Generic

Cybersecurity News

 

Healthcare security spending to reach US$10 billion by 2020
Help Net Security
02/26/15

The healthcare sector is ill-prepared for the new cyber age. Hospitals, clinics, trusts, and insurers are under attack from malicious online agents. The value of personal health information, made more easily available with the convergence to electronic health records, is ten times that of financial data such as credit card numbers. Medical identity theft and fraud are on the rise, and healthcare providers are struggling to cope, but the industry spends very little on cybersecurity, comparatively to other regulated critical industries. ABI Research calculates cybersecurity spending for healthcare protection will only reach $10 billion (US) globally by 2020, just under 10% of total spend on critical infrastructure security.


Cyber threats expanding, new US intelligence assessment says
Associated Press
02/26/15

The U.S. has elevated its appraisal of the cyber threat from Russia, the U.S. intelligence chief said Feb. 26 as he delivered the annual assessment by intelligence agencies of the top dangers facing the country. “While I can’t go into detail here, the Russian cyber threat is more severe than we had previously assessed,” James Clapper, the director of national intelligence, told the Senate Armed Services Committee, as he presented the annual worldwide threats assessment. As they have in recent years, U.S. intelligence agencies once again listed cyber attacks as the top danger to U.S. national security, ahead of terrorism.


US spymaster warns over low-level cyber attacks
Security Week
02/26/15

A steady stream of low-level cyber attacks poses the most likely danger to the United States rather than a potential digital "Armageddon," US intelligence director James Clapper said Feb. 26. U.S. officials for years have warned of a possible "cyber Pearl Harbor" that could shut down financial networks, poison water supplies or switch off power grids. But Clapper told lawmakers that American spy agencies were more focused on lower-profile but persistent assaults that could have a damaging effect over time.


Study: Thousands more vulnerabilities reported in 2014 than previous years
SC Magazine
02/24/15

Last year saw thousands of more bugs being reported to the National Vulnerability Database (NVD) than in years prior, according to a blog post from GFI Software, which takes a look at more than 7,000 vulnerabilities added to the NVD in 2014. Of the 7,038 vulnerabilities, 83 percent are in third-party applications and 24 percent were considered high severity bugs. The overall number represents a spike when compared to the 4,794 bugs added in 2013.


Bank regulator eyes tougher rules to fight hacking
Security Week
02/25/15

Benjamin Lawsky, who leads New York state's Department of Financial Services, says the department is considering mandating that banks and other financial institutions establish a "multifactor authentication" system whereby users log in with a randomly generated password sent to a smartphone in addition to a conventional password, and whether such new password requirements would fall on bank employees or consumers who do online banking. Other possible proposals include rating banks and insurers on their cybersecurity as part of regular oversight of the banks used to determine if banks can pay dividends or make acquisitions, and forcing financial institutions to require certifications of cybersecurity controls from third parties working in a bank, such as a law firm or a company brought in to do maintenance.


Anthem breach affects millions of non-Anthem customers
Help Net Security
02/25/15

Anthem, the second-largest health insurer in the United States, which has reported a massive data breach earlier this month, has finally come out with a more definite number of affected individuals: 78.8 million. But if you think that if you weren't an Anthem customer your data is safe, you might want to check again, as between 8.8 million to 18.8 million of the persons whose data was stolen were actually not Anthem customers. The breach also impacted Blue Cross and Blue Shield plans not owned by Anthem.


Target breach costs: $162 million
Info Risk Today
02/25/15

Target's breach-related expenses not covered by insurance have totaled $162 million so far, its latest financial report shows. And experts says the breach could continue to have a financial impact for years to come. Gross expenses stemming from Target's data breach in December 2013 have totaled $252 million. But insurance has covered $90 million of that cost. The breach exposed 40 million payment cards and personal information on 70 million customers.


Cybersecurity startups raise $7.3 billion over 1028 deals
CB Insights
02/24/15

A litany of high profile security breaches of corporations and governments have made cybersecurity startups an increasingly hot area for investment. This article uses CB Insights data to analyze cybersecurity financing trends and some of the most active investors in the space.


