cyber capability judged more 'aspirational' than operational
Interviews with cybersecurity experts and questions posed to public
officials reveal an assessment of the cyber warfare capabilities of the Islamic
State of Iraq and Syria that, while potentially dangerous, remains more
aspirational than operational.
Space, cyberspace are
stealth threats to U.S.
Among the many perils faced by the U.S., space and cyberspace pose some of
the greatest challenges. And, there is no public wave of awareness or demand
for action looming on the horizon, to the detriment of the nation. This harsh
assessment was recently delivered by the top two members of the House Permanent
Select Committee on Intelligence, Chairman Mike Rogers (R-MI) and Rep. C.A.
Dutch Ruppersberger (D-MD), ranking member.The two warnof increasing
threats to U.S. economic prominence if those two areas are not addressed.
Daniel: Cybersecurity in need of new approach
Efforts to improve the security of cyberspace have fallen short due to a
general inability to grasp the economic and psychological dimensions of the
problem, said White House Cybersecurity Coordinator Michael Daniel. Increased
government involvement in cyberspace means that decisions that once were easy
to make have become enveloped in political processes, Daniel said, but that
isn’t a reversible state of affairs. As for concrete solutions, Daniel said the
Obama administration is looking for an alternative way to engage the private
sector that isn’t dependent on traditional regulation or contracting.
should not shrug at its cyber vulnerability
The Washington Post (editorial)
Recent events show once again that the U.S. is under siege in cyberspace.
Disruption, theft, espionage and attack have been accelerating, and
vulnerabilities threaten everyone who holds a credit card, visits a doctor or
uses social media. Yet the national response has been alarmingly and
inexplicably passive. Congress has debated comprehensive legislation but failed
to reach agreement, and the administration and has taken some modest steps, but
it can’t solve the problem alone. The private sector, deeply dependent on the
Internet, is seriously exposed but also cannot find a solution. There is a
strange complacency about massive data breaches, but the thieves, spies and
warriors in cyberspace need to be defeated, and it is long past time to get
started figuring out how.
federal regulations on cyber security lead to revenue loss, business disruption
and loss of productivity in financial services sector, Radware survey finds
Globe Newswire (news release)
Radware, a provider of application delivery and application security
solutions for virtual and cloud data centers, released a new survey which finds
that even though 87 percent of those surveyed in the financial service industry
agree that current regulatory changes are very important or critical to keeping
their companies and industry secure, these new federal guidelines were having
an adverse impact on their businesses.
launches Cyber Defense Authority
Israeli Prime Minister Benjamin Netanyahu has launched a National Authority
for Cyber Defense to oversee the protection of both military and civilian
systems. The announcement comes after Netanyahu accused regional foe Iran of
launching repeated cyber attacks on Israel, particularly during its 50-day conflict
with Hamas in July and August.
agencies push shared IT services from concept to reality
Three years after the intelligence
community's leaders agreed that it was time for them to consolidate their IT
systems into a shared infrastructure, the project has moved beyond PowerPoint
slides and scattered pilot projects. The Intelligence Community Information
Technology Environment (ICITE) has services up and running now, with thousands
of users consuming them.
ready to ramp up, ODNI official says
After more than two years of foundation-setting, the intelligence community
is moving its project to establish a common IT platform into a new phase that
includes enterprise management and advanced tools for the cloud.
NSA Technology Directorate
looks internally, externally
The National Security Agency (NSA) is focusing inward and externally as it
adopts a new approach to technology policy. This effort ranges from seeking
outside partners in technology development to conducting an internal audit to
uncover weak points that might bring down the agency. NSA's director of
research says her directorate has three areas of focus, including looking at
the agency’s technologies with a critical eye toward vulnerabilities and
looking at how NSA partners with technological partners on the outside.
NSA planning to beef up cyber response capabilities?
