Generic

Cybersecurity News

 

ISIS cyber capability judged more 'aspirational' than operational
FCW
09/17/14

Interviews with cybersecurity experts and questions posed to public officials reveal an assessment of the cyber warfare capabilities of the Islamic State of Iraq and Syria that, while potentially dangerous, remains more aspirational than operational.


Space, cyberspace are stealth threats to U.S.
Signal Online
09/19/14

Among the many perils faced by the U.S., space and cyberspace pose some of the greatest challenges. And, there is no public wave of awareness or demand for action looming on the horizon, to the detriment of the nation. This harsh assessment was recently delivered by the top two members of the House Permanent Select Committee on Intelligence, Chairman Mike Rogers (R-MI) and Rep. C.A. Dutch Ruppersberger (D-MD), ranking member.The two warnof increasing threats to U.S. economic prominence if those two areas are not addressed.


Michael Daniel: Cybersecurity in need of new approach
Politico
09/18/14

Efforts to improve the security of cyberspace have fallen short due to a general inability to grasp the economic and psychological dimensions of the problem, said White House Cybersecurity Coordinator Michael Daniel. Increased government involvement in cyberspace means that decisions that once were easy to make have become enveloped in political processes, Daniel said, but that isn’t a reversible state of affairs. As for concrete solutions, Daniel said the Obama administration is looking for an alternative way to engage the private sector that isn’t dependent on traditional regulation or contracting.


America should not shrug at its cyber vulnerability
The Washington Post (editorial)
09/19/14

Recent events show once again that the U.S. is under siege in cyberspace. Disruption, theft, espionage and attack have been accelerating, and vulnerabilities threaten everyone who holds a credit card, visits a doctor or uses social media. Yet the national response has been alarmingly and inexplicably passive. Congress has debated comprehensive legislation but failed to reach agreement, and the administration and has taken some modest steps, but it can’t solve the problem alone. The private sector, deeply dependent on the Internet, is seriously exposed but also cannot find a solution. There is a strange complacency about massive data breaches, but the thieves, spies and warriors in cyberspace need to be defeated, and it is long past time to get started figuring out how.


New federal regulations on cyber security lead to revenue loss, business disruption and loss of productivity in financial services sector, Radware survey finds
Globe Newswire (news release)
09/22/14

Radware, a provider of application delivery and application security solutions for virtual and cloud data centers, released a new survey which finds that even though 87 percent of those surveyed in the financial service industry agree that current regulatory changes are very important or critical to keeping their companies and industry secure, these new federal guidelines were having an adverse impact on their businesses.


Israel launches Cyber Defense Authority
Security Week
09/21/14

Israeli Prime Minister Benjamin Netanyahu has launched a National Authority for Cyber Defense to oversee the protection of both military and civilian systems. The announcement comes after Netanyahu accused regional foe Iran of launching repeated cyber attacks on Israel, particularly during its 50-day conflict with Hamas in July and August.


Intel agencies push shared IT services from concept to reality
Federal News Radio
09/19/14

Three years after the intelligence community's leaders agreed that it was time for them to consolidate their IT systems into a shared infrastructure, the project has moved beyond PowerPoint slides and scattered pilot projects. The Intelligence Community Information Technology Environment (ICITE) has services up and running now, with thousands of users consuming them.


ICITE ready to ramp up, ODNI official says
FCW
09/18/14

After more than two years of foundation-setting, the intelligence community is moving its project to establish a common IT platform into a new phase that includes enterprise management and advanced tools for the cloud.


NSA Technology Directorate looks internally, externally
Signal Online
09/17/14

The National Security Agency (NSA) is focusing inward and externally as it adopts a new approach to technology policy. This effort ranges from seeking outside partners in technology development to conducting an internal audit to uncover weak points that might bring down the agency. NSA's director of research says her directorate has three areas of focus, including looking at the agency’s technologies with a critical eye toward vulnerabilities and looking at how NSA partners with technological partners on the outside.


Is NSA planning to beef up cyber response capabilities?
Next Gov
09/18/14

The head of Cyber Command and the NSA, Adm. Mike Rogers, suggests that more spying is important for better cyber defenses and that Cyber Command is pursuing partnerships with businesses that make up the nation’s infrastructure to get them to report data breaches much more quickly. Rogers’s comments suggest that the NSA will not be changing its approach to metadata collection in any meaningful way. In fact, he seemed to imply that the growing threat posed by massive cyber incidents could serve as justification of expanded types of data collection, and that he wants to build up a “full spectrum of capability” to allow the government to respond to cyber attacks and, of course, launch them.


