Federal IT – Page 2 – WindowsTechs.com

Government website encryption needs help from DHS, Sen. Wyden says

Posted on October 26, 2018 by Sean Lyngaas

The Department of Homeland Security should push federal agencies to implement stronger encryption practices for government websites visited by federal workers and everyday citizens alike, Sen. Ron Wyden says. Despite significant improvements to government website encryption, some metadata is still transmitted insecurely, revealing the domain names of sites visited by users, Wyden, D-Ore., wrote to DHS Undersecretary Chris Krebs. “Hackers can intercept or hijack the unprotected metadata, tricking users into visiting a malicious site or spying on their activities,” the Oct. 24 letter states. When possible, DHS should require federal agencies to encrypt the online queries employees make to domain name system (DNS) servers, Wyden suggested. He also asked DHS to work with General Services Administration to make using an encrypted protocol extension a condition of selling web content delivery services to the government. The government can usher in broad industry adoption of that encrypted extension, known as ESNI, according to Wyden. When cybersecurity […]

The post Government website encryption needs help from DHS, Sen. Wyden says appeared first on Cyberscoop.

Continue reading Government website encryption needs help from DHS, Sen. Wyden says→

U.S. sends diplomats into info battles unarmed, experts say

Posted on May 9, 2017 by Shaun Waterman

In the fight against Russian misinformation campaigns, U.S. diplomats are hamstrung by outdated laws and rules, and they are technologically ill-equipped for battle, a State Department advisory panel was told Tuesday. “We’re sending our [information] soldiers into battle without weapons, essentially … It’s simply unacceptable,” former senior State Department official Tom Cochran told the U.S. Advisory Commission on Public Diplomacy, which published a report on the future of U.S. efforts abroad to combat technologically and hacking-enabled information operations like the one against the 2016 presidential election. Copies of “Can Public Diplomacy Survive the Internet? – Bots, Echo Chambers and Disinformation,” were distributed at the meeting and digitally afterwards, but the report was still unavailable on the State Department website as of early Tuesday evening. “There’s a lot that we should be able to do [with technology] … in a very white hat kind of way that we can’t … because we’re governed by a […]

The post U.S. sends diplomats into info battles unarmed, experts say appeared first on Cyberscoop.

Continue reading U.S. sends diplomats into info battles unarmed, experts say→

(ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay

Posted on May 9, 2017 by Shaun Waterman

Federal agencies pay an average of $7,000 a year less to cybersecurity personnel than their private sector counterparts, so they need to offer training and other benefits while recruiting more from overlooked groups like women and minorities, according to one of the largest regular surveys of information security workers. The eighth biannual Global Information Security Workforce Study, done by the Center for Cyber Safety and Education and sponsored by contracting giant Booz Allen Hamilton, cyber recruiters Alta Associates and the International Information Systems Security Certification Consortium or (ISC)², was unveiled Tuesday at (ISC)²’s conference CyberSecureGov in Washington, D.C. The U.S. government “must enhance its benefits … to attract future hires and retain existing personnel given its fierce competition with the private sector for skilled workers and the unprecedented demand,” said Dan Waddell, (ISC)² managing director, North America. “Unfortunately,” he added, “the layers of complexity involved in fulfilling that goal are significant.” “Thanks to the record-number of federal GISWS […]

The post (ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay appeared first on Cyberscoop.

Continue reading (ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay→

White House: Cyber executive order is close, will be ‘intertwined’ with federal IT modernization

Posted on April 24, 2017 by Shaun Waterman

The Trump administration is “close” to unveiling its cybersecurity executive order and is carefully aligning its policy in that area with plans for modernizing federal IT networks, White House Cybersecurity Coordinator Robert Joyce said Monday in his first public comments since taking office. “We must make sure that innovation and cybersecurity are intertwined,” Joyce told an international cybersecurity conference at Georgetown University. He said the president’s son-in-law, Jared Kushner, was working with White House tech policy aides Chris Lidell and Reed Cordish on “a major effort” in Kushner’s newly minted Office of American Innovation to develop “approaches for the president’s consideration to modernize federal IT systems, retire outdated systems and move to shared services.” White House staff would ensure that the two initiatives “are closely aligned,” Joyce said. “I get to participate in, my staff gets to participate in those meetings,” he said of the innovation office’s work on federal IT. Asked whether modernization policy […]

The post White House: Cyber executive order is close, will be ‘intertwined’ with federal IT modernization appeared first on Cyberscoop.

