Under the continuous diagnostics and mitigation program, DHS wants to ensure systems administrators have data on the most pressing threats and vulnerabilities first so they can fix them as soon as possible. John Streufert, DHS’s director of federal network resilience, said the recently-awarded dashboard will be set up to do just that.
Federal cybersecurity officials are in knots over the Heartbleed threat. The vulnerability potentially affects a common data encryption system used on internet servers. Homeland Security says federal web servers are OK. Qualys has a free online SSL Server Test that can analyze a web server. Alan Paller, director of research at the cybersecurity education firm SANS Institute, explained the threat to Federal Drive hosts Tom Temin and Emily Kopp.
GSA’s cyber dashboard is starting to look a little clearer.
The goal is to more accurately evaluate the security of the government’s computer networks and systems. These efforts could bring more consistency to the cyber auditing process and engender more confidence in its results.
Federal employees are eligible for a free one-day training session in early November on implementing continuous monitoring. The goal is to help agencies make good use of the continuous diagnostics and monitoring contract DHS awarded in August.
DHS awards 17 vendors a spot on the continuous diagnostics and mitigation contract. Agencies can now access a common set of tools and services to improve how they monitor and secure their computer networks.
The company says both sites have been scrubbed of malware and vulnerabilities have been closed. The “drive-by” attack that affected the sites is a growing type of cyber hack that looks for holes in popular websites. FederalNewsRadio.com and WTOP.com are available again to users of all Internet browsers.
The newly issued Executive Order gives NIST, DHS several goals and corresponding deadlines over the next year. NIST will work with industry to create a cybersecurity framework. DHS is expanding the information sharing program so industry can receive classified and unclassified cyber threat data more easily and more quickly.
The Defense Department plans to boost the ranks of cybersecurity professionals, increasing cyber staff at U.S. Cyber Command by more than five times to some 4,900 employees. But DoD’s plan is daunting in more ways than one. The job qualifications and skills needed for the kinds of positions the Pentagon wants are rare and often require years of training and hands-on experience. And even if DoD looks outside the confines of the Pentagon to fill these roles, it’s not entirely clear where the new cyber pros would come from.
Alan Paller of the SANS Institute talks about DoD’s new initiative to hire 4,000 more people for its Cyber Command. Paul Terry of Blackboard, Inc., discusses how his company is helping GSA with its travel planning. Devon Hewitt, a partner at Protorae Law, weighs in on a recent contract award protest affecting people with disabilities. Capt. Paul Hammer of the Defense Centers of Excellence for Psychological Health and Traumatic Brain Injury, talks about the latest efforts at his center. Robin Lineberger of Deloitte LLP fills us in about the Professional Services Council’s new commission that’s focusing on efficient and innovative acquisition issues.