Government, industry must expand cyber intelligence sharing
Signal Online
09/18/14

Defeating cyberthreats will require greater sharing among government and industry in new ways, according to cyber intelligence experts. A recent panel discussion explored new issues in cyber intelligence information sharing, with a DIA official saying that cyber intelligence sharing is important at the intrusion level as well as at the strategic level. Another said that when an intruder penetrates an organization, defenders must examine why the adversary chose their group, especially if the intruder wishes to attack again.


Agencies demand FedRAMP-approved cloud services
Fed Tech
09/17/14

The Federal Risk and Authorization Management Program has redefined how commercial cloud vendors do business with the government, setting clear expectations for both agencies and companies by creating a common language and standards for securing cloud-based products and services. Federal cloud computing has grown into a $3 billion market since the pre-FedRAMP era, when agencies didn’t have a mechanism for certifying if vendors could meet security requirements. Agencies have come a long way since then, and it shows in their solicitations for cloud services, with requests for FedRAMP-approved cloud services now common.


Uncle Sam drops $3M in grants to kill the password
Next Gov
09/18/14

The nation's wireless carriers, the state of North Carolina and several online stores have been awarded $3 million in federal grants to do away with passwords and offer consumers other options to securely access online services, Commerce Department officials have announced. The National Strategy for Trusted Identities in Cyberspace is seeding an industry-led initiative to build a better login. The three pilot projects are intended to lay the foundation for a global ID exchange.


White House: ‘Work as a community’ for cybersecurity
The Hill
09/19/14

The White House wants private companies’ help to secure the country’s cyber networks. In a blog post, White House cybersecurity coordinator Michael Daniel has called for companies to weigh in to the federal government and help coordinate to fight hackers. Daniel said companies can weigh in on the Commerce Department’s framework for protecting critical infrastructure networks like Wall Street and utility grids, which the department is currently accepting comments for until Oct. 10, and more generally companies can put their heads together with the government to figure out how to respond to specific attacks.


This is why we don’t have meaningful cybersecurity legislation yet
Next Gov
09/18/14

Why is it so difficult for governments to establish proper legislation about cybersecurity and privacy? The issue of governing the multidimensional virtual world is rather complex, as it is not easy to define the territory. Territory boundaries in the cyber realm are naturally based on a large network boundaries on which citizens interact daily – making purchases, doing taxes, renewing insurance, communicating with friends and family – all online. These boundaries generally do not line up with state lines or country borders. The starting point here should be to identify the parameters of the situation.


Better Buying Power 3.0: How the Pentagon hopes to save its technological advantage
FCW
09/19/14

The Defense Department's top acquisition official continued his odyssey to improve how the Pentagon spends tens of billions of dollars annually on weapons and IT by releasing a draft of "Better Buying Power 3.0" on Sept. 19.While the first two versions of BBP centered on acquisition best practices and decision-making, respectively, this round is hands-on: it focuses on getting new gear into the hands of soldiers faster and with a closer eye on American adversaries. The new initiative is an effort to halt the erosion of American technological advantage at the hands of China and Russia.


No love for profit in DOD's Better Buying Power 3.0
Washington Technology - WT Business Beat (blog)
09/19/14

The Pentagon's Better Buying Power 3.0 initiative is focused on affordability, incentives for government and industry, better competition, eliminating unproductive processes, more innovation and a more professional acquisition workforce. But one industry expert says the plan doesn't go far enough, and that there isn’t enough focus on “achieving extraordinary outcomes.” Instead there is too much focus on internal process changes and there are still too many barriers to innovation and efficiency.


After hacks, Transcom to require contractors to report data breaches
Defense Systems
09/18/14

After being kept largely in the dark as suspected Chinese hackers spent a year breaking into the networks of some of its contractors, the U.S. Transportation Command will now require its contractors to report any suspected breaches.


