Generic

Cybersecurity News

 

Pentagon shuts down Joint Chiefs' email network
Data Breach Today
07/29/15

The Pentagon has taken down its unclassified network that handles email for the Joint Chiefs of Staff because of "suspicious activity," according to news media reports. But it's offering few details about its network concerns.One private sector information security expert speculated a system breach might have caused the Pentagon to shutter the networks.


China-tied hackers that hit U.S. said to breach United Airlines
Bloomberg Business
07/29/15

United Airlines, the world’s second-largest airline, reportedly detected an incursion into its computer systems in May or early June, and investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists -- including the theft of security-clearance records from OPM and medical data from health insurer Anthem Inc. The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised as China’s intelligence apparatus seeks to amass a vast database.


White House preps new cyber policy dealing with federal contractors
Next Gov
07/29/15

The Obama administration is preparing to release a new policy to homogenize the way vendors secure agency data. The proposal follows hacks at two background checkers and the Office of Personnel Management that potentially compromised the security of personnel who handle U.S. secrets. More details about the contract rules are expected to be posted on CIO.gov shortly, along with a deadline for submitting comments on the proposal.


DHS signs up for OASIS
FCW
07/28/15

Following in the footsteps of the Army and Air Force, the Department of Homeland Security has signed a memorandum of understanding committing DHS to the General Services Administration's $60 billion One Acquisition Solution for Integrated Services (OASIS) contracts. OASIS is GSA's next-generation take on large contracting vehicles and its development incorporated unprecedented input from industry, as well as federal agencies. A GSA official said he expects about $250 million annually from DHS under the OASIS memorandum, while the Army and Air Force could each bring in $500 million per year.


Buy or build? For IT, it's custom vs. COTS
FCW
07/30/15

Commercial off-the-shelf software has long been the answer for many government needs. However, the more complex the requirements that COTS software is expected to meet, the more that software must be customized. At some point, customization becomes so extensive and costly that it makes more sense for agencies to build the software themselves.


ACT-IAC crowdsourcing ideas to fix federal cybersecurity
Federal Times
07/30/15

As the Office of Management and Budget works on its Federal Civilian Cybersecurity Strategy, industry and agency representatives at the American Council for Technology- Industry Advisory Council (ACT-IAC) are working on their own paper, trying to meld public and private sector knowledge of cybersecurity issues into a single, cohesive report. For the next 30 days, the group will be taking comments through its Cybersecurity Innovation Initiative website, focusing on eight subject areas. The organizers are looking for fresh ideas and perspectives on cybersecurity but not specific solutions or product pitches.


Bill to let DHS monitor Internet traffic on government systems advances
Next Gov
07/30/15

A Senate panel voted July 29 to approve legislation to codify into law the Department of the Homeland Security's responsibility to monitor public Internet traffic on all government systems. The bill is designed to minimize the harm from breaches like those that hit OPM.The federal government was admittedly slow to scan OPM networks for signs of threats that ultimately manifested in the loss of confidential records on 21.5 million federal employees, national security personnel and their families. Even after the attack, only 45 percent of agencies are using DHS’s network-surveillance technology, according to lawmakers. Under the proposed bill, DHS would be allowed to override an agency's objections to using the tool, called EINSTEIN.


Bill would mandate agencies use Einstein program
Gov Info Security
07/28/15

The bipartisan leaders of the Senate Committee on Homeland Security and Governmental Affairs have introduced legislation which would require federal agencies to implement the government's Einstein intrusion protection program. While Johnson feels the bill would have stopped the recent OPM hack, former CIA CISO Robert Bigman argues that Einstein - which cannot decipher encrypted communications - would not have prevented the breach because the hacker stole the credentials from a government contractor to access the OPM system, and with those credentials, the hacker logged in using encryption. "Einstein doesn't help if it can't decrypt communications," Bigman says.


