Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Modern Mission Critical Series
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Search Tags: GDIT
The Environmental Protection Agency can't keep track of the data it stores in the cloud. EPA's Inspector General says it a subcontractor for a water permit system was using a cloud system to run its share of the operation, but neither the agency nor the prime contractor was aware of it. Albert Schmidt is an IT auditor of Information Resources Management and audits for the EPA's Inspector General. He says this type of cybersecurity problem isn't entirely the agency's fault.
Plans for the 11th annual Cybersecurity Awareness Month are underway at the Department of Homeland Security. DHS will partner up with the National Cyber Security Alliance to offer different events each week catered for federal agencies, individuals, and private companies. Week One will focus on the basics of cybersecurity. Starting in Week Two the topics get a little more specific. You can learn about how to develop more secure IT products, including cloud systems, and in Week Four the theme is cybersecurity for small and medium-sized businesses. DHS and the National Cyber Security Alliance hope the outreach will strengthen and build cybersecurity best practices for both private companies and federal agencies.
Cloud computing could help the federal government respond to a catastrophic nuclear radiation disaster. The National Nuclear Security Administration just finished a test run of a cloud-based data collection system that combines radiation measurements from states across the country. The agency says the inspiration for how the system works comes from observing the impact of the Fukishima reactor leak in Japan. NNSA coordinated the test run with 200 people working from 38 different states. Together they collected and analyzed 21,000 measurements of environmental radiation around the country to see if anything was out of the ordinary. The 200 participants took water and soil samples, and luckily they didn't find anything of catastrophic proportions. NNSA says it's expanding the use of the cloud system to other agencies, too.
The Defense Strategies Institute will host its Cloud Tech and Government IT Summit in a little over a month. The summit will run on September 23rd and 24th at the Mary M. Gates Learning Center in Alexandria, Virginia. The Defense Strategies Institute will offer training and educational seminars in a Town Hall format. DSI says federal agency leaders and innovators in cloud computing will join Industry experts for interactive speeches and debates. The overall focus of the summit is acquiring and securing cloud technology for civilian federal agencies and the DoD. DSI says it will also take a deep dive into IT modernization plans, data center consolidations, and IT infrastructure diversification. You can still register to attend the summit and active duty military and government employees can attend for free.
The Environmental Protection Agency is in the dark with its cloud contracts. EPA's Inspector General says the agency doesn't know how many cloud contracts it has, nor how secure they are. For an investigation, the IG chose a contract that met the definition of a cloud system. But the EPA didn't report it as a cloud contract because it didn't have "cloud" in the description. The agency's also using a sub-contractor that's not compliant with the Federal Risk and Authorization Management Program. The IG says the company might not have the capability to access its cloud system hardware so the office can investigate. The EPA didn't even know it was buying a cloud system at the very start of the contracting process. The IG says the agency wasn't aware cloud computing was part of the system it was procuring.
The General Services Administration will add a special cloud category to its IT Schedule 70 contracting vehicle. GSA wants to consolidate the contract's cloud options under a specific special item number. Right now the agency lists the cloud options under a variety of different numbers, so agencies browsing the system can't find them all in one place. GSA says the new approach will help small agencies in particular. The cloud-specific number will have its own subcategories of cloud-specific services, too. GSA wants industry recommendations on how to do it: a request for information is out on how best to differentiate the types of cloud services Schedule 70 includes. The deadline for the cloud industry to respond to GSA's request for information is August 6th. You can find the RFI on Fed Biz Opps.
The Defense Department's testing its own version of cybersecurity standards for cloud systems. The Defense Information Systems Agency is working with all the military branches to find a cybersecurity program that protects the cloud with Level-3 security requirements. DISA's enterprise cloud broker is conducting the software tests. DoD's chief of the risk management oversight division in the chief information officer's office,Kevin Delaney, isn't sure when the tests will be over. He says the development needs to run incrementally so each level of security controls are working right. The tests are coinciding with the deadline for agency cloud systems to earn security certification through the Federal Risk and Authorization Management Program. Right now FedRAMP offers cloud certification for low to moderate security levels.
New cloud security guidance is out from the Federal Risk and Authorization Management program, or FedRAMP. It includes new security controls and templates for agencies and cloud service providers to implement the new controls. The updates came a day after the deadline for agencies to earn FedRAMP certification for their cloud systems. The updates reflect changes from the National Institute of Standards and Technology's Special Publication 800-53. FedRAMP program manager Matt Goodrich says the latest update is the largest release of new FedRAMP information since the General Services Administration unveiled the whole concept two years ago. Right now federal agencies have 16 different FedRAMP-certified cloud options. Goodrich says those 16 options are already in place in 160 locations across the federal government.
Electronic health records can make collecting and storing patient data easier, but they can make it easier to commit fraud, too. The Inspector General of the Health and Human Services Department says EHR technologies can hide who wrote the records, and also change the data to fake a healthcare claim. The IG investigated the Centers for Medicare and Medicaid Services and its contractors to see what protections they're adding to their record systems. So far, almost nothing. The Inspector General says only a few of the CMS contractors have system protections tailored to electronic health records. And CMS is only providing limited guidance at best. The IG is recommending the agency update its guidance for contractors and work with them to develop new ways to protect the data.
A cybersecurity executive from the Department of Veterans Affairs is moving to the private sector. Don Sheehan is now the Vice President of Cybersecurity Solutions at the company Accelera Solutions...they're a cloud and virtualization contracting company. He previously served as Director of Business Continuity at the V-A. He was also part of the V-A's Office of Information Security since 2003 and helped lead the department's response to Hurricanes Katrina and Sandy. Sheehan also helped lead the creation of the VA Trusted Internet Connection gateways. At Accelera Solutions, he'll try to expand the role of cloud systems at federal agencies...specifically from a cybersecurity perspective. The goal is to increase the reliance on cloud technologies to IMPROVE cybersecurity at the federal and commercial level.