Cyber Security

IOT Security Risks Begin With Supply Chains

The Internet of Things (loT) greatly expands the attack surface of federal networks – and many connected components may be purchased outside of the normal technology supply chain. Developing standards and best practices is essential to balancing the power of IoT with government’s growing security needs.

Read More

What’s New

Securing Health Data Means Going Well Beyond HIPAA

The National Health Information Sharing and Analysis Center (NH-ISAC) warns that health providers have focused on complying with the data privacy concerns embodied in the Health Insurance Portability and Accountability Act (HIPAA) – yet failed to pay enough attention to data integrity and security.

New Framework Defines Cyber Security Workforce Needs

Today’s shortage of skilled cybersecurity professionals won’t end overnight, but the answer to solving the shortage may be here. It’s the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. By defining a common language to describe the skills, knowledge and requirements needed to fill each type of cyber job, the framework provides a baseline for understanding which can be shared by employers, educators and workers alike.

What We’re Reading

DoD’s Acting Acquisition Chief Looks To Purge ‘The Stupid’ From IT Procurement

The new administration’s extended transition process has led to an unusual circumstance in which there are literally zero politically-appointed acquisition officials anywhere in the Defense Department. Such a scenario might seem like an unlikely time for DoD to make major changes to the way it buys information technology, but that’s exactly what the career civil servant who’s currently leading the department’s vast acquisition apparatus hopes to do over the next year.

Local Governments Focus on Cybersecurity After Attacks

Terri Bettinger paid close attention to the recent cyberattacks on the websites of Ohio government agencies, banks and other businesses. She hoped to learn lessons to better defend the information she oversees.

Bettinger is the chief information officer for Franklin County and head of its Data Center, which collects, stores and protects government data from property tax bills to court and medical records. She knows the system will be hacked.

The Defense Department Will Soon Use More Secure Email

The U.S. Department of Defense will soon start sending more secure emails.
The Defense Information Systems Agency (DISA), the body in charge of the Pentagon’s email, said it plans to enable stronger encryption on all emails by July 2018.

In Quest to Replace Common Access Card, DoD Starts Testing Behavior-Based Authentication

A year after then-chief information officer Terry Halvorsen first publicly floated the idea of killing DoD’s Common Access Card in favor of a collection of more flexible authentication technologies, the Pentagon is beginning to test drive at least one of the potential replacements for the CAC.

Last week, the Defense Innovation Unit-Experimental reached an agreement with Plurilock Technologies, a Victoria, British Columbia-based firm that holds several patents on behavior-based authentication (or, “behaviour-based,” to our friends to the north).

DHS needs better information security practices, audit says

The Department of Homeland Security needs to up its game on information security, according to an audit released last week.

Private sector auditor KPMG conducted after-hours walkthroughs of employee workstations in the department’s Office of Financial Management and the Office of the Chief Information Officer, and found sensitive information — like passwords — left out and unattended.

DISA Director Discusses Priorities and Challenges for Agency

Lt. Gen. Alan Lynn took over as director of the Defense Information Systems Agency in July 2015, assuming leadership of the agency after previously serving as vice director and as chief of staff. He’s also spent time leading Army Network Enterprise Technology Command and Army Signal Center of Excellence, priming him to lead the Defense Department’s mission-critical IT agency.