Network connected medical devices have the potential to better automate and control healthcare delivery, but they also present new safety and security risks. In response, the National Institute of Standards and Technology is seeking feedback on how it can address the cybersecurity challenges of networked infusion pumps.
The DHS inspector general said the department has generally improved the security of its information systems – including trusted Internet connections, continuous monitoring and strong authentication – in line with the Federal Information Security Management Act, which provides a standard baseline that agencies should comply with. However, agencies within DHS aren't consistently following certain policies and procedures.
Researchers want drones that are small enough to fit through an open window and can fly up to 45 miles per hour while they navigate through rooms, stairways and cooridors without a remote pilot, sensors or GPS reference points.
After more than a day of instability, North Korea's Internet was down for nine and a half hours Dec. 22, according to Dyn Research, which has been tracking the health of the country's Internet system.
The FBI issued a statement Dec. 19 attributing the widely-publicized and costly cyber intrusion at Sony Pictures to North Korean-backed hackers. The agency's four-week investigation definitively found "the North Korean government is responsible for these actions," said an agency press release.
OSTP launches website to collect data on natural disasters, calls on tech community to help leverage data
The White House launched a website last week that is designed to collect open data on disasters, says a Dec. 15 Office of Science and Technology Policy blog post. Disasters.Data.Gov acts as a "public resource to foster collaboration and the continual improvement of disaster-related open data, free tools and new ways to empower first responders, officials and survivors in the wake of a disaster," says the office.
The National Institute of Standards and Technology recently finalized an update to one of two publications that provides a cybersecurity foundation for all of the federal government's information technology systems.
Maryland-based Brown & Company CPAs conducted the audit on behalf of the agency's inspector general to determine GSA's compliance with the Federal Information Security Management Act, or FISMA, which provides baseline security standards that all federal departments and agencies must follow.
Pew polled more than 2,500 respondents described as technology builders, analysts, researchers, policymakers, managers and marketers regarding the development of a "trusted privacy-rights infrastructure" that fosters innovation and monetization, while still allowing people to protect personal information through easy-to-use formats.
The Defense Department has Ft. Meade in Maryland for it's National Security Agency and U.S. Cybercommand, and soon the civilian side of the federal government will have its own cyber headquarters as well, thanks to an appropriation included in the spending bill President Obama signed into law Dec. 16.
The Intelligence Advanced Research Projects Activity will host a one-day conference Jan. 21 to provide information about an upcoming solicitation to develop the Cyber-attack Automated Unconventional Sensor Environment, or CAUSE, program.
The General Services Administration provided an update on how the Federal Risk and Authorization Management Program is meeting milestones and laid out new deadlines as part of a Dec. 16 press briefing and the release of the program's roadmap.
"There's been some confusion that FedRAMP is GSA, and FedRAMP is the JAB, but really FedRAMP is a program that is governmentwide in nature and has stakeholders across the government," said FedRAMP Director Matt Goodrich. A new plan aims to refocus the program on agency stakeholders and further spread the responsibility for authorizing cloud services.
Two and a half years in, the Federal Risk and Authorization Management Program, which aims to help agencies and departments more quickly and securely procure cloud services, is being adopted in pockets across the federal government, but not always correctly, say General Services Administration officials during a Dec. 16 press briefing.
The guidance essentially codifies certain actions that have already occurred. For example, in August, Amazon Web Services became the first authorized commercial cloud provider to host sensitive unclassified data for DoD.
The Veterans Affairs Department has started a two-year pilot project to study how technology can help physicians make better clinical decisions as they contend with an ever-increasing amount of medical data such as electronic health records and medical literature.
The National Institute of Standards and Technology is seeking public comment on a new draft guide that could help government agencies and other organizations make better decisions in choosing the right cloud computing provider for them.
The FBI issued a confidential "flash" report Dec. 12, warning defense contractors, energy firms and education institutions, among other U.S. businesses, to monitor for an Iranian hacking campaign, according to a report from Reuters.
The General Services Administration wants to know how it can provide better due diligence for acquisitions involving government information technology. It's working with customer agencies to establish a common set of indicators that could be used to for a supply chain risk assessment.
Congress has sent President Obama several cybersecurity bills for his signature, including one designed to bolster the security of federal information systems and another to help the Homeland Security Department hire and keep cybersecurity experts.