NIST seeks feedback on cybersecure connected medical devices

Network connected medical devices have the potential to better automate and control healthcare delivery, but they also present new safety and security risks. In response, the National Institute of Standards and Technology is seeking feedback on how it can address the cybersecurity challenges of networked infusion pumps. 

DHS agencies undermining department's overall IT security program, IG finds

The DHS inspector general said the department has generally improved the security of its information systems – including trusted Internet connections, continuous monitoring and strong authentication – in line with the Federal Information Security Management Act, which provides a standard baseline that agencies should comply with. However, agencies within DHS aren't consistently following certain policies and procedures.

DARPA wants autonomous UAVs that fly like birds and insects through cluttered, complex environments

Researchers want drones that are small enough to fit through an open window and can fly up to 45 miles per hour while they navigate through rooms, stairways and cooridors without a remote pilot, sensors or GPS reference points.

North Korea suffers Internet outage, possibly due to DDoS attack - UPDATED

After more than a day of instability, North Korea's Internet was down for nine and a half hours Dec. 22, according to Dyn Research, which has been tracking the health of the country's Internet system.

FBI fingers North Korea in Sony hack, Obama calls it 'cyber vandalism'

The FBI issued a statement Dec. 19 attributing the widely-publicized and costly cyber intrusion at Sony Pictures to North Korean-backed hackers. The agency's four-week investigation definitively found "the North Korean government is responsible for these actions," said an agency press release.

OSTP launches website to collect data on natural disasters, calls on tech community to help leverage data

The White House launched a website last week that is designed to collect open data on disasters, says a Dec. 15 Office of Science and Technology Policy blog post. Disasters.Data.Gov acts as a "public resource to foster collaboration and the continual improvement of disaster-related open data, free tools and new ways to empower first responders, officials and survivors in the wake of a disaster," says the office.

NIST finalizes revision to security configuration guide

The National Institute of Standards and Technology recently finalized an update to one of two publications that provides a cybersecurity foundation for all of the federal government's information technology systems. 

Independent audit: GSA largely complying with FISMA, but must still addresss several shortfalls

Maryland-based Brown & Company CPAs conducted the audit on behalf of the agency's inspector general to determine GSA's compliance with the Federal Information Security Management Act, or FISMA, which provides baseline security standards that all federal departments and agencies must follow.

What's online privacy going to be like in 10 years? Pew canvasses Internet experts

Pew polled more than 2,500 respondents described as technology builders, analysts, researchers, policymakers, managers and marketers regarding the development of a "trusted privacy-rights infrastructure" that fosters innovation and monetization, while still allowing people to protect personal information through easy-to-use formats.


'Cromnibus' funds civilian cyber campus

The Defense Department has Ft. Meade in Maryland for it's National Security Agency and U.S. Cybercommand, and soon the civilian side of the federal government will have its own cyber headquarters as well, thanks to an appropriation included in the spending bill President Obama signed into law Dec. 16.

IARPA seeks 'unconventional' methods to detect cyber attacks

The Intelligence Advanced Research Projects Activity will host a one-day conference Jan. 21 to provide information about an upcoming solicitation to develop the Cyber-attack Automated Unconventional Sensor Environment, or CAUSE, program.

FedRAMP milestone update: CSPs compliant with new NIST controls and 'high' security baseline coming

The General Services Administration provided an update on how the Federal Risk and Authorization Management Program is meeting milestones and laid out new deadlines as part of a Dec. 16 press briefing and the release of the program's roadmap. 

GSA wants agencies to have a greater hand in FedRAMP, outlines 2-year strategy

"There's been some confusion that FedRAMP is GSA, and FedRAMP is the JAB, but really FedRAMP is a program that is governmentwide in nature and has stakeholders across the government," said FedRAMP Director Matt Goodrich. A new plan aims to refocus the program on agency stakeholders and further spread the responsibility for authorizing cloud services.

Agencies not always leveraging FedRAMP correctly in cloud contract language, say GSA officials

Two and a half years in, the Federal Risk and Authorization Management Program, which aims to help agencies and departments more quickly and securely procure cloud services, is being adopted in pockets across the federal government, but not always correctly, say General Services Administration officials during a Dec. 16 press briefing.

DoD allows vetted commercial cloud services for sensitive unclassified data, updated guidance says

The guidance essentially codifies certain actions that have already occurred. For example, in August, Amazon Web Services became the first authorized commercial cloud provider to host sensitive unclassified data for DoD.

New VA pilot studies how tech can help doctors find patterns, insights within data

The Veterans Affairs Department has started a two-year pilot project to study how technology can help physicians make better clinical decisions as they contend with an ever-increasing amount of medical data such as electronic health records and medical literature.

Public comment sought on NIST draft on developing metrics to select cloud providers

The National Institute of Standards and Technology is seeking public comment on a new draft guide that could help government agencies and other organizations make better decisions in choosing the right cloud computing provider for them.

Report: FBI cautions threat from Iran

The FBI issued a confidential "flash" report Dec. 12, warning defense contractors, energy firms and education institutions, among other U.S. businesses, to monitor for an Iranian hacking campaign, according to a report from Reuters.

GSA wants to assess IT supply chain risk management governmentwide

The General Services Administration wants to know how it can provide better due diligence for acquisitions involving government information technology. It's working with customer agencies to establish a common set of indicators that could be used to for a supply chain risk assessment.

Congress sends Obama several bills designed to strengthen cybersecurity

Congress has sent President Obama several cybersecurity bills for his signature, including one designed to bolster the security of federal information systems and another to help the Homeland Security Department hire and keep cybersecurity experts.