US military in the dark on cyberattacks against contractors
Dark Reading
09/18/14

A new Senate Armed Services Committee report shows that a lack of communication has left the US Transportation Command (Transcom) in the dark about threats to cyber security. The reportcontends that hackers tied to the Chinese government successfully penetrated systems belonging to Transcom contractors at least 20 times during a 12-month period beginning June 1, 2012. The report is the culmination of a year-long investigation by the committee, which found that gaps in reporting requirements and a lack of information sharing between government agencies left Transcom largely unaware of the compromises.


Army may face cyber sticker shock
Signal Online
09/10/14

The U.S. Army is building a Cyber Center of Excellence at Fort Gordon, Georgia, and it will not come cheap, warned Maj. Gen. Stephen Fogarty, USA, the center’s new commanding general. Right now, he said, the service's CIO and the intelligence community are helping fund Signal Corps and intelligence aspects of the center, but much of the funding needed will not fall under either function. Among other things, the center requires secure facilities commonly referred to as a SCIF, or sensitive compartmented information facility.He said the Army will have to identify a new funding stream to provide a signal and cyber SCIF for the center of excellence.


Army, Air Force reach first milestone in shared cybersecurity system
Federal News Radio
09/18/14

The Army and Air Force have taken a major step toward building a shared cybersecurity architecture for their military bases. The first installation is up and running at Joint Base San Antonio (formerly known as Fort Sam Houston and Lackland Air Force Base) under the joint security construct. Several more installations are expected to follow suit over the next few months.


Is enterprise IT security ready for iOS 8?
Dark Reading
09/19/14

Apple hopes to up the security and privacy ante with a passel of new security features in iOS 8. However, enterprises may find that they still must work hard to secure data traversing across devices using the new mobile operating system.


DC tests ID management for first responders
GCN
09/17/14

When an emergency occurs on federal property, responders from different agencies and jurisdictions arrive on the scene to help. Without good access control, first responders could be walking into a situation they are not properly trained for, or wherean attacker could use the emergency to cover his entrance into a secure facility. The problem of incident security ultimately will be solved with a nationwide network of standard first responder credentials, according to a DHS official who is working with state and local agencies to build just such a system.


Passwords vs. biometrics
GCN - Cybereye (blog)
09/19/14

Identity management and access control are the front lines of security. The ability to accurately identify users and control what they do within your systems is what separates insiders from outsiders. It has been apparent for some time that the traditional tool for this task – the password – is inadequate for the job, and biometrics is emerging as an alternative.


Identity and access management: Hot or not?
CTO Vision
09/19/14

Identity and access management (IAM) is increasingly being deployed within organizations across multiple sectors as they recognize that a progressive approach to IAM is crucial for their companies. Though not yet mature, the IAM market continues to grow because of a number of influences and developments. Some of the developments include, among others, cloud computing, web solutions, information governance and BYOD. To better understand how the market in moving toward IAM, here is a look at some of the developments and their impacts.


MasterCard biometric verification system achieves 98% success rate in pilot
BiometricUpdate.com
09/19/14

MasterCard says that a biometric verification system, which combines both voice and facial recognition, has achieved a 98% success rate in its pilot trials. The credit card firm recently held a closed pilot trial to gain a deeper understanding of consumer interaction with voice and facial recognition.

SASC: China-backed hackers penetrated TransCom contractor networks 20 times
Defense News
09/17/14

Chinese government-backed hackers accessed networks of private-sector firms with sensitive data about US military logistics nearly two dozen times in one year, says a report by the Senate Armed Services Committee (SASC).The committee determined senior brass at US Transportation Command, the military’s logistical hub, typically were unaware of the network violations. Collectively, the 20 contractor network penetrations “show vulnerabilities in the military’s system to deploy troops and equipment in a crisis.”


Attention, defense contractors: You've been hacked
Next Gov
09/17/14

China committed about 20 cyberattacks across a year-long period on defense contractors working with the government agency responsible for the transportation of military forces and equipment, according to a newly declassified Senate Armed Services Committee report.


Phishing campaign targeting financial and healthcare institutions
SC Magazine
09/15/14

Barracuda researchers have identified a spam campaign involving thousands of phishing emails being sent to financial and healthcare employees in the greater Boston, North Carolina, New York, Texas and Alabama areas.


