Category Archives: Federal IT

U.S. sends diplomats into info battles unarmed, experts say

Posted on by

In the fight against Russian misinformation campaigns, U.S. diplomats are hamstrung by outdated laws and rules, and they are technologically ill-equipped for battle, a State Department advisory panel was told Tuesday. “We’re sending our [information] soldiers into battle without weapons, essentially … It’s simply unacceptable,” former senior State Department official Tom Cochran told the U.S. Advisory Commission on Public Diplomacy, which published a report on the future of U.S. efforts abroad to combat technologically and hacking-enabled information operations like the one against the 2016 presidential election. Copies of “Can Public Diplomacy Survive the Internet? – Bots, Echo Chambers and Disinformation,” were distributed at the meeting and digitally afterwards, but the report was still unavailable on the State Department website as of early Tuesday evening. “There’s a lot that we should be able to do [with technology] … in a very white hat kind of way that we can’t … because we’re governed by a […]

The post U.S. sends diplomats into info battles unarmed, experts say appeared first on Cyberscoop.

Continue reading U.S. sends diplomats into info battles unarmed, experts say

(ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay

Posted on by

Federal agencies pay an average of $7,000 a year less to cybersecurity personnel than their private sector counterparts, so they need to offer training and other benefits while recruiting more from overlooked groups like women and minorities, according to one of the largest regular surveys of information security workers. The eighth biannual Global Information Security Workforce Study, done by the Center for Cyber Safety and Education and sponsored by contracting giant Booz Allen Hamilton, cyber recruiters Alta Associates and the International Information Systems Security Certification Consortium or (ISC)², was unveiled Tuesday at (ISC)²’s conference CyberSecureGov in Washington, D.C. The U.S. government “must enhance its benefits … to attract future hires and retain existing personnel given its fierce competition with the private sector for skilled workers and the unprecedented demand,” said Dan Waddell, (ISC)² managing director, North America. “Unfortunately,” he added, “the layers of complexity involved in fulfilling that goal are significant.” “Thanks to the record-number of federal GISWS […]

The post (ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay appeared first on Cyberscoop.

Continue reading (ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay

White House: Cyber executive order is close, will be ‘intertwined’ with federal IT modernization

Posted on by

The Trump administration is “close” to unveiling its cybersecurity executive order and is carefully aligning its policy in that area with plans for modernizing federal IT networks, White House Cybersecurity Coordinator Robert Joyce said Monday in his first public comments since taking office. “We must make sure that innovation and cybersecurity are intertwined,” Joyce told an international cybersecurity conference at Georgetown University. He said the president’s son-in-law, Jared Kushner, was working with White House tech policy aides Chris Lidell and  Reed Cordish on “a major effort” in Kushner’s newly minted Office of American Innovation to develop “approaches for the president’s consideration to modernize federal IT systems, retire outdated systems and move to shared services.” White House staff would ensure that the two initiatives “are closely aligned,” Joyce said. “I get to participate in, my staff gets to participate in those meetings,” he said of the innovation office’s work on federal IT. Asked whether modernization policy […]

The post White House: Cyber executive order is close, will be ‘intertwined’ with federal IT modernization appeared first on Cyberscoop.

Continue reading White House: Cyber executive order is close, will be ‘intertwined’ with federal IT modernization

Cybersecurity takes a quiet role in DHS secretary’s loose outline of priorities

Posted on by

Homeland Security Secretary John Kelly laid out the new administration’s priorities for his department Tuesday, listing cybersecurity alongside defending the nation’s borders and stopping terrorist attacks — but providing far fewer details about the online defensive mission than about the other two. “We live in an interconnected world,” Kelly told a packed theater at the George Washington University in his first major policy address since taking office in January. “That’s not a trend, that’s reality. We rely on technology for everything from programming our coffee makers to running global corporations. This reliance, perhaps over-reliance, brings risks … These digital threats are no less significant than threats in the physical world,” he said. In a section of prepared remarks he did not deliver, apparently due to time constraints, he ridiculed “the plodding pace of bureaucracy,” and the government’s arthritic procurement system, comparing it to “sending troops to take Fallujah armed with muskets […]

The post Cybersecurity takes a quiet role in DHS secretary’s loose outline of priorities appeared first on Cyberscoop.

Continue reading Cybersecurity takes a quiet role in DHS secretary’s loose outline of priorities

DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies

Posted on by

New cybersecurity tools being deployed across the U.S. government found huge numbers of uncatalogued and unmanaged computer devices connected to federal networks — a phenomenon known as “shadow IT” — that necessitated urgent modifications to many hundreds of millions of dollars’ worth of contracts. Some departments and agencies had “several hundred percent” more devices on their networks than they expected and the average across government was about 44 percent more, Department of Homeland Security official Kevin Cox said last week at the McAfee Security Through Innovation Summit, hosted by CyberScoop. “There was something of a ‘oh shit’ moment,” said a person familiar with the discovery, made during the recent rollout of phase one of Continuous Diagnostics and Monitoring tools. CDM is a DHS-funded, government-wide acquisition program that buys and installs cybersecurity tools on U.S. departmental and agency networks. The tools found every kind of device imaginable on federal networks, this person said, from […]

The post DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies appeared first on Cyberscoop.

