Generic

Cybersecurity News

 


The number of industries getting classified cyberthreat tips from DHS has doubled since July
Next Gov
10/21/14

Firms from half of the nation’s 16 key industries, including wastewater and banking, have paid for special technology to join a voluntary Department of Homeland Security program, previously exclusive to defense contractors, that shares classified cyberthreat intelligence. Cleared Internet service providers participating in the Enhanced Cybersecurity Services initiative feed nonpublic government information about threats into the anti-malware systems of critical sector networks. As of July, only three industries – energy, communications and defense – were using the service.


China launches MitM attack on iCloud, Hotmail users
Security Week
10/21/14

The Chinese government has started launching cyberattacks against Apple customers just as the company announced the availability of the latest iPhone in the country, according to a non-profit that monitors online censorship in China. It appears local authorities have initiated man-in-the-middle (MitM) attacks against customers of Apple's iCloud in an effort to obtain account login credentials and gain access to the data stored by users in the cloud service.


Auditors shine light on vulnerabilities in FDA computer network
Fierce Government IT
10/21/14

Vulnerability testing of the Food and Drug Administration's computer network found several deficiencies that could potentially be exploited by attackers, but auditors did not gain unauthorized access to the network via penetration testing.Several days before the HHS Department Inspector General's Office test, the IG noted that a wide-scale cybersecurity breach involving an FDA system was detected, exposing sensitive data in 14,000 user accounts.


More hackers targeting mobile phones to get bank info, survey says
Phys.org
10/21/14

Hackers are increasingly targeting mobile phones to get into bank accounts of victims and steal money, according to a report by Kaspersky Labs with Interpol. It found that 60 percent of the malicious programs targeting Android devices were designed to steal money or banking credentials. The report focused on Android, which accounts for roughly 85 percent of the mobile device market and 98 percent of mobile malware. Like other online operations, hackers are moving into mobile because more users access the Internet from these devices.


U.S. government probes medical devices for possible cyber flaws
Reuters
10/22/14

The U.S. Department of Homeland Security is reportedly investigating about two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment that officials fear could be exploited by hackers.The products under review by the agency's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.


Wearable device adoption following tablets' lead: PwC
Datamation
10/21/14

Wearables are well on their way to following tablets as the next hot product category. A new report from PricewaterhouseCoopers (PwC) indicates that 20 percent of U.S. adults already own a wearable device. It's a figure that matches the adoption rate of tablets in 2012, and like tablets, the number is expected to quickly rise -- but not without some challenges along the way.


Russia ruled out as culprit in Chase cyber security breach, U.S. officials say
Reuters
10/21/14

The Russian government has been ruled out as sponsor of a cyber attack on JPMorgan Chase & Co disclosed in August, U.S. law enforcement officials said Oct. 20.Officials from the FBI and Secret Service announced that authorities believe the attack was the work of cyber criminals. Early news reports in August said investigators feared the attack was conducted on behalf of the Russian government as retribution for economic sanctions imposed by the U.S.


Obama's executive order on payment fraud falls short on boosting security, say experts
CRN
10/20/14

The Obama administration issued an executive order last week that forces federal agencies to purchase new payment terminals that support "enhanced" security features, but experts say the directive stops short of requiring fully activated encryption and other security measures that would reduce the risk of a data breach.


PCI security council welcomes Obama executive order on EMV
ComputerWeekly.com
10/20/14

The Payment Card Industry Security Standards Council (PCI SSC) has welcomed US President Obama’s executive order to speed up the adoption of cards that reach the Europay, MasterCard and Visa (EMV) standard in the US. EMV is a global standard for the inter-operation of integrated circuit cards, known as chip and PIN, in the UK.


White House gives agencies the lead role in combating ID theft
Federal News Radio
10/17/14

New, more secure government credit cards and multi-factor authentication for federal websites dealing with sensitive citizen data are two ways the White House wants the government to lead a nationwide effort to reduce identity theft and fraud.President Obama's recent Executive Order outlined a series of steps with deadlines to transition to more secure online transactions under a new Buy Secure initiative. Federal cybersecurity experts acknowledged the order with a combination of satisfaction and frustration.