JPMorgan shares information on recent cyber attacks
Security Week
09/16/14

JPMorgan Chase, one of the largest banks in the U.S., has confirmed that its systems were breached this summer, but investigators say there's no evidence that the attackers had gained access to highly sensitive information. The hackers reportedly penetrated roughly 90 of the company's servers, gaining access to the details of one million customers and information on installed software after obtaining high-level administrative privileges. Initial reports pointed a finger at cybercriminals believed to be from Russia or Eastern Europe. Investigators also believe a foreign government might have played a role in the operation. At least four other financial institutions are said to have been hit in the same attack.


George Mason University travel system targeted for malware attack
SC Magazine
09/12/14

George Mason University detected a malware intrusion into its travel booking system on July 16. No personal information is thought to have been viewed, but the incident could have affected up to 4,400 users of the university's travel request system.


Cloud computing under siege
FCW
09/12/14

By pooling computing resources, cloud computing not only offers significant cost savings over traditional software and hardware products, it facilitates innovation by allowing users, businesses and governments to procure, rapidly and cheaply, a diversity of software, analytics and storage services.But despite these considerable benefits, globally distributed cloud computing has come under threat. Over the past year, in response to mounting concerns over data privacy, data security and the rise of online surveillance, governments around the world have been seeking to pass new data protection rules which are likely to impose economic harm without achieving any of their stated goals.


US Official: Chinese want NSA cyber schools. Really.
Next Gov
09/17/14

Entrepreneurs in China have voiced support for improving the notoriously spotty relations between the U.S. and China in cyberspace, patterning Chinese courses on NSA-approved curricula, said Ernest McDuffie, head of the National Initiative for Cybersecurity Education.McDuffie, the top U.S. computer security education official, said Chinese universities are welcome to adopt the U.S. National Security Agency's cyber education program.


What DHS must do to expand cybersecurity information-sharing
Fed Tech
09/15/14

In the year since DHS expanded its voluntary Enhanced Cybersecurity Services program for sharing classified and unclassified threat indicators with critical infrastructure operators, only 40 critical infrastructure entities were participating in the program as of May 2014. These companies represent only three of the 16 designated sectors -- the defense industrial base, energy sector and communication services -- and only two are commercial services providers. Also, no additional providers have enrolled in the program since DHS took the reins in February 2013, so the DHS inspector general has recommended several ways to boost the program's participation rate and efficiency.


Vendor outreach key to unlocking federal cloud market
CIO
09/16/14

CIOs across the federal government have been working actively to incorporate cloud technologies, but the success and pace of those initiatives hinge on collaboration with the vendor community, federal IT leaders said at a recent cloud computing conference. They urged cloud service providers to offer agencies a glimpse of their roadmaps to help guide procurement strategies, which is often a byzantine process hampered by perpetual government tech talent shortages.


NIST offers help in securing printers, copiers, scanners from cyber intrusions
Fierce Government IT
09/15/14

Individuals and organizations need to be aware of the potential for printers, copiers and scanners being hacked. As such, the National Institute of Standards and Technology recently released draft guidance pointing out the risks and vulnerabilities of so-called replication devices, which increasingly also include 3D printers and scanners. Besides reminding people about potential cybersecurity problems, it offers advice on how such devices and information that's stored or transmitted can be better protected.


Geospatial Agency seeks small business innovation
Signal Online
09/01/14

The National Geospatial-Intelligence Agency is looking toward small business to provide vital technologies as the agency confronts budget constraints. Enticement efforts include targeted outreach, reshaped acquisition patterns and improved networking among potential contractors.


Making the health data move
FCW
09/15/14

In the over-the-rainbow nirvana of health technology, all data generated by patients, health records systems, consumer apps, medical devices and wearables will seamlessly interact, to the benefit of patient outcomes, clinical research and health care costs. But that dream is a long way off.A government agency is taking comments on a vision paper that spells out a 10-year plan for an ecosystem of interoperable health records.


DOD updates DISA's role as the department's cloud broker
Defense Systems
09/16/14

The Pentagon is refining the Defense Information Systems Agency’s role as the Defense Department’s cloud broker, while outlining how DOD agencies can acquire commercial cloud services. But DISA will continue to play a central role in DOD’s move to the cloud, evaluating and approving the security of commercial services and offering the department’s private milCloud.


DoD rescinds DISA cloud-broker memo
C4ISR & Networks
09/16/14

The Defense Information Systems Agency is no longer the Pentagon’s officially designated cloud broker. Defense Department officials have apparently rescinded the 2012 memo, signed by then-DoD CIO Teri Takai, that designated DISA as the priority choice for defense agencies seeking cloud services. The move was part of a broader military cloud strategy.


