spending to reach US$10 billion by 2020
The healthcare sector is ill-prepared for the new cyber age. Hospitals,
clinics, trusts, and insurers are under attack from malicious online agents.
The value of personal health information, made more easily available with the
convergence to electronic health records, is ten times that of financial data
such as credit card numbers. Medical
identity theft and fraud are on the rise, and healthcare providers are
struggling to cope, but the industry spends very little on cybersecurity,
comparatively to other regulated critical industries. ABI Research calculates
cybersecurity spending for healthcare protection will only reach $10 billion (US)
globally by 2020, just under 10% of total spend on critical infrastructure
threats expanding, new US intelligence assessment says
The U.S. has elevated its appraisal of the cyber threat from Russia, the
U.S. intelligence chief said Feb. 26 as he delivered the annual assessment by
intelligence agencies of the top dangers facing the country. “While I can’t go
into detail here, the Russian cyber threat is more severe than we had
previously assessed,” James Clapper, the director of national intelligence,
told the Senate Armed Services Committee, as he presented the annual worldwide
threats assessment. As they have in recent years, U.S. intelligence agencies
once again listed cyber attacks as the top danger to U.S. national security,
ahead of terrorism.
spymaster warns over low-level cyber attacks
A steady stream of low-level cyber attacks poses the most likely danger to
the United States rather than a potential digital "Armageddon," US
intelligence director James Clapper said Feb. 26. U.S. officials for years have warned of a
possible "cyber Pearl Harbor" that could shut down financial
networks, poison water supplies or switch off power grids. But
Clapper told lawmakers that American spy agencies were more focused on
lower-profile but persistent assaults that could have a damaging effect over
Thousands more vulnerabilities reported in 2014 than previous years
Last year saw thousands of more bugs being reported to the National
Vulnerability Database (NVD) than in years prior, according to a blog post from
GFI Software, which takes a look at more than 7,000 vulnerabilities added to
the NVD in 2014. Of the 7,038 vulnerabilities, 83 percent are in third-party
applications and 24 percent were considered high severity bugs. The overall number represents a spike when
compared to the 4,794 bugs added in 2013.
regulator eyes tougher rules to fight hacking
Benjamin Lawsky, who leads New York state's Department of Financial Services,
says the department is considering mandating that banks and other financial
institutions establish a "multifactor authentication" system whereby
users log in with a randomly generated password sent to a smartphone in
addition to a conventional password, and whether such new password requirements
would fall on bank employees or consumers who do online banking. Other possible
proposals include rating banks and insurers on their cybersecurity as part of
regular oversight of the banks used to determine if banks can pay dividends or
make acquisitions, and forcing financial institutions to require certifications
of cybersecurity controls from third parties working in a bank, such as a law
firm or a company brought in to do maintenance.
Anthem breach affects
millions of non-Anthem customers
Help Net Security
Anthem, the second-largest health insurer in the United States, which has
reported a massive data breach earlier this month, has finally come out with a
more definite number of affected individuals: 78.8 million. But if you think
that if you weren't an Anthem customer your data is safe, you might want to
check again, as between 8.8 million to 18.8 million of the persons whose data
was stolen were actually not Anthem customers. The breach also impacted Blue
Cross and Blue Shield plans not owned by Anthem.
breach costs: $162 million
Info Risk Today
Target's breach-related expenses not covered by insurance have totaled $162
million so far, its latest financial report shows. And experts says the breach
could continue to have a financial impact for years to come. Gross expenses
stemming from Target's data breach in December 2013 have totaled $252 million.
But insurance has covered $90 million of that cost. The breach exposed 40
million payment cards and personal information on 70 million customers.
startups raise $7.3 billion over 1028 deals
A litany of high profile security breaches of corporations and governments
have made cybersecurity startups an increasingly hot area for investment. This article
uses CB Insights data to analyze cybersecurity financing trends and some of the
most active investors in the space.
official warns of shutdown risks
Gov Info Security
A top Department of Homeland Security official says the nation's IT
security would be at risk if Congress fails to fund the department by Feb. 27.
DHS Undersecretary Suzanne Spaulding told the House Homeland Security Committee
Feb. 25 " Anything that hampers and slows us down creates risk for us and
for the nation." Spaulding said 43 percent of the directorate workforce
would be furloughed, including 91 percent of employees with cybersecurity
responsibilities, if Congress fails to act on continued funding. That means
delays will occur in fully implementing systems at some federal agencies to
detect and prevent intrusions - Einstein 2 and Einstein 3A - as well as
continuously monitor systems to identify vulnerabilities.
UC gains momentum
Roughly 73 percent of Americans own a smartphone, according to the research
firm comScore. Many are federal employees, which is one reason why government
agencies are increasingly extending their unified communications platforms to
smartphones and other mobile devices.
federal cloud usage hinges on up-and-coming data encryption technology
Federal News Radio
Cybersecurity remains one of the biggest hurdles to the widespread use of
cloud computing across the government. But a new type of data encryption may be
the answer to those who still question whether their data can be safe in the
cloud. While the federal cloud security
standards under FedRAMP gained acceptance, the standards don't necessarily
protect the data in and of itself. FedRAMP is more focused on protecting the
network, and for some federal technology and security managers the need to
protect their data is a real sticking point that must be overcome before there
is a huge expansion of cloud services.
cloud became integral to agency strategy
From a financial perspective, the Obama administration’s proposed fiscal
2015 budget estimates that about 8.5 percent of the $86 billion federal IT
budget – or $7.3 billion – will be spent on provisioned services like cloud
computing. But the dollar figure probably doesn’t do justice to how cloud
computing has affected the strategic thinking behind agency walls. Whether it’s
the IT folks keeping backend systems operational, the visionary chief
information officers or the teams charged with carrying out tech programs,
cloud is a dominant topic of conversation.
White House establishes a new agency to collect cyber security intelligence
The Next Web
The FBI, CIA and NSA all deal with cyber security, but as organizations
they often operate independently; the FBI doesn’t necessarily know what the NSA
is up to and vice-versa. To address this problem, the White House has announced
creation of a new agency, the Cyber Thread Intelligence Integration Center
(CTIIC), to provide “a cross-agency view of foreign cyber threats, their
severity, and potential attribution.” The CTIIC won’t deal with attacks
directly, but it will support the operations of other agencies like the
National Cybersecurity and Communications Integration Center and US Cyber
Command by providing a “whole-of-government” view on attacks and policy.
plan to fix federal IT
The administration is making a significant push to reform federal IT, as
seen in the president's 2016 budget request and the appointment of two industry
veterans as the nation's top technologists to lead the government's IT
modernization effort.Their focus will
be on three key areas -- better efficiency and performance on IT projects;
bolstering the workforce through better hiring and training; and cybersecurity
-- which are reflected in a number of IT initiatives in the president's 2016
a boost in VA budget request
The Department of Veterans Affairs, which failed its most recent security
audit, is seeking a 16 percent increase in its information security budget for
fiscal 2016, as it looks to tighten up controls on sensitive data. The VA wants
a boost in overall information security spending, from $156 million in 2015 to
$180.3 million. Within that $180.3 million total, cybersecurity accounts for
$53 million, which is also a 16 percent increase over fiscal 2015.
offers rare glimpse at program to visualize cyberdefenses (+video)
The Christian Science Monitor –
DARPA, the Pentagon's advanced research arm, has revealed its latest
version of Plan X, an in-progress system designed for the military to visualize
defending against cyberattacks. The $125 million Plan X project aims to
immediately notify warfighters when adversaries penetrate their networks, and
give them the tools to quickly select the best applications to defend against
incursions from a shared database inspired by Apple's App Store.
Harnessing the power of IT interoperability
While DoD's transition to a Joint Information Environment (JIE) will
consolidate and standardize networks and infrastructure, each agency and branch
will still have its own systems, networks, applications and information
technology methodologies, and they generally will have their own set of NetOps
tools to help them achieve their missions. The solution is interoperability of
information technology (IT) management tools. To successfully secure and
streamline the DOD information networks, there must be far greater
interoperability of NetOps and other IT management tools within the
collaboration in government still a work in progress
Amid the onslaught of cyberthreats faced by federal agencies, the potential
for an even larger and more sustained catastrophic version of a digital attack
has become an increasingly real possibility. If such a scenario were to took
take place, the Defense Department would certainly play a lead role in the
response. But it likely couldn’t do it alone, according to Lt. Gen. Edward
Cardon, commanding general of the Army Cyber Command.
solution eliminated from DoD health record procurement
The Department of Defense has trimmed the list of bidders on its $11
billion procurement for an electronic health records system, and the
open-source entrant, a PwC-led bid using a commercial version of the VISTA
health record created by the Department of Veterans Affairs, isn't going
How DOD is building a bigger network that's also a smaller target
Faced with growing and more sophisticated cyber threats to U.S. military
networks, Defense Department officials openly acknowledge that in its current
state DOD’s legacy information architecture is not in a strongly defensible
position. The military’s Joint Regional Security Stacks (JRSS) initiative is a
critical effort to consolidate its security posture across its infrastructure,
giving adversaries less surface area to attack. JRSS is envisioned as bringing
together cyber defense in an integrated architecture for the department to
align with the Joint Information Environment (JIE), a secure, interoperable
cloud computing environment that accommodates all of the military services, DOD
components and allied forces.
outlines guidance for security of copiers, scanners
The National Institute of Standards and Technology has announced that its
internal report 8023: Risk Management for Replication Devices is now available.
The guidance covers protecting the information processed, stored or transmitted
on replication devices (RDs), which are devices that copy, print or scan
documents, images or objects. Because today’s RDs have the characteristics of
computing devices (storage, operating systems, CPUs and networking) they are
vulnerable to a number of exploits, NIST said.
vulnerabilities affecting SAP business critical apps
Help Net Security
Onapsis has released five security advisories detailing vulnerabilities in
SAP BusinessObjects and SAP HANA enterprise software. Included in the security
advisories are three high risk vulnerabilities, one of which allows
unauthenticated users to overwrite business data, and two medium risk
vulnerabilities. Depending on an
organization’s use of these platforms, high risk vulnerabilities could be used
by cyber attackers to gain access to mission-critical information including
customer data, product pricing, financial statements, employee information,
supply chains, business intelligence, budgeting, planning and forecasting.
experts fear lack of cyber intelligence
C4ISR & Networks
A majority of IT experts do not feel confident in the ability of their
organizations to predict and combat cyber vulnerabilities, according to a
survey. The survey of 678 private and government IT experts, by data security
research group Ponemon Institute, found a sharp lack of faith that leaders are
ready to combat cyber threats.
NSA chief: China, Russia capable of carrying out ‘Cyber Pearl Harbor’ attack
Nations such as China and Russia have enough offensive cyber capabilities to one day carry out a “cyber Pearl Harbor” attack, said the head of the National Security Agency and U.S. Cyber Command. A cyber Pearl Harbor could include an attack on critical infrastructure or the financial sector, Rogers said during a recent cybersecurity forum.
Document reveals growth of cyberwarfare between the U.S. and Iran
The New York Times
A newly disclosed National Security Agency document from 2013 illustrates the striking acceleration of the use of cyberweapons by the U.S. and Iran against each other. It described how Iranian officials discovered new evidence the year before that the United States was preparing computer surveillance or cyberattacks on their networks and detailed how the U.S. and Britain had worked together to contain the damage from “Iran’s discovery of computer network exploitation tools” — the building blocks of cyberweapons.For the first time, the NSA acknowledged that its attacks on Iran’s nuclear infrastructure during the George W. Bush administration kicked off the cycle of retaliation and escalation that has come to mark the computer competition between the U.S. and Iran.
SEC on the prowl for cyber security cases: official
Investigators at the U.S. Securities and Exchange Commission are on the lookout for violations such as poor risk controls or lax disclosures relating to hacking and other cyber breaches, a top SEC official said Feb. 20. In 2011, the SEC drafted some informal staff-level guidance for public companies on whether to disclose cyber attacks and their impact on a company's financial condition. There is no formal rule, however, outlining when and how cyber incidents must be disclosed, and states have differing laws on when and how customers must be informed about breaches.