Senators wrap DHS cyber bills together in bid for floor time
The Hill
07/29/15

A Senate committee on July 29 approved a cybersecurity bill that would give the Department of Homeland Security (DHS) considerable powers to defend government networks from hackers by accelerating rollout of the Einstein anti-hacking shield, and it would require all agencies to adopt several cybersecurity best practices. The committee also adopted two amendments that essentially combined his bill with another bi-partisan bill to reform the 12-year-old Federal Information Security Management Act (FISMA) and formalize the DHS's role in protecting government networks and websites by giving DHS legal authority to deploy tools that search for intrusions on government networks at any agency without a formal request.


What is in the Justice’s cybersecurity memo?
Government Executive
07/28/15

Sen. Ron Wyden (D-OR), a privacy hawk, claims that a classified Justice Department legal opinion written during the early years of the George W. Bush administration is pertinent to the Senate's consideration of cybersecurity legislation. The Obama administration pledges that it does not rely upon the memo, which some privacy experts have speculated could be used under the auspices of cybersecurity to allow government surveillance of Americans' Internet usage.


Army issues guidance for commercial cloud migration
FCW
07/30/15

The office of the Army chief information officer on July 30 published guidance for migrating Army systems and applications to commercial cloud providers. The guidance signed by Army CIO Lt. Gen. Robert Ferrell stipulated that commands bear ultimate responsibility for ensuring that systems and applications within their portfolios are rationalized. The document is the latest step in fulfilling a directive to migrate all enterprise-level systems and applications to Defense Department-approved hosting environments by the end of fiscal 2018.


National Guard cyber capability grows nationwide
DoD News
07/30/15

Just as the National Guard provides warfighting forces for the Army and Air Force and help during state and federal emergencies, Guardsmen now are ramping up their role in the nation’s escalating cybersecurity fight, according to the chief of the National Guard Bureau. Army Gen. Frank J. Grass recently spoke about growing cyber capability in the Guard and how the Guard works with federal, state and local partners in the annual Cyber Guard exercise.


U.S. military bases vulnerable to cyberattacks on their power, utility systems
Homeland Security News Wire
07/30/15

U.S. military bases are at risk for cyberattacks against the bases’ power grid and other utility systems, according to a new report on defense infrastructure from the Government Accounting Office. The 72-page GAO document concludes military bases “may be vulnerable to cyber incidents that could degrade operations and negatively impact missions.”


Overnight Tech: GAO probes facial recognition technology
The Hill
07/30/15

Google and Facebook are the only two major social media, retail or casino companies that the Government Accountability Office could identify as using facial recognition technology in a new report. The GAO report into the use of facial recognition comes amid rapid advances in the technology which have sparked privacy concerns. No federal laws explicitly govern the use of facial recognition technology, but the GAO found that the Federal Trade Commission might have some limited power if the technology violated a privacy policy or caused consumers substantial injury. The report also highlighted some laws that could cover the sharing and distribution of data collected.


Bill proposes Medicare Common Access Card
Secure ID News
07/28/15

Legislation has been proposed in the House and Senate proposing a smart card pilot program for Medicare recipients. The bill calls for a Medicare Common Access Card – taking its name from the smart card issued to Defense Department employees -- to be issued by the Department of Health and Human Services as a pilot program. The current Medicare card doesn’t have any real security features and displays an individual’s Social Security number. The Medicare Common Access Card Act would use the same type of smart card technology DoD uses to make Medicare cards more secure. The chip technology would keep personal information secure and give Medicare beneficiaries assurances their billing is accurate when they visit their doctor.

U.S. Census Bureau confirms data breach
Security Week
07/27/15

Representatives of the United States Census Bureau have confirmed that hacktivists of the Anonymous movement have breached part of the organization’s systems. The attackers have leaked thousands of usernames, passwords, email addresses, and other data obtained from a census.gov subdomain. The Census Bureau said the hackers gained access to the Federal Audit Clearinghouse (FAC), hosted on harvester.census.gov, which is used to collect single audit reporting packages from state and local governments, and nonprofit organizations.The FAC is hosted on an externally facing IT system that stores non-confidential data, such as the details of individuals submitting information.