DOD communications: Bringing it all together
FCW
09/15/14

Unified capabilities (UC) refers to a series of IP-based services, including voice, video and instant messaging, designed to make internal DOD communications smoother and more secure. The Defense Department will open up its quest for unified capabilities to the private cloud if and when the NSA approves the project's security architecture. The Defense Information Systems Agency, the Army and the Air Force will likely put out a joint request for proposal for UC in the first quarter of fiscal 2015, a top Army official said Sept. 15.


With MAMA, U.S. Air Force aiming to raise cyber awareness on networks
Threatpost
09/15/14

The U.S. Air Force is attempting to enhance what it is calling cyber situational awareness in order to contend with “increasingly sophisticated” threats to its networks and systems. In a post on FedBizOpps.gov, the Air Force Research Laboratory’s Information Directorate announced it is soliciting white papers for a new program, dubbed MAMA, “Mission Awareness for Mission Assurance.” MAMA’s goal is to achieve mission assurance for military operations and automatically assess mission execution via the analysis of network traffic flows. MAMA will prioritize mission essential functions, map critical cyber assets and analyze and mitigate vulnerabilities and risks.


Army turns to industry for better cyber capabilities
Defense Systems
09/15/14

The Army Contracting Command-Aberdeen Proving Ground is looking for ideas, seeking white papers to identify potential sources for the procurement of cyber capabilities, according to a Request for Information solicitation. More specifically, the Army is studying industry feedback on cyber approaches that could be used for future strategic and protected cyber needs, according to the solicitation. Those approaches would focus on existing technical capabilities for defense against capabilities that exploit, deny or manipulate.


US Army plans to better manage cyber soldiers
Defense News
09/15/14

The US Army is closer than ever to introducing a cyber branch to better manage troops with highly sought skills in this area, according to a senior Army cyber official. The branch, called Career Management Field 17, will draw on experts from the intelligence and signals community for dedicated cyber forces, said Ronald Pontius, deputy to the commander of US Army Cyber Command.


Cyber airmen race to stay ahead of new threats
C4ISR & Networks
09/17/14

As cyber threats increase and become more sophisticated, airmen in the Cyber career field find themselves operating in a fast-paced environment just trying to stay two steps ahead.For months, the Air Force has been aggressively lining up airmen for the U.S. Cyber Command-operated Cyber Mission Force teams: 1,715 airmen will be part of the Defense Department initiative to recruit 6,000 personnel to be part of 133 joint mission teams.


NGI rolls out, FBI exploring more biometrics
Signal Online
09/16/14

The FBI’s Next Generation Identification (NGI) system went live recently, replacing the Integrated Automated Fingerprint Identification System and improving accuracy. According to experts, the new system offers 99.6 percent correct identification versus 92 percent with the former, and the NGI enables automation of 93 percent of searches. Other upgrades include connections with the National Palm Print System, an iris-modality repository and capabilities for more mobile detections, and even more advancements in biometrics identification are underway.


FBI facial recognition system ready for use
SC Magazine
09/15/14

The FBI has announced that it is prepared to roll out its new facial recognition system. The Next Generation Identification (NGI) system, which has more than 16 million face images, is intended to expand the agency's biometric identification program and ultimately replace its outdated Integrated Automated Fingerprint Identification System. According to the FBI, the agency believes that this is “a significant step forward” in “utilizing biometrics as an investigative enabler.”


Forget fingerprints, officials can track you all kinds of ways
Signal Online
09/16/14

Biometric identification moved past fingerprints long ago, and the range of modalities is helping the keepers of law and order make a big difference in several ways. Areas of growth include voice recognition software, facial recognition technology, finger vein identification, and eye scans (not necessarily of the iris, but of the area around the eye and the whites of the eye). So what’s next? According to one security expert, one of the big trends to watch is secure gesture authentication.


Intelligence community IDs cyber concerns
Signal Online
09/17/14

Sean Kanuck, national intelligence officer for cyber issues, Office of the Director of National Intelligence, says cyber pervades all other national security concerns, including biometrics. Every identity problem is a cyber issue going forward, because biometric and biographic information is collected and stored virtually. These systems have immense usage and hence are large targets for malicious activities, Kanuck explained. The country is at a critical juncture where innovation and the inability to protect systems of national security importance is a real problem. Kanuck urged developers of biometrics systems to consider emerging technical standards, policy, privacy and international issues.