Governors' briefing on cybersecurity: People are everything
'States Leading on Cybersecurity' was the name of session at National Governors Association (NGA) Annual Winter Meeting Feb. 22. Homeland Security Secretary Jeh Johnson addressed looming DHS shutdown impacts as well as federal / state opportunities to work together to share cyberthreats and other critical information across the public and private sectors. Developing deeper cybersecurity partnerships, the need for better training and the focus on keeping cyber talent (and related people issues) were the top themes covered.
Cybersecurity stocks just got another huge buy signal
InfoSec Hot Spot
The White House's commitment to cyber defense means billions of dollars will start to pour into cybersecurity companies - which is huge news for investors. The reason for the government's cybersecurity push is the staggering amount of money spent preventing and responding to cyber threats every year..."The money spent on cyber defense represents one of the highest profit potentials of anything I've encountered," Money Morning's Small-Cap Investing Specialist Sid Riggs said. "And the growth numbers spotlight not just one company but an entire sector that will have the wind at its back for the rest of our investing lifetimes."
NSA director: We need frameworks for cyber, circumventing crypto
NSA director and commander of U.S. Cyber Command, Mike Rogers, says Congress needs to create a legal framework outside the NSA and FBI’s control that would establish norms of behavior for law enforcement and intelligence-gathering organizations in the U.S. and abroad. When asked about the national security community’s role in responding to cyberattacks, Rogers said that the key for the NSA is to ensure that his agency’s capabilities are deployed in a lawful, ethical and principled manner, as established by the Congress and the president.
CIA looks to expand its cyber espionage capabilities
The Washington Post
CIA Director John Brennan is reportedly planning a major expansion of the agency’s cyber-espionage capabilities in almost every category of operations as part of a broad restructuring of the CIA. The proposed shift reflects a determination that the CIA’s approach to conventional espionage is increasingly outmoded amid the exploding use of smartphones, social media and other technologies. Brennan’s team has even considered creating a new cyber-directorate to put the agency’s technology experts on equal footing with the operations and analysis branches.
GSA, NOAA roar into March with major IT, services RFPs
Federal News Radio
The General Services Administration and the National Oceanic and Atmospheric Administration are teeing up several new opportunities for vendors, and by March, contractors can expect a series of draft and final requests for proposals for some of the largest IT and services contracts in the government. GSA is about to release the draft RFP for Alliant 2, an RFI for VETS 2 and an open season for the 8(a) STARS II program. NOAA is preparing to release a draft RFP this summer for its large Pro-TECH contract for professional and technical services.
How vulnerable are UAVs to cyber attacks?
C4ISR & Networks
The Federal Aviation Administration recently released proposed rules for the use of commercial drones weighing less than 55 pounds. The proposed rules are open for public comment. The FAA is reacting quickly as the commercial drone market begins to take off. Business Insider recently published their market estimates for the defense and commercial drone market. They believe that 12 percent of the $98 billion estimated global spending (military/civilian) on aerial drones over the next decade will be for commercial purposes.
OMB getting more active in cybersecurity
The Office of Management and Budget is working on several policy directives around cybersecurity, including guidance on the 2014 update to the Federal Information Security Management Act (FISMA). But the agency is also looking to take a more active role in securing the nation's networks. The newly established E-Government Cyber Unit — part of the Office of E-Government and Information Technology — was created to lead OMB's cybersecurity initiatives. President Obama's 2016 budget proposal includes an additional $15 million (total $35 million) for OMB's Information Technology Oversight and Reform (ITOR) to support the new cyber unit.
DOJ R&D agency awards grants for speedier digital forensics
The U.S. Department of Justice's R&D agency, the National Institute of Justice, is funding new incident response technology to assist law enforcement. The agency has awarded grants for the development of new tools that speed up the process of examining hard drives in the wake of a cyberattack or other types of criminal cases.
GOP chairman: Cyberattacks are biggest threat to privacy
Congress must pass a cybersecurity bill this year to avoid “lasting harm” to the United States, said Senate Homeland Security Committee Chairman Ron Johnson (R-WI). Johnson, in the GOP's weekly address Feb. 21, argued that the danger from cyberattacks are the real threat to Americans' privacy and pushed for robust legislation. The Intelligence Committee is slated to introduce a bill that is expected to mirror last year’s controversial Cybersecurity Information Sharing Act (CISA), with some stronger privacy protections.The bill is meant to encourage companies to share information by guarding them from the threat of lawsuits.