NIST's cloud computing roadmap details research requirements and action plans
NIST (news release)
10/22/14

The National Institute of Standards and Technology (NIST) has published the final version of the US Government Cloud Computing Technology Roadmap, Volumes I and II. The roadmap focuses on strategic and tactical objectives to support the federal government’s accelerated adoption of cloud computing, and leverages the strengths and resources of government, industry, academia and standards development organizations to support technology innovation in cloud computing.


Feds urge early cooperation in malware investigations
FCW
10/20/14

Though the recently publicized hack of J.P. Morgan was a fresh reminder that financial services are always in the crosshairs of cyber criminals, the sector's information-sharing center has been praised for building resiliency against threats.Law enforcement officials made the case at an Oct. 20 conference on cybercrime that this resiliency was due, in part, to public-private cooperation and aggressive federal prosecution of cybercriminals.


Mobile devices will transform how government fieldwork gets done
Next Gov (op-ed)
10/20/14

Using mobile devices like iPads and iPhones can make government field workers more efficient in creating reports and reducing paperwork, and they become even more powerful when they provide analytics to uncover hidden relationships and critical information. The ability to automatically analyze multiple pieces of data across multiple systems of record and combine that with real-time information collected by the user, can help provide previously unknown new insights and recommendations.


The future of government technology and the role of the IT department
Washington Technology
10/20/14

New innovations for government are beginning to move at an accelerating pace. The next five to ten years will be a critical renaissance period for federal IT, transforming the way agencies use IT to fulfill their missions.This will happen in spite of the fact that many federal agencies continue to face ongoing budget challenges. The transformation of government IT in the coming years will allow agencies to be more efficient and effective, while still being very responsible with public dollars.


Will new commercial mobile encryption affect BYOD policy?
FCW
10/20/14

While law enforcement is up in arms about new default data encryption on Apple iOS and Google Android devices, experts say the policy could have some benefits for federal mobility as well.


Senators push for ‘Internet of Things’ hearing
The Hill
10/20/14

A bipartisan group of lawmakers on the Senate Commerce Committee wants Chairman Jay Rockefeller (D-WV) to hold a hearing on the millions of new connected refrigerators, cars and other devices, warning that the so-called “Internet of Things” is “sparking a number of important policy questions” about security and privacy.The proliferation of “smart” appliances and machinery has exploded in recent years and could generate $8.9 trillion in revenue by 2020, they noted, with hundreds of billions of connected objects around the globe.


Army evolves its network integration process
Federal News Radio
10/22/14

Three years ago, the Army embarked on a process of Network Integration Evaluations that were designed to test new systems in the hands of soldiers before those technologies made their way into live-fire battlefields. But the Army is making changes to the process to include more of an emphasis on laboratory testing, and it's also tempered its hopes that commercial technologies can fill the gaps in its current capabilities.


Reaching the edge of the Joint Information Environment
Government Executive
10/09/14

The Department of Defense is pursuing an ambitious initiative to develop an integrated, enterprise-wide IT network, the Joint Information Environment (JIE). To better understand how DoD employees perceive the benefits of and challenges to the Joint Information Environment and mobility, Government Business Council and Verizon Wireless undertook an in-depth research study involving a survey over 300 senior DoD employees.


Army Cyber capabilities increasing to include Guard, Reserve
Army News Service
10/17/14

The Army's top cyberspace experts said increasing digital capabilities of the force include 11 cyber protection brigades in the National Guard, and 400 more cyber Soldiers in the Army Reserve.Leaders recently detailed how the Army is working toward network modernization through the new Cyber Center of Excellence and cyber protection brigades.


