Maritime security plans at three high-risk U.S. ports do not address how to assess, manage and respond to cybersecurity threats, according to a Government Accountability Office assessment of their policies and plans. While all of the ports had unique security strategies that dealt with physical security, there were very few policies and plans that specifically addressed cybersecurity, finds the June 5 report.
Thirty-five teams from around the world are competing in what's billed as a "first-of-its-kind tournament" to develop automated security systems to instantly detect and thwart cyberattacks as soon as they're launched, the Defense Advanced Research Projects Agency announced June 3.
Across the board, major federal agencies are not consistently responding to cyber incidents, such as computer network breaches. About 65 percent of the time agencies aren't completely documenting actions taken in response to detected incidents, concludes the Government Accountability Office.
While China-based cybercriminals pose the biggest threat to U.S. industry in terms of economic espionage, one of the nation's closest allies isn't far behind, according to Robert Gates, former secretary of the Defense Department. "In terms of the most capable, next to the Chinese, are the French – and they've been doing it a long time," said Gates, during a recent event hosted by the Council on Foreign Relations and posted online May 21.
New research out of China says that the United States is the real perpetrator when it comes to cyber espionage.
The federal cybersecurity framework released earlier this year is helping critical infrastructure sectors that previously lagged catch up to those with more expertise, said Ari Schwartz, a White House cybersecurity official.
The Obama administration doesn't need to develop new cybersecurity regulations, a review by the administration has concluded. Voluntary implementation of the cybersecurity framework that the National Institute of Standards and Technology released in February will suffice for now.
Due to hard work and improved coordination throughout the federal government, the impact of the Heartbleed bug on the dot-gov domain has been minimal, said Larry Zelvin, director of the National Cybersecurity and Communications Integration Center within the Homeland Security Department's National Protection and Programs Directorate.
Executives involved in the management and oversight of information technology programs are more optimistic about the state of security than those actually implementing security programs, finds a new study from Hanover Research.
The National Institute of Standards and Technology issued a new draft publication May 13, which aims to help agencies build or acquire IT systems with better security baked in from the start, by outlining best practices and recognized software engineering principals. FierceGovernmentIT spoke with Computer Scientist and NIST Fellow Ron Ross May 14, to learn more about the newest draft guidance.