The Defense Information Systems Agency will play a major role in deciding how the Defense Department adopts cloud computing services and products. DISA will serve as the department’s enterprise cloud service broker, which means all DoD components must acquire government or industry-provided cloud services using DISA, according to a June 26 memo from DoD chief information officer Teresa Takai that was released Wednesday. The only exception is to obtain a waiver from a review authority designated by Takai. DISA will work on behalf of the department to manage the use, performance and delivery of cloud services and negotiate contracts between cloud…
Browsing: Cybersecurity
Federal officials unveiled details of a new public-private partnership aimed at speeding industry’s development of secure information technology products. The new National Cybersecurity Center of Excellence (NCCoE) launched in February is a project of the National Institute of Standards and Technology (NIST). It aims to bring companies together to create and discuss security management solutions that can be used by agencies and private companies. Acting Executive Director Donna Dodson on Tuesday said NCCoE’s vision is to provide a world-class collaborative environment for integrating cybersecurity solutions that stimulate economies and national economic groups. Initially, the center will focus on adopting secure…
A Commerce Department agency’s security program is under review, following a January cyber attack that crippled its networks. As part of an annual audit, the inspector general is reviewing the Economic Development Agency’s security program, according to a June memo. The review will determine the program’s effectiveness, significant factors that led to the cyber attack and how EDA has responded. The computer virus was discovered Jan. 20, and the agency shut down employees’ Internet access the following week. Workers were eventually given new computer workstations with access to Internet and email, and the Department of Homeland Security’s U.S. Computer Emergency Readiness Team…
A House subcommittee on Wednesday passed a bill to ensure vets are quickly notified when their personal information is breached. The Veterans Data Breach Timely Notification Act, , H.R. 3730, requires the Veterans Affairs Department to notify Congress and vets within 10 business days of their personal information being breached. VA could request a five-day extension if more time is needed to identify affected individuals or mitigate a breach. VA contractors that handle vets’ personal information would be held to the same standards under the bill. “In the unfortunate event of a breach of sensitive information, veterans and their families should be notified…
Sen. Joseph Lieberman, I-Conn., is confident the Senate will consider his controversial cybersecurity bill within the next month. Whether he has garnered enough support among divided lawmakers is another issue. “I’m as confident as I can be that this will come up no later than July,” Lieberman told reporters at one of two cyber briefings by the Department of Homeland Security on Wednesday. Lieberman echoed intentions by Senate Majority Leader Harry Reid, D-Nev., to bring cyber legislation to the Senate floor as soon as possible. The House passed the Cyber Intelligence Sharing and Protection Act (CISPA), HR 3523, in April,…
The Department of Homeland Security is leading a series of congressionally mandated exercises to test the nation’s ability to prepare for and respond to a major cyber attack. Sponsored by the Federal Emergency Management Agency, National Level Exercise 2012 includes participants from federal, state local, and territorial agencies, private sector and international partners, according to a DHS news release. For the past three months, they have worked together to evaluate information sharing capabilities and test their coordination, responsibilities and operational capabilities in response to a major cyber attack or other catastrophic events. As a part of the exercise, President Obama…
An initial group of nine organizations has been selected to provide independent security reviews of cloud products and services used in the federal government. As part of the Federal Risk and Authorization program (FedRAMP), expected to launch June 6, vendors must work with an approved third party assessment organization, or 3PAO, to validate if they’ve implemented baseline security standards. For years, these security reviews have varied across government and have cost agencies millions of dollars each year. Approved 3PAOs include (click here for contact information): COACT, Inc. Department of Transportation Enterprise Service Center Dynamics Research Corporation J.D. Biggs and Associates Inc.…
Cybersecurity funding at the Department of Homeland Security would increase 63 percent from $459 million to $749 million under a proposed 2013 spending bill by the House Appropriations Committee. The increase would fund new initiatives to improve federal network security and defend against foreign espionage, according to a committee press release. The House Homeland Security Appropriations Subcommittee will mark up the bill on Wednesday. Cyber funding would be $20 million below the president’s $769 million request. Both the administration and some members of the Senate are backing legislation that would give DHS new authorities to regulate cybersecurity. The 2012 Cybersecurity Act, S 2105,…
Two Republican congresswomen introduced a cybersecurity bill this week that promotes information sharing and aligns closely with legislation sponsored by Sen. John McCain, R-Ariz. Reps. Mary Bono Mack, R-Calif., and Marsha Blackburn, R-Tenn., introduced the 2012 Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act (SECURE IT), H.R. 4263, on Tuesday. The bill would provide “explicit authorization for the private sector to defend its own networks and voluntarily share cyber threat information within the private sector and with the government – without the legal barriers that currently exists,” acorrding to a news release. Other measures include: – Stiffer…
As many as 20 cloud computing vendors will be certified for federal use under a new security assessment program when it launches in June. The General Services Administration, which manages the Federal Risk and Authorization Management Program (FedRAMP), has said that companies already providing cloud technology to agencies under GSA’s Infrastructure-as-a-Service contract will be among the first to have their technology vetted through the program. Vendors on GSA’s upcoming Email-as-a-Service contract will also be given priority. After being vetted and meeting any additional standards to ensure security, companies are approved to offer their products and services for sale to agencies.…