Target date approaching for WIN-T en route mission planning IOC
C4ISR & Networks
10/21/14

Communications en route to overseas objectives are due for an upgrade, courtesy of the Warfighter Information Network – Tactical program. November is the target date for initial operating capability for en route mission command capabilities. The goal is to enable voice, data, full-motion video, email and other capabilities aboard planes on long flights, said LTC Joel Babbitt, product manager for WIN-T Increment 1.


Awaited technologies about to become reality for warfighters
Signal Online
10/01/14

The U.S. Army is extending advanced communications to disadvantaged users, fielding a series of capabilities to various groups in an effort to give soldiers at the pointy end of the spear the connectivity they need. With the rollout, forward-deployed troops should be able to access classified networks via wireless 4G long-term evolution connections. National Guard units also are acquiring the tools to aid their troops in disaster response scenarios.


Taking aim at stealthy attacks
GCN - Cybereye (blog)
10/17/14

When the vulnerability is unknown and the malicious code is well hidden, IT managers have to look for active footprints to defend against threats. No matter how stealthy the exploit, it has to activate inside the system, and that is where to spot it and stop it. That’s the idea behind the Cyber Kill Chain, which is based on the military concept of establishing a systematic process to target, engage and defeat an adversary. It relies on the assumption that an adversary will have to carry out specific steps to attack in a given environment.


Obama orders two-step IDs to combat credit card hacks
Next Gov
10/17/14

President Barack Obama issued an executive order Oct. 17 to stop rampant credit card breaches by requiring federal agencies to issue government purchase cards embedded with hacker-resistant microchips that require PIN numbers for charges. The government aims to stimulate the market for so-called chip-and-PIN cards, which is part of a larger strategy to abolish one-step identification checks.


FBI facial recognition system gives officers an investigative lead
Government Technology
10/20/14

New FBI facial recognition technology released in September means more than 18,000 law enforcement agencies can search potential criminals by face in addition to fingerprint. The facial recognition tool, called the Interstate Photo System, lets officers automatically compare a suspect's digital facial image against the 20 million and growing images available for searches, giving officers an investigative lead. But it has accuracy limits and has raised concerns among privacy groups.


FBI warns of cyberattacks linked to China
Computer World
10/16/14

The FBI issued a warning to companies and organizations Oct. 15 about cyberattacks by people linked with the Chinese government.The advisory, issued privately, contains "information they can use to help determine whether their systems have been compromised by these actors and provides steps they can take to mitigate any continuing threats."The warning came a day after security companies said they've been working closely together to enable their products to detect several hacking tools used by a China-based group against U.S. and other companies over several years.


How should the government respond to JPMorgan hack?
Next Gov
10/15/14

According to former Attorney General Michael Mukasey, for now the proper response by the U.S. government to last summer's JPMorgan hack "is to try to find out who did it and why."But, said Mukasey, if a nation state turns out to be responsible for the JPMorgan hack, the government should respond.


Key findings from Ponemon Institute’s ‘Cost of Cyber Crime’ studies
IT Governance
10/17/14

Ponemon Institute has released its 2014 Global Report on the Cost of Cyber Crime, based on regional Cost of Cyber Crime studies for 11 countries, including France, Germany and Italy. This post summarizes the key findings of the European studies, and shows what you can do to protect yourself from cyber security risks using the international standard for best-practice information security management, ISO 27001.


Mobile device and date use skyrockets, US gov't survey says
CIO
10/16/14

U.S. mobile phone users are “rapidly embracing” smartphones and tablets, noted a report from the U.S. Department of Commerce’s National Telecommunications and Information Administration. Even though the report is based on 2-year-old information from the U.S. Census Bureau, the latest NTIA survey of U.S. residents’ Internet and computer use shows some important trends and gives U.S policy makers “some valuable insights,” said John Morris, director of Internet policy at the NTIA.


UMD partners with MITRE on cybersecurity research and development center
University of Maryland (news release)
10/13/14

The University System of Maryland (USM), including the University of Maryland, College Park (UMD) and University of Maryland, Baltimore County (UMBC), is partnering with The MITRE Corporation to operate the first federally funded research and development center (FFRDC) solely dedicated to enhancing cybersecurity and protecting national information systems.