The head of Cyber Command and the NSA, Adm. Mike Rogers, suggests that more
spying is important for better cyber defenses and that Cyber Command is
pursuing partnerships with businesses that make up the nation’s infrastructure
to get them to report data breaches much more quickly. Rogers’s comments
suggest that the NSA will not be changing its approach to metadata collection in
any meaningful way. In fact, he seemed to imply that the growing threat posed
by massive cyber incidents could serve as justification of expanded types of
data collection, and that he wants to build up a “full spectrum of capability”
to allow the government to respond to cyber attacks and, of course, launch
Government, industry must
expand cyber intelligence sharing
Defeating cyberthreats will require greater sharing among government and
industry in new ways, according to cyber intelligence experts. A recent panel
discussion explored new issues in cyber intelligence information sharing, with
a DIA official saying that cyber intelligence sharing is important at the
intrusion level as well as at the strategic level. Another said that when an
intruder penetrates an organization, defenders must examine why the adversary
chose their group, especially if the intruder wishes to attack again.
demand FedRAMP-approved cloud services
The Federal Risk and Authorization Management Program has redefined how
commercial cloud vendors do business with the government, setting clear
expectations for both agencies and companies by creating a common language and
standards for securing cloud-based products and services. Federal cloud
computing has grown into a $3 billion market since the pre-FedRAMP era, when
agencies didn’t have a mechanism for certifying if vendors could meet security
requirements. Agencies have come a long way since then, and it shows in their
solicitations for cloud services, with requests for FedRAMP-approved cloud
services now common.
Sam drops $3M in grants to kill the password
The nation's wireless carriers, the state of North Carolina and several
online stores have been awarded $3 million in federal grants to do away with
passwords and offer consumers other options to securely access online services,
Commerce Department officials have announced. The National Strategy for Trusted
Identities in Cyberspace is seeding an industry-led initiative to build a
better login. The three pilot projects are intended to lay the foundation for a
global ID exchange.
House: ‘Work as a community’ for cybersecurity
The White House wants private companies’ help to secure the country’s cyber
networks. In a blog post, White House cybersecurity coordinator Michael Daniel
has called for companies to weigh in to the federal government and help
coordinate to fight hackers. Daniel said companies can weigh in on the Commerce
Department’s framework for protecting critical infrastructure networks like
Wall Street and utility grids, which the department is currently accepting comments
for until Oct. 10, and more generally companies can put their heads together
with the government to figure out how to respond to specific attacks.
is why we don’t have meaningful cybersecurity legislation yet
Why is it so difficult for governments to establish proper legislation
about cybersecurity and privacy? The issue of governing the multidimensional
virtual world is rather complex, as it is not easy to define the territory.
Territory boundaries in the cyber realm are naturally based on a large network
boundaries on which citizens interact daily – making purchases, doing taxes,
renewing insurance, communicating with friends and family – all online. These
boundaries generally do not line up with state lines or country borders. The
starting point here should be to identify the parameters of the situation.
Buying Power 3.0: How the Pentagon hopes to save its technological advantage
The Defense Department's top acquisition official continued his odyssey to
improve how the Pentagon spends tens of billions of dollars annually on weapons
and IT by releasing a draft of "Better Buying Power 3.0" on Sept.
19.While the first two versions of BBP
centered on acquisition best practices and decision-making, respectively, this
round is hands-on: it focuses on getting new gear into the hands of soldiers
faster and with a closer eye on American adversaries. The new initiative is an
effort to halt the erosion of American technological advantage at the hands of
China and Russia.
love for profit in DOD's Better Buying Power 3.0
Technology - WT Business Beat (blog)
The Pentagon's Better Buying Power 3.0
initiative is focused on affordability, incentives for government and industry,
better competition, eliminating unproductive processes, more innovation and a
more professional acquisition workforce. But one industry expert says the plan
doesn't go far enough, and that there isn’t enough focus on “achieving
extraordinary outcomes.” Instead there is too much focus on internal process
changes and there are still too many barriers to innovation and efficiency.
hacks, Transcom to require contractors to report data breaches
After being kept largely in the dark as suspected Chinese hackers spent a
year breaking into the networks of some of its contractors, the U.S.