Chrysler recalls 1.4 million vehicles after Jeep hacking demo
Dark Reading
07/24/15

Fiat Chrysler is recalling 1.4 million vehicles possibly affected by a vulnerability in the UConnect infotainment system that could allow attackers to hijack the vehicle's steering and braking. Car hacking researchers Chris Valasek and Charlie Miller demonstrated proof of concept in striking fashion, when they wirelessly took control of a 2014 Jeep Cherokee driven by Wired reporter Andy Greenberg and brought it from 70 mph to a screeching halt. The National Highway Traffic Safety Administration (NHTSA) is launching an investigation to determine the effectiveness of Fiat Chrysler's recall.


Appeals court revives Neiman Marcus data breach suit
The Wall Street Journal
07/23/15

Neiman Marcus Group LLC is back in court over a 2013 cyberattack, as a U.S. appeals court has reinstated a case that had been dismissed last year. The reversal highlights the complicated legal issues companies confront when customer data is breached, including questions concerning the degree to which customers can hold companies, and their executives, liable.


FBI director says terrorist interest in cyberattacks against the U.S. on the uptick
SC Magazine
07/23/15

Federal Bureau of Investigation (FBI) Director James Comey told attendees of the Aspen Security Forum in Colorado that terrorists are discussing strategies for launching cyberattacks against the U.S.Comey didn't specify the types of cyber assaults but said the planning appeared to be in its infancy. The director also noted that attacks of this nature are common among extremist groups that have trouble establishing themselves in the U.S.


Cyber attacks on the power grid: The specter of total paralysis
InfoSec Institute
07/27/15

A major attack on a critical infrastructure component like a power grid would cause chaos in the country by interrupting vital services for the population. The Stock Exchange, transportation, and media are examples of critical infrastructure. A contemporary failure of these systems could cause serious problems to the nation, especially when the incident is caused by a cyber-attack. Thus far, the recent temporary outage at the New York Stock Exchange, United Airlines and the Wall Street Journal’s website were due to tech glitches, but we have to consider that U.S.infrastructure remains vulnerable to cyber-attacks that would cause serious problems and would be costly.


GAO resolves DHS CDM protest
FCW
07/27/15

Hewlett-Packard Enterprise Services had protested the $29 million award made by the General Services Administration to Knowledge Consulting Group (KCG) in March under a contract awarded for the Homeland Security Department's continuous diagnostics and mitigation (CDM) program. KCG was named the prime contractor to provide DHS's headquarters with a variety of CDM tools.The Government Accountability Office has ruled against HPES' protest and in favor of the DHS award to KCG.


IT looking like a winner as U.S. military awards $14.4 billion over last four months
Military & Aerospace Electronics
07/21/15

The Department of Defense has been ordering military information technology (IT) and IT services at a dizzying pace over the past four months, awarding IT contracts worth at least $14.4 billion. The latest IT blockbuster came July 17 when the U.S., Defense Intelligence Agency (DIA) in Washington announced 50 companies that will compete for a pot of money worth as much as $6 billion for the Information Technology Enterprise (E-SITE) program.For the segment of the aerospace and defense industry that concerns real-time mission-critical embedded computing, routine IT work may not sound sexy, but $14.4 billion in DOD IT contracts over the course of four months is a lot of money.


NIST launches step-by-step cyber guide series
FCW
07/24/15

According to the National Institute of Standards and Technology (NIST), growing use of mobile devices to store, access and transmit electronic health care information is outpacing privacy and security protections on those devices, putting medical information on them at risk for theft.To deal with this, NIST's National Cybersecurity Center of Excellence has published a guide, "Securing Electronic Records on Mobile Devices," aimed at providing step-by-step help to health care providers to make mobile devices, such as smartphones and tablets, more secure, and better able to protect patient information, while still leveraging advances in communications technology.