DHS official warns of shutdown risks
Gov Info Security
02/25/15

A top Department of Homeland Security official says the nation's IT security would be at risk if Congress fails to fund the department by Feb. 27. DHS Undersecretary Suzanne Spaulding told the House Homeland Security Committee Feb. 25 " Anything that hampers and slows us down creates risk for us and for the nation." Spaulding said 43 percent of the directorate workforce would be furloughed, including 91 percent of employees with cybersecurity responsibilities, if Congress fails to act on continued funding. That means delays will occur in fully implementing systems at some federal agencies to detect and prevent intrusions - Einstein 2 and Einstein 3A - as well as continuously monitor systems to identify vulnerabilities.


Mobile UC gains momentum
Fed Tech
02/24/15

Roughly 73 percent of Americans own a smartphone, according to the research firm comScore. Many are federal employees, which is one reason why government agencies are increasingly extending their unified communications platforms to smartphones and other mobile devices.


Increased federal cloud usage hinges on up-and-coming data encryption technology
Federal News Radio
02/27/15

Cybersecurity remains one of the biggest hurdles to the widespread use of cloud computing across the government. But a new type of data encryption may be the answer to those who still question whether their data can be safe in the cloud. While the federal cloud security standards under FedRAMP gained acceptance, the standards don't necessarily protect the data in and of itself. FedRAMP is more focused on protecting the network, and for some federal technology and security managers the need to protect their data is a real sticking point that must be overcome before there is a huge expansion of cloud services.


How cloud became integral to agency strategy
Next Gov
02/25/15

From a financial perspective, the Obama administration’s proposed fiscal 2015 budget estimates that about 8.5 percent of the $86 billion federal IT budget – or $7.3 billion – will be spent on provisioned services like cloud computing. But the dollar figure probably doesn’t do justice to how cloud computing has affected the strategic thinking behind agency walls. Whether it’s the IT folks keeping backend systems operational, the visionary chief information officers or the teams charged with carrying out tech programs, cloud is a dominant topic of conversation.


The White House establishes a new agency to collect cyber security intelligence
The Next Web
02/26/15

The FBI, CIA and NSA all deal with cyber security, but as organizations they often operate independently; the FBI doesn’t necessarily know what the NSA is up to and vice-versa. To address this problem, the White House has announced creation of a new agency, the Cyber Thread Intelligence Integration Center (CTIIC), to provide “a cross-agency view of foreign cyber threats, their severity, and potential attribution.” The CTIIC won’t deal with attacks directly, but it will support the operations of other agencies like the National Cybersecurity and Communications Integration Center and US Cyber Command by providing a “whole-of-government” view on attacks and policy.


The plan to fix federal IT
Federal Times
02/25/15

The administration is making a significant push to reform federal IT, as seen in the president's 2016 budget request and the appointment of two industry veterans as the nation's top technologists to lead the government's IT modernization effort.Their focus will be on three key areas -- better efficiency and performance on IT projects; bolstering the workforce through better hiring and training; and cybersecurity -- which are reflected in a number of IT initiatives in the president's 2016 budget proposal.


Cyber gets a boost in VA budget request
FCW
02/26/15

The Department of Veterans Affairs, which failed its most recent security audit, is seeking a 16 percent increase in its information security budget for fiscal 2016, as it looks to tighten up controls on sensitive data. The VA wants a boost in overall information security spending, from $156 million in 2015 to $180.3 million. Within that $180.3 million total, cybersecurity accounts for $53 million, which is also a 16 percent increase over fiscal 2015.


DARPA offers rare glimpse at program to visualize cyberdefenses (+video)
The Christian Science Monitor – Passcode
02/26/15

DARPA, the Pentagon's advanced research arm, has revealed its latest version of Plan X, an in-progress system designed for the military to visualize defending against cyberattacks. The $125 million Plan X project aims to immediately notify warfighters when adversaries penetrate their networks, and give them the tools to quickly select the best applications to defend against incursions from a shared database inspired by Apple's App Store.


Blog: Harnessing the power of IT interoperability
Signal
02/26/15

While DoD's transition to a Joint Information Environment (JIE) will consolidate and standardize networks and infrastructure, each agency and branch will still have its own systems, networks, applications and information technology methodologies, and they generally will have their own set of NetOps tools to help them achieve their missions. The solution is interoperability of information technology (IT) management tools. To successfully secure and streamline the DOD information networks, there must be far greater interoperability of NetOps and other IT management tools within the department’s services.