Continue reading DHS cyber tool finds huge amount of ‘shadow IT’ in U.S. agencies

McAfee pushes government to craft improved cybersecurity game plans

Posted on by

In the face of malware’s growth in both category and character, government experts joined private sector leaders Thursday to formulate better ways to tackle cybersecurity challenges. During McAfee’s 2017 Security Through Innovation Summit, both sides of the public and private sector relationship talked about changes needed at every aspect of the security ecosystem, from better information sharing to more automation to a total revamp of the government acquisition process. “We as an industry have been tackling this cybersecurity problem in the fundamentally wrong way,” said Brian Dye, McAfee’s executive vice president of products, at the event hosted by CyberScoop and FedScoop. Automation was a continuing theme Thursday, promoted not only as a way to address cybersecurity workforce shortages but also improve the consistency and reliability of network defenses. A panel of government speakers drew a distinction between tasks that could be made “automatic” — where no input was required — and […]

The post McAfee pushes government to craft improved cybersecurity game plans appeared first on Cyberscoop.

Continue reading McAfee pushes government to craft improved cybersecurity game plans

Legacy IT makes federal agencies less secure, study says

Posted on by

Federal agencies that shift money from maintaining outdated legacy IT systems to modernizing them can expect to see fewer cybersecurity incidents — as can the agencies that migrate legacy systems to the cloud or implement strict data governance policies, according to a new academic study. On average, for each 1 percent of its spending that an agency shifts from maintaining legacy systems to buying new ones, it can expect a 5 percent reduction in the number of security incidents, found the authors of the study “Security Breaches in the U.S. Federal Government.” It was written by two academics from the Fox Business School at Temple University and the Red McCombs School of Business at the University of Texas at Austin and published last week by the Social Science Research Network. The study also found that federal agencies that migrate their legacy IT systems to the cloud suffer fewer security incidents of improper access. And […]

The post Legacy IT makes federal agencies less secure, study says appeared first on Cyberscoop.

Continue reading Legacy IT makes federal agencies less secure, study says

Bossert promises funding, centralization for federal cybersecurity

Posted on by

President Donald Trump’s budget outline, slated for release Thursday, will propose significant increases in funding for federal cybersecurity, White House homeland security adviser Thomas Bossert said Wednesday. “President Trump intends to put his money where his mouth is,” Bossert said in his his first major policy speech. “Cybersecurity will be funded through DHS and the Department of Defense,” he told the Center for Strategic and International Studies in a keynote address at its Cyber Disrupt 2017 event. Privately, he told a small group prior to his remarks that there would be a “significant plus up” for cyber programs in both DHS and the Pentagon, one of the organizers told CyberScoop. Bossert also promised that the Obama administration’s push to modernize and centralize federal computer networks will continue under Trump. “Federal networks at this point can no longer sustain themselves. We cannot tolerate indefensible technology, outdated antiquated hardware and software,” Bossert said. “Modernization […]

The post Bossert promises funding, centralization for federal cybersecurity appeared first on Cyberscoop.

Continue reading Bossert promises funding, centralization for federal cybersecurity

White House releases 2016 agency cyberattack stats, claiming progress

Posted on by

The White House Office of Management and Budget released fiscal 2016 statistics on cybersecurity measures and incidents at U.S. agencies Friday, using new methodologies that make comparison with prior years essentially impossible, but nonetheless saying the government had made progress. For the first time, agencies were required to report only incidents that affected their operations, and to break those incidents down based on the attack vector used. “This is a shift from the previous reporting methodology,” wrote Grant Schneider, the acting federal chief information security officer, in a blog post unveiling the findings. He added that the shift meant “that the FY 2016 incident data is not comparable to prior years’ incident data.” But he stressed the new reporting requirement OMB, the Department of Homeland Security and other agencies “to focus on incidents that may impact operations.” Of the 30,899 incidents that agencies reported, only 16 were determined by agency heads to be “major […]

The post White House releases 2016 agency cyberattack stats, claiming progress appeared first on Cyberscoop.

Continue reading White House releases 2016 agency cyberattack stats, claiming progress

Bush’s federal IT chief hopes for role in Trump administration

Posted on by

Karen Evans, the former head of federal IT under President George W. Bush, told CyberScoop she hopes to serve in the current administration. “I would be honored if the Trump administration asked me to come in and work on our nation’s problems,” she said in an interview on the sidelines of the RSA security conference Tuesday. She added […]

The post Bush’s federal IT chief hopes for role in Trump administration appeared first on Cyberscoop.

Continue reading Bush’s federal IT chief hopes for role in Trump administration