Wednesday, May 29, 2013
When global information and analytics provider IHS Inc. lost several terabytes of information regarding U.S. chemical, biological, radiological and nuclear materials to an Iranian hacking group this past February, the company had no way of quickly and securely communicating the incident to the appropriate government agencies. This inability of companies to easily share cyber threat information with the government and other businesses is a key barrier to protecting our nation against ever-increasing internet-based attacks.
The American public is waking up to a reality that many in government have known for some time — the threat of cyber espionage and intrusions, particularly from China. For years, many have identified significant efforts being mounted by Chinese actors to exploit vulnerability in cyber systems developed and deployed in America and the West. But only recently have those efforts emerged publicly.
Monday, April 01, 2013
Current US law and government IT policy take a limited a view of the potential conflicts between existing government information privacy and security standards and actual vendor data collection practices. As a result, procurement requirements lack appropriate risk-management and enforcement mechanisms. Given the proliferation of data collection practices in Internet services companies, government IT leaders should more directly define the parameters of government data ownership in government IT policy and procurement guidance. Government should also better educate employees and govern the use of Internet-based services on government-owned systems.
Wednesday, March 27, 2013
In federal information technology circles, it's become a truism that agencies spend way too much time and effort doing paperwork in pursuit of cybersecurity and not nearly enough on constantly keeping watch over systems and implementing best practices in real-time to make sure those systems are actually better secured than they were the day before. A new report offers a roadmap that purports to offer ways to implement measures that measure cybersecurity outcomes rather than just processes, while recognizing that no two agencies have the exact same risk profile.
Ryan McDermott, FierceGovernmentIT, Wednesday, March 27, 2013
Agencies must establish a unique baseline threat assessment and automate monitoring to ensure good cybersecurity, says a SafeGov report (.pdf) released Tuesday.
Amber Corrin, Federal Computer Week, Wednesday, March 27, 2013
White House efforts to better protect the networks of government agencies and critical infrastructure operators have been described as a down payment on federal cybersecurity, but with fast-moving threats and continued intrusions, officials are looking for ways to get more secure more quickly.
Nicole Blake Johnson, Federal Times, Wednesday, March 27, 2013
A group of former federal information technology executives are calling on the administration to change the way it assesses the cybersecurity of federal networks.
The Chertoff Group
Monday, March 11, 2013
The Department of Defense (DoD) information technology (IT) budget is investing resources on cloud computing technology. The Pentagon is replacing traditional mainframe and client-server IT systems with distributed shared-computing architectures that control storage and processing capacity on-demand. Cloud technology promises security improvement and cost reduction to government CIOs, but decision makers are challenged by the reality of operating diverse datasets, persistently provisioning resources to address network intrusions, and analyzing packet and log data for event forensics.
Monday, February 25, 2013
In August I wrote a piece for AOL Government asking: “After BlackBerries, What’s Next For Government Mobile Users?” We were all witnessing the decline of BlackBerries as a favored mobile device for government users and I discussed the alternatives that existed in the marketplace.
The Chertoff Group, Wednesday, February 13, 2013
During his State of the Union address on Tuesday, President Obama declared that "America must also face the rapidly growing threat from cyber-attacks." On the same day, he signed the "Improving Critical Infrastructure Cybersecurity" Executive Order to strengthen cyber defenses and better protect our economic and national security.