Cyber collaboration in government still a work in progress
Next Gov
02/25/15

Amid the onslaught of cyberthreats faced by federal agencies, the potential for an even larger and more sustained catastrophic version of a digital attack has become an increasingly real possibility. If such a scenario were to took take place, the Defense Department would certainly play a lead role in the response. But it likely couldn’t do it alone, according to Lt. Gen. Edward Cardon, commanding general of the Army Cyber Command.


VISTA-based solution eliminated from DoD health record procurement
FCW
02/24/15

The Department of Defense has trimmed the list of bidders on its $11 billion procurement for an electronic health records system, and the open-source entrant, a PwC-led bid using a commercial version of the VISTA health record created by the Department of Veterans Affairs, isn't going forward.


JIE: How DOD is building a bigger network that's also a smaller target
Defense Systems
02/23/15

Faced with growing and more sophisticated cyber threats to U.S. military networks, Defense Department officials openly acknowledge that in its current state DOD’s legacy information architecture is not in a strongly defensible position. The military’s Joint Regional Security Stacks (JRSS) initiative is a critical effort to consolidate its security posture across its infrastructure, giving adversaries less surface area to attack. JRSS is envisioned as bringing together cyber defense in an integrated architecture for the department to align with the Joint Information Environment (JIE), a secure, interoperable cloud computing environment that accommodates all of the military services, DOD components and allied forces.


NIST outlines guidance for security of copiers, scanners
GCN
02/25/15

The National Institute of Standards and Technology has announced that its internal report 8023: Risk Management for Replication Devices is now available. The guidance covers protecting the information processed, stored or transmitted on replication devices (RDs), which are devices that copy, print or scan documents, images or objects. Because today’s RDs have the characteristics of computing devices (storage, operating systems, CPUs and networking) they are vulnerable to a number of exploits, NIST said.


Critical vulnerabilities affecting SAP business critical apps
Help Net Security
02/27/14

Onapsis has released five security advisories detailing vulnerabilities in SAP BusinessObjects and SAP HANA enterprise software. Included in the security advisories are three high risk vulnerabilities, one of which allows unauthenticated users to overwrite business data, and two medium risk vulnerabilities. Depending on an organization’s use of these platforms, high risk vulnerabilities could be used by cyber attackers to gain access to mission-critical information including customer data, product pricing, financial statements, employee information, supply chains, business intelligence, budgeting, planning and forecasting.


IT experts fear lack of cyber intelligence
C4ISR & Networks
02/24/15

A majority of IT experts do not feel confident in the ability of their organizations to predict and combat cyber vulnerabilities, according to a survey. The survey of 678 private and government IT experts, by data security research group Ponemon Institute, found a sharp lack of faith that leaders are ready to combat cyber threats.


NSA chief: China, Russia capable of carrying out ‘Cyber Pearl Harbor’ attack
National Defense
02/23/15

Nations such as China and Russia have enough offensive cyber capabilities to one day carry out a “cyber Pearl Harbor” attack, said the head of the National Security Agency and U.S. Cyber Command. A cyber Pearl Harbor could include an attack on critical infrastructure or the financial sector, Rogers said during a recent cybersecurity forum.


Document reveals growth of cyberwarfare between the U.S. and Iran
The New York Times
02/22/15

A newly disclosed National Security Agency document from 2013 illustrates the striking acceleration of the use of cyberweapons by the U.S. and Iran against each other. It described how Iranian officials discovered new evidence the year before that the United States was preparing computer surveillance or cyberattacks on their networks and detailed how the U.S. and Britain had worked together to contain the damage from “Iran’s discovery of computer network exploitation tools” — the building blocks of cyberweapons.For the first time, the NSA acknowledged that its attacks on Iran’s nuclear infrastructure during the George W. Bush administration kicked off the cycle of retaliation and escalation that has come to mark the computer competition between the U.S. and Iran.


SEC on the prowl for cyber security cases: official
Reuters
02/20/15

Investigators at the U.S. Securities and Exchange Commission are on the lookout for violations such as poor risk controls or lax disclosures relating to hacking and other cyber breaches, a top SEC official said Feb. 20. In 2011, the SEC drafted some informal staff-level guidance for public companies on whether to disclose cyber attacks and their impact on a company's financial condition. There is no formal rule, however, outlining when and how cyber incidents must be disclosed, and states have differing laws on when and how customers must be informed about breaches.


