The massive, monolithic technology platforms upon which U.S. defense systems rely are inflexible, increasingly difficult to manage and hostile to advances in technology, said the director of the Defense Advanced Research Projects Agency. They're also vulnerable to malicious actors, said DARPA Director Arati Prabhakar during a Nov. 12 event hosted by the Center for Strategic and International Studies.
Cybersecurity company Symantec says it has discovered a highly complex, advanced malware that has been developed and used – likely by a nation state – to systematically spy on governments, individuals and other international targets since at least 2008.
For the 16th straight year, the Veterans Affairs Department will fail its annual cyberseurity audit, the VA's deputy assistant inspector general said at a recent congressional hearing. Most of the IT security recommendations issued in their reports persist year after year.
The Nuclear Regulatory Commission needs to perform continuous monitoring of its information systems and update its system security plans, according to a recently released internal audit.
NATO launched its largest ever multinational cyber-defense exercise Nov. 18 – a three-day training event that includes 670 technical, government and cyber experts operating from dozens of locations from across partner nations, NATO said in a statement. The training will test NATO's ability to defend its networks in the event of a cyber attack, NATO says in the statement.
The Postal Service didn't notify some 800,000 USPS employees immediately when it was believed their personally identifiable information was compromised because it did not want to jeoprodize the investigation and alert the perpetrators, said a USPS officia Nov. 19 before a House Oversight and Government Reform subcommittee. In fact, the investigation is still very much underway, said Randy Miskanic, vice president of secure digital solutions at USPS.
While the security of the Agriculture Department's IT systems continues to improve, they're still vulnerable due to "longstanding weaknesses." The inspector general evaluated the department's overall security program as part of the Federal Information Security Management Act, or FISMA, which establishes baseline security standards for all agencies.
It's sometimes unclear whether corrective response to information technology vulnerabilities identified by the Veterans Affairs Department have been effective because the department has done little follow-up on its mitigation techniques, says the Government Accountability Office.
The Environmental Protection Agency needs to correct several deficiencies found in its configuration management program, an internal audit found.
Several major electronic privacy organizations have filed amicus briefs, supporting the Federal Trade Commission's lawsuit against Wyndham Worldwide Corp. that, the commission alleged, failed to protect consumer information.