Cybersecurity

  • CACI International and the U.S. Naval Institute released a report national security and assessing cyber threats specifically on global supply chains.

    September 21, 2010
  • Google is adding another layer to its security outfit. The additional step will make it harder for computer hackers and other impostors to get into e-mail accounts or other services that are protected by passwords.

    September 21, 2010
  • Senator Tom Carper of Delaware says the results from a new Government Accountability Office study are evidence that lawmakers should enact tougher rules to ensure the security of federal data -- like his bill -- Data Security and Breach Notification Act.

    September 20, 2010
  • Cyber criminals have stolen the identity of some high ranking officials around the world, including the head of Interpol.

    September 20, 2010
  • One cyber bill before Congress would create a cyber committee much like the Y2K Conversion committee to help deal with cybersecurity issues. John Koskinen, former chairman of the Council on Year 2000 Conversion, tells us how his committee was set up and why it was successful.

    September 20, 2010
  • There\'s a new type of naval warrior. Commander of Navy Cyber Forces, Rear Admiral Tom Meek explains.

    September 20, 2010
  • The putatively invading viruses have imaginative names: black in the white house, Olympic Torch, midget census workers kidnapped, etc.

    September 20, 2010
  • The Veterans Affairs Department is facing a new challenge when it comes to cybersecurity: letting doctors access patient data outside the workplace. VA CIO Baker said a major policy change may be needed to ensure the agency is meeting the needs of its veterans and the doctors and nurses who serve them.

    September 20, 2010
  • Congressman Gerry Connolly (D-VA) tells the DorobekINSIDER he has some concerns about the Pentagon\'s procurement changes.

    September 17, 2010
  • A new investigation finds a managed services provider that specializes in offering a fee-based service sheds new light in to the growing commercialization of this criminal space.

    September 17, 2010
  • Director Robert S. Mueller, III has named Shawn Henry as the executive assistant director (EAD) of the Criminal, Cyber, Response, and Services Branch (CCRSB). Mr. Henry will succeed Assistant Deputy Director T.J. Harrington. Mr. Henry most recently served as assistant director in charge of the FBI\'s Washington Field Office.

    September 17, 2010
  • This week host Tom Temin talks with Ron Ross of NIST and Nicole Dean, deputy director of the National Cyber Security Division. September 16, 2010

    September 16, 2010
  • According to a recent GAO report, there\'s now proof that national security and non-national security IT systems can work together effectively.

    September 16, 2010
  • SCMagazineUS.com reports that the malware author who uses the handle \"iraq_resistance\" is believed to be part of the cyber-jihad organization \"Brigades of Tariq ibn Ziyad.\"

    September 16, 2010
  • People exercise risk management, consciously and unconsciously, every day. Many of us drive on a daily basis. Some speed, and risk the chance of getting caught, while others are more conservative and drive the exact speed limit. We base our decision on whether or not to exceed the speed limit on the information available to us at the time, including our knowledge, past experiences, or the conditions we see in front of us. We weigh the risks against impacts and consequences, making decisions based upon our tolerance for the outcomes. The same is true for federal cyber risk management. Securing federal information and assets in cyberspace is the primary driver behind cybersecurity. Even so, other factors help define risk, including the potential for negative publicity if a cyber breach occurs, the impact to budget/performance plans if FISMA grades fall short, or the potential for investigations or congressional hearings if the burning issue of the day burns a bit too bright for too long. Federal cyber risk management fundamentally boils down to making risk decisions based upon an agency\'s risk tolerance - and the drivers behind an agency\'s tolerance vary across the federal government. Risk is defined as the likelihood of a future event that may have unintended or unexpected consequences. Federal agencies make the best cyber risk management decisions by using data and information to evaluate the agency\'s strengths and weaknesses for delivering on its cyber mission in the context of potential threats. Agencies must use information and data from various disparate sources across the enterprise to make these decisions, including audit log information, vulnerability data, asset information, the agency\'s regulatory compliance status, external and internal threat activity, human capital risks to the cybersecurity mission, and many more. As challenging as it may be for agencies to consume large volumes of disparate data, it is a challenge that is essential to overcome for agencies to make the best cyber risk management decisions. Is this achievable? Absolutely. The business intelligence movement established the foundation allowing agencies to minimize risk exacerbated by ad-hoc decision-making. Leveraging business intelligence capabilities for cybersecurity enables agencies to aggregate data across technical and organizational stovepipes and to provide agency cybersecurity leaders with mechanisms for making informed, risk decisions. By better understanding the cyber landscape, federal cybersecurity leaders can - much like our speeding driver example - understand \"how fast\" to drive and make better investment decisions when addressing enterprise cybersecurity risks.

    September 16, 2010