Archive for September, 2015

From: New Zealand Herald

Nicholas Jones

A powerful cyber-attack has targeted certain officials in a government department in a possible effort to access sensitive information.

Another major IT firm received help from the Government Communications Security Communications Bureau (GCSB) after it was discovered their computer network had been compromised for some time.

Read Complete Article

From: FierceGovernmentIT

By Dibya Sarkar

A Homeland Security Department official testified Sept. 22 that the department is stepping up efforts to help federal civilian agencies increase their use of cloud computing services beyond just email and website management collaboration tools.

Mark Kneidinger, who is the federal network resilience director within DHS’s cybersecurity and communications office, said the department is currently working with the Federal Risk and Authorization Management Program, or FedRAMP, and Federal Chief Information Officers Council on two activities to help agencies move mission-critical legacy applications into the cloud so they can save money, become more efficient and enhance security.

From: ars technica

Repeat offenders “should not be holding a TS SCI with the federal government.”

by Sean Gallagher

In the wake of the Office of Personnel Management hack this year, which reportedly took advantage of a phishing attack to steal credentials used to gain access to highly sensitive personnel records, US federal agencies have been increasing their security training and employee testing around phishing. In addition to the employee awareness campaign launched by the National Counterintelligence and Security Center, more agencies are using security auditing tools that simulate phishing attacks against employees to test whether the employees abide by their information security training. Those who fall for phishing tests are generally either required to take a security refresher class or at worst are publicly called out for their errors in agency e-mails.

From: FCW

By Adam Mazmanian

The way the government buys technology can constrain efforts to protect federal systems from cybersecurity threats, says Michael Daniel, the top White House advisor on cybersecurity.

Federal agencies continue to rely on legacy systems that are vulnerable to intrusions and hard to secure. “The burden of legacy in government is a huge one,” Daniel said at the Billington Cybersecurity Conference in Washington, D.C., on Sept. 17. Government is struggling with the problem of how to move off of old systems. “We have architectures and hardware and software in places that is indefensible, no matter how much money and talent we put on it. We don’t have a good process for moving off,” Daniel said.

From: FierceGovernmentIT

By Molly Bernhart Walker

The National Science Foundation and the National Institute of Standards and Technology separately have contributed much to improve the cybersecurity of federal agencies and the nation as a whole, but officials at a recent hearing say the credit and responsibility are shared.

***

“Why is the cybersecurity challenge so hard? In general, it’s hard because attacks and defenses evolve together: a system that was secure yesterday might no longer be secure tomorrow,” said Jeremy Epstein, lead program director for NSF’s secure and trustworthy cyberspace program.

Read Complete Article