DHS CDM program gets a boost after bid protest win
Federal News Radio
07/27/15

The Homeland Security Department’s continuous diagnostics and mitigation (CDM) program got a nice boost recently when the Government Accountability Office resolved a bid protest that has impacted the implementation of new cyber tools and services.GAO denied Hewlett-Packard Services’ protest of the $29 million award GSA had made to Knowledge Consulting Group in March to provide DHS headquarters with a variety of continuous monitoring tools. Under the deal, DHS and its components will be the first agency to receive advanced tools.GAO’s decision bodes well for the CDM program as it ramps up over the next year or so.


What happens if there’s a massive data breach in the cloud?
Next Gov
07/24/15

Government IT systems have taken a beating lately, including the recent OPM breach.But coincidentally, none of the recent breaches involved cloud systems. Federal cloud security standards, governed by the Federal Risk and Authorization Management (FedRAMP) program, have been hugely successful thus far in ensuring cloud service providers that serve government customers aren’t bringing knives to gun fights.But what happens if and when the first big federal system is breached in the cloud? Will all the efforts in building up cloud’s reputation as secure go by the wayside?


Obama talks federal IT on ‘Daily Show”
Next Gov
07/27/15

Some of the most memorable sound bites from President Barack Obama’s recent appearance on "The Daily Show” centered on government technology and the IT challenges faced by federal agencies. Obama broached on the wave of Silicon Valley tech talent invading government, challenges in IT procurement and how better IT can lead to better customer service between the government’s 2 million employees and its 300 million-plus citizens.


ICE unveils expanded cyber forensics lab
FCW
07/22/15

Immigration and Customs Enforcement's Cyber Crimes Center (C3) in Fairfax, Va., unveiled a 5,000-square-foot forensic laboratory July 22 that has substantially more space for conducting cyber operations, including closer analysis of criminal hard drives and video and audio forensic capabilities that rival anything seen on CSI. C3 provides computer and cyber-based technical services to support domestic and international investigations into cross-border crimes.The new lab is five times the size of C3's previous facilities.


Government hacked yet again. It's about time federal cybersecurity became a national issue
Next Gov (opinion)
07/25/15

The group of hacktivists, Anonymous, claimed July 22 they hacked the Census Bureau and leaked employee details online. This breach comes just one month after it was revealed the Office of Personnel Management was hacked. However, the massive OPM breach isn’t just one more high-profile hack. It’s a wake-up call for all Americans that we need to make government cybersecurity a national issue. What’s at stake aren’t just the identities of federal government employees or state secrets, but the digital security of all Americans.Yet, all the ignored warnings show that the federal government is both stubbornly slow to fix mistakes and woefully understaffed with cybersecurity experts.


Capitol Hill's cyber focus is good and bad
Washington Technology (opinion)
07/21/15

There are numerous cybersecurity bills under consideration in both the House and Senate. Congressional attention on cybersecurity is good, but the proposed laws must address the issues at hand, and should not add more regulatory burden at the expense of implementing substantive cybersecurity practices today. Here is a discussion of some of the proposals currently wending their way through the legislative gamut.


DISA issues new cloud, cyber security guidance
C4ISR & Networks
07/27/15

The Defense Information Systems Agency on July 24 issued three new documents targeting cloud security, including two new requirements guides and a new concept of operations. The three new documents more thoroughly define cloud security and the steps to achieving it, outlining the responsibilities of the organizations and managers increasingly capitalizing on commercial cloud offerings. The release underscores the Defense Department's growing adoption of commercial cloud offerings.


