Category Archives: federal IT security

Budget would boost DHS cyber efforts in NCCIC, CDM

Posted on by

President Trump’s budget proposal, unveiled Tuesday, would boost spending on the Department of Homeland Security’s 24-hour digital-attack watch center by almost $50 million and more than double the funding for a governmentwide online security tools program to $279 million. The proposal would also treble the size of the tiny team of DHS cybersecurity advisers who work with key businesses across the country. Despite these increases, not every tech element of the department got its funding goosed. Research and development in the DHS Science and Technology Directorate was slashed by $100 million and the allocation for the CIO office was also down $60 million. In documents released by the department and the White House Office of Management and Budget, the administration says it is asking for $3.28 billion for DHS’s National Protection and Programs Directorate, which includes most of the department’s cyber functions. It would be an increase of $196 million over fiscal 2017. The […]

The post Budget would boost DHS cyber efforts in NCCIC, CDM appeared first on Cyberscoop.

Continue reading Budget would boost DHS cyber efforts in NCCIC, CDM

(ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay

Posted on by

Federal agencies pay an average of $7,000 a year less to cybersecurity personnel than their private sector counterparts, so they need to offer training and other benefits while recruiting more from overlooked groups like women and minorities, according to one of the largest regular surveys of information security workers. The eighth biannual Global Information Security Workforce Study, done by the Center for Cyber Safety and Education and sponsored by contracting giant Booz Allen Hamilton, cyber recruiters Alta Associates and the International Information Systems Security Certification Consortium or (ISC)², was unveiled Tuesday at (ISC)²’s conference CyberSecureGov in Washington, D.C. The U.S. government “must enhance its benefits … to attract future hires and retain existing personnel given its fierce competition with the private sector for skilled workers and the unprecedented demand,” said Dan Waddell, (ISC)² managing director, North America. “Unfortunately,” he added, “the layers of complexity involved in fulfilling that goal are significant.” “Thanks to the record-number of federal GISWS […]

The post (ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay appeared first on Cyberscoop.

Continue reading (ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay

DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies

Posted on by

New cybersecurity tools being deployed across the U.S. government found huge numbers of uncatalogued and unmanaged computer devices connected to federal networks — a phenomenon known as “shadow IT” — that necessitated urgent modifications to many hundreds of millions of dollars’ worth of contracts. Some departments and agencies had “several hundred percent” more devices on their networks than they expected and the average across government was about 44 percent more, Department of Homeland Security official Kevin Cox said last week at the McAfee Security Through Innovation Summit, hosted by CyberScoop. “There was something of a ‘oh shit’ moment,” said a person familiar with the discovery, made during the recent rollout of phase one of Continuous Diagnostics and Monitoring tools. CDM is a DHS-funded, government-wide acquisition program that buys and installs cybersecurity tools on U.S. departmental and agency networks. The tools found every kind of device imaginable on federal networks, this person said, from […]

The post DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies appeared first on Cyberscoop.

Continue reading DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies

McAfee pushes government to craft improved cybersecurity game plans

Posted on by

In the face of malware’s growth in both category and character, government experts joined private sector leaders Thursday to formulate better ways to tackle cybersecurity challenges. During McAfee’s 2017 Security Through Innovation Summit, both sides of the public and private sector relationship talked about changes needed at every aspect of the security ecosystem, from better information sharing to more automation to a total revamp of the government acquisition process. “We as an industry have been tackling this cybersecurity problem in the fundamentally wrong way,” said Brian Dye, McAfee’s executive vice president of products, at the event hosted by CyberScoop and FedScoop. Automation was a continuing theme Thursday, promoted not only as a way to address cybersecurity workforce shortages but also improve the consistency and reliability of network defenses. A panel of government speakers drew a distinction between tasks that could be made “automatic” — where no input was required — and […]

The post McAfee pushes government to craft improved cybersecurity game plans appeared first on Cyberscoop.

Continue reading McAfee pushes government to craft improved cybersecurity game plans

Legacy IT makes federal agencies less secure, study says

Posted on by

Federal agencies that shift money from maintaining outdated legacy IT systems to modernizing them can expect to see fewer cybersecurity incidents — as can the agencies that migrate legacy systems to the cloud or implement strict data governance policies, according to a new academic study. On average, for each 1 percent of its spending that an agency shifts from maintaining legacy systems to buying new ones, it can expect a 5 percent reduction in the number of security incidents, found the authors of the study “Security Breaches in the U.S. Federal Government.” It was written by two academics from the Fox Business School at Temple University and the Red McCombs School of Business at the University of Texas at Austin and published last week by the Social Science Research Network. The study also found that federal agencies that migrate their legacy IT systems to the cloud suffer fewer security incidents of improper access. And […]

The post Legacy IT makes federal agencies less secure, study says appeared first on Cyberscoop.

Continue reading Legacy IT makes federal agencies less secure, study says

Bossert promises funding, centralization for federal cybersecurity

Posted on by

President Donald Trump’s budget outline, slated for release Thursday, will propose significant increases in funding for federal cybersecurity, White House homeland security adviser Thomas Bossert said Wednesday. “President Trump intends to put his money where his mouth is,” Bossert said in his his first major policy speech. “Cybersecurity will be funded through DHS and the Department of Defense,” he told the Center for Strategic and International Studies in a keynote address at its Cyber Disrupt 2017 event. Privately, he told a small group prior to his remarks that there would be a “significant plus up” for cyber programs in both DHS and the Pentagon, one of the organizers told CyberScoop. Bossert also promised that the Obama administration’s push to modernize and centralize federal computer networks will continue under Trump. “Federal networks at this point can no longer sustain themselves. We cannot tolerate indefensible technology, outdated antiquated hardware and software,” Bossert said. “Modernization […]

The post Bossert promises funding, centralization for federal cybersecurity appeared first on Cyberscoop.

Continue reading Bossert promises funding, centralization for federal cybersecurity

White House releases 2016 agency cyberattack stats, claiming progress

Posted on by

The White House Office of Management and Budget released fiscal 2016 statistics on cybersecurity measures and incidents at U.S. agencies Friday, using new methodologies that make comparison with prior years essentially impossible, but nonetheless saying the government had made progress. For the first time, agencies were required to report only incidents that affected their operations, and to break those incidents down based on the attack vector used. “This is a shift from the previous reporting methodology,” wrote Grant Schneider, the acting federal chief information security officer, in a blog post unveiling the findings. He added that the shift meant “that the FY 2016 incident data is not comparable to prior years’ incident data.” But he stressed the new reporting requirement OMB, the Department of Homeland Security and other agencies “to focus on incidents that may impact operations.” Of the 30,899 incidents that agencies reported, only 16 were determined by agency heads to be “major […]

The post White House releases 2016 agency cyberattack stats, claiming progress appeared first on Cyberscoop.

Continue reading White House releases 2016 agency cyberattack stats, claiming progress