Tech Council of Maryland to use $225,000 grant for cyber job training
Washington Business Journal
10/15/14

The Tech Council of Maryland will use $225,000 in federal money to train job seekers for cyber and technology jobs. The funding is part of a $15 million grant to the Cyber Technology Pathways Across Maryland Consortium, announced in September. Fourteen community colleges, led by Montgomery College in Rockville, comprise the consortium. They are working together to improve cyber job training and access to cyber jobs, especially among veterans, women and unemployed workers.


$42m boost for cyber security research
Asia One / The Straits Times
10/17/14

Some $42 million will be set aside by Singapore for seven projects in cyber security research over the next two to five years, as Singapore looks to boost its defense against cyber attacks. The money will come out of a new $130 million government plan to enhance Singapore's fire power against cyber attacks that could threaten government agencies and services such as banking. The seven projects will involve research in topics such as digital forensics, and mobile and cloud data security.


Obama announces plan to tighten card security
Associated Press
10/18/14

Saying more must be done to stop data breaches affecting consumers, President Barack Obama announced on Friday a government plan to tighten security for the debit cards that transmit federal benefits like Social Security to millions of Americans. Cards issued by the federal government will now have an internal chip replacing magnetic strips to reduce the potential for fraud.


Tightening security on federal payment cards
FCW
10/17/14

As part of wide-ranging set of policy initiatives about financial information security, President Obama announced the federal government will be switching to payment cards that are protected by two new layers of security – a microchip that is harder to clone than a magnetic strip and a personal identification number that users key in during transactions, like a bank card. Beginning next year, new payment processing terminals at federal agencies must have the necessary software to support these new security features.


Obama orders chip-and-PIN in government credit cards
CIO
10/17/14

President Obama issued an executive order Oct. 17 to have secure chip-and-PIN technology embedded into government-issued credit and debit cards as part of a broader move aimed at stemming payment data breaches. Under the order, government-issued cards that transmit federal benefits such as Social Security will have microchips embedded instead of the usual magnetic strips, as well as associated PINs like those typically used for consumer debit cards. A replacement program for the cards is set to begin on Jan. 1 of next year, with the goal to have more than 1 million such cards issued by the end of the year.


GSA unveils 'FedRAMP Ready' systems
FCW
10/17/14

The GSA will unveil its newest category for the Federal Risk and Authorization Management Program on Oct. 17, showcasing cloud service providers ready to perform assessments and authorizations with potential agency customers."FedRAMP Ready" systems have had their documentation reviewed by the FedRAMP program management office and -- at a minimum -- have gone through the PMO readiness review process.


Huge bidder pile-on for VA’s $22.3 billion tech deal
Next Gov - What's Brewin'
10/16/14

The number of companies that have expressed interest in bidding on the Department of Veterans Affairs’ Twenty-One Total Technology Next Generation contract -- known as T4NG -- hit 635 vendors Tuesday, according to a VA spreadsheet.VA plans to award up to 20 indefinite-delivery, indefinite-quantity contracts under T4NG, which will run for an initial five years with an option for another five years.


One team, one fight in cybersecurity
Federal Times
10/17/14

The Defense Department understands the value of a physical co-location, having put two of its key cybersecurity components, Cyber Command and the NSA, at Ft. Meade. Having federal civilian agencies down the hall from each other also is both possible and valuable.As such, GSA has asked for $35 million in FY15 to develop requirements for and to fund design of a civilian federal cybersecurity campus. The idea is to collocate key components from multiple federal civilian agencies with cybersecurity responsibilities, along with private sector partners, to improve collaboration in the drive to enhance homeland and national security against growing cyber threats.


