybersecurity and communications, and obtained by InformationWeek. A Department of Homeland Security (DHS) spokesperson confirmed the email was authentic.

The DHS has not provided a reason for Vickers’ sudden departure and the spokesperson, who asked to remain anonymous, declined to discuss the matter further. Vickers served as director of US-CERT since April 2009; previously, he was deputy director.

Updated SCAP specs aim to improve automated security checks

From: Government Computer News

By William Jackson

The Security Content Automation Protocol (SCAP), which helps agencies ensure the security of their networks, is being updated with four new specifications for automated security assessments of information systems.

Drafts of the new specs have been released by the National Institute of Standards and Technology in Special Publication 800-126 Revision 2, “The Technical Specification for the Security Content Automation Protocol: Version 1.2.”

An increased emphasis on continuous monitoring and real-time awareness of the security status of federal IT systems makes the automation imperative. SCAP helps enable automation by supporting automated checking of configuration, vulnerability and patch status of systems, as well as compliance with security requirements. It also includes protocols for security measurement.

Cloud cuts both ways when it comes to cybersecurity

From: Defense Systems

By Amber Corrin

The increasing availability of options in cloud computing are making the strategy more appealing to many government agencies, but the unique security demands of the Defense Department and related organizations require extra attention to cyber safety.

However, the growing cloud movement might help drive efficiency and improve defense IT operations, a panel of federal officials said July 15 at the AFCEA Cybersecurity Symposium in Washington.

“There are a lot of promises out there of cloud computing ‘reducing costs ten-fold’ or ‘savings of 50 percent’ – but we have to make it operationally beneficial,” said Dave Mihelcic, Defense Information Systems Agency chief technology officer.

Cloud Adoption Checked by Security Concerns


By William Jackson

Cloud computing security concerns outweigh the potential cost savings by a two to one margin, according to a recent survey of government and industry IT professionals by nCircle.

Only 32 percent of those questioned in the study conducted by automated compliance auditing company said that cost savings outweigh security issues, but that is an increase of 6 percent from last year. Thirty-five percent said they are already are doing some cloud computing, up from 24 percent last year, and another third are considering the move.

U.S. Senate, NLC Debate Cybersecurity Policy

From: National League of Cities

by Mitchel Herckis

From the White House to Congress, federal leaders are looking at a range of policy options to bolster the United States’ ability to thwart Internet threats ranging from cybercrime to terrorist activity. With the White House having released a cybersecurity proposal in May and no less than three Senate committees considering legislation, there is consensus that the federal government must do more to ensure the safety of e-commerce and secure critical infrastructure from online threats.