Category Archives: federal cyber security

Another hub in the cybersecurity Network

Former Washington Gov. Gary Locke is slated to be appointed Secretary of Commerce:

Experience in technology policy will also be important for the next commerce secretary, Cantwell said, since he will have to appoint the next director of the National Institute of Standards and Technology, oversee the U.S. Patent and Trademark Office, and provide leadership on issues like cybersecurity.

The National Institute of Standards and Technology (NIST) does important stuff — like set standards and prescriptions such as the new guide on maintaining data security while teleworking.  This riveting 46 page how to is written in “broad language in order to be helpful to any group that engages in telework. (see NIST release)”

In the executive summary you will find the important steps any individual should take before connecting at home or at the local cafe.

  • Before implementing any of the recommendations or suggestions in the guide, users should back up all data and verify the validity of the backups. Readers with little or no experience configuring personal computers, consumer devices, or home networks should seek assistance in applying the recommendations. Every telework device’s existing configuration and environment is unique, so changing its configuration could have unforeseen consequences, including loss of data and loss of device or application functionality.
  • Before teleworking, users should understand not only their organization’s policies and requirements, but also appropriate ways of protecting the organization’s information that they may access.
  • Teleworkers should ensure that all the devices on their wired and wireless home networks are properly secured, as well as the home networks themselves.
  • Teleworkers who use their own desktop or laptop PCs for telework should secure their operating systems and primary applications.
  • Teleworkers who use their own consumer devices for telework should secure them based on the security recommendations from the devices’ manufacturers.
  • Teleworkers should consider the security state of a third-party device before using it for telework.

Each of the steps are reasonable — but who will invest the resources required to make those steps effective?

Standards are being published and have been published for some time.  Yet, breaches continue to occur.  So, is the current status of policy and policy outcomes optimal or do we need to create another paradigm for cybersecurity?

Advertisements

Leave a comment

Filed under broadband, cybersecurity, electronic medical records, federal cyber security, Policy

Cyber Policy – Tracking law breakers

Seems some folks in Congress believe that all access point providers should maintain a log of users to be accessible by law enforcement.

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.

…Translated, the Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on–but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses. (That method is called Dynamic Host Configuration Protocol, or DHCP.)

Good synopsis by DeClan McCullagh.

And this headline sums up the Congressional approach to problem solving that the two bills above represent:

New Congress SO last century

And one last comment, taken from Scott Cleland at precursor, indicating where policymakers should be focusing their energies:

Out of sight — out of mind.

It is very troubling that in all the public discourse about the future of the Internet, cloud computing, and appropriate Internet public policy, there is so little discussion or coverage of the real and growing threat of Internet cyber attacks on our people, economy, government, and network-infrastructure.

2 Comments

Filed under federal cyber security, Policy, policy tools, privacy

FAA Security Problems in Cyberspace

Despite efforts to secure the federal territory in cyber space, the FAA finds its admin server hacked — and employee records were compromised:

While the FAA was hit this time, it certainly is not alone. Uncle Sam’s main jobs database, USAJobs, which is run by Monster.com, was hacked last month.

The security of government computers has been deemed a “high-risk” area, by the Government Accountability Office. “Most agencies continue to experience significant deficiencies that jeopardize the confidentiality, integrity, and availability of their systems and information,” the GAO said last month. “For example, agencies did not consistently implement effective controls to prevent, limit, and detect unauthorized access or manage the configuration of network devices to prevent unauthorized access and ensure system integrity.”

Leave a comment

Filed under federal cyber security, Policy, Uncategorized