News

Agencies fail to consistently apply cyber response practices

Across the board, major federal agencies are not consistently responding to cyber incidents, such as computer network breaches. About 65 percent of the time agencies aren't completely documenting actions taken in response to detected incidents, concludes the Government Accountability Office.

GAO: Army using various competitive methods to help modernize tactical networking systems

Congressional investigators found that the Army is using various competitive strategies to reach out to private industry in an effort to modernize its tactical communications and information networks.

Technology not always transformative in advancing democracy, finds paper

Citizen participation can be advanced through the use of technology – whether by providing better access to information or improving communication with officials – but probably not to the extent that some believe, says a new report.

Security controls lacking across VA networks, finds IG

A material weakness still exists in the Veterans Affairs Department's information security program, concludes the department's inspector general in its annual Federal Information Security Management Act audit.

NS2020 will provide more options, empower agencies, say GSA officials

Network Services 2020, the General Services Administration's mega telecommunications contract that will replace Networx, will span everything from advisory services, to satellite, with enough flexibility for eventually include emerging technology like mobile-to-mobile solutions, say GSA officials.

Gates highlights cybercrime threat not from Iran or Russia, but…France?

While China-based cybercriminals pose the biggest threat to U.S. industry in terms of economic espionage, one of the nation's closest allies isn't far behind, according to Robert Gates, former secretary of the Defense Department. "In terms of the most capable, next to the Chinese, are the French – and they've been doing it a long time," said Gates, during a recent event hosted by the Council on Foreign Relations and posted online May 21.

VA websites miss 508 compliance deadline, lack timeline for achievement

By January 2013 all Veterans Affairs Department websites were required to conform with Section 508 of the Rehabilitation Act, but not only are many VA websites non-compliant, the department lacks a clear timeline for meeting the requirement. Section 508 requires federal agencies to make electronic content and information technology accessible to people with disabilities.

DHS would gain hiring flexibility for cybersecurity personnel under proposed legislation

The Homeland Security Department would have more flexibility in hiring and retaining cybersecurity professionals under a bill introduced May 20 by Sen. Tom Carper (D-Del.). The bill (S.2354) was reported favorably to the full committee May 21 and aims to help the department compete with the private sector in staffing its cybersecurity workforce.

DOJ's recent charges against Chinese years in the making, says Carlin

The Justice Department's recent charges against members of China's People's Liberation Army for economic espionage and stealing trade secrets from American companies were part of a years-long effort, says a senior DOJ official.

Spotlight: China report highlights U.S. cyber activities

New research out of China says that the United States is the real perpetrator when it comes to cyber espionage.

Schwartz: Cybersecurity framework gaining foothold

The federal cybersecurity framework released earlier this year is helping critical infrastructure sectors that previously lagged catch up to those with more expertise, said Ari Schwartz, a White House cybersecurity official.

FTC asks Congress to make data brokerage more transparent

The Federal Trade Commission wants Congress to consider legislation that would rein in data brokers – requiring them provide more information to consumers on their operations and reasonable access to the data collected about individuals.

Obama administration satisfied with cybersecurity regulations

The Obama administration doesn't need to develop new cybersecurity regulations, a review by the administration has concluded. Voluntary implementation of the cybersecurity framework that the National Institute of Standards and Technology released in February will suffice for now.

OMB resists call to lead on underused software licenses

The lack of Office of Management and Budget guidance on managing software licenses drew criticism from the Government Accountability Office in a recent report, but OMB says it has done enough.

FITARA passes House as part of NDAA

The Federal Information Technology Acquisition Reform Act passed in the House May 22 as part of the fiscal 2015 National Defense Authorization Act (H.R. 4435). The bill passed with a 325-98 vote.

Internet ownership an 'arrogant,' 'counterproductive' argument, says Sepulveda

"The United States neither owns nor controls the Internet. And it would be incredibly arrogant and counterproductive to argue that we should," said Ambassador Daniel Sepulveda, deputy assistant secretary of state. Sepulveda coordinates information policy at the department's bureau of economic and business affairs.

Panel: Innovation around big data can improve security, but privacy must also be weighed

As governments and communities become more awash in data from sensors, smartphones, wireless networks and other technologies, there are significant opportunities to harness that information to improve society and its security. But there is also a balancing act with privacy that needs greater examination and discussion, according to a panel of security experts who spoke May 20 at the Center for Strategic and International Studies in Washington, D.C.

ACLU pushes for legal protection in lieu of voluntary code for facial recognition technology

Although the American Civil Liberties Union is an active participant in a multistakeholder process to address privacy and facial recognition technology, the group says a National Telecommunications and Information Administration-backed code of conduct will not provide sufficient privacy protection.

DHS official: Heartbleed has had 'minimal' impact on federal government

Due to hard work and improved coordination throughout the federal government, the impact of the Heartbleed bug on the dot-gov domain has been minimal, said Larry Zelvin, director of the National Cybersecurity and Communications Integration Center within the Homeland Security Department's National Protection and Programs Directorate.

DoD may stick with 4 separate systems to track contractors

The Defense Department may keep four separate systems to track the hundreds of thousands of contractors it employs, says the Government Accountability Office.