Corporate America is getting better about telling the U.S. government about serious security incidents, according to an official from the U.S. Department of Homeland Security (DHS). In 2006, companies, universities and government agencies reported 23,000 incidents to the U.S. Computer Emergency Readiness Team (US-CERT), up from 5,000 reported in 2005, Jerry Dixon, deputy director of the DHS's National Cyber Security Division (NCSD), said at the RSA Security Conference on Wednesday.
The Bush administration may withhold technology dollars from federal agencies that are lagging on cybersecurity, a top IT official said Wednesday.
The philosophy goes something like this: The government shouldn't be spending money on agencies that want to build new systems when their overall management processes remain flawed.
The National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS) unveiled the National Cyber Alert System, an operational system delivering to Americans timely and actionable information to better secure their computer systems.
As part of this program, Homeland Security is making available a series of information products targeted for home users and technical experts in businesses and government agencies. These e-mail products will provide timely information on computer security vulnerabilities, potential impact, and action required to mitigate threats, as well as PC security “best practices” and “how to” guidance.
The U.S. federal agency in charge of government technology standards approved on Thursday the accreditation of two laboratories to perform certification of election computers.
The National Institute of Standards and Technology (NIST) recommended that iBeta Quality Assurance and SysTest Labs be allowed to test election equipment under the current guidelines, the U.S. Election Assistance Commission (EAC) said on Thursday. If the EAC approves the recommendations, the two companies will be the first to receive credentials under the new Voting System Certification and Laboratory Accreditation Program.
Source: Government Computer News - Posted by Eric Lubow
Federal superspy Jack Bauer battles fate and countless foes on the hit TV show “24”—a drama unfolding in real time and depicted on several windows within the screen. Like the Bauer character, who himself is the fictional successor to an earlier superagent who liked his tipple “shaken, not stirred,” federal IT users frequently will have to share information quickly if they hope to prevail or even survive in 2007.
Source: Slashdot.org - Posted by Benjamin D. Thomas
On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The U.S. Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. The selected product will be deployed on Millions of computers in the U.S. federal government space. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The evaluation will come to an end in 90 days. You can view all the vendors competing and list of requirements."
Due to an increased network threat condition, the Defense Department is blocking all HTML-based e-mail messages and has banned the use of Outlook Web Access e-mail applications, according to a spokesman for the Joint Task Force for Global Network Operations.
An internal message available on the Internet from the Defense Security Service (DSS) states that JTF-GNO raised the network threat condition from Information Condition 5, which indicates normal operating conditions, to Infocon 4 "in the face of continuing and sophisticated threats" against Defense Department networks.
Source: Government Computer News - Posted by Eric Lubow
Once again it is time to take note of those security blunders from the past year that have given us so many opportunities to learn from our mistakes. It has been a year rich in opportunity, with one lesson in particular being repeatedly hammered home. So the second annual Bonehead Award for Notable Failures in IT Security goes to all of those people who think it is productive to carry around sensitive data on portable devices.
Source: Government Computer News - Posted by Eric Lubow
With the deadline to move their network backbone to Internet Protocol Version 6 still about 18 months away, agencies’ biggest concern is whether the security industry will have enough products to support them. Three agency officials who are leading efforts to move to IPv6 today expressed concern over the lack of support from security vendors so far, and said federal agencies, such as the National Institute of Standards and Technology and the Defense Advanced Research Projects Agency, will have to provide seed money to move products along. “Security has not received the same focus as, say, routers,” said John McManus, Commerce Department deputy CIO and co-chairman of the IPv6 working group. “The Office of Management and Budget’s memo said the security must be at least the same, if not higher. If you can’t secure your network, you will not bring it online.”
Source: Federal Computer Week - Posted by Eric Lubow
China is fielding information warfare units and developing anti-satellite capabilities aimed at countering U.S. military technology, according to a U.S. congressional commission. China’s cyberwarfare strategy has switched from a defensive to an offensive posture, with the goal of attacking enemy networks and denying adversaries access to information, said the U.S.-China Economic and Security Review Commission (USCC) in its annual report, released Nov. 16. Chinese strategy focuses on U.S. systems that perform command and control or deliver precision weapons, the report states.
