The privacy appendix contained within the private sector critical infrastructure cybersecurity framework being developed by the National Institute of Standards and Technology is meant to tie into corresponding cybersecurity practices, a NIST official said during a Nov. 8 workshop.
Parts of the federal individual health care insurance enrollment system remain yet incomplete, said Henry Chao, deputy chief information officer of the Centers for Medicare and Medicaid Services. "We still have to the build payment systems, to make payments to issuers in January," said Chao, the CMS official who has overseen development of healthcare.gov.
Agency cybersecurity practices should move beyond the three year cycle of system authorizations into a state of continuous monitoring of security control implementation by the end of fiscal 2017, says a Nov. 18 memo from the Office of Management and Budget.
The rule is smaller in scope than the proposed rule the Defense Department put forth in June 2011; it proposed controls for any data tagged with a "for official use only" or similar marker. The final rule only pertains to "unclassified controlled technical information," which means technical data or computer software (as defined in the Defense Acquisition Regulation Supplement, section 252.227-7013).
"When you're doing a La Cosa Nostra investigation, you can de-conflict by calling each other or setting up a meeting for next Wednesday," FBI Director James Comey said during a Senate hearing. "When the threat is moving at 186,000 miles per second, as a photon does on the Internet, there's no time to make that phone call."
There have been about 16 attempts to attack healthcare.gov, Acting Assistant Secretary for Cybersecurity and Communications Roberta Stempfley told the House Homeland Security Committee on Nov. 13.
Open source can help move cybersecurity technology from the research-and-development stage to commercialization--but it may be ill-advised to mandate it. So says a paper from the DHS Science and Technology Directorate and SRI International. "Open source availability is well documented as a powerful and effective means to bring important capabilities into adoption, use, and support by larger communities," the paper says.
The nominee to fill the vacancy atop the Homeland Security Department said his immediate priority as secretary would be to help fill other key positions throughout the department.
The United States and China need to achieve some basic level of trust before they can realistically resolve any of their cyber-related issues, a report from the EastWest Institute and the Internet Society of China says.
Ability trumps credentials when it comes to hiring cybersecurity workers, and the federal government faces obstacles in picking up the best talent, said panelists during a Nov. 1 event. "Do I look if somebody has a CISSP or a law degree? Mostly no," said Philip Reitinger, chief information security officer for Sony Corp. and a former director of the National Cyber Security Center at the Homeland Security Department.