The FISMA Focus IPD

From: Government Technology

By Dan Lohrmann

From: Mobile & Apps

By Alexandra Burlacu

According to federal officials, more than 18 million HTC smartphones and other mobile devices had security flaws that raised serious privacy concerns.

The Taiwanese company is one of the biggest smartphone sellers in the U.S., but its smartphones reportedly had security flaws that could allow location tracking of users against their will or knowledge, as well as theft of personal information stored on said devices

The Federal Trade Commission (FTC) charged HTC with customizing the software on its Android- and Windows-based phones inappropriately. That customization allowed third-party apps install software that could steal personal information, sent text messages or even enable the device’s microphone to record the user’s conversations.

Editor’s Note:  The author overlooks the opportunity for Congress to ensure that the inevitable cybersecurity requirements on the private sector resulting from the Executive Order are applied in strict adherence with the “good government” laws to ensure cost-effectiveness.

From: Time Magazine

By Jerry Brito

Washington, it seems, can’t get no satisfaction.

After years of often-alarmist rhetoric about the threat of deadly cyber-attacks – and repeated calls for government to ‘do something’ to address the threat – President Obama has finally issued a comprehensive executive order on cyber-security.

Yet the reaction from politicians of both parties is that we still need new legislation.

From: National Defense Magazine

By Stew Magnuson

A growing black market for zero-day vulnerabilities is allowing almost anyone with the cash to buy the means to launch destructive cyber-attacks against U.S.  industrial control systems, a senior Defense Department official said Feb. 22.

Zero-day vulnerabilities are previously undiscovered security holes in software such as Microsoft products. There has been a black market for those willing to sell knowledge of them for years. That market has now moved into the world of supervisory control and data acquisition (SCADA) systems that run power plants, said Eric Rosenbach, deputy assistant secretary of defense for cyber policy.

From: GovWin/Deltek

John Slye

After months of speculation the White House has released its much-anticipated Executive Order (EO) pursuing comprehensive cybersecurity protection of public & private critical infrastructure. The timing of the EO coincides with the President’s State of the Union Address and as the House Intelligence Committee reintroduces the Cyber Intelligence Sharing and Protection Act (CISPA) that passed the House during the last Congress but died without an up-or-down vote in the Senate.

The Executive Order on Improving Critical Infrastructure Cybersecurity  centers its efforts to strengthen cybersecurity critical infrastructure protection (CIP) through increased information sharing among industry and government and through standardized cybersecurity practices applicable across public and private infrastructures. Significant aspects include: