GAO: Cybersecurity weak at all federal agencies

Cybersecurity Update – Tune in weekdays at 30 minutes past the hour for the latest cybersecurity news on The Federal Drive with Tom Temin and Jane Norris (6-10 a.m.) and The Daily Debrief with Chris Dorobek and Amy Morris (3-7 p.m.). Listen live at or on the radio at 1500 and 820 AM in the Washington, D.C. metro area.

  • Federal agencies remain vulnerable to cyber attacks and security breaches. They are not taking the necessary steps to secure Internet connections and computer systems. That’s the conclusion in two new reports from the Government Accountability Office. The reports says that agencies have not secured Web networks under the Trusted Internet Connections initiative and Einstein programs, reports the FederalTimes. GAO largely faulted the Office of Management and Budget and the Homeland Security Department for the delays, saying they provided “inconsistent communication” to agencies for how to secure their Web connections. A companion report also says that agencies also have not Implemented Federal Desktop Core Configuration Requirements.
  • There’s a free tool to help your agency sniff out unauthorized USB storage drives. NextGov reports the program is outlined in 2011 budget documents for the National Security Agency. NSA isn’t revealing many details about the USBDetect 3.0 Computer Network Defense Tool, but the software does provide an automated way of detecting the USB devices. And it comes at no cost to any federal agency.
  • Two Senators have introduced a bill to make cybersecurity a priority for the State Department. The measure from Kristin Gillibrand of New York and John Kerry of Massachusetts would install a senior coordinator at the State Department. NextGov reports that person would be in charge of advising the Secretary of State on international cybersecurity and Internet issues. The person would also coordinate American efforts to improve international cybersecurity.
  • They are called rules of engagement – the standards used by parties engaging in warfare. And they can be tricky at times. But what if the “warfare” isn’t standard warfare – but a cyber war? What are the rules – and when might they be broken? Those are the kinds of questions being faced by government officials as they try to figure out life on the digital battlefront. For example what if hackers overseas launch a cyberattack on a military computer system – how can the U.S. fight back? Retaliation against such a strike could affect foreign countries, private citizens or private businesses, like hospitals or power plants. Congressional officials say such scenarios are being considered as rules for cyber warfare are being drawn up. But the answers are proving hard to come by – and that is delaying the creation of the Pentagon’s Cyber Command.