A computer scientist at the National Institute of Standards and Technology says the advent of advanced persistent threats means years of lip service to the idea of integrated system security must be replaced with real action.
A tornado warning from the National Weather Service today comes in two settings--in effect or not--and that should be changed in favor of a more nuanced system, concludes a government investigation into the 2011 tornado in Joplin, Mo.
A report by presidentially appointed science advisors says the federal government should require regulated industries to implement an auditable cybersecurity process and that the Securities and Exchange Commission should require publicly traded companies to disclose details of their cybersecurity program.
The privacy appendix contained within the private sector critical infrastructure cybersecurity framework being developed by the National Institute of Standards and Technology is meant to tie into corresponding cybersecurity practices, a NIST official said during a Nov. 8 workshop.
The rule is smaller in scope than the proposed rule the Defense Department put forth in June 2011; it proposed controls for any data tagged with a "for official use only" or similar marker. The final rule only pertains to "unclassified controlled technical information," which means technical data or computer software (as defined in the Defense Acquisition Regulation Supplement, section 252.227-7013).
Through the administration proposed National Network for Manufacturing Innovation, the government can play a role in innovating the way products are manufactured in the United States by getting business to invest in new ideas behind manufcaturing methods, Commerce Secretary Penny Pritzker told a Senate panel Nov. 13.
Hackers wishing to penetrate industrial control systems late at night or on the weekends will find their work mostly unhindered by ICS-CERT response, find Homeland Security Department auditors. In a newly released Oct. 24 report (.pdf) from the DHS office of inspector general, auditors say the ICS-CERT--the DHS organization tasked with analyzing and investigating ICS incidents and vulnerabilities--only has enough personnel to operate 12 hours a day for five days per week.
The National Institute of Standards and Technology will review its cryptographic standards development process and subject it to public comment and a formal review by an independent organization, the agency announced Nov. 1. In addition, Computer Security Division Chief Donna Dodson wrote that NIST will examine its existing body of cryptographic work and the procedures used to develop them, promising to address any cases where in retrospect the agency fell short "as quickly as possible."
The preliminary national critical infrastructure cybersecurity framework being developed by the National Institute of Standards and Technology is now officially open for comment following its...
In the draft – NIST SP 800-16 R. 1, second draft, version two (.pdf) – NIST notes that training differs from education, with the latter being led by the National Initiative for Cybersecurity Education. The NICE workforce taxonomy released in 2011 provides a framework for the education of cybersecurity workers, the draft says, whereas this NIST special publication focuses on how all federal workers will ensure government is information is secure.