The Obama administration doesn't need to develop new cybersecurity regulations, a review by the administration has concluded. Voluntary implementation of the cybersecurity framework that the National Institute of Standards and Technology released in February will suffice for now.
Due to hard work and improved coordination throughout the federal government, the impact of the Heartbleed bug on the dot-gov domain has been minimal, said Larry Zelvin, director of the National Cybersecurity and Communications Integration Center within the Homeland Security Department's National Protection and Programs Directorate.
Executives involved in the management and oversight of information technology programs are more optimistic about the state of security than those actually implementing security programs, finds a new study from Hanover Research.
The National Institute of Standards and Technology issued a new draft publication May 13, which aims to help agencies build or acquire IT systems with better security baked in from the start, by outlining best practices and recognized software engineering principals. FierceGovernmentIT spoke with Computer Scientist and NIST Fellow Ron Ross May 14, to learn more about the newest draft guidance.
The National Security Agency is expanding funding for several universities to continue scientific research into cybersecurity. The intelligence agency awarded contracts to North Carolina State University, the University of Illinois Urbana-Champaign and Carnegie Mellon University in 2012 and recently announced that these three universities along with the University of Maryland would receive additional funding.
The 13 cloud computing contracts that the Postal Service awarded in recent years inadequately addressed data security, says the USPS office of inspector general. Contracting officials worried that integrating policies from the agency's handbook on cloud security would drive up the cost of the contracts.
Public policy can help address U.S. cybersecurity, but it should not be viewed as an issue that can be solved through legislation or regulation. Rather, public policy can help improve cybersecurity management, says a new report from the National Research Council.
"It's amazing to me how little" investors think about cybersecurity in their decisions, said Suzanne Spaulding, head of the National Protection and Programs Directorate.
The FBI is warning healthcare providers that lax cybersecurity standards will leave their computer systems more vulnerable to hackers as the industry transitions to electronic health records.
The Energy Department developed the document in collaboration with industry. The guidance focuses on protecting the industrial control systems behind energy delivery, rather than information technology more generally.