U.S. data breach notification law unlikely in 2014
Gov Info Security
10/20/14

Despite President Obama's support and growing interest in Congress in enacting a national data breach notification law, no such bill has reached either the Senate or House floors in the current Congress, nor is such legislation likely to be voted on before the current Congress adjourns.Business groups and consumer advocates with allies in Congress cannot agree on key provisions of data breach notification measures, with businesses wanting less stringent data breach notification rules than do consumer advocates.


DISA looks for models for securing commercial cloud
FCW
10/16/14

The Defense Information Systems Agency wants to test the viability of two technical models for implementing commercial cloud within the Defense Department.DoD wants its cloud use to be secure, while also tapping expertise from commercial vendors. To do that, DISA is looking for ideas on cloud-integration models that will offer "the physical protections that a DOD installation provides, while still allowing the commercial vendors to offer their contemporary cloud ecosystems directly to the military community," the agency said Oct. 1 in announcing an RFI.


Four years after establishment, Army Cyber Command touts progress
National Defense
10/16/14

The relatively new Army Cyber Command is looking to perform more joint operations as it continues to build its capabilities, a pair of its senior leaders said Oct. 15 at the Association of the United States Army annual conference in Washington, D.C.But in order to do that, it will need to collaborate with the government and private industry to develop a capable, sustainable cyber environment, said its commander, Lt. Gen. Edward Cardon.


Here comes the Army Cyber Battle Lab
Next Gov - What's Brewin'
10/17/14

The Army currently operates a Network Battle Lab and plans to change it to the Cyber Battle Lab beginning in October 2015 -- and is looking for some contractor support. The Network Battle Lab was focused only on experimentation to support the network, but will now add experimentation to support all areas of "cyber electromagnetic" activities. These include cyberspace operations, electronic warfare and spectrum management operations.


Army eyes coordinated land-cyber missions
Defense News
10/15/14

US Army officials say they are working toward a capability that will synchronize land power and cyber capabilities for tactical effects on a future battlefield. Army Chief of Staff Gen. Raymond Odierno said in an interview that the service’s new operating concept calls for the synchronization of air, sea, land and cyberspace.


Army electronic warfare ‘is a weapon’ – But cyber is sexier
Breaking Defense
10/16/14

Col. Joe Dupont, the Army’s project manager for electronic warfare programs — and its recently declassified offensive cyber division — faces an uphill battle against tight budgets and Army culture to make the case that EW doesn't just enable weapons systems, "EW is a weapon system."As the world goes wireless, phones and computers depend increasingly on radio links rather than physical cables, which means jamming and hacking, traditional electronic warfare and the brave new world of cyber, are beginning to blur together.


Krieger molds the defense IT enterprise
GCN
10/10/14

One of the greatest successes for Mike Krieger, deputy chief information officer/G-6 for the Army, is the recent integration of enterprise email throughout the Army. From a slew of Microsoft Exchange servers run by different organizations, the Army now has just one email service for its 1.5 million users run out of the DISA’s cloud.Organizations across the Army are now comfortable drawing services from the enterprise compared to 2009-2010 when they still provided their own services to users. Another other major change he’s witnessed is a shift in the belief that network capabilities need to be “very tip-of-the-spear,” to a recognition that there are things that can be better done from the enterprise.


NSA chief: 1,000 new jobs coming to S.A.
My San Antonio
10/16/14

The director of the National Security Agency, Adm. Mike Rogers, said Oct. 16 that San Antonio could expect as many as 1,000 additional personnel working on the Defense Department's ongoing cybersecurity mission over the next three years.


What the cybersecurity executive order means for authentication
Secure ID News
10/17/14

President Obama has signed an executive order on cybersecurity that requires federal agencies to issue and accept EMV payment cards and take extra precautions online when protecting citizens’ personal information. The focus of the announcement was on the move to EMV and the more secure chip and PIN technology. But, event more significantly, a short section of the executive order focused on a move to more secure authentication by government agencies. The wording is vague and lacks concrete examples of how and why such a multi-factor authentication system might be necessary. But here are some scenarios of how this system is likely to roll out.