DHS looks to replace IDENT
Signal Online
09/17/14

The Department of Homeland Security (DHS) is looking to replace its Automated Biometric Identification System (IDENT) in the next two to four years, an official with the department says. IDENT is DHS's central system for storing and processing biometric and associated biographic information for various homeland security purposes.


Apple Pay enabling biometric payments at the point-of-sale
Secure ID News
09/09/14

The latest set of iPhones will include near field communication and consumers will be able to pay by using the Touch ID sensor built into the handset. The Apple Watch, a new wearable from the computing giant, will also have NFC and enable payments. The iPhones 6 and 6 Plus will both include NFC and a secure element that will store all the payment card data.

Wearables Hardware a $53B Market by 2019
Datamation
09/12/14

A new forecast from technology analyst firm Juniper Research suggests that Apple's recent move into wearables is a smart and potentially lucrative one. Global retail sales of wearable devices will reach $53.2 billion by 2019, the market research firm predicted. This year the market is expected to reach $4.5 billion in sales.


Firefighters use Special Forces gear to stay connected
Popular Mechanics
09/10/14

In 2013, a fast-moving brushfire trapped Arizona fighters in a canyon, and although other firefighters tried to rescue the team, the smoke made aerial observation impossible, and calls over the radio went unanswered.In response to the disaster, the Defense Advanced Research Projects Agency (DARPA) began developing the Fire Line Advanced Situational Awareness for Handhelds (FLASH), a civilian version of the system used by special operators in areas without communications infrastructure. FLASH uses a Wave Relay radio, developed by Persistent Systems, to form a mobile comms network that can bounce signals between nodes and then over and around obstacles.


Retail breaches could spur channel business, modernized payment systems
CRN
09/11/14

The retail industry, reeling from a litany of recent credit card breaches, could finally get a long-awaited injection of data protection technology, creating opportunities for solution providers that specialize in data security, compliance assessments and modern payment terminal deployments.Target, Home Depot and other large retailers will be among the first to roll out terminals that support chip-and-PIN cards, but the technology alone doesn't provide the data security benefits, say solution providers. One expert says ewly manufactured, encrypted payment terminals would provide the greatest benefit in reducing fraud and help ease the barrage of data breaches.


What’s really driving cyberattacks against retailers
The Washington Post
09/11/14

Security researchers say they've uncovered links to commentary that accuses the United States of fomenting unrest around the world in the code of the malware believed to have been used in a string of data breaches at U.S. retail stores over the past year. But these links don't necessarily mean that ideology was the driving force behind the hacks. Instead, the key motivator was likely financial gain.


Chinese hacking groups team up against government, military Systems
Threat Post
09/11/14

Two Chinese cyber espionage campaigns are working in tandem in hopes of sniffing out trade secrets from surrounding nations. Researchers from FireEye outlined information about the two attack groups Sept. 10 in advance of a more comprehensive report. Both groups are based on the Chinese coast and are likely targeting intelligence from countries surrounding the South China Sea such as Japan and Taiwan, according to FireEye.


Did NATO drop the ball on cyber defense?
Next Gov
09/11/14

Cyber defense capabilities are necessary for NATO to carry out its mission. But at the recent NATO Summit in Wales, the alliance missed the opportunity to address how to deal with a potential cyber attack that could be the result of new defense posture announced at the summit. NATO must expeditiously operationalize the Enhanced Cyber Defense Policy endorsed at the summit, which reinforces that NATO members will work together to build up the alliance’s cyber defenses. Protecting its member nations entails having its communications, troops, and command and control structures protected against cyber threats.


CDM dashboard stirs second contractor controversy
FCW
09/12/14

The inspector general at the General Services Administration is assessing claims raised by security technology vendor Agilance, which says contractors for the Department of Homeland Security's continuous diagnostic and mitigation (CDM) dashboard are engaged in questionable cross-marketing activities.


DHS S&T chief plans for more relevant research, better employee morale
Federal News Radio
09/12/14

The Homeland Security Department's new science and technology chief says he has a plan to turn around an organization that outside auditors say is out of touch with its customers and has numerous duplicative projects, poorly-tracked investments and rock-bottom workforce morale.Dr. Reginald Brothers outlined an agenda Sept. 9 that would reduce the department's overall number of research programs and make the remaining ones more impactful and more strategically focused.