Continue reading White House: Cyber executive order is close, will be ‘intertwined’ with federal IT modernization→

Cybersecurity takes a quiet role in DHS secretary’s loose outline of priorities

Posted on April 18, 2017 by Shaun Waterman

Homeland Security Secretary John Kelly laid out the new administration’s priorities for his department Tuesday, listing cybersecurity alongside defending the nation’s borders and stopping terrorist attacks — but providing far fewer details about the online defensive mission than about the other two. “We live in an interconnected world,” Kelly told a packed theater at the George Washington University in his first major policy address since taking office in January. “That’s not a trend, that’s reality. We rely on technology for everything from programming our coffee makers to running global corporations. This reliance, perhaps over-reliance, brings risks … These digital threats are no less significant than threats in the physical world,” he said. In a section of prepared remarks he did not deliver, apparently due to time constraints, he ridiculed “the plodding pace of bureaucracy,” and the government’s arthritic procurement system, comparing it to “sending troops to take Fallujah armed with muskets […]

The post Cybersecurity takes a quiet role in DHS secretary’s loose outline of priorities appeared first on Cyberscoop.

Continue reading Cybersecurity takes a quiet role in DHS secretary’s loose outline of priorities→

DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies

Posted on April 13, 2017 by Shaun Waterman

New cybersecurity tools being deployed across the U.S. government found huge numbers of uncatalogued and unmanaged computer devices connected to federal networks — a phenomenon known as “shadow IT” — that necessitated urgent modifications to many hundreds of millions of dollars’ worth of contracts. Some departments and agencies had “several hundred percent” more devices on their networks than they expected and the average across government was about 44 percent more, Department of Homeland Security official Kevin Cox said last week at the McAfee Security Through Innovation Summit, hosted by CyberScoop. “There was something of a ‘oh shit’ moment,” said a person familiar with the discovery, made during the recent rollout of phase one of Continuous Diagnostics and Monitoring tools. CDM is a DHS-funded, government-wide acquisition program that buys and installs cybersecurity tools on U.S. departmental and agency networks. The tools found every kind of device imaginable on federal networks, this person said, from […]

The post DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies appeared first on Cyberscoop.

Continue reading DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies→

McAfee pushes government to craft improved cybersecurity game plans

Posted on April 7, 2017 by Greg Otto

In the face of malware’s growth in both category and character, government experts joined private sector leaders Thursday to formulate better ways to tackle cybersecurity challenges. During McAfee’s 2017 Security Through Innovation Summit, both sides of the public and private sector relationship talked about changes needed at every aspect of the security ecosystem, from better information sharing to more automation to a total revamp of the government acquisition process. “We as an industry have been tackling this cybersecurity problem in the fundamentally wrong way,” said Brian Dye, McAfee’s executive vice president of products, at the event hosted by CyberScoop and FedScoop. Automation was a continuing theme Thursday, promoted not only as a way to address cybersecurity workforce shortages but also improve the consistency and reliability of network defenses. A panel of government speakers drew a distinction between tasks that could be made “automatic” — where no input was required — and […]

The post McAfee pushes government to craft improved cybersecurity game plans appeared first on Cyberscoop.

Continue reading McAfee pushes government to craft improved cybersecurity game plans→

Bossert promises funding, centralization for federal cybersecurity

Posted on March 15, 2017 by Shaun Waterman

President Donald Trump’s budget outline, slated for release Thursday, will propose significant increases in funding for federal cybersecurity, White House homeland security adviser Thomas Bossert said Wednesday. “President Trump intends to put his money where his mouth is,” Bossert said in his his first major policy speech. “Cybersecurity will be funded through DHS and the Department of Defense,” he told the Center for Strategic and International Studies in a keynote address at its Cyber Disrupt 2017 event. Privately, he told a small group prior to his remarks that there would be a “significant plus up” for cyber programs in both DHS and the Pentagon, one of the organizers told CyberScoop. Bossert also promised that the Obama administration’s push to modernize and centralize federal computer networks will continue under Trump. “Federal networks at this point can no longer sustain themselves. We cannot tolerate indefensible technology, outdated antiquated hardware and software,” Bossert said. “Modernization […]

The post Bossert promises funding, centralization for federal cybersecurity appeared first on Cyberscoop.

Continue reading Bossert promises funding, centralization for federal cybersecurity→

White House releases 2016 agency cyberattack stats, claiming progress

Posted on March 10, 2017 by Shaun Waterman

The White House Office of Management and Budget released fiscal 2016 statistics on cybersecurity measures and incidents at U.S. agencies Friday, using new methodologies that make comparison with prior years essentially impossible, but nonetheless saying the government had made progress. For the first time, agencies were required to report only incidents that affected their operations, and to break those incidents down based on the attack vector used. “This is a shift from the previous reporting methodology,” wrote Grant Schneider, the acting federal chief information security officer, in a blog post unveiling the findings. He added that the shift meant “that the FY 2016 incident data is not comparable to prior years’ incident data.” But he stressed the new reporting requirement OMB, the Department of Homeland Security and other agencies “to focus on incidents that may impact operations.” Of the 30,899 incidents that agencies reported, only 16 were determined by agency heads to be “major […]

The post White House releases 2016 agency cyberattack stats, claiming progress appeared first on Cyberscoop.

Continue reading White House releases 2016 agency cyberattack stats, claiming progress→