News

FERC improves unclassified cybersecurity program, IG review finds

Steps taken by the Federal Energy Regulatory Commission have improved its unclassified cybersecurity program, including the management of software upgrades and fixes, according to a review by the Energy Department's inspector general.

NSF: 'Smart' network devices, systems transforming physical world as research expands

Since 2008, NSF has invested more than $250 million for fundamental research into "smart," networked systems that underlie advances such as autonomous cars, robotic surgery and smart grids.

IRS not documenting risk-based IT security decisions, finds IG

The Internal Revenue Service failed to consistently document when it made exceptions to its own information technology security policies and requirements based on suitable justifications and a thorough assessment of potential risks, finds a Treasury Inspector General for Tax Administration report (pdf) dated Sept. 22 but only issued publicly Nov. 6.

Despite investment, many feds not satisfied with state of information governance

Many federal agencies are not satisfied with the state of information governance at their agencies, according to a new survey. Seventy-six percent have an enterprisewide information governance strategy but only 22 percent say it's "very effective," finds a survey of 152 federal government attorneys, IT executives, Freedom of Information Act agents and records managers published by Symantec Nov. 6.

Rogers: NSA shares most of the vulnerabilities it finds

In the wake of reports that the National Security Agency may have known about April's Hearthbleed bug and exploited it for surveillance before sharing information about the bug with industry, NSA Director Adm. Michael Rogers said the agency shares most cybersecurity information with the public as it is discovered.

DoD rolling out more secure 'chip and PIN' cards in January for its travelers

The chip-and-PIN system is being increasingly adopted in more and more places because it offers additional security to credit card users and merchants – namely a two-step authentication system that protects against identity theft. Cards with a magnetic strip and signature system are relatively easy to counterfeit.

NIST outlines steps for coordinated cyber incident response

Improved information sharing and coordinated incident response can help agencies bolster defenses against cyber threats, says draft guidance from NIST that aims to help agencies establish, participate in, and maintain information-sharing relationships throughout the incident response life cycle.

Federal panel holds hearing on rule change that expands FBI electronic surveillance powers

A federal regulatory body is discussing a rule change Nov. 5 that would allow the FBI to conduct electronic surveillance of devices wherever they're located.

Despite some progress, two major USPTO IT initiatives need improvement, audit finds

An internal audit found a number of problems among the U.S. Patent and Trademark Office's two major advanced IT initiatives currently in development.

Federal interagency body says level of cybersecurity readiness varies among banks

An assessment by a federal interagency regulatory group this summer found that the level of cybersecurity across more than 500 community financial institutions "varies significantly" and recommended that policies and procedures be updated to address risks and threats.

DOE governance of IT hardware needs improvement, says IG

A new report from the Energy Department's Inspector General highlights weaknesses in the department's governance of information technology hardware, citing poor management of the acquisition process and an incomplete IT supply chain risk management program.

Navy Department's year-long, 100-person task force seeks to better understand, improve cyber posture

The Navy Department wants to get a better handle on its current cyber posture, and it's putting significant resources toward the cause – 100 people for one year in an effort called Task Force Cyber Awakening.

APIs transforming digital content strategy at federal agencies, says government panel

Several government officials recently said that application programming interfaces, or APIs, are allowing federal agencies to provide and share more services and data quickly and easily without requiring a larger workforce. "APIs are the future, they really are," said Dennis Alvord, executive director of BusinessUSA at the Commerce Department.

USAID releases first-ever open data policy to improve global outcomes

The U.S. Agency for International Development recently issued its first-ever open data policy, providing guidance for systematic data collection, structure, use and dissemination to help accomplish its mission.

Poll: Americans more upset with Google than NSA spying on their personal digital data

People have a bigger problem with companies like Google than the National Security Agency accessing their personal electronic data, according to an online survey of 2,500 respondents.

Report: Nation state cyber conflict will become the norm

Low-intensity, Internet-enabled conflicts between nation states will become the rule, not the exception according to a report (pdf) issued Oct. 29 during Georgia Tech's Cybersecurity Summit.

Energy's unclassified cybersecurity program needs strengthening, IG says

An internal audit of the Energy Department's unclassified cybersecurity program found critical and high-risk vulnerabilites across many systems and networks tested, problems with access controls and web applications, and weaknesses in identifying and managing security features across systems.

FAA, industry form NextGen working group

A new working group comprised of the Federal Aviation Administration and  aviation industry members is taking on the task of equipping avionics with next-generation technology by a mandated deadline.

Pew: Cyberattacks will increase over the next decade

Cyberattacks are likely to increase in the next 10 years, but effective counter measures will minimize damage, a new study found.

18F director warns of reliance on requirements for gov't IT

Too often agencies are blindly checking a list of requirements rather than really thinking through how the technology they acquire or develop will serve the user, said Greg Godbout, executive director of the General Services Administration's innovation lab called 18F.