Cybersecurity has grown in importance as networked systems become irreplaceable methods for delivering federal services and enabling day-to-day operations. The Office of Management and Budget reported in March 2010 that during fiscal 2010 agencies identified 41,776 cyber incidents--a 39 percent increase in cyber attacks over the previous year.

Big changes are afoot in the federal cyber arena, with the Defense Department having stood up Cyber Command, the Homeland Security Department readying active defense measures for federal networks and the entire federal government debating the role it should play in securing critical infrastructure in private sector hands. 



Latest Headlines

Latest Headlines

Gallagher: NIST framework could improve federal agency cybersecurity programs

The cybersecurity framework released earlier this month by the National Institute of Standards and Technology has the potential to change federal agencies' approach to cybersecurity as well as that of the original intended audience of private sector critical infrastructure companies, said a NIST official. The framework outlines a maturity model of four tiers against which adoptees can benchmark the sophistication of their cybersecurity program.

NIST to mine special publications for additional cybersecurity framework guidance

Now that the cybersecurity framework is out, the National Institute of Standards and Technology says a next step will be to map the alignment of its remaining library of cybersecurity guidance documents to practices called for in the voluntary guidance document.

Possible state-sponsored cyber attack deemed elite, unusual

An advanced persistent threat called Careto, aka the Mask, may be state sponsored, says Kaspersky Lab, the security company that discovered the malware.  In a new  report  (.pdf), the company says the malware is "extremely sophisticated." It works on Windows, Mac and Linux systems, and possibly Android and iOS as well. It can intercept keystrokes, encryption keys, Wi-Fi traffic, Skype conversations and more.

Privacy high on agenda for second cybersecurity framework revision

Although the National Institute of Standards and Technology backed down from including a dedicated privacy appendix in the newly released critical infrastructure cybersecurity framework, it hasn't given up on the prospect of including privacy controls in future iterations of the framework. In the final version of the  framework released  Feb. 12 – final only in the sense that it's version 1.0 of what NIST says will be a "living document" – NIST  removed an appendix  containing privacy controls included in earlier drafts.

Cybersecurity framework released with incentives unfinished and privacy appendix gone

The federal government today released a framework for cybersecurity meant for voluntary adoption within the private sector while acknowledging that work remains to be done in constructing incentives for adoption, and within the framework itself. Framework development has been a year-long effort under the tutelage of NIST, which received a mandate through an cybersecurity executive order.

DHS prepares for hypothetical immigration reform

Secretary Jeh Johnson said in a speech Feb. 7 that "when reform legislation is enacted, DHS must be prepared to implement reform. So to prepare for this potential outcome, I have already directed the deputy secretary of homeland security to coordinate the process, to ensure we are ready to implement the law." The speech, at the Wilson Center in Washington, D.C., was Johnson's first major policy address since his confirmation in December.

eBenefits PII glitch potentially affected about 1,300 says VA

A software defect that caused a joint Veterans Affairs and Defense Department self-service benefits portal to display personally identifiable information to other users accessing the system affected no more than 1,362 individuals, a VA officials told a House panel.

IT management, security challenges are widespread at agencies

Struggles with information technology are the most common management challenges across large agencies, an analysis from the consulting firm Grant Thornton shows. Numerous agencies faced challenges with both IT security and management.

House Homeland Security approves critical infrastructure cybersecurity bill

The House Homeland Security Committee approved by unanimous voice vote a cybersecurity bill that would codify the Homeland Security Department's role in federal cybersecurity and require it to work with the private sector on securing critical infrastructure.

Agency cybersecurity criticized in Senate report

Basic cybersecurity measures such as patching, anti-virus software updates and password management are insufficient at federal agencies, leaving government networks vulnerable to even non-sophisticated cyber intrusions, finds a Feb. 4 report.