Demo Jeep hack could have military implications
C4ISR & Networks
07/26/15

As military vehicles become increasingly dependent on electronics and computers, much as are commercial cars and trucks, program managers must take cybersecurity needs into account. A recent experience hacking a Jeep Cherokee that was documented in Wired makes the potential risks chillingly clear.Vehicle electronics, or vetronics, are a vital aspect of today’s military transport. Whether or not military vehicles are at equal risk depends on the vehicle.


IARPA wants an early warning system for cyber attacks
Defense Systems
07/24/15

The hacks of OPM databases, which went on for months before being discovered, underscored the importance of being able to detect network intrusions early. But what if you could detect them before they happen? The Intelligence Advanced Research Projects Agency wants to find out by combining internal security controls with external indicators to generate automated warnings of potential attacks, according to a Broad Agency Announcement. The Cyberattack Automated Unconventional Sensor Environment (CAUSE) looks to combine monitoring (social media, search terms) used to track political trends or disease outbreaks with other “unconventional” sensors and advanced network monitoring.


Army looks to beef up Cyber Battle Lab
FCW
07/21/15

The Army's Cyber Battle Lab in Fort Gordon, Georgia is a hub for the service to experiment with a new domain of warfare. Part of a growing set of capabilities the Army is developing at Fort Gordon that includes a Cyber Center of Excellence and Army Cyber Command itself, the lab is projected to have "initial operating capability" in October.On July 10, the Army released a solicitation for technical tools to support the Cyber Battle Lab, specifically calling for help in a range of services, including systems engineering, satellite support, prototyping, "distributed simulation network operations and security center services."


Medical identity theft drives biometrics in health care
Secure ID News
07/24/15

A study by the Ponemon Institute in 2013 found that nearly 2 million Americans had become victims of medical identity theft. Medical identity theft is defined as someone using another individual’s identity to fraudulently receive medical services, obtain prescription drugs or commit fraudulent billing. In the continual push by hospitals and health care organizations to curb fraud and protect personal information, biometrics has emerged as a sound option for identifying and authenticating both patients and health care workers.


Cybersecurity: Taller walls, deeper moats but the front gate is unguarded
Secure ID News
07/27/15

Most cybersecurity efforts revolve around building taller towers and deeper moats to prevent hackers from gaining access. But what’s lacking are efforts to add strong authentication and advanced identity and access management to make sure only those authorized are enabled to gain access. The best firewalls and intrusion detection won’t matter if someone has keys to the front door. Making identity a foundational component to cyber security, then, is paramount to any attempt to solve the issues facing enterprises. This is borne out by the Verizon 2014 Data Breach Investigation Report, which found the number one way hackers are gaining access to information on computer networks continues to be the misuse of usernames and passwords.


Cyber blackout could cost insurers $71 billion, Lloyd’s reports
Risk Management Monitor
07/22/15

A cyberattack targeting the U.S. power grid would have widespread economic implications, resulting in insurance claims of between $21.4 billion and $71.1 billion in a worst case scenario, according to a report by Lloyd’s. Lloyd’s and the University of Cambridge’s Centre for Risk Studies conducted the report which examines the insurance implications of a major cyberattack using the U.S. power grid. Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue for businesses and disruption to the supply chain. Total impact to the U.S. economy is estimated at $243 billion, rising to more than $1 trillion in the most extreme scenario.


OPM says background check system now back online after security tweaks
Next Gov
07/23/15

The Office of Personnel Management announced July 23 it’s beginning to restore access to an online system used to process background investigations. Officials had yanked the system offline last month after uncovering a vulnerability during a security review. The system has been down less than four weeks. OPM is working with agencies to incrementally resume service “in an efficient and orderly way.” The decision to put e-QIP back online comes after “extensive testing.” OPM worked with cybersecurity experts from OMB and DHS to make security upgrades, including enhanced password protections and steps to secure the transmission of data within the system.