Transportation Command will now require its contractors to report any suspected
US military in the dark on cyberattacks against
A new Senate Armed Services Committee report shows that a lack of
communication has left the US Transportation Command (Transcom) in the dark
about threats to cyber security. The reportcontends that hackers tied to the Chinese government successfully
penetrated systems belonging to Transcom contractors at least 20 times during a
12-month period beginning June 1, 2012. The report is the culmination of a
year-long investigation by the committee, which found that gaps in reporting
requirements and a lack of information sharing between government agencies left
Transcom largely unaware of the compromises.
Army may face cyber
The U.S. Army is building a Cyber Center of Excellence at Fort Gordon,
Georgia, and it will not come cheap, warned Maj. Gen. Stephen Fogarty, USA, the
center’s new commanding general. Right now, he said, the service's CIO and the
intelligence community are helping fund Signal Corps and intelligence aspects
of the center, but much of the funding needed will not fall under either
function. Among other things, the center requires secure facilities commonly
referred to as a SCIF, or sensitive compartmented information facility.He said the Army will have to identify a new
funding stream to provide a signal and cyber SCIF for the center of excellence.
Air Force reach first milestone in shared cybersecurity system
Federal News Radio
The Army and Air Force have taken a major step toward building a shared
cybersecurity architecture for their military bases. The first installation is
up and running at Joint Base San Antonio (formerly known as Fort Sam Houston
and Lackland Air Force Base) under the joint security construct. Several more
installations are expected to follow suit over the next few months.
enterprise IT security ready for iOS 8?
Apple hopes to up the security and privacy ante with a passel of new
security features in iOS 8. However, enterprises may find that they still must
work hard to secure data traversing across devices using the new mobile
tests ID management for first responders
When an emergency occurs on federal property, responders from different
agencies and jurisdictions arrive on the scene to help. Without good access
control, first responders could be walking into a situation they are not
properly trained for, or wherean
attacker could use the emergency to cover his entrance into a secure facility.
The problem of incident security ultimately will be solved with a nationwide
network of standard first responder credentials, according to a DHS official
who is working with state and local agencies to build just such a system.
GCN - Cybereye (blog)
Identity management and access control are the front lines of security. The
ability to accurately identify users and control what they do within your
systems is what separates insiders from outsiders. It has been apparent for
some time that the traditional tool for this task – the password – is
inadequate for the job, and biometrics is emerging as an alternative.
and access management: Hot or not?
Identity and access management (IAM) is increasingly being deployed within
organizations across multiple sectors as they recognize that a progressive
approach to IAM is crucial for their companies. Though not yet mature, the IAM
market continues to grow because of a number of influences and developments.
Some of the developments include, among others, cloud computing, web solutions,
information governance and BYOD. To better understand how the market in moving
toward IAM, here is a look at some of the developments and their impacts.
biometric verification system achieves 98% success rate in pilot
MasterCard says that a biometric verification system, which combines both
voice and facial recognition, has achieved a 98% success rate in its pilot
trials. The credit card firm recently held a closed pilot trial to gain a
deeper understanding of consumer interaction with voice and facial recognition.
SASC: China-backed hackers penetrated TransCom contractor networks 20 times
Chinese government-backed hackers accessed networks of private-sector firms with sensitive data about US military logistics nearly two dozen times in one year, says a report by the Senate Armed Services Committee (SASC).The committee determined senior brass at US Transportation Command, the military’s logistical hub, typically were unaware of the network violations. Collectively, the 20 contractor network penetrations “show vulnerabilities in the military’s system to deploy troops and equipment in a crisis.”
Attention, defense contractors: You've been hacked
China committed about 20 cyberattacks across a year-long period on defense contractors working with the government agency responsible for the transportation of military forces and equipment, according to a newly declassified Senate Armed Services Committee report.
Phishing campaign targeting financial and healthcare institutions
Barracuda researchers have identified a spam campaign involving thousands of phishing emails being sent to financial and healthcare employees in the greater Boston, North Carolina, New York, Texas and Alabama areas.
