The National Institute of Standards and Technology on Tuesday released proposed revisions to its requirements that govern how agencies secure their federal information systems. Proposed changes to Special Publication 800-53, Revision 4, address new challenges that agencies face, including insider threats, supply chain risk, mobile and cloud computing technologies, and other cybersecurity issues and challenges, NIST said in a news release. “The changes we propose in Revision 4 are directly linked to the current state of the threat space — the capabilities, intentions and targeting activities of adversaries — and analysis of attack data over time,” NIST fellow Ron Ross…
Browsing: Cybersecurity
Guidance released by the Chief Information Officers Council last week calls on agencies to improve collaboration among CIOs, privacy and contracting officers and other stakeholders when procuring cloud services. The document, called “Creating Effective Cloud Computing Contracts for the Federal Government” outlines 10 areas where agencies can improve their internal collaborations before selecting a cloud provider. Agencies should consider input from the CIO, general counsel, privacy and procurement offices when choosing the appropriate cloud service and how it will be provided. “Federal agencies must ensure cloud environments are compliant with all existing laws and regulations when they move IT services…
Cybersecurity legislation introduced by Sen. Joe Lieberman, I-Conn., on Tuesday empowers the Department of Homeland Security to regulate cyber standards for the nation’s critical infrartucture systems. The Cybersecurity Act of 2012 calls on the DHS secretary to work with the private sector in identifying systems that pose the greatest risk and could cause death, severe economic damage or national security risks if attacked. DHS and the private sector would be responsible for creating performance standards for owners and operators of power grids and other systems if none exist. Industry would have to decide how best to meet the performance standards in…
The State Department’s top security chief is leaving his post to oversee a newly created cybersecurity division at the Department of Homeland Security. John Streufert will replace Nicole Dean as director of DHS’ National Cyber Security Division on Jan. 17, where he will be tasked to build and maintain an “effective cyberspace response system” and implement a program for protecting critical infrastructure, DHS’ Roberta Stempfley said in an email Friday to employees within the Office of Cybersecurity and Communications. Streufert will also work to strengthen DHS’ partnerships with the private sector and international organizations. “Although Nicole is leaving rather large shoes…
A new online tool developed by the Federal Communications Commission allows small businesses to create a cybersecurity plan for free. The FCC Small Biz Cyber Planner is a three-step process and takes minutes to create. After providing your company’s name and location, you can compile guidance on several topics — including mobile devices, network security and email — to include in your custom plan. Once you select the topics to include, the site generates a custom report with a cybersecurity glossary and links to reference publications. For example, under guidance about network security, the plan advises companies to require security and…
Senate Majority Leader Harry Reid, D-Nev., expects the Senate to vote on cybersecurity legislation during its first work period of 2012. In a Nov. 16 letter to Senate Minority Leader Mitch McConnell, R-Ky., Reid said that bipartisan committees have been negotiating potential language in a cyber bill for the past six months, but those efforts haven’t produced results. Reid said if the working groups cannot agree on bipartisan legislation by early next year, he will welcome legislation produced “elsewhere” to be debated on the Senate floor. For now, the 2012 legislative session is scheduled to begin Jan. 23. Could that bill include…
Redacting sensitive information in agency documents used to be a 15-step process at the Transportation Security Administration. That was until a poorly redacted document was posted online in 2009. The incident prompted Emma Garrison-Alexander, TSA’s assistant administrator for information technology, to create standard document redaction tools and procedures agencywide. The feature is now an automated tool also available to private users of Adobe Acrobat Professional software. “We have to ensure that we’re securing data and networks,” Garrison-Alexander said after being honored at ISC2’s Government Information Security Leadership Awards. Garrison-Alexander was among several federal employees and contractors honored last week. Read more about…
The Department of Homeland Security has named Mark Weatherford its new deputy under secretary for cybersecurity at the National Protection and Programs Directorate (NPPD). Weatherford served as vice president and chief security officer for the nonprofit organization North American Electric Reliability Corporation (NERC) and as a former Naval cryptologic officer, according to a DHS blog post. At DHS, Weatherford will be the first to work in the new under secretary position. Starting next month, he will be responsible for “ensuring robust cybersecurity operations and communications resilience” at DHS. Greg Schaffer has served as acting deputy under secretary for cybersecurity for the past five…
Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, are calling on Senate leaders to reject a proposal that would create a temporary committee to draft cybersecurity legislation. In a joint letter to Senate Majority Leader Harry Reid, D-Nev., and Senate Minority Leader Mitch McConnell, Collins and Lieberman said the creation of a temporary committee “would be a real mistake and a waste of time,” according to the July 13 letter. In an earlier letter, Sen. John McCain, R-Ariz., proposed the creation of the Select Committee on Cyber Security and Electronic Intelligence Leaks to create legislation to protect critical infrastructure like…