Hurd: 'Three-Legged Stool' key to federal IT reform
Federal News Radio
An "over classification" problem plagues federal data that could help the private sector fend off terrorist attacks, or help with cross-agency collaboration, says Rep. Will Hurd (R-TX), the new chairman of the House Oversight and Government Reform Subcommittee on IT. He sees four areas he hopes the subcommittee can make a legislative impact: 1) cybersecurity information sharing; 2) privacy, and specifically, how to balance civil liberties with protecting the nation's digital infrastructure; 3) figuring out a productive, yet safe way to handle emerging technologies for the federal government; and 4) IT procurement reform.
NSA chief declines comment on spyware reports, says programs lawful
The head of the National Security Agency refused to comment on reports that the U.S. government implants spyware on computer hard drives for surveillance purposes, saying "we fully comply with the law." U.S. Navy Admiral Michael Rogers was responding to a report by Kaspersky Lab that the NSA had embedded spyware in computers on a vast scale and that along with its British counterpart, had hacked into the world's biggest manufacturer of cellphone SIM cards.
DOD wants physical separation for classified data in the cloud … For now
The Defense Department’s evolving cloud strategy and recently updated security requirements govern how commercial cloud service providers can -- and in some cases, have already begun to -- host some the Pentagon’s most sensitive data.But the Pentagon isn’t ready yet for classified information to be stored off-premise in the cloud, instead wanting “physical separation” between systems with classified workloads and that of other systems.
Cyber threat challenges military structure
The diffuse nature of computer networks challenges the U.S. military's traditional, top-down way of operating, said Lt. Gen. Edward Cardon, head of Army Cyber Command. That discrepancy, he added, means the military must be flexible in its organizational approach to cyberspace.
Government urges Lenovo computer owners to remove Superfish software
The U.S. Department of Homeland Security on Feb. 20 advised owners of Lenovo computers to remove a software program known as "Superfish," which it said the world's No. 1 PC maker started installing on some machines as early as 2010. An alert released through DHS' National Cyber Awareness System warned that the software made users vulnerable to a type of cyberattack known as SSL spoofing, in which remote attackers can read encrypted web traffic, redirect traffic from official websites to spoofs, and perform other attacks.
Biometrics, a part of the future of electronic voting
Voter impersonation has been an ever-present threat to election integrity for centuries. Fortunately, recent developments in biometric technology are yielding positive results when it comes to authenticating voters efficiently. Experts have recommended the adoption of a two-factor authentication strategy to strengthen this important verification process. Voters should be authenticated using a mix of biographic and biometric information. A transparent electoral roll, which can be cleaned by using biometric information, is a first step towards a legitimate election and a giant leap towards building trust.
How we can prevent another Anthem breach
Anthem Healthcare recently had to notify clients that the personal records of as many as 80 million individuals were compromised by a data breach.The reality is, sadly, that this was most likely anything but a sophisticated attack, as was likely based on using legitimate credentials to read, and export, the data. Either it was an “insider attack” in which an employee used their own account to harvest data or an outsider phished the credentials from an employee. In either case, firewalls and other security measures to keep intruders out would have had no effect as the “intruders” were already inside the walls.
The two acronyms that are key to Obama’s new plan to fight hackers
There are two new cybersecurity acronyms that are essential for explaining how the government will expand information sharing with the private sector. The two words are STIX and TAXII, a programming language and data delivery method that are meant to bring these parties together in the virtual word. They offer a potential two-way street to the information sharing and collaboration that government officials, retailers and Wall Street want more of to fight cybercrimes.
Obama ranks North Korea cyber capabilities as not so good
Iran is "good," China and Russia are "very good," but North Korea's cyberattack capabilities are actually not that great, according to an impromptu ranking by President Obama. In an interview with online site "re/code" published Feb. 17, Obama used North Korea's relative lack of electronic prowess to underscore how dangerous even less skilled cyber attackers can be.