JPMorgan shares information on recent cyber attacks
JPMorgan Chase, one of the largest banks in the U.S., has confirmed that its systems were breached this summer, but investigators say there's no evidence that the attackers had gained access to highly sensitive information. The hackers reportedly penetrated roughly 90 of the company's servers, gaining access to the details of one million customers and information on installed software after obtaining high-level administrative privileges. Initial reports pointed a finger at cybercriminals believed to be from Russia or Eastern Europe. Investigators also believe a foreign government might have played a role in the operation. At least four other financial institutions are said to have been hit in the same attack.
George Mason University travel system targeted for malware attack
George Mason University detected a malware intrusion into its travel booking system on July 16. No personal information is thought to have been viewed, but the incident could have affected up to 4,400 users of the university's travel request system.
Cloud computing under siege
By pooling computing resources, cloud computing not only offers significant cost savings over traditional software and hardware products, it facilitates innovation by allowing users, businesses and governments to procure, rapidly and cheaply, a diversity of software, analytics and storage services.But despite these considerable benefits, globally distributed cloud computing has come under threat. Over the past year, in response to mounting concerns over data privacy, data security and the rise of online surveillance, governments around the world have been seeking to pass new data protection rules which are likely to impose economic harm without achieving any of their stated goals.
US Official: Chinese want NSA cyber schools. Really.
Entrepreneurs in China have voiced support for improving the notoriously spotty relations between the U.S. and China in cyberspace, patterning Chinese courses on NSA-approved curricula, said Ernest McDuffie, head of the National Initiative for Cybersecurity Education.McDuffie, the top U.S. computer security education official, said Chinese universities are welcome to adopt the U.S. National Security Agency's cyber education program.
What DHS must do to expand cybersecurity information-sharing
In the year since DHS expanded its voluntary Enhanced Cybersecurity Services program for sharing classified and unclassified threat indicators with critical infrastructure operators, only 40 critical infrastructure entities were participating in the program as of May 2014. These companies represent only three of the 16 designated sectors -- the defense industrial base, energy sector and communication services -- and only two are commercial services providers. Also, no additional providers have enrolled in the program since DHS took the reins in February 2013, so the DHS inspector general has recommended several ways to boost the program's participation rate and efficiency.
Vendor outreach key to unlocking federal cloud market
CIOs across the federal government have been working actively to incorporate cloud technologies, but the success and pace of those initiatives hinge on collaboration with the vendor community, federal IT leaders said at a recent cloud computing conference. They urged cloud service providers to offer agencies a glimpse of their roadmaps to help guide procurement strategies, which is often a byzantine process hampered by perpetual government tech talent shortages.
NIST offers help in securing printers, copiers, scanners from cyber intrusions
Fierce Government IT
Individuals and organizations need to be aware of the potential for printers, copiers and scanners being hacked. As such, the National Institute of Standards and Technology recently released draft guidance pointing out the risks and vulnerabilities of so-called replication devices, which increasingly also include 3D printers and scanners. Besides reminding people about potential cybersecurity problems, it offers advice on how such devices and information that's stored or transmitted can be better protected.
Geospatial Agency seeks small business innovation
The National Geospatial-Intelligence Agency is looking toward small business to provide vital technologies as the agency confronts budget constraints. Enticement efforts include targeted outreach, reshaped acquisition patterns and improved networking among potential contractors.
Making the health data move
In the over-the-rainbow nirvana of health technology, all data generated by patients, health records systems, consumer apps, medical devices and wearables will seamlessly interact, to the benefit of patient outcomes, clinical research and health care costs. But that dream is a long way off.A government agency is taking comments on a vision paper that spells out a 10-year plan for an ecosystem of interoperable health records.
DOD updates DISA's role as the department's cloud broker
The Pentagon is refining the Defense Information Systems Agency’s role as the Defense Department’s cloud broker, while outlining how DOD agencies can acquire commercial cloud services. But DISA will continue to play a central role in DOD’s move to the cloud, evaluating and approving the security of commercial services and offering the department’s private milCloud.
DoD rescinds DISA cloud-broker memo
C4ISR & Networks
The Defense Information Systems Agency is no longer the Pentagon’s officially designated cloud broker. Defense Department officials have apparently rescinded the 2012 memo, signed by then-DoD CIO Teri Takai, that designated DISA as the priority choice for defense agencies seeking cloud services. The move was part of a broader military cloud strategy.
