Cyber Security

IOT Security Risks Begin With Supply Chains

The Internet of Things (loT) greatly expands the attack surface of federal networks – and many connected components may be purchased outside of the normal technology supply chain. Developing standards and best practices is essential to balancing the power of IoT with government’s growing security needs.

(Visited 2,404 times, 11 visits today)

What’s New

Securing Health Data Means Going Well Beyond HIPAA

The National Health Information Sharing and Analysis Center (NH-ISAC) warns that health providers have focused on complying with the data privacy concerns embodied in the Health Insurance Portability and Accountability Act (HIPAA) – yet failed to pay enough attention to data integrity and security.

Wanted: Metrics for Measuring Cyber Performance and Effectiveness

Intense worries about cybersecurity mean system owners are stacking up cyber tools to help protect their organizations, often duplicating features and capabilities in the process. The problem: There’s no sure way to measure the effectiveness of one tool over another.

What We’re Reading

DoD’s Acting Acquisition Chief Looks To Purge ‘The Stupid’ From IT Procurement

The new administration’s extended transition process has led to an unusual circumstance in which there are literally zero politically-appointed acquisition officials anywhere in the Defense Department. Such a scenario might seem like an unlikely time for DoD to make major changes to the way it buys information technology, but that’s exactly what the career civil servant who’s currently leading the department’s vast acquisition apparatus hopes to do over the next year.

Local Governments Focus on Cybersecurity After Attacks

Terri Bettinger paid close attention to the recent cyberattacks on the websites of Ohio government agencies, banks and other businesses. She hoped to learn lessons to better defend the information she oversees.

Bettinger is the chief information officer for Franklin County and head of its Data Center, which collects, stores and protects government data from property tax bills to court and medical records. She knows the system will be hacked.

The Defense Department Will Soon Use More Secure Email

The U.S. Department of Defense will soon start sending more secure emails.
The Defense Information Systems Agency (DISA), the body in charge of the Pentagon’s email, said it plans to enable stronger encryption on all emails by July 2018.

An 18F For Cyber? DHS CISO Wants One

Brief synopsis of article: Department of Homeland Security CISO Jeff Eisensmith wants the federal government to establish a team of cybersecurity experts akin to the General Services Administration’s 18F digital service team.

In Quest to Replace Common Access Card, DoD Starts Testing Behavior-Based Authentication

A year after then-chief information officer Terry Halvorsen first publicly floated the idea of killing DoD’s Common Access Card in favor of a collection of more flexible authentication technologies, the Pentagon is beginning to test drive at least one of the potential replacements for the CAC.

Last week, the Defense Innovation Unit-Experimental reached an agreement with Plurilock Technologies, a Victoria, British Columbia-based firm that holds several patents on behavior-based authentication (or, “behaviour-based,” to our friends to the north).

DHS needs better information security practices, audit says

The Department of Homeland Security needs to up its game on information security, according to an audit released last week.

Private sector auditor KPMG conducted after-hours walkthroughs of employee workstations in the department’s Office of Financial Management and the Office of the Chief Information Officer, and found sensitive information — like passwords — left out and unattended.

(Visited 2,135 times, 3 visits today)