UVA professor receives grant to look for causes of cybersecurity attacks
WVIR-TV - Channel 29 (Charlottesville, VA)
Ahmed Abbasi, a professor of information technology at the University of Virginia's McIntire School of Commerce, aims to find out how and why hackers and phishers conduct attacks, investigating the issue on several levels – technological and psycho-social – with a $1.5 million National Science Foundation grant. Abbasi is working with a team of cybersecurity experts from other universities to look for the root causes of cybersecurity attacks, as well as how such attacks might be predicted and prevented. Seeking to gain insight into not only the technological elements of the attacks, but also their political, social and psychological drivers, Abbasi said a key objective of the grant is to combine the expertise of computational, data and social scientists.
Nine takeaways from the White House cyber-security summit
On Feb. 13 in an appearance at Stanford University, President Obama signed an executive order asking the IT sector to join with the federal government and the military to renew their efforts to strengthen data security by sharing security information. Here are key takeaways from the White House Cyber-security and Consumer Protection Summit.
Opinion: White House summit missed a larger opportunity on cybersecurity
The White House Summit on Cybersecurity and Consumer Protection at Stanford University was a very good event with meaningful outcomes. But it could have been much more.Most Americans didn’t even notice that the event occurred, and based on the opinions of select security experts and media coverage, this Cybersecurity Summit at Stanford did not hit home for most Americans. President Obama missed a unique opportunity to rise above our current breach headlines and cybersecurity problems to make a special mark on cyberspace history for the 21st century.
Is government ready for agile?
In the past year, government innovators have released a number of policies and guides, including the U.S. Digital Services Playbook and 18F's open-source policy. Now an organization that promotes agile development, Agile Government Leadership, has released an Agile Government Handbook.The guide lists resources such as books, white papers, directives and articles, and includes a checklist, key questions and a "manifesto" of rules to live by when using agile techniques. So now federal agencies have a handbook. But do they have the processes and people in place to adopt agile methodology?
Justice, DHS quarantine smartphones returning from abroad
Officials at the departments of Justice and Homeland Security typically expect employees’ smartphones will be bugged when they travel overseas. So, they are experimenting with various ways to neutralize foreign spy gear. To contain possible damage, Homeland Security limits what employees can see on their mobile device overseas, and "when it comes back, it's usually quarantined," an official said. Both DHS and Justice want to reach a level of security where not only can they decontaminate phones but also dissect the contaminants placed inside.
Why government cybersecurity measures should take cues from industry-driven rules
Recent Obama Administration initiatives calling for new federal information security measures are, on the whole, thoughtful and encouraging steps – and the attention to cybersecurity is overdue. But will they be enough? Past government actions on data security have often been vague and insufficient. In order to deliver more effective federal security rules, lawmakers may do well to look at industry-driven rules for a guide.
Checking in on the NIST Cybersecurity Framework
CA Highlight - Technologies Blog
In the year since release of the NIST Framework for Improving Critical Infrastructure Cybersecurity, we have seen different critical infrastructure industry sectors, including the telecommunications sector, the energy sector and others, work to align their own security guidance with the Framework. In addition, some state governments, including Virginia and Pennsylvania, have announced their intention to use the NIST Framework to guide their information security programs, while certain federal agencies have increasingly cited the terminology and security best practices of the Framework.
FITARA implementation listening tour
Federal News Radio
OMB is getting kudos for its initial steps to implement the Federal Information Technology Reform Act (FITARA) enacted in December.Not only have OMB officials begun discussions with federal CIOs but reportedly are on a listening tour of sorts with former federal IT and other CXO community officials. One participant said OMB is intent on making sure FITARA avoids the mistakes made with the 1996 Clinger-Cohen Act implementation. Along with talking to former federal IT executives, OMB on Feb. 2 issued a "management alert" to agencies about FITARA, telling them to be prepared for governmentwide guidance.
