Thousands of rogue Apple, Android and Windows devices found operating on the Army’s network could pose major security risks to sensitive data and Army network operations, according to a recent report. Army commands failed to report more than 14,000 commercial smartphones and tablet computers being used across the service for research activities, data collection, mobile device pilot programs and other tasks, according to the March 26 inspector general report. Army Corps of Engineers, Engineer Research and Development Center in Vicksburg, Miss., and the U.S. Military Academy at West Point, N.Y., were among the locations using unapproved devices. Army officials at…
Browsing: Cybersecurity
The General Services Administration has launched a full review of its key online procurement system, after discovering a security vulnerability that may have exposed users’ sensitive data. The security flaw was reported to GSA on March 8, and the agency has since issued a software patch on the system and is investigating potential impacts to vendors registered in GSA’s System for Award Management (SAM). “When we got the word that this might be the case, we got right on it,” GSA Acting Administrator Dan Tangherlini told reporters Tuesday following a congressional hearing. “And there is nothing that we won’t do,…
President Barack Obama will issue an executive order Wednesday aimed at tightening the nation’s cybersecurity. Senior administration officials, including White House Cybersecurity Coordinator Michael Daniel and Army Gen. Keith Alexander, head of U.S. Cyber Command, will provide details on cyber policy Wednesday morning at the Commerce Department. Officials will provide an update on cybersecurity priorities for 2013, including information sharing and reducing cyber risks, Commerce announced Tuesday. The executive order is said to include provisions that will establish voluntary cybersecurity standards for critical infrastructure sectors, such as transportation and energy, where federal regulators have authority to enforce those standards. However, the order could not provide liability…
Agencies are anxiously awaiting governmentwide standards for securing smartphones and tablet computers. Come May, they will have a checklist of security standards to use, organized by the sensitivity of data employees share or access on mobile devices and who data is shared with, whether another federal agency or citizens. Federal officials working on the project refer to the guidelines as a playbook or list of security standards that agencies should consider when using mobile devices. The playbook will include five common ways that most agencies use mobile devices and provide recommendations for securing devices in those environments, said Margie Graves,…
The Senate on Wednesday failed to pass cybersecurity legislation that would set voluntary security standards for owners of critical infrastructure, such as dams, energy and water systems. Senators voted 51-47 in favor of the bill, S 3414, but fell short of the 60 votes needed to move forward with final passage. “Cybersecurity is dead for this Congress,” Senate Majority Leader Harry Reid, D-Nev., said following the vote. “What an unfortunate thing.” Sen. Susan Collins, R-Maine, a co-sponsor of the Cybersecurity Act, expressed similar disappointment. “In all my years on the Homeland Security Committee, I cannot think of another issue where…
The Department of Homeland Security is following through on recommendations to hire at least 600 cybersecurity experts, DHS Secretary Janet Napolitano said Wednesday. Speaking at a Washington Post cybersecurity forum, Napolitano said the department is looking to hire cyber experts, analysts, IT specialists and people who are familiar with coding. In June, DHS Secretary Janet Napolitano directed a newly formed CyberSkills task force to develop recommendations for growing DHS’s cyber workforce and expanding the pipeline of cyber talent nationwide, which includes hiring at least 600 cyber professionals. Napolitano said DHS has increased its workforce by 600 percent over the last…
While the Transportation Security Administration has made headway in defending against insider attacks, the agency lacks specific policies and procedures to mitigate those threats, according to a recent inspector general audit. The September audit, released this week, found that TSA has not implemented insider threat policies and procedures that clearly explain its employees’ role in defending against insider threats. TSA also lacks a risk mitigation plan that ensures all employees address the risks of insider threats in a consistent way. TSA defines insider threat as “one or more individuals with access or insider knowledge that allows them to exploit the…
A top Democratic senator is calling on the president to use executive branch authorities to better secure critical systems against cyber attacks. In a letter to President Obama on Monday, Sen. John Rockefellar, (D-W.Va.), urged the president to “explore and employ every lever of executive power that you possess to protect this country from the cyber threat.” Rockefeller co-sponsored the Cybersecurity Act, S. 3414, which failed passage in the Senate this month. The bill would have set voluntary standards for companies operating critical infrastructure, such as the electric grid, water treatment facilities and transportation systems. Rockefeller said that many portions of the bill…
The Navy and Marine Corps are soliciting ideas on how to reduce costs through better management of information technology, efficient business processes and improving cyber-related procurements. Under orders last year to cut information technology budgets by 25 percent over the next five years, the Department of the Navy is consolidating data centers, increasing the use of departmentwide software licenses and reducing cellphone costs. Navy and Marine Corps employees, industry, academia and the public are welcome to make recommendations. Submissions must include a brief discussion of the problem, a proposed scope, key assumptions, constraints and risks, costs, savings and other benefits and operational impacts. Email completed submission forms to…
Sen. Joseph Lieberman, I-Conn., has revised his cybersecurity bill “to try carrots instead of sticks as we begin to improve our cyber defenses,” he said. The bill has the endorsement of President Obama, who, in an op-ed in The Wall Street Journal Thursday, urged the Senate to pass the bill so he could sign it into law. Under the bill, owners of critical infrastructure — such as dams, energy and water systems — would voluntarily show they meet certain cybersecurity practices through a third-party verification or certification. By volunteering, they would be eligible for benefits, such as liability protections in the…