Governors' briefing on cybersecurity: People are everything
Government Technology
02/23/15

'States Leading on Cybersecurity' was the name of session at National Governors Association (NGA) Annual Winter Meeting Feb. 22. Homeland Security Secretary Jeh Johnson addressed looming DHS shutdown impacts as well as federal / state opportunities to work together to share cyberthreats and other critical information across the public and private sectors. Developing deeper cybersecurity partnerships, the need for better training and the focus on keeping cyber talent (and related people issues) were the top themes covered.


Cybersecurity stocks just got another huge buy signal
InfoSec Hot Spot
02/19/15

The White House's commitment to cyber defense means billions of dollars will start to pour into cybersecurity companies - which is huge news for investors. The reason for the government's cybersecurity push is the staggering amount of money spent preventing and responding to cyber threats every year..."The money spent on cyber defense represents one of the highest profit potentials of anything I've encountered," Money Morning's Small-Cap Investing Specialist Sid Riggs said. "And the growth numbers spotlight not just one company but an entire sector that will have the wind at its back for the rest of our investing lifetimes."


NSA director: We need frameworks for cyber, circumventing crypto
Threat Post
02/23/15

NSA director and commander of U.S. Cyber Command, Mike Rogers, says Congress needs to create a legal framework outside the NSA and FBI’s control that would establish norms of behavior for law enforcement and intelligence-gathering organizations in the U.S. and abroad. When asked about the national security community’s role in responding to cyberattacks, Rogers said that the key for the NSA is to ensure that his agency’s capabilities are deployed in a lawful, ethical and principled manner, as established by the Congress and the president.


CIA looks to expand its cyber espionage capabilities
The Washington Post
02/23/15

CIA Director John Brennan is reportedly planning a major expansion of the agency’s cyber-espionage capabilities in almost every category of operations as part of a broad restructuring of the CIA. The proposed shift reflects a determination that the CIA’s approach to conventional espionage is increasingly outmoded amid the exploding use of smartphones, social media and other technologies. Brennan’s team has even considered creating a new cyber-directorate to put the agency’s technology experts on equal footing with the operations and analysis branches.


GSA, NOAA roar into March with major IT, services RFPs
Federal News Radio
02/20/15

The General Services Administration and the National Oceanic and Atmospheric Administration are teeing up several new opportunities for vendors, and by March, contractors can expect a series of draft and final requests for proposals for some of the largest IT and services contracts in the government. GSA is about to release the draft RFP for Alliant 2, an RFI for VETS 2 and an open season for the 8(a) STARS II program. NOAA is preparing to release a draft RFP this summer for its large Pro-TECH contract for professional and technical services.


How vulnerable are UAVs to cyber attacks?
C4ISR & Networks
02/23/15

The Federal Aviation Administration recently released proposed rules for the use of commercial drones weighing less than 55 pounds. The proposed rules are open for public comment. The FAA is reacting quickly as the commercial drone market begins to take off. Business Insider recently published their market estimates for the defense and commercial drone market. They believe that 12 percent of the $98 billion estimated global spending (military/civilian) on aerial drones over the next decade will be for commercial purposes.


OMB getting more active in cybersecurity
Federal Times
02/23/15

The Office of Management and Budget is working on several policy directives around cybersecurity, including guidance on the 2014 update to the Federal Information Security Management Act (FISMA). But the agency is also looking to take a more active role in securing the nation's networks. The newly established E-Government Cyber Unit — part of the Office of E-Government and Information Technology — was created to lead OMB's cybersecurity initiatives. President Obama's 2016 budget proposal includes an additional $15 million (total $35 million) for OMB's Information Technology Oversight and Reform (ITOR) to support the new cyber unit.


DOJ R&D agency awards grants for speedier digital forensics
Dark Reading
02/23/15

The U.S. Department of Justice's R&D agency, the National Institute of Justice, is funding new incident response technology to assist law enforcement. The agency has awarded grants for the development of new tools that speed up the process of examining hard drives in the wake of a cyberattack or other types of criminal cases.


GOP chairman: Cyberattacks are biggest threat to privacy
The Hill
02/21/15

Congress must pass a cybersecurity bill this year to avoid “lasting harm” to the United States, said Senate Homeland Security Committee Chairman Ron Johnson (R-WI). Johnson, in the GOP's weekly address Feb. 21, argued that the danger from cyberattacks are the real threat to Americans' privacy and pushed for robust legislation. The Intelligence Committee is slated to introduce a bill that is expected to mirror last year’s controversial Cybersecurity Information Sharing Act (CISA), with some stronger privacy protections.The bill is meant to encourage companies to share information by guarding them from the threat of lawsuits.