The biometrics revolution is already here — and you may not be ready for it.
The Washington Post
10/20/14

The future is here, and it's biometric identification: You will soon be able to unlock the most recent iPad model with your fingerprint; banks are reportedly capturing voice imprints to catch telephone fraud; and the FBI's facial recognition database is at "full operational capacity." But while these technologies are already influencing consumers' lives, it's not clear that everyone understands the long-term implications of widespread biometric use, experts say.


Get ready for a new wave of biometrics
Next Gov
10/16/14

It's common knowledge that passwords are flawed, but if anything can benefit from this year's seemingly never-ending security breaches, it's the field of biometrics. Digital biometrics—using people's fingerprints, voices, and faces to unlock devices instead of using memorized passcodes—aren't new. What is new is the timing: The rapid demise of the conventional password in this year alone means digital biometrics can be "cool" again.


Russian cyberspies hit Ukrainian, US targets with Windows zero-day attack
Dark Reading
10/14/14

The Russian cyber espionage and cybercrime worlds once again have collided in a newly discovered cyberspying campaign that uses a zero-day flaw found in all supported versions of Microsoft Windows. Among the targets of so-called Sandworm cyberespionage team are NATO, the Ukrainian government, a U.S. think tank specializing in Russian issues, Polish government and energy entities, a French telecommunications firm, and a Western European government agency.


DHS: Attackers hacked critical manufacturing firm for months
Next Gov
10/10/14

DHS has disclosed that an unnamed manufacturing firm vital to the U.S. economy recently suffered a prolonged hack. The event was complicated by the fact that the company had undergone corporate acquisitions, which introduced more network connections, and consequently a wider attack surface. The firm had more than 100 entry and exit points to the Internet.The case contains a lesson for civilian and military agencies, both of which are in the early stages of new initiatives to consolidate network entryways.


FDIC to banks: Prep for “urgent” threat of cyberattacks
JD Supra - Business Advisor
10/13/14

Financial institutions are facing an “urgent” threat of hacks and cyberattacks causing regulators to take a closer look at banks’ efforts to combat such concerns, the Federal Deposit Insurance Corporation (FDIC) Chairman recently cautioned.At the American Banker Regulatory Symposium, FDIC Chairman Martin Gruenberg told attendees that the rise of cyberattacks targeting banks has triggered a need for regulators to assess the efforts of institutions to fight back or prevent such attacks.


Obama said to warn of crippling cyber attack potential
Fox Business
10/12/14

President Obama reportedly believes cyber terrorism is one of the biggest threats to national security and says the White House is bracing for a possible doomsday scenario if hackers can successfully penetrate government and business computer systems.


Washington wants to become a hub for cybersecurity companies. Can it be done?
The Washington Post
10/12/14

This fast-growing field of civil cybersecurity presents a multibillion-dollar business opportunity for technology companies and a powerful new economic development engine for the jurisdictions where those companies establish their headquarters.Few parts of the country are as flush with potential as the Washington region, but the region must also overcome certain deficiencies if it is to become a cybersecurity hotbed. A growing number of public and private sector initiatives have taken shape to address those shortcomings.


Cleveland Indians' IT team hits a grand slam with new analytics platform
Security Info Watch
10/14/14

The Cleveland Indians baseball team, like every enterprise organization, faces omnipresent cybersecurity threats.The team’s network, not only at the home ballpark, but at the out-of-state training facility and for the scouts on the road, must be fast and secure. Customer data and the Indians’ brand must be protected.The club has chosen virtual appliance software that monitors security, performance and compliance in cloud and virtualized infrastructures – all from a single screen.


Wearables and IoT among top tech trends for 2015
Datamation
10/09/14

IT research firm Gartner has published its list of top 10 technology trends to watch next year as businesses draw up their strategic IT plans.The list includes mobile computing, wearables, Internet of Things (IoT) solutions, 3D printing, context-aware systems, autonomous smart devices, mobile-friendly cloud applications, software-defined applications and infrastructure, Web-scale IT and self-protecting, security-aware applications.


