Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Transformative Technology: Desktop Virtualization in Government
- Value of Health IT
Shows & Panels
Government officials, associations and companies are offering insight and comments on the recently released White House cyber framework.
NIST led the year-long effort to develop the Framework for Improving Critical Infrastructure Cybersecurity. Agencies now must review regulations to ensure alignment with the framework. DHS also launches a new voluntary program that will offer access to a variety of federal resources to help companies improve cybersecurity.
The Financial Industry Regulatory Authority is looking at the measures that Wall Street's brokerages take to protect their businesses and customers from cyber security threats. FINRA, which conducts periodic "sweeps," or targeted checks on Wall Street brokerages, says it is conducting the review, in part, because of the growing threat to information technology systems from "a variety of sources.
App River email and security experts says Bank of America customers have been targeted by a new virus campaign they're calling a Bredo virus. It comes in the form of phishing email that claiming to be from BofA and asking the recipient of download a security file. The main goal of this virus is to steal information such as banking info or recording keystrokes. The software may also have abilities to further infect a system by downloading more malware on to the machine.
Sen. Tom Coburn's (R-Okla.) report on cybersecurity and critical infrastructure in the federal government examined more than 40 inspector general audits and revealed gaping holes in the security of agencies' systems.
The goal is to more accurately evaluate the security of the government's computer networks and systems. These efforts could bring more consistency to the cyber auditing process and engender more confidence in its results.
Phyllis Schneck, the deputy undersecretary for cybersecurity in the National Protection and Programs Directorate at DHS, said the department's goal is to further the trust relationship with industry around sharing and understanding cybersecurity threats.
February 6, 2014
The inconsistent way inspectors general review the security of federal networks and computers is causing uncertainty around what is working and what isn't in the federal government. A recent State Department IG management alert is a prime example of this growing disconnect.
Early pilots in DHS information sharing project appears to show that bureau-level IT systems built decades ago can share information with one another, and also protect against data privacy problems.
Former federal CISO Pat Howard offers tips to waterproof your agency's information security continuous monitoring strategy.
Phyllis Schneck, the deputy undersecretary for cybersecurity at DHS, said the department will release a voluntary cyber program on Feb. 14 as part of the deliverables under President Barack Obama's 2013 Executive Order. Schneck said among her top priorities is to continue to build a trust relationship with the assorted public and private sector stakeholders.
GSA and DoD release six suggestions for how to better integrate cybersecurity in the acquisition progress. The recommendations are one of the deliverables under the cyber Executive Order President Obama signed last February. GSA will release a RFI in the coming weeks to let industry and others comment on how best to begin implementation.
More agencies are recognizing the growing importance of keeping data private after recent information leaks and cyber breaches. The Federal Trade Commission is among the agencies at the head of the pack and is relying on best practices.
Rep. Jeff Miller (R-Fla.) wants answers from the Veterans Affairs Department after its latest privacy and cyber breach of the data of more than 5,000 veterans through its eBenefits portal. VA says it has fixed the software defect and its Data Breach Core Team is investigating what happened.
A new white paper from SafeGov recommended ways for agencies to move to an integrated cloud and cyber approach and away from one that is fragmented and ad hoc in many respects. Karen Evans, a co-author of the report and a former Office of Management and Budget administrator for e-government and IT, said agencies need a clearer picture of how this integration could happen.
The Defense Information Systems Agency says an eventual commercial cloud buy probably won't be bundled into a single contract vehicle, but in the meantime, DoD needs to work through challenges involving security, approval policy and network operations.
How can you tell if your system has been compromised? Internet security firm Mandiant says there are numerous signs. Included are evidence of unauthorized use of valid accounts, trace evidence & partial files, command and control activity, known and unknown malware, suspicious network traffic, valid programs used for other purposes and files that have obviously been accessed by attackers. IT managers are reminded that threats can slip in undetected and lay dormant for long periods of time before striking.
How do you shop securely online. The Center for Internet Security says you should "know your online merchants. Limit online shopping to merchants you know and trust. Only go to sites by directly typing the URL in the address bar. If you are unsure about a merchant, check with the Better Business Bureau or the Federal Trade Commission to ensure its legitimacy. Confirm the online seller's contact information in case you have questions or problems. Use a credit card, not a debit card. Credit cards are protected by the Fair Credit Billing Act and may reduce your liability if your information is used improperly.
Devices such as smartphones and tablets are being used more and more often for online shopping and the Center for Internet Security is warning that means the volume of attacks against them will increase as well. The "center" says every time you download an app, you open yourself to potential vulnerabilities. Their advice is to research those apps you plan to download to verify their legitimacy. Update all apps when notified and disable Bluetooth and Near Field Communications when not in use to reduce the risk of your data, such as a credit card number, being intercepted by a nearby device.
Recently several large U.S. companies were hacked online and like other victims of similar attacks, they were not aware until well after the attack happened. In some cases it was months. Online security firm Mandiant says, often attacks are blamed on malware, but they say 46% of compromised machines have no malware on them. Mandiant says hackers can navigate through conventional safeguards easily leaving little or no trace.