Security experts point to OPM’s biggest cybersecurity failure
Next Gov
07/21/15

An Institute for Critical Infrastructure Technology analysis of the OPM hack titled “Handing Over the Keys to the Castle: OPM Demonstrated that Antiquated Security Practices Harm National Security” notes that OPM's inspector general had repeatedly raised red flags about the agency’s outdated security practices. It also said OPM stored most of its data on uncertified systems and failed to implement multifactor authentication on any of its systems, which would have made it more difficult for hackers access sensitive data. But the “greatest failure” was the lack of a “comprehensive governing policy” for cybersecurity at OPM that would have proactively controlled system access and mandated regular patches and upgrades.


UCLA Health Systems data breach affects 4.5 million patients
Los Angeles Times
07/22/15

Hackers have reportedly broken into UCLA Health System's computer network and may have accessed sensitive information on as many as 4.5 million patients.The intrusion is raising fresh questions about the ability of hospitals, health insurers and other medical providers to safeguard the vast troves of electronic medical records and other sensitive data they are stockpiling.


Firewalls can't protect today's connected cars
Computer World
07/24/15

The automobile industry needs to use a different strategy to secure increasingly connected vehicles from hackers, according to experts. Instead of building firewalls to keep cyber attacks out, which industry watchers say is ultimately a futile endeavor, build systems that recognize what a security breach looks like in order to stop it before any real damage is done. It's called operational security, and the auto industry -- even the banking industry -- has been slow to adopt it.


Senate bill seeks standards for cars’ defenses from hackers
Wired
07/21/15

The security research community has proven the notion of hacking a car or truck over the Internet to control steering and brakes to be a real possibility, and two U.S. senators have introduced legislation to require cars sold in the U.S. to meet certain standards of protection against digital attacks and privacy. Car hacking has emerged as an increasingly crowded field of study for digital security researchers. Whether through legislation or industry competition, the pressure on carmakers to protect vehicles from hackers is growing.


Hacker: 'Hundreds of thousands' of vehicles are at risk of attack
Computer World
07/23/15

A security expert who recently demonstrated he could hack into a Jeep and control its most vital functions said the same could be done with hundreds of thousands of other vehicles on the road today. The hackers said they were able to use the cellular connection to the Jeep's entertainment system or head unit to gain access to other systems; a vehicle's head unit is commonly connected to various electronic control units (ECUs) located throughout a modern vehicle. There can be as many as 200 ECUs in a vehicle.


Car hacking shifts into high gear
Dark Reading
07/23/15

A dramatic and controversial live car hack demonstration got plenty of attention this week, including from lawmakers and automakers. Fiat Chrysler issued a security update to the vulnerability the security researchers found prior to the demo going public, two senators announced proposed legislation for federal standards to secure cars from cyberattacks and to protect owners' privacy, and the ICS-CERT issued an alert about Fiat Chrysler's patch. At Black Hat USA in August, the researchers will reveal details of the vulnerability they found and exploited in the Uconnect infotainment system, which affects up to 400,000 Fiat Chrysler vehicles.


Actions foreshadow uniform cybersecurity regulations for federal contractors
Holland and Knight
07/17/15

Federal government contractors handling Controlled Unclassified Information (CUI) should take notice of two recent executive agency actions. Combined, they lay the groundwork for a new cybersecurity clause to be added to the Federal Acquisition Regulation (FAR) in 2016.The c
ontractors should expect an amendment to the FAR that mandates cybersecurity clauses and standards. Companies can prepare now by comparing new government standards to their existing system protections.Companies should not just be reviewing the capabilities of their information systems, but also their written information assurance policies, training materials, and employment and third-party agreements.


FERC moves to combat emerging cybersecurity vulnerabilities
Environment & Energy Publishing
07/20/15

Federal regulators have begun a push for new cybersecurity defenses to prevent sophisticated attackers from penetrating utility control rooms and other industrial control system centers by infiltrating malware on third-party vendors' products. A proposed rulemaking announced by the Federal Energy Regulatory Commission would require utility industry representatives to develop a new security strategy and standard for supply chain management processes. FERC is also seeking comment on a second proposed order to require additional security controls to safeguard communications between grid control centers when vital controls data is traveling on unprotected third-party communications channels.


