A bipartisan cybersecurity bill introduced Wednesday by members of the House Homeland Security Committee would codify the department's existing governmentwide civilian agency cybersecurity duties and require it to analyze its current public-private partnership model with critical infrastructure sectors to ensure that owners and operators "are equal partners and regularly collaborate on all programs and activities" of DHS to protect critical infrastructure.
A computer scientist at the National Institute of Standards and Technology says the advent of advanced persistent threats means years of lip service to the idea of integrated system security must be replaced with real action.
A tornado warning from the National Weather Service today comes in two settings – in effect or not – and that should be changed in favor of a more nuanced system, concludes a government investigation into the 2011 tornado in Joplin, Mo.
A report by presidentially appointed science advisors says the federal government should require regulated industries to implement an auditable cybersecurity process and that the Securities and Exchange Commission should require publicly traded companies to disclose details of their cybersecurity program.
The privacy appendix contained within the private sector critical infrastructure cybersecurity framework being developed by the National Institute of Standards and Technology is meant to tie into corresponding cybersecurity practices, a NIST official said during a Nov. 8 workshop.
The rule is smaller in scope than the proposed rule the Defense Department put forth in June 2011; it proposed controls for any data tagged with a "for official use only" or similar marker. The final rule only pertains to "unclassified controlled technical information," which means technical data or computer software (as defined in the Defense Acquisition Regulation Supplement, section 252.227-7013).
Through the administration proposed National Network for Manufacturing Innovation, the government can play a role in innovating the way products are manufactured in the United States by getting business to invest in new ideas behind manufcaturing methods, Commerce Secretary Penny Pritzker told a Senate panel Nov. 13.
Hackers wishing to penetrate industrial control systems late at night or on the weekends will find their work mostly unhindered by ICS-CERT response, find Homeland Security Department auditors. In a newly released Oct. 24 report (.pdf) from the DHS office of inspector general, auditors say the ICS-CERT--the DHS organization tasked with analyzing and investigating ICS incidents and vulnerabilities--only has enough personnel to operate 12 hours a day for five days per week.
The National Institute of Standards and Technology will review its cryptographic standards development process and subject it to public comment and a formal review by an independent organization, the agency announced Nov. 1. In addition, Computer Security Division Chief Donna Dodson wrote that NIST will examine its existing body of cryptographic work and the procedures used to develop them, promising to address any cases where in retrospect the agency fell short "as quickly as possible."
The preliminary national critical infrastructure cybersecurity framework being developed by the National Institute of Standards and Technology is now officially open for comment following its...