Improve controls on classified information, inspector general tells U.S. intelligence community

The federal government should do more to protect its most sensitive information from potentially being deleted or leaked by insiders, according to a new report from the intelligence community inspector general (ICIG). The Office of the Director of National Intelligence (ODNI) must “improve controls to efficiently and effectively manage and mitigate the risk that a trusted privileged user could inappropriately access, modify, destroy, or exfiltrate classified data,” the intelligence community inspector general, Michael Atkinson, writes in the report. The potential for trouble extends even to classified information that is restricted to a trusted few at the ODNI, the report says. The ICIG’s specific recommendations about how to address the issue, of course, are classified. The semiannual report, released Tuesday, details a number of ongoing intelligence community programs and audits meant to boost the cybersecurity of the ODNI and the intelligence community writ large, among them projects on overhauling the security clearance process and efforts […]

The post Improve controls on classified information, inspector general tells U.S. intelligence community appeared first on CyberScoop.

Continue reading Improve controls on classified information, inspector general tells U.S. intelligence community

Cisco will pay $8.6 million to settle claims it sold US flawed surveillance software

Technology giant Cisco has agreed to pay $8.6 million to settle allegations it knowingly sold video surveillance equipment with security vulnerabilities to federal, state and local government agencies, according to court records unsealed Wednesday. A company whistleblower first informed Cisco in 2008 that a bug in its surveillance software could have enabled hackers to monitor video footage, delete footage and turn on or disable the systems. Government entities including the U.S. Secret Service, the Federal Emergency Management Agency and the New York Police Department had purchased the software, according to the Washington Post, which first reported the news. Cisco’s settlement appears to be the first whistleblower resolution of the False Claims Act, which prohibits defrauding the government, regarding cybersecurity issues. “The tech industry needs to fulfill its professional responsibility to protect the public from their products and services,” whistleblower James Glenn said in a statement. “There’s this culture that tends […]

The post Cisco will pay $8.6 million to settle claims it sold US flawed surveillance software appeared first on CyberScoop.

Continue reading Cisco will pay $8.6 million to settle claims it sold US flawed surveillance software

D.C. Metro system beefs up supply-chain cybersecurity provisions for new railcars

The Washington, D.C., area’s Metro system, in response to U.S. senators who raised security concerns about a new line of railcars, now says it will use the National Institute of Standards and Technology’s cybersecurity framework to vet software and hardware proposed for the project. Bidders on the railcar procurement, worth an estimated $1 billion and covering up to 800 railcars, also will have to show evidence that a third party tested their software or hardware, Washington Metropolitan Area Transit Authority CEO Paul J. Wiedefeld said Wednesday. The NIST framework — used widely throughout other industries and government agencies — is a key part of the  updated request for proposal, Wiedefeld wrote in a letter to Democratic senators from Virginia and Maryland. “We are confident that these approaches will impose appropriate controls that limit any malicious actor’s ability to embed malware and for WMATA to monitor and enforce security requirements,” Wiedefeld wrote to […]

The post D.C. Metro system beefs up supply-chain cybersecurity provisions for new railcars appeared first on CyberScoop.

Continue reading D.C. Metro system beefs up supply-chain cybersecurity provisions for new railcars

Senators worry that new D.C. Metro railcars could carry cyber risk

Senators who represent the Washington, D.C., area have raised concerns about added cybersecurity risks in the region’s Metro system after reports that a Chinese state-owned manufacturing company could win a $1 billion procurement for railcars. The four Democrats – Sens. Mark Warner and Tim Kaine of Virginia, and Ben Cardin and Chris Van Hollen of Maryland – wrote to the Washington Metropolitan Area Transit Authority expressing their “serious concerns” of possible foreign bidding on the project, “particularly when it could involve foreign governments that have explicitly sought to undermine our country’s economic competitiveness and national security.” The Jan. 18 letter to WMATA CEO Paul J. Wiedefeld, the lawmakers exhorted him to “take the necessary steps to mitigate growing cyber risks to these cars.” The worry is that technology in the transit system, including video surveillance cameras and the automated aspects of railcars, could be a target of spies or hackers. The state-owned China Railway […]

The post Senators worry that new D.C. Metro railcars could carry cyber risk appeared first on CyberScoop.

Continue reading Senators worry that new D.C. Metro railcars could carry cyber risk

Suplari raises $10.3M Series A round to bring AI to procurement

Procurement isn’t the most exciting topic in the world, but for large businesses, it’s an area where inefficiencies can quickly affect the bottom line. Simply getting a complete view of all of the products and services that a company buys is a challenge in itself, though, which in turn makes it hard to find savings, […] Continue reading Suplari raises $10.3M Series A round to bring AI to procurement

Six big vendors dominate a fragmented federal cyber market, numbers show

Federal procurement of cybersecurity goods and services is highly fragmented, according to new research published this week, with more than 7,600 different companies winning U.S. government contracts during the past six years. But despite this long tail of small awards, the market space is dominated by a handful of familiar names. Only six contractors — Leidos, Northrup Grumman, Booz Allen Hamilton, IBM, Hewlett Packard and General Dynamics — earned a billion dollars or more in cyber contracts from the U.S. government in fiscal 2011-16, according to the new report from Govini, a consultancy that crunches procurement numbers. “Acquisition of cybersecurity solutions is highly fragmented now,” Arun Sankaran, Govini’s director of professional services, told CyberScoop. He was the lead author of the report, which analyzes the $45.9 billion obligated between 2011-2016 in three categories of federal cybersecurity spending: defense, resilience and threat analytics. Spending rose significantly in the second half of that period, from an average of $6.3 billion […]

The post Six big vendors dominate a fragmented federal cyber market, numbers show appeared first on Cyberscoop.

Continue reading Six big vendors dominate a fragmented federal cyber market, numbers show

As .gov turns to cloud, agency heads deliberate cyber-defense strategies

Agencies across the U.S. government are increasingly looking to migrate their data into the cloud to cut costs, but doing so has also introduced new cybersecurity challenges, federal executives said Wednesday during Verizon’s Government of the Future conference produced by FedScoop. Each government agency is defined by a very specific mission set, explained Census Bureau […]

The post As .gov turns to cloud, agency heads deliberate cyber-defense strategies appeared first on Cyberscoop.

Continue reading As .gov turns to cloud, agency heads deliberate cyber-defense strategies