The Chertoff Group
Wednesday, March 26, 2014
In 2012, the American cybersecurity company, Mandiant (now owned by FireEye) released a report tracking an extensive, comprehensive cybersecurity threat from China. It gave the Chinese program the name “APT-1,” where APT stands for Advanced Persistent Threat. APT was as accurate a characterization as one could imagine – the techniques used by the Chinese where highly sophisticated and advanced, and they were determined and continuous.
The Chertoff Group
Monday, March 24, 2014
Edward Snowden’s leaks about National Security Agency surveillance practices have had a profound effect on the U.S. cloud computing industry. Experts disagree on the long-term harm to U.S. companies, but recent projections are for $22 billion or more in lost revenue over the next three years. The harm comes largely from backlash over the perceived complicity of U.S. technology companies with NSA operations. That U.S. companies will suffer harm this significant as a result of U.S. government activities raises important questions about U.S. decision-making. In particular, have economic issues, including the competitiveness of U.S. industry and the health of the Internet economy received enough attention in decisions about surveillance? The answer appears to be no.
Monday, March 17, 2014
Cyber Security is a tough situation. You have to protect your digital assets. It isn’t in your organization’s best interest to leave things open and at risk. On the other hand, your end users are pushing for more and more capabilities and access to more and more resources from more and more locations.
Jason Miller, Federal News Radio, Thursday, January 23, 2014
In the rush to the cloud over the last three years, most agencies have tempered their desires and excitement because of security concerns. Agency chief information officers have struggled to satisfactorily answer a number of questions regarding data ownership and protection, and how do the existing cross-agency cyber initiatives fit into the cloud structure.
Rutrell Yasin, Government Computer News, Wednesday, January 22, 2014
An IT industry group led by former Office of Management and Budget e-government administrator Karen Evans says it’s time for the federal government to interconnect the three major IT initiatives it has been driving along largely separate tracks for the last decade: cloud, cybersecurity and mobile computing.
Amber Corrin, Federal Computer Week, Wednesday, January 22, 2014
Most government agencies are embracing the benefits of cloud computing, a mobile workforce and cybersecurity measures to protect critical networks and assets. But in many cases it has been a struggle just to get to that point, and hurdles remain as different approaches present a fragmented federal IT security picture.
SafeGov.org Commissioned White Paper Proposes Framework for Improving Federal Cloud Networks and Procurement Processes
SafeGov.org today released its latest report titled “Staying Safe in Cyberspace: Cloud Security on the Horizon” at the MeriTalk 2014 Cloud Computing Brainstorm held at the Newseum in Washington, D.C. The report proposes an integrated approach to cloud implementation to help agencies realize the benefits of cloud technologies while meeting current Federal cybersecurity requirements. Until now, efforts to implement cybersecurity and cloud computing initiatives have been fragmented and lack overarching coordination. This report works to address this gap in a series of recommendations intended to mitigate risk while harnessing the vast rewards provided by cloud technologies.
The Chertoff Group
Friday, November 01, 2013
Within the next year the Federal government will adopt a broad Framework of recommended cybersecurity programs that private sector actors and cloud service providers will be asked to voluntarily adopt. Underlying that Framework is an “incentive” structure that, for all practical purposes, may convert these voluntary standards into de facto mandatory industry requirements.
Wednesday, August 14, 2013
Demilitarized Zones (DMZ) have long been used to describe an area where no military equipment or personnel is allowed to help prevent conflict between two nations. This is the case on the 38th parallel that separates North and South Korea. Computer network designers took this same concept and developed a computing solution that creates a safe zone between an organization’s computer network and the public Internet.
Friday, July 26, 2013
A recent study by the Ponemon Institute, The Risk of Regulated Data on Mobile Devices and in the Cloud (June 2013) (sponsored by WatchDox), reveals a stunning need for improvement on managing the risks of mobile devices and cloud computing services. The survey involved 798 IT and IT security practitioners in a variety of organizations including finance, retail, technology, communications, education, healthcare, and public sector, among others. The results are quite startling.