The FISMA Focus IPD

Editor’s Note:  The Federal government makes extensive use of payment cards.

From: MSNBC

Law enforcement officials are investigating what appears to be a massive theft of U.S. consumers’ credit card data, MasterCard confirmed Friday. The computer security expert who first reported the theft said it might involve 10 million MasterCard and Visa accounts, making it one of the largest credit card heists in recent memory.

“MasterCard is currently investigating a potential account data compromise event of a U.S.-based entity and, as a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk,” the association said in a statement. “Law enforcement has been notified of this matter and the incident is currently the subject of an ongoing forensic review by an independent data security organization.”

From: Information Week

Amendments would update the 2002 law for today’s federal IT environment, transfer cybersecurity oversight from Homeland Security to OMB.

By Elizabeth Montalbano

Lawmakers have proposed amendments to the 10-year-old law that sets federal cybersecurity standards to account for changes that have since occurred in the federal IT environment.

Reps. Darrell Issa (R-Calif.) and Elijah Cummings (D-Md.), the chairman and ranking member of the House Oversight and Government Reform Committee, unveiled the Federal Information Security Amendments Act of 2012 to overhaul the Federal Information Security Act of 2002, or FISMA.

From: The Hill

By Brendan Sasso

A top Federal Communications Commission (FCC) official on Wednesday endorsed a bill that would give the government new regulatory powers to protect against cyber attacks.

James Barnett, chief of the FCC’s Public Safety and Homeland Security Bureau, said during a hearing of the House Energy and Commerce subcommittee on Communications and Technology that he supports the regulatory provisions of the Cybersecurity Act, a bill authored by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine).

The legislation would give the Homeland Security Department the power to require that critical systems, such as electrical grids, meet minimum cybersecurity standards.

From: Washington Technology

By Nick Wakeman

For Kevin Stine and the rest of the team in the computer security division at NIST’s IT laboratory, cybersecurity is all consuming. The threats and attacks continue to grow and evolve. And cyber’s profile on the national scene has never been higher.

As the manager of security outreach and integration, Stine’s role is to take the standards, guidelines and NIST research and development and apply it all to different sectors and users such as health IT, smart grid and supply chain risk management.

He spoke recently with Editor Nick Wakeman about trends in cybersecurity.

From: DoD Buzz

By Philip Ewing

The Russians are picking our pockets, the Chinese are stealing our most vital secrets, and there’s nothing we can do about it – and it’s all going to get worse.

That was the basic conclusion after Friday’s Air Force Association cyber-conference, where speaker after speaker drove home the utter futility and helplessness of today’s cyber climate, all the while warning that the problem will only grow.

Richard Bejtlich, chief security officer for the info-security firm Mandiant, said 100 percent of the high-profile intrusions his company tracks were done with “valid credentials” – meaning the cyber bad-guys had been able to steal a real user’s login and password, obviating the need for more complex attacks.