DOD communications: Bringing it all together
Unified capabilities (UC) refers to a series of IP-based services, including voice, video and instant messaging, designed to make internal DOD communications smoother and more secure. The Defense Department will open up its quest for unified capabilities to the private cloud if and when the NSA approves the project's security architecture. The Defense Information Systems Agency, the Army and the Air Force will likely put out a joint request for proposal for UC in the first quarter of fiscal 2015, a top Army official said Sept. 15.
With MAMA, U.S. Air Force aiming to raise cyber awareness on networks
The U.S. Air Force is attempting to enhance what it is calling cyber situational awareness in order to contend with “increasingly sophisticated” threats to its networks and systems. In a post on FedBizOpps.gov, the Air Force Research Laboratory’s Information Directorate announced it is soliciting white papers for a new program, dubbed MAMA, “Mission Awareness for Mission Assurance.” MAMA’s goal is to achieve mission assurance for military operations and automatically assess mission execution via the analysis of network traffic flows. MAMA will prioritize mission essential functions, map critical cyber assets and analyze and mitigate vulnerabilities and risks.
Army turns to industry for better cyber capabilities
The Army Contracting Command-Aberdeen Proving Ground is looking for ideas, seeking white papers to identify potential sources for the procurement of cyber capabilities, according to a Request for Information solicitation. More specifically, the Army is studying industry feedback on cyber approaches that could be used for future strategic and protected cyber needs, according to the solicitation. Those approaches would focus on existing technical capabilities for defense against capabilities that exploit, deny or manipulate.
US Army plans to better manage cyber soldiers
The US Army is closer than ever to introducing a cyber branch to better manage troops with highly sought skills in this area, according to a senior Army cyber official. The branch, called Career Management Field 17, will draw on experts from the intelligence and signals community for dedicated cyber forces, said Ronald Pontius, deputy to the commander of US Army Cyber Command.
Cyber airmen race to stay ahead of new threats
C4ISR & Networks
As cyber threats increase and become more sophisticated, airmen in the Cyber career field find themselves operating in a fast-paced environment just trying to stay two steps ahead.For months, the Air Force has been aggressively lining up airmen for the U.S. Cyber Command-operated Cyber Mission Force teams: 1,715 airmen will be part of the Defense Department initiative to recruit 6,000 personnel to be part of 133 joint mission teams.
NGI rolls out, FBI exploring more biometrics
The FBI’s Next Generation Identification (NGI) system went live recently, replacing the Integrated Automated Fingerprint Identification System and improving accuracy. According to experts, the new system offers 99.6 percent correct identification versus 92 percent with the former, and the NGI enables automation of 93 percent of searches. Other upgrades include connections with the National Palm Print System, an iris-modality repository and capabilities for more mobile detections, and even more advancements in biometrics identification are underway.
FBI facial recognition system ready for use
The FBI has announced that it is prepared to roll out its new facial recognition system. The Next Generation Identification (NGI) system, which has more than 16 million face images, is intended to expand the agency's biometric identification program and ultimately replace its outdated Integrated Automated Fingerprint Identification System. According to the FBI, the agency believes that this is “a significant step forward” in “utilizing biometrics as an investigative enabler.”
Forget fingerprints, officials can track you all kinds of ways
Biometric identification moved past fingerprints long ago, and the range of modalities is helping the keepers of law and order make a big difference in several ways. Areas of growth include voice recognition software, facial recognition technology, finger vein identification, and eye scans (not necessarily of the iris, but of the area around the eye and the whites of the eye). So what’s next? According to one security expert, one of the big trends to watch is secure gesture authentication.
Intelligence community IDs cyber concerns
Sean Kanuck, national intelligence officer for cyber issues, Office of the Director of National Intelligence, says cyber pervades all other national security concerns, including biometrics. Every identity problem is a cyber issue going forward, because biometric and biographic information is collected and stored virtually. These systems have immense usage and hence are large targets for malicious activities, Kanuck explained. The country is at a critical juncture where innovation and the inability to protect systems of national security importance is a real problem. Kanuck urged developers of biometrics systems to consider emerging technical standards, policy, privacy and international issues.