Hurd: 'Three-Legged Stool' key to federal IT reform
Federal News Radio
02/17/15

An "over classification" problem plagues federal data that could help the private sector fend off terrorist attacks, or help with cross-agency collaboration, says Rep. Will Hurd (R-TX), the new chairman of the House Oversight and Government Reform Subcommittee on IT. He sees four areas he hopes the subcommittee can make a legislative impact: 1) cybersecurity information sharing; 2) privacy, and specifically, how to balance civil liberties with protecting the nation's digital infrastructure; 3) figuring out a productive, yet safe way to handle emerging technologies for the federal government; and 4) IT procurement reform.


NSA chief declines comment on spyware reports, says programs lawful
Reuters
02/23/15

The head of the National Security Agency refused to comment on reports that the U.S. government implants spyware on computer hard drives for surveillance purposes, saying "we fully comply with the law." U.S. Navy Admiral Michael Rogers was responding to a report by Kaspersky Lab that the NSA had embedded spyware in computers on a vast scale and that along with its British counterpart, had hacked into the world's biggest manufacturer of cellphone SIM cards.


DOD wants physical separation for classified data in the cloud … For now
Next Gov
02/20/15

The Defense Department’s evolving cloud strategy and recently updated security requirements govern how commercial cloud service providers can -- and in some cases, have already begun to -- host some the Pentagon’s most sensitive data.But the Pentagon isn’t ready yet for classified information to be stored off-premise in the cloud, instead wanting “physical separation” between systems with classified workloads and that of other systems.


Cyber threat challenges military structure
FCW
02/23/15

The diffuse nature of computer networks challenges the U.S. military's traditional, top-down way of operating, said Lt. Gen. Edward Cardon, head of Army Cyber Command. That discrepancy, he added, means the military must be flexible in its organizational approach to cyberspace.


Government urges Lenovo computer owners to remove Superfish software
NBC News
02/20/15

The U.S. Department of Homeland Security on Feb. 20 advised owners of Lenovo computers to remove a software program known as "Superfish," which it said the world's No. 1 PC maker started installing on some machines as early as 2010. An alert released through DHS' National Cyber Awareness System warned that the software made users vulnerable to a type of cyberattack known as SSL spoofing, in which remote attackers can read encrypted web traffic, redirect traffic from official websites to spoofs, and perform other attacks.


Biometrics, a part of the future of electronic voting
Election Universe
02/15/14

Voter impersonation has been an ever-present threat to election integrity for centuries. Fortunately, recent developments in biometric technology are yielding positive results when it comes to authenticating voters efficiently. Experts have recommended the adoption of a two-factor authentication strategy to strengthen this important verification process. Voters should be authenticated using a mix of biographic and biometric information. A transparent electoral roll, which can be cleaned by using biometric information, is a first step towards a legitimate election and a giant leap towards building trust.


How we can prevent another Anthem breach

Dark Reading
02/18/15

Anthem Healthcare recently had to notify clients that the personal records of as many as 80 million individuals were compromised by a data breach.The reality is, sadly, that this was most likely anything but a sophisticated attack, as was likely based on using legitimate credentials to read, and export, the data. Either it was an “insider attack” in which an employee used their own account to harvest data or an outsider phished the credentials from an employee. In either case, firewalls and other security measures to keep intruders out would have had no effect as the “intruders” were already inside the walls.


The two acronyms that are key to Obama’s new plan to fight hackers
Next Gov
02/13/15

There are two new cybersecurity acronyms that are essential for explaining how the government will expand information sharing with the private sector. The two words are STIX and TAXII, a programming language and data delivery method that are meant to bring these parties together in the virtual word. They offer a potential two-way street to the information sharing and collaboration that government officials, retailers and Wall Street want more of to fight cybercrimes.


Obama ranks North Korea cyber capabilities as not so good
Security Week
02/17/15

Iran is "good," China and Russia are "very good," but North Korea's cyberattack capabilities are actually not that great, according to an impromptu ranking by President Obama. In an interview with online site "re/code" published Feb. 17, Obama used North Korea's relative lack of electronic prowess to underscore how dangerous even less skilled cyber attackers can be.


