Cyber security at the Veterans Affairs Department was slammed on Capitol Hill. Testifying before the House Veterans Affairs Committee, auditors from the Government Accountability Office said they found numerous problems. These ranged from weak server passwords to unsecured internet connections. Auditors said VA systems are vulnerable to penetration by hackers. While acknowledging progress, GAO said VA still has a list of 11,000 security action items, NextGov reports.
It’s the law, but NASA’s top information security chief has ordered his staff to break away from it. A memo from Jerry Davis calls on NASA IT staffers to shift away from a provision that requires them to certify network compliance with the Federal Information Security Management Act (or FISMA). NextGov reports he wants them to focus on real-time monitoring of threats instead. To support his move, Davis points to an April White House order for agencies to begin continuous cybersecurity reporting.
Microsoft will share technical details about security holes with selected federal agencies before the security patches for them are released to the public. FCW reports, the early warning to government is part of the company’s experimental Defensive Information Sharing Program. The program gets underway this summer, according to Microsoft security officials.