DHS looks to replace IDENT
The Department of Homeland Security (DHS) is looking to replace its Automated Biometric Identification System (IDENT) in the next two to four years, an official with the department says. IDENT is DHS's central system for storing and processing biometric and associated biographic information for various homeland security purposes.
Apple Pay enabling biometric payments at the point-of-sale
Secure ID News
The latest set of iPhones will include near field communication and consumers will be able to pay by using the Touch ID sensor built into the handset. The Apple Watch, a new wearable from the computing giant, will also have NFC and enable payments. The iPhones 6 and 6 Plus will both include NFC and a secure element that will store all the payment card data.
Wearables Hardware a $53B Market by 2019
A new forecast from technology analyst firm Juniper Research suggests that Apple's recent move into wearables is a smart and potentially lucrative one. Global retail sales of wearable devices will reach $53.2 billion by 2019, the market research firm predicted. This year the market is expected to reach $4.5 billion in sales.
Firefighters use Special Forces gear to stay connected
In 2013, a fast-moving brushfire trapped Arizona fighters in a canyon, and although other firefighters tried to rescue the team, the smoke made aerial observation impossible, and calls over the radio went unanswered.In response to the disaster, the Defense Advanced Research Projects Agency (DARPA) began developing the Fire Line Advanced Situational Awareness for Handhelds (FLASH), a civilian version of the system used by special operators in areas without communications infrastructure. FLASH uses a Wave Relay radio, developed by Persistent Systems, to form a mobile comms network that can bounce signals between nodes and then over and around obstacles.
Retail breaches could spur channel business, modernized payment systems
The retail industry, reeling from a litany of recent credit card breaches, could finally get a long-awaited injection of data protection technology, creating opportunities for solution providers that specialize in data security, compliance assessments and modern payment terminal deployments.Target, Home Depot and other large retailers will be among the first to roll out terminals that support chip-and-PIN cards, but the technology alone doesn't provide the data security benefits, say solution providers. One expert says ewly manufactured, encrypted payment terminals would provide the greatest benefit in reducing fraud and help ease the barrage of data breaches.
What’s really driving cyberattacks against retailers
The Washington Post
Security researchers say they've uncovered links to commentary that accuses the United States of fomenting unrest around the world in the code of the malware believed to have been used in a string of data breaches at U.S. retail stores over the past year. But these links don't necessarily mean that ideology was the driving force behind the hacks. Instead, the key motivator was likely financial gain.
Chinese hacking groups team up against government, military Systems
Two Chinese cyber espionage campaigns are working in tandem in hopes of sniffing out trade secrets from surrounding nations. Researchers from FireEye outlined information about the two attack groups Sept. 10 in advance of a more comprehensive report. Both groups are based on the Chinese coast and are likely targeting intelligence from countries surrounding the South China Sea such as Japan and Taiwan, according to FireEye.
Did NATO drop the ball on cyber defense?
Cyber defense capabilities are necessary for NATO to carry out its mission. But at the recent NATO Summit in Wales, the alliance missed the opportunity to address how to deal with a potential cyber attack that could be the result of new defense posture announced at the summit. NATO must expeditiously operationalize the Enhanced Cyber Defense Policy endorsed at the summit, which reinforces that NATO members will work together to build up the alliance’s cyber defenses. Protecting its member nations entails having its communications, troops, and command and control structures protected against cyber threats.
CDM dashboard stirs second contractor controversy
The inspector general at the General Services Administration is assessing claims raised by security technology vendor Agilance, which says contractors for the Department of Homeland Security's continuous diagnostic and mitigation (CDM) dashboard are engaged in questionable cross-marketing activities.
DHS S&T chief plans for more relevant research, better employee morale
Federal News Radio
The Homeland Security Department's new science and technology chief says he has a plan to turn around an organization that outside auditors say is out of touch with its customers and has numerous duplicative projects, poorly-tracked investments and rock-bottom workforce morale.Dr. Reginald Brothers outlined an agenda Sept. 9 that would reduce the department's overall number of research programs and make the remaining ones more impactful and more strategically focused.
