Cybersecurity has grown in importance as networked systems become irreplaceable methods for delivering federal services and enabling day-to-day operations. The Office of Management and Budget reported in March 2010 that during fiscal 2010 agencies identified 41,776 cyber incidents--a 39 percent increase in cyber attacks over the previous year.

Big changes are afoot in the federal cyber arena, with the Defense Department having stood up Cyber Command, the Homeland Security Department readying active defense measures for federal networks and the entire federal government debating the role it should play in securing critical infrastructure in private sector hands. 



Latest Headlines

Latest Headlines

Major departments seek continuous monitoring acquisition independence from DHS

Some federal agencies are choosing to buy continuous monitoring tools independently of the Homeland Security Department-set schedule for the Continuous Diagnostics and Mitigation Program despite forfeiting DHS procurement money for those tools.

DoD abandons DIACAP in favor of the NIST risk management framework

An effort to align defense and federal civilian cybersecurity guidance culminated this month with the Defense Department jettisoning its specialized certification and accreditation process.The change is an expected one that grew in likelihood as the DoD and NIST actively sought over the past few years through a joint task force common ground in their cybersecurity guidance documents.

NIST requests $8M increase for NSTIC

An Obama administration effort to replace online passwords with an "identity ecosystem" led by the National Institute of Standards and Technology would receive $24.5 million under the White House budget proposal for the coming fiscal year.

NIST seeks increased funding for securing cyber-physical systems

A new generation of smart systems that network previously stand-alone devices – such as your thermostat – also bring the potential for dramatic new cyber attacks, says the National Institute for Standards and Technology. In newly released details of the agency's  budget proposal  for the coming year, NIST says it needs $18.8 million to study "cyber-physical systems," with $5 million of that dedicated to improving their security.

Encryption, access control problems common for state Medicaid agencies

Problems with encryption and access control are common among the systems used to process Medicaid claims, says a report from the Health and Human Services Department office of inspector general.

Spotlight: Liability protection unresolved cyber threat sharing impediment, says Alexander

A significant unsolved challenge to cyber threat information sharing between the federal government and the private sector is how to address liability, said outgoing National Security Agency head Gen. Keith Alexander.

Streufert: Agencies aren't dropping out of DHS continuous monitoring program

Reports that major federal departments are refusing to participate in a Homeland Security Department-led contract for continuous monitoring tools are untrue, said a DHS official Tuesday.

Likely next Cyber Command head calls for 'proactive' cyber operations

The likely next head of Cyber Command and the National Security Agency told Senators during a Tuesday confirmation hearing that the United States military posture in cyberspace has been reactive, rather that proactive. Vice Adm. Mike Rogers – President Obama's pick to replace Gen. Keith Alexander as the dual-hatted commander of Cyber Command and the NSA –  testified  before the Senate Armed Services Committee.

DHS official touts machine-to-machine cyber threat data sharing

A Homeland Security Department official touted agency use of a machine-to-machine format for sharing cyber threat information during a March 7 hearing. It's rolling out a standardized way of representing cyber threat information in a structured way – in a manner that computers can understand – called the Structured Threat Information Expression.

Swiping ID cards to logon to mobile devices? Maybe not, says NIST

What's worked for laptops and desktops won't work for mobile devices when it comes to verifying users' identity, says the National Institute of Standards and Technology. Enter what NIST calls a "derived credential," a way of taking the identity verification and encryption key infrastructure built up since 2004 for the identity smartcards and applying it to mobile devices.