Latest Headlines

Latest Headlines

Security and resilience 'primary aim' of critical infrastructure planning, says new NIPP

A revised National Infrastructure Protection Plan issued by the Homeland Security Department in late December places greater emphasis on security and resilience than its predecessor from 2009.

Privacy appendix of draft NIST cybersecurity framework under fire

Some major Internet companies say the proposed privacy approach of the cybersecurity framework under development by the National Institute of Standards and Technology would be potentially burdensome, something that could discourage organizations from adopting it.

Intelligence review panel calls for stricter NSA limits

A five member panel  charged  by President Obama in August to review intelligence surveillance has recommended new limits to current National Security Agency activities. Among its recommendations is an end to NSA long-term storage of telephony metadata--the transaction records of all domestic and international telephone calls crossing through U.S. carrier switches--and a transition to a system in which those records are stored privately.

Third round of NSTIC pilots coming in 2014

The National Institute of Standards and Technology expects in late January to issue another federal funding opportunity for what would be the third round of pilots to implement the National Strategy for Trusted Identities in Cyberspace.

House Homeland Security introduces new critical infrastructure cybersecurity bill

A bipartisan cybersecurity bill introduced Wednesday by members of the House Homeland Security Committee would codify the department's existing governmentwide civilian agency cybersecurity duties and require it to analyze its current public-private partnership model with critical infrastructure sectors to ensure that owners and operators "are equal partners and regularly collaborate on all programs and activities" of DHS to protect critical infrastructure.

NIST's Ron Ross calls for new critical infrastructure cybersecurity paradigm

A computer scientist at the National Institute of Standards and Technology says the advent of advanced persistent threats means years of lip service to the idea of integrated system security must be replaced with real action.

Changing NWS tornado alert system could reduce desensitizing false alarms, says NIST

A tornado warning from the National Weather Service today comes in two settings – in effect or not – and that should be changed in favor of a more nuanced system, concludes a government investigation into the 2011 tornado in Joplin, Mo.

PCAST calls for auditable cybersecurity processes in federally regulated industries

A report by presidentially appointed science advisors says the federal government should require regulated industries to implement an auditable cybersecurity process and that the Securities and Exchange Commission should require publicly traded companies to disclose details of their cybersecurity program.

NIST focused on outcomes for privacy appendix in cybersecurity framework, says Lefkovitz

The privacy appendix contained within the private sector critical infrastructure cybersecurity framework being developed by the National Institute of Standards and Technology is meant to tie into corresponding cybersecurity practices, a NIST official said during a Nov. 8 workshop.

DoD finalizes unclassified information protection rule for contractors

The rule is smaller in scope than the  proposed rule  the Defense Department put forth in June 2011; it proposed controls for any data tagged with a "for official use only" or similar marker. The final rule only pertains to "unclassified controlled technical information," which means technical data or computer software (as defined in the Defense Acquisition Regulation Supplement, section  252.227-7013).