Data governance issues slowing US fed move to cloud
Business Cloud News
09/11/14

Nearly ninety per cent of federal government IT professionals are apprehensive about migrating their agencies’ systems to the cloud, with many migration projects still being held up by cloud-related data governance challenges, recently published research by MeriTalk reveals. Research by the same firm earlier this summer suggests these agencies could be missing out on roughly $19 billion in savings.


'You need to talk in terms of operational impact'
FCW
09/11/14

When Richard Spires was CIO at the Department of Homeland Security, getting funding was a difficult matter.Part of the issue, Spires and other former agency IT leaders at a recent cybersecurity conference said, was that legacy systems consume a large share of budgets, and that there is constant pressure to shift remaining money into new systems and new functionality. Because cybersecurity spending is generally invisible when it succeeds, Spires said, "it's always going to be a struggle, because you're always buying insurance." The key challenge for CIOs and other IT leaders, therefore, is to put the costs, risks and benefits of cyber into a context that non-technical executives can understand.


Modernizing VistA: Enabling scalable interoperability in a legacy system
GCN
09/11/14

The Veterans Health Information Systems and Technology Architecture (VistA) is the VA’s enterprise electronic health record system that tracks clinical treatment and care information.The Department of Veterans Affairs is in the midst of an evolution as it continues efforts to modernize and ensure the long-term viability of VistA to meet the healthcare needs of the nation’s military veterans.While the technical challenges are formidable, leveraging cutting-edge tools and platforms can be part of the solution for achieving fast, secure and scalable interoperability within the mission-critical legacy system.


Administration renews call for cyber legislation
FCW
09/11/14

Top Department of Homeland Security officials have renewed their calls for Congress to pass cybersecurity legislation to strengthen DHS’s ability to mitigate cyberattacks. The House has passed bills designed to boost information sharing, advance cyber technologies, improve the DHS cybersecurity workforce and give DHS some of the codified authority it seeks.The Senate has been slower to act, but DHS Secretary Jeh Johnson said Congress can rally around "areas of strong consensus" by passing legislation: codifying DHS’s cybersecurity responsibilities, making it easier for DHS and the private sector to collaborate on cybersecurity, and improving the department’s ability to hire top cyber talent.


U.S. at risk if cybersecurity bills stall, according to Congressional Republicans
Bloomberg BNA
09/10/14

The nation will be at serious risk if the current Congress fails to reach an agreement on cybersecurity legislation, Republican leaders of the House and Senate Intelligence Committees said Sept. 10, citing mounting attacks against U.S. companies.House Intelligence Committee Chairman Mike Rogers (R-MI) and Senate Intelligence Committee Vice Chairman Saxby Chambliss (R-GA) are pushing legislation to provide liability protection to companies that share cyberthreat data with government and industry partners. They urged final passage during the “lame-duck” period that follows the November elections, conceding that Congress is unlikely to get to the issue before that time.


DISA cloud brokering up in smoke
Signal Online
09/11/14

The Defense Information System Agency (DISA) had been identified as DoD's cloud broker, but that has been rescinded, reports Lt. Gen. Mark Bowman, USA, director, command, control, communications and computers/cyber and chief information officer, Joint Chiefs of Staff. He offered no other details on how or why it was rescinded, but he predicted that lower budgets next year will drive innovation and greater sharing within the Defense Department. Some services, he said, can be run “to standard” in a commercial environment.


DISA kicks off IT contract to support Cyber Command
Next Gov
09/12/14

The Defense Information Systems Agency launched Sept. 11 what it described as the first omnibus contract to provide a wide range of information technology services to the U.S. Cyber Command, including assistance for offensive and defensive cyber operations DISA said the indefinite delivery, indefinite quantity IT contract is open only to small businesses, with some of the tasks currently performed by large contractors, such as a security program that shares information with the Defense Industrial Base. The contract will streamline acquisition of cyber-related services and will provide support across multiple technical and nontechnical 55 disciplines under a centralized structure.