OPM cyber spending to get a budget boost -- But is it enough?
Next Gov
07/23/15

The Senate Appropriations Committee approved a $21 million increase for the Office of Personnel Management to fix IT security vulnerabilities -- the full amount requested by the Obama administration earlier this year -- but blocked a more expensive measure that would have further accelerated OPM’s cyber upgrades. The panel defeated an amendment to a fiscal 2016 spending bill offered by Sen. Barbara Mikulski (D-MD) which would have nearly doubled the amount of new cyber funding and allowed OPM to complete its controversial IT modernization plan a year ahead of schedule.


Senators seek to bolster DHS cyber oversight
Signal
07/21/15

A group of senators have launched a bipartisan bid to boost the Department of Homeland Security's powers to better oversee cybersecurity compliance by federal agencies and intervene when they might fail to safeguard their networks. The Senate bill would strengthen the department's ability to enforce cybersecurity standards governmentwide, and “in the event that a federal agency chooses not to do so, [the] DHS would have the authority to stand in … and prevent worse damages from occurring,” says the bill's sponsor, Sen. Susan Collins (R-ME). Collins also seeks to mandate that owners of critical infrastructure share intelligence about significant cyber breaches with the federal government.


Senators want DHS to have NSA-like defensive cyber powers
Federal News Radio
07/23/15

A bipartisan group of Senators want to give the Homeland Security Department more authority over the dot.gov domain.They have introduced a new bill to codify the responsibilities and authorities DHS currently has under policy from the White House. The proposed Federal Information Security Management Reform Act of 2015 would give DHS the clout it’s been lacking over the last five years, and, in some respects, put it on par with the National Security Agency. The bill would take five specific steps to change the way DHS oversees the dot.gov domain.


Senators unveil new Homeland Security cyber bill
The Hill
07/22/15

A bipartisan group of senators wants to give the Department of Homeland Security (DHS) more power to repel cyberattacks in the wake of hacks that have rattled the federal government. The group on July 22 introduced the FISMA Reform Act, which would update the 12-year-old Federal Information Security Management Act (FISMA) and formalize the DHS role in protecting government networks and websites. Over the years, the department has taken on this task, but its authority in the area has never been fully codified.


Senators want Homeland Security to be a leading cyber defense agency
Defense One
07/22/15

After the hack on the Office of Personnel Management, a bipartisan group of lawmakers believes it's time to grant DHS power over government networks. Senators from both parties are pushing to position the Department of Homeland Security as the U.S. Cyber Command of the civilian government, after many agencies refused to fall into line on information security last year.Just as CYBERCOM monitors and blocks threats to the military network, DHS, under proposed legislation, would scan for and repel attacks against the dot.gov domain.


Johnson, Carper move to authorize DHS Einstein program
FCW
07/23/15

The network cyber protection program Einstein covers almost all of the federal government to varying degrees. But the Department of Homeland Security wants to make Einstein coverage ubiquitous, and wants statutory backing to do so. Sens. Ron Johnson (R-WI) and Tom Carper (D-DE), the chair and ranking minority member of the Senate Homeland Security and Governmental Affairs Committee, are looking to do just that, with a bill to codify the Einstein program that will be brought up in a business meeting scheduled for July 29. The bill would mandate that Einstein coverage extend across all civilian government agencies, and incorporates strong privacy protections, building on the 2014 FISMA update.


Senate bill proposes cyber security standard for cars
Network World
07/21/15

Cars will have to be much better protected against hacking and new privacy standards will govern data collected from vehicles under proposed legislation introduced in the U.S. Senate July 21. The Security and Privacy in Your Car Act of 2015 seeks to get a step ahead of what is seen by some as one of the next fronts in hacking: connected vehicles, which are always on the Internet and rely on sophisticated computer control systems. The bill would mandate that critical software systems in cars be isolated and the entire vehicle be safeguarded against hacking by using “reasonable measures,” which the legislation does not define.


