A revised National Infrastructure Protection Plan issued by the Homeland Security Department in late December places greater emphasis on security and resilience than its predecessor from 2009.
Some major Internet companies say the proposed privacy approach of the cybersecurity framework under development by the National Institute of Standards and Technology would be potentially burdensome, something that could discourage organizations from adopting it.
A five member panel charged by President Obama in August to review intelligence surveillance has recommended new limits to current National Security Agency activities. Among its recommendations is an end to NSA long-term storage of telephony metadata--the transaction records of all domestic and international telephone calls crossing through U.S. carrier switches--and a transition to a system in which those records are stored privately.
The National Institute of Standards and Technology expects in late January to issue another federal funding opportunity for what would be the third round of pilots to implement the National Strategy for Trusted Identities in Cyberspace.
A bipartisan cybersecurity bill introduced Wednesday by members of the House Homeland Security Committee would codify the department's existing governmentwide civilian agency cybersecurity duties and require it to analyze its current public-private partnership model with critical infrastructure sectors to ensure that owners and operators "are equal partners and regularly collaborate on all programs and activities" of DHS to protect critical infrastructure.
A computer scientist at the National Institute of Standards and Technology says the advent of advanced persistent threats means years of lip service to the idea of integrated system security must be replaced with real action.
A tornado warning from the National Weather Service today comes in two settings – in effect or not – and that should be changed in favor of a more nuanced system, concludes a government investigation into the 2011 tornado in Joplin, Mo.
A report by presidentially appointed science advisors says the federal government should require regulated industries to implement an auditable cybersecurity process and that the Securities and Exchange Commission should require publicly traded companies to disclose details of their cybersecurity program.
The privacy appendix contained within the private sector critical infrastructure cybersecurity framework being developed by the National Institute of Standards and Technology is meant to tie into corresponding cybersecurity practices, a NIST official said during a Nov. 8 workshop.
The rule is smaller in scope than the proposed rule the Defense Department put forth in June 2011; it proposed controls for any data tagged with a "for official use only" or similar marker. The final rule only pertains to "unclassified controlled technical information," which means technical data or computer software (as defined in the Defense Acquisition Regulation Supplement, section 252.227-7013).