DISA to launch first round of JRSS network upgrades
Signal Online
09/09/14

The U.S. Defense Department is primed to take a first step toward the realization of the colossal concept of connecting its entire network system under the Joint Information Environment (JIE). For more than a year, the Defense Information Systems Agency (DISA), along with the Army, Air Force and defense contractor Lockheed Martin, has worked on the joint regional security stacks (JRSS), a key upgrade to streamline network operations and, officials say, improve security.To begin with, DISA will migrate network users from their as-is infrastructure and security posture to the JRSS, beginning now at Joint Base San Antonio in Texas.


DoD ramps up security as it drifts toward cloud
E-Commerce Times
09/14/14

The Defense Department is committed to pursuing cloud-based services and steadily has been improving its capabilities to utilize the technology . The latest evidence of DoD embracing the cloud is its approval of a protocol that will facilitate the use of the technology at higher security levels. DISA wants to pursue a three-part cloud strategy, said Deltek's Alex Rossino: "One is the use the agency's [IaaS] milCloud offering for DoD customers. The second is use of a commercial cloud infrastructure 'inside the DoD fence line' for cybersecurity purposes, and the third is use of purely commercial cloud solutions for publicly releasable data. This leaves a lot of room for multiple players."


Army Contracting Command running through the doors that cloud opens
Federal News Radio
09/11/14

The Army Contracting Command (ACC) will remove those bulky desktop computers from underneath most of its employees' desks in the coming year or so. The ACC is preparing to go to a zero-client setup for its computer network.Gino Magnifico, the chief information officer of the Army Contracting Command, said the command's move to the cloud in 2010 really set the stage for the decision to give employees a monitor, keyboard and mouse, and remove the rest of the computer from their desks.


Army cyber chief: Let's get closer to industry
Defense News
09/11/14

To keep pace with rapid changes in the cyber domain, the military needs “a much tighter relationship between industry and government,” the head of U.S. Army Cyber Command said Sept. 11.Lt. Gen. Edward Cardon said there were opportunities for industry to develop network infrastructures, operating systems and applications — and that past collaboration on a training environment had worked well. A central clearinghouse for industry to access the service’s cyber requirements is in the works, Cardon said.


DOD Deputy CIO: 'Cybersecurity should vary by mission'
FCW
09/10/14

The different levels of mission risk at the Defense Department have posed a major challenge to building out DoD's cybersecurity posture. Now, according to Deputy CIO Richard Hale, DoD is trying to rework its computing and wide area network infrastructure in order to have a "more sophisticated notion of zoning by mission risk."That involves cleaning up the server computing side of things and distinguishing it from the user computing side. Without achieving that, Hale said, DoD will never be able to go fully mobile. Moving to a Joint Information Environment would also position DoD to take more advantage of mobile and cloud, according to Hale.


Naval Academy works on accrediting cyber major
Navy Times
09/08/14

A Naval Academy dean said Sept. 8 that he hopes cybersecurity, a field of increasing importance to national security and civilian computer networks, can be accredited as a major by the time the academy’s first cybersecurity students graduate in 2016. The academy wants to be among the first to receive such accreditation.


Why email is worth saving
Dark Reading
09/12/14

Contrary to popular opinion in some quarters, email is not dead. Email is the unsung hero of the global economy, the rusty workhorse that will likely be around forever. Facebook, Snapchat, Whatsapp, and other nominal email replacements are completely inadequate for personal B2C communication and sensitive P2P messaging, not to mention robust B2B communication. Email is worth saving and protecting and there is an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery --Domain-based Message Authentication, Reporting & Conformance (DMARC) -- which is an emerging email delivery standard that has shown much progress and potential.


Identity Management in the age of wearable technology
Tech Radar
09/13/14

Given Apple's track record, it is likely that the Apple Watch is going to accelerate the adoption of wearable technology.Although many focus on the potentially negative impact of wearable technology, including security risks and network overload, it should also be seen as a great opportunity. The list of connected devices will keep growing, as will the list of commercial opportunities for companies willing to invest in consumer-facing identity software. As more and more organizations today go through digital transformation, identity software is becoming the critical technology that securely bridges cloud, mobile and Internet of Things (IoT) offerings – and this now includes wearable devices.


Intel wants biometrics to replace passwords
BiometricUpdate.com
09/11/14

An Intel executive says that the company is currently working on a facial recognition system as security measure for its users that will replace the existing password system.The official said the system will enable users to log into their devices and websites using their face as an identity authentication tool.