Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
A recent IG report said the State Department's Bureau of Information Resource Management's Office of Information Assurance lacks organization and lags in performance. The report made 32 recommendations for the office.
Brendan Goode, the director of network security deployment in the National Protection and Programs Directorate in DHS, said 15 out of the initial 23 agencies expected to implement Einstein 3 have signed memorandums of agreements with the department. E3A will use both unclassified and classified indicators to understand risks and vulnerabilities of federal networks.
Bruce McConnell announced today his intention to leave the Homeland Security Department in August after spending more than four years in an assortment of senior cybersecurity positions. He will be third senior ranking cyber official at DHS to leave since January.
Cyber-attacks on banks are growing more frequent. Wall Street has just conducted a cyber-defense exercise called "Quantum Dawn 2,". During the drill, bank employees were stationed at their normal offices, and were emailed throughout the day with bits of information that could indicate an encroaching hacker attack. They monitored a simulated stock exchange for irregular trading and were pressed to figure out what was going on and how to react while sharing information with regulators and each other.
Ever hear of the Multi-State Information Security and Analysis Center? It's a division of the Center for Internet Security. Their focus is cyber threat prevention, protection, response and recovery for state, local territory and tribal governments. Their objectives iclude providing two-way sharing of information and early warnings on cyber security threats, dissemination of information on cyber security incidents, to promote awareness and coordinate training.
Will exploit developers become potential targets of state-sponsored assassinations in the future -like the nuclear scientists in recent times? There's been some discussion in the "Tech" community regarding the legitimacy of using lethal force against civilian hackers. As a result some are wondering what the future might hold for exploit developers and other members of the cyber supply chain who are facilitating state-funded, offensive cyber operations.
We hear a lot about zero-day attacks and system vulnerabilities, but most hackers look for easier enterprises like the application used to access the Web. That's the one most online attackers will target. Why? Because most attackers and online exploit kit designers realize that the common browser is usually an endpoint's weakest link. Not only are enterprises generally slow to keep up with browser patching, they're downright sluggish at updating plug-ins and extensions.
While leaders at CMS said the hub connecting personal information stored in the health insurance marketplace to multiple agencies will be ready by the Oct. 1 deadline, legislators are concerned with how well CMS is securing individuals' personal information from cyber threats.
Dan Doney, the new chief innovation officer at the Defense Intelligence Agency, talks about the agency's plan to change the way it interacts with industry and brings innovation to government.
NIST and the National Cybersecurity Center of Excellece (NCCoE) want to facilitate public-private collaborations surrounding cybersecurity solutions by creating a new research-and-development center.
All agencies are fighting cyber-attacks. The FBI Director of Cyber Security believes there are two groups of organizations: those whose systems have been attacked and those who do not know they have been attacked. In the federal space, the velocity and variety of attacks has dramatically increased. With Advanced Persistent Threats (APT), the time it can take to comprise a system ranges from hours to days, yet the time it takes for its discovery averages 6 months. The cyber security solution has shifted from the perimeter (firewall) or how to stop the attacks to how to deal with the attacks after they occur. The emphasis is now on the controls and minimizing what the attacker is doing once he gets in. The cost of the attacks is down time and data loss. With a 200% to 300% increase in attacks on agency's systems, it is imperative the federal government implements a holistic solution including hardware, software, training and compliance.
Earlier this year information security firm Mandiant identified a previously unknown group hackers thought to be in China. "People referred to China or Chinese hackers, but there was plenty of wiggle room there to assume it could be a collection of guys working in someone's basement without a tie to the government," Richard Behtlich chief security officer for Mandiant. The group the identified is called Unit 61398. Bejtlich says, "we showed pretty conclusively that at least this one group is part of the PLA" AKA The Chinese People's Liberation Army.
As the cybersecurity workforce gets older and closer to retirement age, the Office of Personnel Management is trying to help agencies find new talent. It's creating a new database of cyber positions that it hopes will help agencies identify the cyber skill sets needed to meet their missions. The Obama administration has made reducing critical cyber workforce gaps one of its top "cross-agency" goals.
Law enforcement and first responders have been put on notice --their mobile phones are targets for hackers. They've been informed in roll call bulletins that hackers, by compromising mobile technology and exploiting vulnerabilities in portable operating systems, application software, and hardware. Compromise of a mobile device can have an impact beyond the device itself; malware can propagate across interconnected networks.
Alex Grohmann and John Dyson from the Northern Virginia Chapter of the Informations Systems Security Association, join host John Gilroy to talk about what you can do to make your agency more secure.
July 9, 2013
Department will move away from DoD-specific approaches to cybersecurity, lean more toward informing and relying on governmentwide efforts.
The Commerce Department's Economic Development Administration spent almost $3 million to remediate a cyber attack that really didn't happen. Commerce's inspector general found the attack infected only two outgoing email servers and not more than half of EDA's systems. Two cybersecurity experts say other agencies can learn from EDA's year-long unnecessary and expensive recovery.
Chase Garwood, the SBA acting CIO, said the agency is working with DHS and Justice to improve the security of its internal and external customer-facing systems.
July 4, 2013
DHS, DISA and GSA are heading down similar but different paths to ensure mobile apps are secure before being allowed on devices or networks. NIST is developing voluntary guidelines to improve mobile software security based on work done in other industry sectors.
Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the 2013 Cyber Symposium will engage the key players, including the U.S. government, the international community, industry and academia, to discuss the development of robust cyberspace capabilities and partnerships.