Archive for December, 2015

White House hopes to trim $9B software spend

From: FCW

By Mark Rockwell

Tens of thousands of expensive and fragmented agency software purchases cost taxpayers $9 billion a year. Two top officials at the Office of Management and Budget say improved management can help save money, and they aim to staunch the flow of money with new plans to consolidate and streamline the way the government buys software.

In a Dec. 21 blog post, Federal CIO Tony Scott and Chief Acquisition Officer Anne Rung announced a proposal that “doubles down” on acquisition consolidation at federal agencies and builds on new requirements in the Federal IT Acquisition Reform Act. The proposed guidance is open for public comment through Jan. 20, 2016.

IBM to lead open-source semi-private blockchain for banking giants

From: The Stack

In March we reported that IBM was maintaining ‘informal discussions’ with the U.S. Federal Reserve whilst investigating the application of blockchain technology for financial services. Now that work has reached a new stage; the company has announced it will lead a crowd of coding giants in the development of a new blockchain financial transaction infrastructure called Open Ledger, for the benefit of major banking and financial institutions including Wells Fargo, JP Morgan and the London Stock Exchange.

The InfoSec Gender Divide: Practical Advice For Empowering Women

From: DarkReading

Barbara Johnson, Commentary

There is no one-size-fits-all approach for women to succeed in IT security. What you need is a roadmap and a little help from your friends.

While stigmas and stereotypes suggest the industry is not welcoming toward women, speaking from my own experience, I believe more women can become empowered women by researching IT security opportunities, developing security credentials and seizing security opportunities when they arise.


NY Attorney General Wants Public To Report Broadband Speeds

From: Slashdot

An anonymous reader writes: New York Attorney General Eric Schneiderman is investigating ISP speed and service claims. He’s asked consumers to help by testing their broadband speeds and reporting the findings. “New Yorkers should get the Internet speeds they pay for. Too many of us may be paying for one thing, and getting another,” Schneiderman said. “By conducting these tests, consumers can uncover whether they are receiving the Internet speeds they have paid for.”

EU set to agree new data privacy law with stiff penalties

From: EuroNews

By Julia Fioretti

BRUSSELS (Reuters) – A sweeping reform of fragmented laws governing the uses of personal data set to be agreed by the European Union on Tuesday will force companies to report privacy breaches to authorities or face stiff sanctions.

EU governments and members of the European Parliament are expected to agree the new data protection law, which would replace a patchwork of 28 different laws and give regulators greater enforcement powers.

Read Complete Article

Cyber sharing with industry improving, DOJ says

From: FCW

By Sean Lyngaas

Private-sector executives have sent a clear message to the Justice Department: The cyberthreat information the department shares must improve, said Sean Newell, a deputy chief in the department’s National Security Division.

As a result, officials are trying to send threat information to breach victims as an investigation progresses, Newell said Dec. 9 at an Atlantic Council event in Washington.

Read Complete Article

Nate Lesser: New project to establish cybersecurity standards, best practices

From: 1500AM

By Tom Temin | @tteminWFED

Nate Lesser, Deputy Director, National Cybersecurity Center of Excellence

It’s one thing when cybersecurity hackers bring your system down. At least you can tell what’s going on. But what about when malicious people inside or outside alter or erase data quietly? It’s a major worry for business and government not knowing what they don’t know. That’s why the National Cybersecurity Center of Excellence has launched a project to establish standards and best practices for knowing about and responding to attacks on data integrity. For more on this project, Federal Drive with Tom Temin talked to Nate Lesser, the center’s deputy director.

Breached hotel chain settles with FTC in landmark case

From: The Hill

By Cory Bennett

The Federal Trade Commission on Wednesday settled a lawsuit with hotel chain Wyndham Worldwide that alleged the company’s poor data security exposed customer data to hackers.

The settlement is the final period in a court battle that spanned several years and threatened the FTC’s power to go after companies over their data security practices.

Read Complete Article

Book Review: Red Team by Micah Zenko

From: Council on Foreign Relations

by Adam Segal

As the details of the hacking of the U.S. Office of Personnel Management (OPM) became public in 2014 and 2015, the refrain from the press, Congress, and the general public was: how could this happen? How could hackers, probably from China, have stolen what one former official called, “crown jewels material … a gold mine for a foreign intelligence service”—the personal data of 18 million individuals, including the sensitive information on federal employees? After reading Red Team: How to Succeed by Thinking Like the Enemy, the excellent new book by my colleague Micah Zenko, you are likely to ask, why doesn’t it happen more often, and is there anything to be done to make sure it does not happen again?

Privacy expert Lorrie Cranor will replace Ashkan Soltani in January

From: IT World


Privacy issues will likely stay at the forefront of the FTC’s focus next year thanks to the commission’s appointment of Lorrie Cranor as its new chief technologist.

Cranor, who is currently a professor of computer science and engineering and public policy at Carnegie Mellon University, directs the CyLab Usable Privacy and Security Laboratory. She will succeed Ashkan Soltani, the privacy expert who assumed the role in November 2014, the U.S. Federal Trade Commission announced on Thursday.

Read Complete Article