Data governance issues slowing US fed move to cloud
Business Cloud News
Nearly ninety per cent of federal government IT professionals are apprehensive about migrating their agencies’ systems to the cloud, with many migration projects still being held up by cloud-related data governance challenges, recently published research by MeriTalk reveals. Research by the same firm earlier this summer suggests these agencies could be missing out on roughly $19 billion in savings.
'You need to talk in terms of operational impact'
When Richard Spires was CIO at the Department of Homeland Security, getting funding was a difficult matter.Part of the issue, Spires and other former agency IT leaders at a recent cybersecurity conference said, was that legacy systems consume a large share of budgets, and that there is constant pressure to shift remaining money into new systems and new functionality. Because cybersecurity spending is generally invisible when it succeeds, Spires said, "it's always going to be a struggle, because you're always buying insurance." The key challenge for CIOs and other IT leaders, therefore, is to put the costs, risks and benefits of cyber into a context that non-technical executives can understand.
Modernizing VistA: Enabling scalable interoperability in a legacy system
The Veterans Health Information Systems and Technology Architecture (VistA) is the VA’s enterprise electronic health record system that tracks clinical treatment and care information.The Department of Veterans Affairs is in the midst of an evolution as it continues efforts to modernize and ensure the long-term viability of VistA to meet the healthcare needs of the nation’s military veterans.While the technical challenges are formidable, leveraging cutting-edge tools and platforms can be part of the solution for achieving fast, secure and scalable interoperability within the mission-critical legacy system.
Administration renews call for cyber legislation
Top Department of Homeland Security officials have renewed their calls for Congress to pass cybersecurity legislation to strengthen DHS’s ability to mitigate cyberattacks. The House has passed bills designed to boost information sharing, advance cyber technologies, improve the DHS cybersecurity workforce and give DHS some of the codified authority it seeks.The Senate has been slower to act, but DHS Secretary Jeh Johnson said Congress can rally around "areas of strong consensus" by passing legislation: codifying DHS’s cybersecurity responsibilities, making it easier for DHS and the private sector to collaborate on cybersecurity, and improving the department’s ability to hire top cyber talent.
U.S. at risk if cybersecurity bills stall, according to Congressional Republicans
The nation will be at serious risk if the current Congress fails to reach an agreement on cybersecurity legislation, Republican leaders of the House and Senate Intelligence Committees said Sept. 10, citing mounting attacks against U.S. companies.House Intelligence Committee Chairman Mike Rogers (R-MI) and Senate Intelligence Committee Vice Chairman Saxby Chambliss (R-GA) are pushing legislation to provide liability protection to companies that share cyberthreat data with government and industry partners. They urged final passage during the “lame-duck” period that follows the November elections, conceding that Congress is unlikely to get to the issue before that time.
DISA cloud brokering up in smoke
The Defense Information System Agency (DISA) had been identified as DoD's cloud broker, but that has been rescinded, reports Lt. Gen. Mark Bowman, USA, director, command, control, communications and computers/cyber and chief information officer, Joint Chiefs of Staff. He offered no other details on how or why it was rescinded, but he predicted that lower budgets next year will drive innovation and greater sharing within the Defense Department. Some services, he said, can be run “to standard” in a commercial environment.
DISA kicks off IT contract to support Cyber Command
The Defense Information Systems Agency launched Sept. 11 what it described as the first omnibus contract to provide a wide range of information technology services to the U.S. Cyber Command, including assistance for offensive and defensive cyber operations DISA said the indefinite delivery, indefinite quantity IT contract is open only to small businesses, with some of the tasks currently performed by large contractors, such as a security program that shares information with the Defense Industrial Base. The contract will streamline acquisition of cyber-related services and will provide support across multiple technical and nontechnical 55 disciplines under a centralized structure.
