Source: Slashdot.org - Posted by Benjamin D. Thomas
On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The U.S. Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. The selected product will be deployed on Millions of computers in the U.S. federal government space. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The evaluation will come to an end in 90 days. You can view all the vendors competing and list of requirements."
Due to an increased network threat condition, the Defense Department is blocking all HTML-based e-mail messages and has banned the use of Outlook Web Access e-mail applications, according to a spokesman for the Joint Task Force for Global Network Operations.
An internal message available on the Internet from the Defense Security Service (DSS) states that JTF-GNO raised the network threat condition from Information Condition 5, which indicates normal operating conditions, to Infocon 4 "in the face of continuing and sophisticated threats" against Defense Department networks.
Source: Government Computer News - Posted by Eric Lubow
Once again it is time to take note of those security blunders from the past year that have given us so many opportunities to learn from our mistakes. It has been a year rich in opportunity, with one lesson in particular being repeatedly hammered home. So the second annual Bonehead Award for Notable Failures in IT Security goes to all of those people who think it is productive to carry around sensitive data on portable devices.
Source: Government Computer News - Posted by Eric Lubow
With the deadline to move their network backbone to Internet Protocol Version 6 still about 18 months away, agencies’ biggest concern is whether the security industry will have enough products to support them. Three agency officials who are leading efforts to move to IPv6 today expressed concern over the lack of support from security vendors so far, and said federal agencies, such as the National Institute of Standards and Technology and the Defense Advanced Research Projects Agency, will have to provide seed money to move products along. “Security has not received the same focus as, say, routers,” said John McManus, Commerce Department deputy CIO and co-chairman of the IPv6 working group. “The Office of Management and Budget’s memo said the security must be at least the same, if not higher. If you can’t secure your network, you will not bring it online.”
Source: Federal Computer Week - Posted by Eric Lubow
China is fielding information warfare units and developing anti-satellite capabilities aimed at countering U.S. military technology, according to a U.S. congressional commission. China’s cyberwarfare strategy has switched from a defensive to an offensive posture, with the goal of attacking enemy networks and denying adversaries access to information, said the U.S.-China Economic and Security Review Commission (USCC) in its annual report, released Nov. 16. Chinese strategy focuses on U.S. systems that perform command and control or deliver precision weapons, the report states.
The new Police and Justice Act, published today, could criminalise legitimate IT security activity. There are fears amongst security experts that changes it makes to the Computer Misuse Act will make it illegal to distribute some vital tools.
The new law modifies the Computer Misuse Act of 1990, the cornerstone of Britain's anti-hacking law. The changes make clear for the first time that denial of service attacks are an offence; but they also address the distribution of hacking tools.
The new Act will make a person guilty of an offence "if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, [a hacking offence]." The word "article" is defined in the Act to include "any program or data held in electronic form".
Questions in the House of Lords in June 2005 revealed that the Cabinet Office's Central Sponsor for Information Assurance unit was developing proof-of-concept systems using Security Enhance Linux to support remote working and web services. In May this year IBM revealed that it was involved in the project along with Red Hat, Tresys Technology, and Belmin Group.
Source: Federal Computer Week - Posted by Eric Lubow
Contractors who are serious about getting Defense Department contracts should make sure now that their employees who have information assurance roles meet the standards set by DOD Directive 8570.1, according to panelists who spoke this morning at an Information Technology Association of America event. "There's not a downside to contractors being certified," said Phyllis Scott, president of training firm TTSC. Contracts will require it, and contractors who are already certified will have an immediate advantage, she said.
Source: Out-Law.com - Posted by Benjamin D. Thomas
There had been concern that Britain's Computer Misuse Act, written in the days before the World Wide Web, allowed denial of service attacks to fall through a loophole. These are attacks in which a web or email server is deliberately flooded with information to the point of collapse.
The 1990 legislation described an offence of doing anything with criminal intent "which causes an unauthorised modification of the contents of any computer"; the question was whether that covered denial of service attacks. When a court cleared teenager David Lennon in November 2005 on charges of sending five million emails to his former employer – because the judge decided that no offence had been committed under the Act – the need for amendment seemed obvious.
US Customs and Border Protection issued a notice in the Federal Register yesterday which detailed the agency's massive database that keeps risk assessments on every traveler entering or leaving the country. Citizens who are concerned that their information is inaccurate are all but out of luck: the system "may not be accessed under the Privacy Act for the purpose of contesting the content of the record." The system in question is the Automated Targeting System, which is associated with the previously-existing Treasury Enforcement Communications System. TECS was built to screen people and assets that moved in and out of the US, and its database contains more than one billion records that are accessible by more than 30,000 users at 1,800 sites around the country. Customs has adapted parts of the TECS system to its own use and now plans to screen all passengers, inbound and outbound cargo, and ships.
