Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- Value of Health IT
Shows & Panels
All agencies are fighting cyber-attacks. The FBI Director of Cyber Security believes there are two groups of organizations: those whose systems have been attacked and those who do not know they have been attacked. In the federal space, the velocity and variety of attacks has dramatically increased. With Advanced Persistent Threats (APT), the time it can take to comprise a system ranges from hours to days, yet the time it takes for its discovery averages 6 months. The cyber security solution has shifted from the perimeter (firewall) or how to stop the attacks to how to deal with the attacks after they occur. The emphasis is now on the controls and minimizing what the attacker is doing once he gets in. The cost of the attacks is down time and data loss. With a 200% to 300% increase in attacks on agency's systems, it is imperative the federal government implements a holistic solution including hardware, software, training and compliance.
Earlier this year information security firm Mandiant identified a previously unknown group hackers thought to be in China. "People referred to China or Chinese hackers, but there was plenty of wiggle room there to assume it could be a collection of guys working in someone's basement without a tie to the government," Richard Behtlich chief security officer for Mandiant. The group the identified is called Unit 61398. Bejtlich says, "we showed pretty conclusively that at least this one group is part of the PLA" AKA The Chinese People's Liberation Army.
As the cybersecurity workforce gets older and closer to retirement age, the Office of Personnel Management is trying to help agencies find new talent. It's creating a new database of cyber positions that it hopes will help agencies identify the cyber skill sets needed to meet their missions. The Obama administration has made reducing critical cyber workforce gaps one of its top "cross-agency" goals.
Law enforcement and first responders have been put on notice --their mobile phones are targets for hackers. They've been informed in roll call bulletins that hackers, by compromising mobile technology and exploiting vulnerabilities in portable operating systems, application software, and hardware. Compromise of a mobile device can have an impact beyond the device itself; malware can propagate across interconnected networks.
Alex Grohmann and John Dyson from the Northern Virginia Chapter of the Informations Systems Security Association, join host John Gilroy to talk about what you can do to make your agency more secure.
July 9, 2013
Department will move away from DoD-specific approaches to cybersecurity, lean more toward informing and relying on governmentwide efforts.
The Commerce Department's Economic Development Administration spent almost $3 million to remediate a cyber attack that really didn't happen. Commerce's inspector general found the attack infected only two outgoing email servers and not more than half of EDA's systems. Two cybersecurity experts say other agencies can learn from EDA's year-long unnecessary and expensive recovery.
Chase Garwood, the SBA acting CIO, said the agency is working with DHS and Justice to improve the security of its internal and external customer-facing systems.
July 4, 2013
DHS, DISA and GSA are heading down similar but different paths to ensure mobile apps are secure before being allowed on devices or networks. NIST is developing voluntary guidelines to improve mobile software security based on work done in other industry sectors.
Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the 2013 Cyber Symposium will engage the key players, including the U.S. government, the international community, industry and academia, to discuss the development of robust cyberspace capabilities and partnerships.
U.S. CERT said in an email to organizers the current budgetary environment wouldn't support the annual cybersecurity conference
Greg Garcia, the director of the Army's IT Agency, said the organization has been piloting a virtualized desktop initiative and almost is ready to move into full production.
House Veterans Affairs Committee Chairman Jeff Miller (R-Fla.) and ranking member Michael Michaud (D-Maine) sent Secretary Eric Shinseki a letter asking for an explanation on why VA didn't tell the committee about multiple nation state attacks. The lawmakers call for VA to offer credit monitoring services to tens of millions of veterans.
NSA director says surveillance programs disrupted dozens of terrorist attacks
The Enhanced Cybersecurity Services program has seen a lot of interest by vendors, but few have invested in accepting cyber threat data from the government. Meanwhile, the Cyber Information Sharing and Collection Program is growing through the two-way sharing of unclassified threat indicators.
NIST, charged with developing the nation's first-ever cybersecurity baseline for critical infrastructure, says its job is to provide technical assistance to companies, but industry itself must lead the way. Gen. Keith Alexander said NSA will review the use of contractors.
The White House released updated progress report on the cross-agency cybersecurity goals and found most agencies improved. The administration said more agencies are using smart cards to log onto their networks and more are implementing continuous monitoring.
Edward Snowden, a former technical assistant for the CIA and current employee of defense contractor Booz Allen Hamilton, revealed himself Sunday as the source of disclosures about the U.S. government's secret surveillance programs, risking prosecution by the U.S. government. Director of National Intelligence James Clapper called the revelation of the intelligence-gathering programs as reckless and said it has done "huge, grave damage."
The Veterans Affairs Department has been compromised by at least eight different nation state organizations that stole data from its systems, House lawmakers and other experts say. VA officials say there always are risks, but their computer security is better than ever before.
Jerry Davis, who served as the VA's chief information security officer until February 2013, testified at a House subcommittee hearing that the VA became aware of the computer hacking in March 2010 and that attacks continue "to this very day."