Despite massive OPM hack, Congress continues to stall on data breach bill
Roll Call
07/22/15

Despite all the concern in Congress over the OPM hack and its implications, there’s currently no federal standard governing what companies, or government agencies, must do to protect their customers or employees when their servers are hacked. Supporters had hoped this spring for swift passage of legislation that would set a national standard governing how companies must respond when hackers steal customer data, but the legislation still has not come to the House floor.Some congressional opponents are concerned because the bill would pre-empt state laws, and they say they see no bipartisan path forward. Others opposing the bill include a number of business groups.


WT Industry Day: Inside the Defense Department's IT opportunities
Washington Technology
07/23/15

In the second in a series of Washington Technology Industry Days, the publication took a deep dive into the IT priorities, opportunities and procurement culture of the Defense Department. Representatives from some of the Defense Department's major bureaus participated and each government executive emphasized a desire to partner effectively with contractors. Each also highlighted opportunities for contractors to keep their eyes on in the near future.Here is a short summary of the information provided.


DIA's $6B pathway to ICITE
C4ISR & Networks
07/22/15

The Defense Intelligence Agency has awarded a $6 billion contract vehicle known as Enhanced Solutions for the IT Enterprise, or E-SITE, to help drive intelligence community and DoD users toward their respective future IT environments. The comprehensive contract has been awarded to 25 large businesses and 25 small businesses that will compete for individual task orders over the next five years. The contract covers a vast array of IT services and capabilities, including technical support services; systems design, development, fielding and sustainment; cybersecurity; a range of enterprise-focused services and more.


Report: DOD IT spending headed for a slight increase
Defense Systems
07/17/15

Despite an austere budget situation, Defense Department IT spending is actually headed for a slight uptick in fiscal 2016, according to a forecast from market researcher IDC Government Insights. IDC projects DoD will spend $30.5 billion on IT in 2016, a 1.6 percent increase over this year but reversing a trend that saw the department’s IT spending drop 14.4 percent over the past three years. The report says IT spending will remain “relatively healthy” through 2019, with a compound annual growth rate of about 0.5 percent. A big driver of the projected growth is with defense-wide services, with"slightly more spending targeted to cloud solutions and more spending targeted to security improvements."


Using cyber insurance and cybercrime data to limit your business risk
Information Week
07/19/15

Cyber insurance is a product still in its infancy. While there is a wide array of cyber insurance coverage options available, they can be very limited because a standardized assessment of cyber risk does not yet exist. This is where having the right cyber risk intelligence information can help you make more informed decisions around your organization's unique cyber risks, the potential impact and where to focus your security efforts and budget when it comes to selecting the proper cyber liability insurance. This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk information, and what cyber insurance options make the most sense based on your business.


Va. digital identity law positions citizen identity as foundation of cybersecurity policy
Secure ID News (opinion)
07/22/15

Virginia has become the first jurisdiction in the U.S. to enact a digital identity management law, effective July 1. And, in view of Re:ID’s recent revelation that only 4% of all money currently spent on cybersecurity is devoted to identity, Virginia’s timing couldn’t be better. By taking this step, along with ongoing efforts of the Virginia Cybersecurity Commission, Virginia is asserting leadership in cyber policy-making that recognizes digital identity as foundational to overall cybersecurity policy.


Arizona DOT implementing facial recognition technology to curb identity theft
BiometricUpdate.com
07/23/15

The Arizona Department of Transportation announced it is implementing facial recognition technology for the application process for state-issued credentials in an effort to curb identity theft and fraud. From now on, individuals applying for a new or duplicate driver license or state ID card will be required to have their photo taken. During the “Photo First” review process, the facial recognition system will occur immediately and seamlessly as the applicant continues through the process.