UVA professor receives grant to look for causes of cybersecurity attacks
WVIR-TV - Channel 29 (Charlottesville, VA)
02/17/15

Ahmed Abbasi, a professor of information technology at the University of Virginia's McIntire School of Commerce, aims to find out how and why hackers and phishers conduct attacks, investigating the issue on several levels – technological and psycho-social – with a $1.5 million National Science Foundation grant. Abbasi is working with a team of cybersecurity experts from other universities to look for the root causes of cybersecurity attacks, as well as how such attacks might be predicted and prevented. Seeking to gain insight into not only the technological elements of the attacks, but also their political, social and psychological drivers, Abbasi said a key objective of the grant is to combine the expertise of computational, data and social scientists.


Nine takeaways from the White House cyber-security summit
eWeek
02/17/15

On Feb. 13 in an appearance at Stanford University, President Obama signed an executive order asking the IT sector to join with the federal government and the military to renew their efforts to strengthen data security by sharing security information. Here are key takeaways from the White House Cyber-security and Consumer Protection Summit.


Opinion: White House summit missed a larger opportunity on cybersecurity
Government Technology
02/14/15

The White House Summit on Cybersecurity and Consumer Protection at Stanford University was a very good event with meaningful outcomes. But it could have been much more.Most Americans didn’t even notice that the event occurred, and based on the opinions of select security experts and media coverage, this Cybersecurity Summit at Stanford did not hit home for most Americans. President Obama missed a unique opportunity to rise above our current breach headlines and cybersecurity problems to make a special mark on cyberspace history for the 21st century.


Is government ready for agile?
FCW
02/13/15

In the past year, government innovators have released a number of policies and guides, including the U.S. Digital Services Playbook and 18F's open-source policy. Now an organization that promotes agile development, Agile Government Leadership, has released an Agile Government Handbook.The guide lists resources such as books, white papers, directives and articles, and includes a checklist, key questions and a "manifesto" of rules to live by when using agile techniques. So now federal agencies have a handbook. But do they have the processes and people in place to adopt agile methodology?


Justice, DHS quarantine smartphones returning from abroad
Next Gov
02/18/15

Officials at the departments of Justice and Homeland Security typically expect employees’ smartphones will be bugged when they travel overseas. So, they are experimenting with various ways to neutralize foreign spy gear. To contain possible damage, Homeland Security limits what employees can see on their mobile device overseas, and "when it comes back, it's usually quarantined," an official said. Both DHS and Justice want to reach a level of security where not only can they decontaminate phones but also dissect the contaminants placed inside.


Why government cybersecurity measures should take cues from industry-driven rules
SC Magazine
02/17/15

Recent Obama Administration initiatives calling for new federal information security measures are, on the whole, thoughtful and encouraging steps – and the attention to cybersecurity is overdue. But will they be enough? Past government actions on data security have often been vague and insufficient. In order to deliver more effective federal security rules, lawmakers may do well to look at industry-driven rules for a guide.


Checking in on the NIST Cybersecurity Framework
CA Highlight - Technologies Blog
02/12/15

In the year since release of the NIST Framework for Improving Critical Infrastructure Cybersecurity, we have seen different critical infrastructure industry sectors, including the telecommunications sector, the energy sector and others, work to align their own security guidance with the Framework. In addition, some state governments, including Virginia and Pennsylvania, have announced their intention to use the NIST Framework to guide their information security programs, while certain federal agencies have increasingly cited the terminology and security best practices of the Framework.


FITARA implementation listening tour
Federal News Radio
02/16/15

OMB is getting kudos for its initial steps to implement the Federal Information Technology Reform Act (FITARA) enacted in December.Not only have OMB officials begun discussions with federal CIOs but reportedly are on a listening tour of sorts with former federal IT and other CXO community officials. One participant said OMB is intent on making sure FITARA avoids the mistakes made with the 1996 Clinger-Cohen Act implementation. Along with talking to former federal IT executives, OMB on Feb. 2 issued a "management alert" to agencies about FITARA, telling them to be prepared for governmentwide guidance.


Legislation and the future of federal cybersecurity
FCW
02/18/15

Cybersecurity continues to be at the forefront of national focus, thanks to Congress’ passing and the president’s signing of three cybersecurity-related bills last December to reform FISMA, codify the activities of DHS' National Cybersecurity and Integrations Center, and enhance the government's pool of talented cybersecurity professionals. Those statutes are now being implemented to continue the progress agencies have made in protecting government networks and working with state and local agencies, critical infrastructure operators, and other private-sector partners to achieve similar progress.


