IOT Security Risks Begin With Supply Chains
The Internet of Things (loT) greatly expands the attack surface of federal networks – and many connected components may be purchased outside of the normal technology supply chain. Developing standards and best practices is essential to balancing the power of IoT with government’s growing security needs.
Static and dynamic analysis can expose hidden flaws in software and help assure programming is efficient, secure and maintainable from the start. That’s a whole lot better than finding out the hard way: after a breach or failure.
The National Health Information Sharing and Analysis Center (NH-ISAC) warns that health providers have focused on complying with the data privacy concerns embodied in the Health Insurance Portability and Accountability Act (HIPAA) – yet failed to pay enough attention to data integrity and security.
Intense worries about cybersecurity mean system owners are stacking up cyber tools to help protect their organizations, often duplicating features and capabilities in the process. The problem: There’s no sure way to measure the effectiveness of one tool over another.
What We’re Reading
The new administration’s extended transition process has led to an unusual circumstance in which there are literally zero politically-appointed acquisition officials anywhere in the Defense Department. Such a scenario might seem like an unlikely time for DoD to make major changes to the way it buys information technology, but that’s exactly what the career civil servant who’s currently leading the department’s vast acquisition apparatus hopes to do over the next year.
Microsoft has released new patches for Microsoft XP and Server 2003 systems while DHS pointed to an increase in North Korean cyber activity.
The Health and Human Services Department’s cyber threat sharing center hasn’t reached initial operating capacity yet, but a pair of senators already wonder if it’s a redundant effort.
Terri Bettinger paid close attention to the recent cyberattacks on the websites of Ohio government agencies, banks and other businesses. She hoped to learn lessons to better defend the information she oversees.
Bettinger is the chief information officer for Franklin County and head of its Data Center, which collects, stores and protects government data from property tax bills to court and medical records. She knows the system will be hacked.
The U.S. Department of Defense will soon start sending more secure emails.
The Defense Information Systems Agency (DISA), the body in charge of the Pentagon’s email, said it plans to enable stronger encryption on all emails by July 2018.
A year after then-chief information officer Terry Halvorsen first publicly floated the idea of killing DoD’s Common Access Card in favor of a collection of more flexible authentication technologies, the Pentagon is beginning to test drive at least one of the potential replacements for the CAC.
Last week, the Defense Innovation Unit-Experimental reached an agreement with Plurilock Technologies, a Victoria, British Columbia-based firm that holds several patents on behavior-based authentication (or, “behaviour-based,” to our friends to the north).
The Department of Homeland Security needs to up its game on information security, according to an audit released last week.
Private sector auditor KPMG conducted after-hours walkthroughs of employee workstations in the department’s Office of Financial Management and the Office of the Chief Information Officer, and found sensitive information — like passwords — left out and unattended.
Intelligence drives operations. The same can be said for quick-reaction cyber forces when responding to an incident.
Lt. Gen. Alan Lynn took over as director of the Defense Information Systems Agency in July 2015, assuming leadership of the agency after previously serving as vice director and as chief of staff. He’s also spent time leading Army Network Enterprise Technology Command and Army Signal Center of Excellence, priming him to lead the Defense Department’s mission-critical IT agency.