Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
The Defense Department's testing its own version of cybersecurity standards for cloud systems. The Defense Information Systems Agency is working with all the military branches to find a cybersecurity program that protects the cloud with Level-3 security requirements. DISA's enterprise cloud broker is conducting the software tests. DoD's chief of the risk management oversight division in the chief information officer's office,Kevin Delaney, isn't sure when the tests will be over. He says the development needs to run incrementally so each level of security controls are working right. The tests are coinciding with the deadline for agency cloud systems to earn security certification through the Federal Risk and Authorization Management Program. Right now FedRAMP offers cloud certification for low to moderate security levels.
DISA is working with the services to identify a mission-critical application in the cloud to ensure the additional requirements for Level-3 security are appropriate and achievable. Meanwhile, the FedRAMP program office is beginning to consider what the program will look like in two to three to five years.
Chandra McMahon, Lockheed Martin's vice president for commercial markets, discusses NSA's accreditation system that tests cybersecurity companies against 21 separate focus areas.
Michael Daniel, the Obama administration's cybersecurity coordinator, says he wants to dismantle the most common method of cyber protection: passwords. Even as cyber threats continue to grow more sophisticated and destructive, passwords are weakening and proving easier to crack than ever. The solution lies in the National Strategy for Trusted Identities in Cyberspace (NSTIC), which calls for a broad "identity ecosystem" to replace simple passwords.
Cybersecurity projects and programs are getting some hefty backing from the Senate.
The Federal Communications Commission is challenging telecoms to work more closely with it to improve the nation's cybersecurity. FCC Chairman Tom Wheeler says he is not planning more regulations, rather he is asking the companies to share responsibility. Federal News Radio's Executive Editor Jason Miller joined Tom Temin and Emily Kopp on the Federal Drive to discuss the FCC's plans. Read Jason's related article.
Chairman Tom Wheeler said he wants to build on the initial success of the critical infrastructure cybersecurity framework released by the White House in February. He said it's not a matter of new regulations, but creating a joint approach to improving the network security across the entire communications sector. Rep. Mike Rogers (R-Mich.) renews hope for Congress to pass information sharing legislation this year.
The Pentagon says the Chinese military threat is growing because China steals intellectual property from the United States in giant quantities. DoD's new congressional report on China details violations of U.S. copyright and export laws by Chinese intelligence programs stealing national security technology. Gordon Chang, a contributor to Forbes.com, writes their New Asia column.
The National Institute of Standards and Technology gives agencies guidance for continuing the transition to a real-time, dynamic cybersecurity.
A new survey by TechAmerica and Grant Thornton found many agency chief information officers continue to spend too much on legacy systems and don't have money to develop or modernize new software or applications. But tools such as PortfolioStat are making a difference in helping senior IT managers understand and have a say in where money is spent in their agency.
The Department of Defense recognizes that it and American companies are prime targets for hackers, whether they be a nation-state or individuals. So it's put in place an operating strategy. That strategy is comprised of 5 elements: 1) a defensible architecture; 2) global situational awareness and a common operating picture; 3) a concept for operating in cyberspace; 4) trained and ready cyber forces; and 5) capacity to take action when authorized.
USCYBERCOM, according to testimony before Congress, is working on several elements to defend against cyber attacks. Those elements include tactics, techniques, and procedures, as well as policies and organizations. Officials say that also means turning plans into doctrine and training - and building a system that our Combatant Commanders can think, plan, and integrate cyber capabilities as they would capabilities in the air, land and sea domains. Cyber is different from all of them because it's mostly invisible.
A computer hacker facing up to 20 years in prison is free after helping the federal government stop hundreds of cyberattacks. He taught agencies how to protect millions of dollars and cripple the hacker group Anonymous. Retired Air Force Maj. Gen. Dale Meyerrose was chief information officer for three Air Force commands and three joint combatant commands. He was also the first CIO of the Office of the Director of National Intelligence and is now president of the Meyerrose Group. He joined In Depth with Francis Rose to explain what kind of precedence this sets for future cybersecurity policies.
Maryland has declared itself the epicenter of cybersecurity. At least Sen. Barbara Mikulski (D-Md.) has. She helped establish the Maryland Cybersecurity Roundtable. That move was recommended by the Federal Facilities Advisory Board last year. Tom and Emily spoke with Len Moodispaw on the Federal Drive. He's CEO of KEYW Corporation and President of the newly-formed Maryland Cybersecurity Roundtable.
The comply-to-connect initiative is about removing much of the people challenges by automating the software patching and updating the cyber processes in real time.
The 2013 FISMA report to Congress shows the Veterans Affairs Department continues to struggle with cybersecurity and has more than 6,000 items on its plans of actions and milestones and continued weaknesses in access and configuration management controls. VA CIO Stephen Warren details several initiatives to address many of the 35 recommendations.
Rob Carey, who recently retired after 31 years in government, said the government must focus on identity management and information assurance as computer threats become more complex and sustained.
Under the continuous diagnostics and mitigation program, DHS wants to ensure systems administrators have data on the most pressing threats and vulnerabilities first so they can fix them as soon as possible. John Streufert, DHS's director of federal network resilience, said the recently-awarded dashboard will be set up to do just that.
Under a construct that's still under discussion, the Defense Information Systems Agency would take charge of some portion of DoD's cyber defenses under a new Joint Force Headquarters.
You are the key to stopping an insider threat and preventing a cyber incident at your agency even if you don't work in the IT department. Richard Stiennon is the host of the Security Current blog, the founder of IT Harvest and the author of Surviving Cyberwar. He says there are two categories of insider threats and identifying the most dangerous kind depends on you.