Why colleges should stop splurging on buildings and start investing in software
The Washington Post
10/13/14

For decades, America’s colleges and universities have been on a massive spending spree, building new dorms, student centers, sports complexes, and academic buildings, but key educational performance metrics have not greatly improved.What if the leaders of our colleges and universities had channeled just a fraction of this edifice-complex capital into technology improvements -- especially software -- instead?


Cloud computing is forcing a reconsideration of intellectual property
The New York Times
10/11/14

We’ve used ideas to sculpt the globe since the Industrial Revolution, thanks largely to the way we handle intellectual property. Now, according to people involved in the business of protecting ideas, all of that is set to change. Software, lashing together thousands of computer servers into fast and flexible cloud-computing systems, is the reason. Clouds, wirelessly connected to more software in just about everything, make it possible to shift, remix and borrow from once separate industrial categories.


Is it time for fresh procurement reform or just a rereading of existing law?
Federal News Radio
10/14/14

The 1996 Information Technology Management Reform Act (Clinger-Cohen) wasn't purely a procurement reform.But it did supersede prior law under which IT procurement became the province of the GSA, which had the power to delegate purchase authority to agencies, and it instituted a new way for federal agencies to do IT investments strategically.The Clinger- Cohen era bolstered the idea of IT and all strategic procurements as investments that must relate to missions.So what's needed for the future?


Governmentwide cloud contracting efforts missing key ingredients, IGs find
Federal News Radio
10/13/14

The Council of Inspectors General analyzed 77 commercial cloud contracts across 19 civilian agencies and found most failed to implement federal guidance and best practices.Additionally, 59 cloud systems reviewed did not meet the requirement to become compliant with the Federal Risk Authorization and Management Program (FedRAMP) by June 5, 2014, even though the requirement was announced on December 8, 2011.


Wolfe brings the cloud to the intelligence community
GCN
10/14/14

Doug Wolfe, the chief information officer of the Central Intelligence Agency, has embarked on a mission to guide the development of cloud computing for the whole of the intelligence community, knock down barriers between silos of data and analysis, introduce speedy IT and software development to traditionally slow-moving organizations and help make the intelligence sector a beacon of innovation for the rest of government.


Is FedRAMP toothless? Rogue cloud systems abound at agencies, IGs say
Next Gov
10/15/14

Many agencies blew past a deadline this summer to make sure their cloud computing systems met baseline security standards. And it appears they’ll face little reproof for doing so. Among the potential problems uncovered by the Council of Inspectors General on Integrity and Efficiency are a mostly toothless process for ensuring agencies’ cloud systems meet basic security standards and fuzzy service-level agreements between agencies and commercial cloud providers.


White House working around cyber bill impasse
Federal Times
10/13/14

As time runs out for Congress to pass cyber legislation before next year, White House officials are looking for ways around Capitol Hill’s inability to enact policies to secure government networks and critical infrastructure. The executive branch is accelerating efforts to implement cybersecurity within federal agencies and in the sectors responsible for critical infrastructure, including the financial and energy industries.


Pentagon needs to build cybersecurity into the acquisition process
Next Gov
10/13/14

At the confluence of cybersecurity, acquisition and the sometimes small but always vital electronic components that make up battlefield systems lies a serious vulnerability. The gist of the issue is simple: Our weapons platforms and systems are subject to potential compromise if we fail to secure them. And unless and until we embed cybersecurity into system architecture and design, we are handing our adversaries -- who are many and varied -- an advantage that they have not earned.


Army seeks industry partner for geospatial tech R&D
Gov Con Wire
10/14/14

The U.S. Army Corps of Engineers is looking for potential vendors who can provide research, development, engineering, assessment and validation support to the USACE Geospatial Center in Virginia. It is looking to award up to $200 million over five years for a partner who will help the organization build platforms intended to exploit GEOINT, full motion videos, wide area motion imagery and C4ISR data, and explore methods of disseminating geospatial information from mobile devices to data analytics and management systems being used by other military and civilian agencies.