Legislation and the future of federal cybersecurity
Cybersecurity continues to be at the forefront of national focus, thanks to Congress’ passing and the president’s signing of three cybersecurity-related bills last December to reform FISMA, codify the activities of DHS' National Cybersecurity and Integrations Center, and enhance the government's pool of talented cybersecurity professionals. Those statutes are now being implemented to continue the progress agencies have made in protecting government networks and working with state and local agencies, critical infrastructure operators, and other private-sector partners to achieve similar progress.
Congress to consider info-sharing bills
Gov Info Security
President Obama is calling on Congress to enact cyberthreat information sharing legislation, and the House Homeland Security Committee will hold a hearing Feb. 25 to review the administration's proposal.The Senate Permanent Select Committee on Intelligence and the Senate Homeland Security and Governmental Affairs Committee are also expected to consider cyberthreat information sharing legislation.
The Army’s future in cyberspace
There is a good deal of energy and a fair amount of chaos in the Army’s approach to developing the resources needed for seizing the high ground in cyber warfare. That’s a good thing. What the military needs to succeed in this effort is even more energy and more chaos. That’s because it is currently operating within a very large void.
Rep. Will Hurd on cyber-security & civil liberties
In an era when most political leaders struggle to understand information technology, Rep. Will Hurd (R-TX), a freshman who chairs a newly formed House Information Technology Subcommittee, hopes to drive change in government and business. Hurd formerly served as a senior advisor at a cybersecurity firm and, before that, he worked as an undercover officer at the CIA.In this interview, Hurd discusses the current state of cybersecurity and how business and government can protect themselves.
Recent security incidents place renewed emphasis on airport employee screening
Security Info Watch
The discovery late last year of a gun smuggling ring from Atlanta to New York that was allegedly carried out by an airline baggage handler at Atlanta’s Hartsfield-Jackson International Airport has placed increased scrutiny on the way airports screen workers, and the fact that the vast majority of airports do not have uniform standards when it comes to the screening of airport employees. Sen. Charles Schumer (D-NY) has since called for TSA to implement measures that would require airports nationwide to screen all airline and airport employees prior to entering secured areas, and a House subcommittee recently held a hearing to discuss the issue of access control measures at U.S. airports.
Virginia poised to pass digital ID bill
Secure ID News
A Virginia General Assembly bill nearing passage will go a long way toward enabling Virginians to dump most of their passwords in favor of a single digital identity credential. The proposal would establish uniform standards for strengthening and authenticating digital identities. Supporters say developing these first-in-the-nation standards will make Virginia a technology leader and business hub. The two principal authors of the bill discuss the measure, which they hope will be the country’s first enactment of policy supporting the National Strategy for Trusted Identities in Cyberspace.
NIST offering millions for online ID projects
The National Institute of Science and Technology is taking applications for the fourth round of multimillion dollar grants in support of the National Strategy for Trusted Identities in Cyberspace (NSTIC). Pilot programs applying for funding should address how to create, authenticate and secure online identities that can be used across sectors and purposes. These programs should move away from passwords and other traditional forms of authentication to create a new standard for doing business securely online.
Special report: Biometrics in healthcare
This report examines how biometric technology is applied to the healthcare industry, mainly in the United States. This report notes that “healthcare biometrics” is utilized for access control, identification, workforce management or patient record storage. Biometrics in healthcare often takes two forms: providing access control to resources and patient identification solutions. The growing demand for biometrics solutions is mainly driven by the need to combat fraud, along with the imperative to improve patient privacy along with healthcare safety. Biometrics are also increasing being used for medical monitoring and mobile healthcare.
IAM set to struggle with IoT - Gartner
The Internet of Things (IoT) requires managing identity and access management (IAM) in order to be successful, according to the latest research by Gartner. However, IAM in its current form will struggle to cope with the scale of the IoT or manage the complexity it brings to the enterprise, Gartner said.
IoT requires changes from Identity and Access Management space: Gartner
The identity and access management (IAM) space will need to evolve to meet the needs of the Internet of Things (IoT), according to analyst firm Gartner. In November, Gartner predicted 4.9 billion devices would be Internet-connected in 2015. Securing those devices however remains a challenge that consumers, IT departments and vendors will have to face. This is particularly true when it comes to the subject of authentication. According to a Gartner analyst, current IAM solutions cannot meet the scale or complexity that IoT demands of the enterprise.