Congress to consider info-sharing bills
Gov Info Security
02/18/15

President Obama is calling on Congress to enact cyberthreat information sharing legislation, and the House Homeland Security Committee will hold a hearing Feb. 25 to review the administration's proposal.The Senate Permanent Select Committee on Intelligence and the Senate Homeland Security and Governmental Affairs Committee are also expected to consider cyberthreat information sharing legislation.


The Army’s future in cyberspace
Army Magazine
02/12/15

There is a good deal of energy and a fair amount of chaos in the Army’s approach to developing the resources needed for seizing the high ground in cyber warfare. That’s a good thing. What the military needs to succeed in this effort is even more energy and more chaos. That’s because it is currently operating within a very large void.


Rep. Will Hurd on cyber-security & civil liberties
Baseline
02/13/15

In an era when most political leaders struggle to understand information technology, Rep. Will Hurd (R-TX), a freshman who chairs a newly formed House Information Technology Subcommittee, hopes to drive change in government and business. Hurd formerly served as a senior advisor at a cybersecurity firm and, before that, he worked as an undercover officer at the CIA.In this interview, Hurd discusses the current state of cybersecurity and how business and government can protect themselves.


Recent security incidents place renewed emphasis on airport employee screening
Security Info Watch
02/17/15

The discovery late last year of a gun smuggling ring from Atlanta to New York that was allegedly carried out by an airline baggage handler at Atlanta’s Hartsfield-Jackson International Airport has placed increased scrutiny on the way airports screen workers, and the fact that the vast majority of airports do not have uniform standards when it comes to the screening of airport employees. Sen. Charles Schumer (D-NY) has since called for TSA to implement measures that would require airports nationwide to screen all airline and airport employees prior to entering secured areas, and a House subcommittee recently held a hearing to discuss the issue of access control measures at U.S. airports.


Virginia poised to pass digital ID bill
Secure ID News
02/12/15

A Virginia General Assembly bill nearing passage will go a long way toward enabling Virginians to dump most of their passwords in favor of a single digital identity credential. The proposal would establish uniform standards for strengthening and authenticating digital identities. Supporters say developing these first-in-the-nation standards will make Virginia a technology leader and business hub. The two principal authors of the bill discuss the measure, which they hope will be the country’s first enactment of policy supporting the National Strategy for Trusted Identities in Cyberspace.


NIST offering millions for online ID projects
Federal Times
02/18/15

The National Institute of Science and Technology is taking applications for the fourth round of multimillion dollar grants in support of the National Strategy for Trusted Identities in Cyberspace (NSTIC). Pilot programs applying for funding should address how to create, authenticate and secure online identities that can be used across sectors and purposes. These programs should move away from passwords and other traditional forms of authentication to create a new standard for doing business securely online.


Special report: Biometrics in healthcare
BiometricUpdate.com
02/2015

This report examines how biometric technology is applied to the healthcare industry, mainly in the United States. This report notes that “healthcare biometrics” is utilized for access control, identification, workforce management or patient record storage. Biometrics in healthcare often takes two forms: providing access control to resources and patient identification solutions. The growing demand for biometrics solutions is mainly driven by the need to combat fraud, along with the imperative to improve patient privacy along with healthcare safety. Biometrics are also increasing being used for medical monitoring and mobile healthcare.


IAM set to struggle with IoT - Gartner
Channelnomics
02/18/15

The Internet of Things (IoT) requires managing identity and access management (IAM) in order to be successful, according to the latest research by Gartner. However, IAM in its current form will struggle to cope with the scale of the IoT or manage the complexity it brings to the enterprise, Gartner said.


IoT requires changes from Identity and Access Management space: Gartner
Security Week
02/18/15

The identity and access management (IAM) space will need to evolve to meet the needs of the Internet of Things (IoT), according to analyst firm Gartner. In November, Gartner predicted 4.9 billion devices would be Internet-connected in 2015. Securing those devices however remains a challenge that consumers, IT departments and vendors will have to face. This is particularly true when it comes to the subject of authentication. According to a Gartner analyst, current IAM solutions cannot meet the scale or complexity that IoT demands of the enterprise.