COTS devices gain a tactical edge
C4ISR & Networks
10/14/14

Commercial off-the-shelf (COTS) technologies, once viewed with skepticism by the Defense Department and military services, are rapidly becoming mainstream tactical communication devices as well as trailblazing new form factors, functionalities and procurement processes.


AUSA: Army to require open-source intel training
C4ISR & Networks
10/15/14

The Army is formalizing its growing emphasis on open-source intelligence, or OSINT, including requiring soldiers to get at least some basic training in how it works, according to Army officials. In the coming weeks the service will launch a distance-learning package that will be required for all soldiers so that they have at least a basic understanding of how OSINT works.


MILCOM: Is enterprise IT mindset taking root at DoD?
C4ISR & Networks
10/14/14

The calls for streamlined technology and processes, shared services and enterprise-wide IT at the Defense Department usually are quickly followed with demands less tangible than servers and data centers. To truly enable real reform in defense IT, it’s the people that need to undergo a shift in thinking as well.


How WiFi makes a command post agile
C4ISR & Networks
10/13/14

The advantages of mobile technologies for soldiers are often readily apparent, but there are some important capabilities on the command-post side too, according to COL Ed Swanson, project manager for the Army's Warfighter Information Network-Tactical (WIN-T) program. In particular, the Army is working with “very nascent” commercial technologies, including 4g LTE and WiFi, Swanson said.


Air Force to step up recruiting, shorten training for cyber airmen
Air Force Times
10/14/14

The Air Force may shorten the training time for cyber airmen to move them into their jobs faster — and airmen with existing cyber certifications would get a head start.


AUSA: Army wrestles with talent amid cyber force build-up
C4ISR & Networks
10/13/14

As the Army assembles a 6,000-person-strong cyber mission force in the next two years, officials are trying to determine the best way to attract, organize and maintain the cyber talent required to secure Defense Department networks. The creation of a new Army branch dedicated to cyber means that leaders are learning how to recruit, train, retain and equip cyber forces. It’s been an ongoing effort over the past two years, one that the Army Cyber Command’s chief says is nearly halfway finished.


Detecting cyber attacks in a mobile and BYOD organization
Help Net Security
10/14/14

Many organizations understand that traditional perimeter security defenses are not effective at identifying attacks on mobile devices. This application note sets out to explore the challenges, understand the needs, evaluate mobile device management as an approach to detecting attacks and offer a flexible and high efficacy solution for detecting any phase of an ongoing attack on mobile devices regardless of device type, operating system or applications installed.


'Internet of Things' a risk-reward proposition for security professionals
Security Info Watch
10/07/14

We live in a highly connected world, with smartphone, tablets and other devices that all contain not only a multitude of data-producing sensors, but also a variety of software applications that may require Internet connectivity.And it is not just smartphones that are connected to the Internet.Momentum has been increasing to connect more and more devices of every type to the Internet, resulting in an Internet of Things (IoT).But despite numerous benefits, connected devices still present a myriad of threats.


Cyber security failing in execution, says ex-US cyber czar
ComputerWeekly.com
10/14/14

Former White House cybersecurity coordinator Howard Schmidt says “The cybersecurity strategies we have are all excellent... but we are still failing in execution."Schmidt believes software developers should do more to ensure users are not faced with security decisions they aren't qualified to make, and he called for greater effort to develop threat scenarios for all software developers, particularly in the critical sectors of energy, telecommunications and financial services.


Report: Rising cybersecurity budgets still not enough
Government Technology
10/01/14

The 2014 Deloitte-NASCIO Cybersecurity study shows what many state chief information security officers already know -- the landscape is fraught with evolving challenges -- and it makes at least two clear conclusions: cybersecurity is the primary concern of many state CIOs and state CISOs, and also that the concerns of CIOs and CISOs are well-founded.While over 47 percent of organizations showed a year over year budget increase, 75 percent cited budget constraints as a challenge.