DISA to launch first round of JRSS network upgrades
The U.S. Defense Department is primed to take a first step toward the realization of the colossal concept of connecting its entire network system under the Joint Information Environment (JIE). For more than a year, the Defense Information Systems Agency (DISA), along with the Army, Air Force and defense contractor Lockheed Martin, has worked on the joint regional security stacks (JRSS), a key upgrade to streamline network operations and, officials say, improve security.To begin with, DISA will migrate network users from their as-is infrastructure and security posture to the JRSS, beginning now at Joint Base San Antonio in Texas.
DoD ramps up security as it drifts toward cloud
The Defense Department is committed to pursuing cloud-based services and steadily has been improving its capabilities to utilize the technology . The latest evidence of DoD embracing the cloud is its approval of a protocol that will facilitate the use of the technology at higher security levels. DISA wants to pursue a three-part cloud strategy, said Deltek's Alex Rossino: "One is the use the agency's [IaaS] milCloud offering for DoD customers. The second is use of a commercial cloud infrastructure 'inside the DoD fence line' for cybersecurity purposes, and the third is use of purely commercial cloud solutions for publicly releasable data. This leaves a lot of room for multiple players."
Army Contracting Command running through the doors that cloud opens
Federal News Radio
The Army Contracting Command (ACC) will remove those bulky desktop computers from underneath most of its employees' desks in the coming year or so. The ACC is preparing to go to a zero-client setup for its computer network.Gino Magnifico, the chief information officer of the Army Contracting Command, said the command's move to the cloud in 2010 really set the stage for the decision to give employees a monitor, keyboard and mouse, and remove the rest of the computer from their desks.
Army cyber chief: Let's get closer to industry
To keep pace with rapid changes in the cyber domain, the military needs “a much tighter relationship between industry and government,” the head of U.S. Army Cyber Command said Sept. 11.Lt. Gen. Edward Cardon said there were opportunities for industry to develop network infrastructures, operating systems and applications — and that past collaboration on a training environment had worked well. A central clearinghouse for industry to access the service’s cyber requirements is in the works, Cardon said.
DOD Deputy CIO: 'Cybersecurity should vary by mission'
The different levels of mission risk at the Defense Department have posed a major challenge to building out DoD's cybersecurity posture. Now, according to Deputy CIO Richard Hale, DoD is trying to rework its computing and wide area network infrastructure in order to have a "more sophisticated notion of zoning by mission risk."That involves cleaning up the server computing side of things and distinguishing it from the user computing side. Without achieving that, Hale said, DoD will never be able to go fully mobile. Moving to a Joint Information Environment would also position DoD to take more advantage of mobile and cloud, according to Hale.
Naval Academy works on accrediting cyber major
A Naval Academy dean said Sept. 8 that he hopes cybersecurity, a field of increasing importance to national security and civilian computer networks, can be accredited as a major by the time the academy’s first cybersecurity students graduate in 2016. The academy wants to be among the first to receive such accreditation.
Why email is worth saving
Contrary to popular opinion in some quarters, email is not dead. Email is the unsung hero of the global economy, the rusty workhorse that will likely be around forever. Facebook, Snapchat, Whatsapp, and other nominal email replacements are completely inadequate for personal B2C communication and sensitive P2P messaging, not to mention robust B2B communication. Email is worth saving and protecting and there is an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery --Domain-based Message Authentication, Reporting & Conformance (DMARC) -- which is an emerging email delivery standard that has shown much progress and potential.
Identity Management in the age of wearable technology
Given Apple's track record, it is likely that the Apple Watch is going to accelerate the adoption of wearable technology.Although many focus on the potentially negative impact of wearable technology, including security risks and network overload, it should also be seen as a great opportunity. The list of connected devices will keep growing, as will the list of commercial opportunities for companies willing to invest in consumer-facing identity software. As more and more organizations today go through digital transformation, identity software is becoming the critical technology that securely bridges cloud, mobile and Internet of Things (IoT) offerings – and this now includes wearable devices.
Intel wants biometrics to replace passwords
An Intel executive says that the company is currently working on a facial recognition system as security measure for its users that will replace the existing password system.The official said the system will enable users to log into their devices and websites using their face as an identity authentication tool.