Latest Headlines

Latest Headlines

House Homeland Security introduces new critical infrastructure cybersecurity bill

A bipartisan cybersecurity bill introduced Wednesday by members of the House Homeland Security Committee would codify the department's existing governmentwide civilian agency cybersecurity duties and require it to analyze its current public-private partnership model with critical infrastructure sectors to ensure that owners and operators "are equal partners and regularly collaborate on all programs and activities" of DHS to protect critical infrastructure.

NIST's Ron Ross calls for new critical infrastructure cybersecurity paradigm

A computer scientist at the National Institute of Standards and Technology says the advent of advanced persistent threats means years of lip service to the idea of integrated system security must be replaced with real action.

Changing NWS tornado alert system could reduce desensitizing false alarms, says NIST

A tornado warning from the National Weather Service today comes in two settings – in effect or not – and that should be changed in favor of a more nuanced system, concludes a government investigation into the 2011 tornado in Joplin, Mo.

PCAST calls for auditable cybersecurity processes in federally regulated industries

A report by presidentially appointed science advisors says the federal government should require regulated industries to implement an auditable cybersecurity process and that the Securities and Exchange Commission should require publicly traded companies to disclose details of their cybersecurity program.

NIST focused on outcomes for privacy appendix in cybersecurity framework, says Lefkovitz

The privacy appendix contained within the private sector critical infrastructure cybersecurity framework being developed by the National Institute of Standards and Technology is meant to tie into corresponding cybersecurity practices, a NIST official said during a Nov. 8 workshop.

DoD finalizes unclassified information protection rule for contractors

The rule is smaller in scope than the  proposed rule  the Defense Department put forth in June 2011; it proposed controls for any data tagged with a "for official use only" or similar marker. The final rule only pertains to "unclassified controlled technical information," which means technical data or computer software (as defined in the Defense Acquisition Regulation Supplement, section  252.227-7013).

Government can help manufacturing innovation, Pritzker tells Senate committee

Through the administration proposed National Network for Manufacturing Innovation, the government can play a role in innovating the way products are manufactured in the United States by getting business to invest in new ideas behind manufcaturing methods, Commerce Secretary Penny Pritzker told a Senate panel Nov. 13.

DHS cybersecurity organizations lack resources for staffing, training

Hackers wishing to penetrate industrial control systems late at night or on the weekends will find their work mostly unhindered by ICS-CERT response, find Homeland Security Department auditors. In a newly released Oct. 24  report  (.pdf) from the DHS office of inspector general, auditors say the ICS-CERT--the DHS organization tasked with analyzing and investigating ICS incidents and vulnerabilities--only has enough personnel to operate 12 hours a day for five days per week.

NIST reviews its cryptographic standards development process

The National Institute of Standards and Technology will review its cryptographic standards development process and subject it to public comment and a formal review by an independent organization, the agency  announced  Nov. 1. In addition, Computer Security Division Chief Donna Dodson wrote that NIST will examine its existing body of cryptographic work and the procedures used to develop them, promising to address any cases where in retrospect the agency fell short "as quickly as possible."

Spotlight: NIST preliminary cybersecurity framework officially out for comment

The preliminary national critical infrastructure cybersecurity framework being developed by the National Institute of Standards and Technology is now officially open for comment following its...