The back-and-forth in Washington over who should run the cybersecurity program for the federal government has reached a fever pitch, as lawmakers, federal agencies and other interested parties jockey for position and budget dollars in the run-up to the release of the results of the Obama administration’s review of cybersecurity operations in the federal government. But perhaps the question isn’t which agency or office should have ultimate authority over cybersecurity, but whether any of them should.
Browsing Category: Government
From Computerworld (Jaikumar Vijayan)
A government audit has found more than 760 high-risk vulnerabilities in Web applications used to support Air Traffic Control (ATC) operations around the country.
From SearchSecurity.com (Eric Ogren)
The federal government has whipped itself into a frenzy on the issue of cybersecurity recently, as evidenced by the numerous competing bills in the House and Senate and the high-level wrangling over which agency should run cybersecurity. Washington certainly has a key role to play in cybersecurity, but lawmakers and regulators should keep their hands off the Internet as much as possible and look to the private sector to lead on this issue, Eric Ogren writes.
There is a good old-fashioned backroom brawl shaping up in Washington over the cybersecurity issue, and the forces are aligning in some interesting ways on a variety of different sides of the debate. The latest installment in this long-running drama involves not just the fight over which, if any, of the numerous House and Senate bills addressing cybersecurity will ever see the light of day, but also the wisdom of handing authority for federal information security to the White House.
The head of the National Security Agency on Tuesday will recommend that the United States needs a major upgrade to its capabilities in both offensive and defensive cyber capabilities, handing that responsibility to a new military command in Maryland. In a hearing before the House Armed Services Committee, Lt. Gen. Keith Alexander will deliver a blunt assessment of the country’s information warfare skills, and it won’t be pretty.
From AFP (Via Yahoo News)
The North Korean regime is in the process of building up its capabilities to launch offensive computer attacks, according to news reports out of South Korea. The reports say that North Korea is specifically strengthening its information warfare program with the intention of targeting its two traditional antagonists, the United States and South Korea, AFP reports.
The recent flood of stories on attacks against the electrical grid, various government agencies and other portions of the critical infrastructure has renewed the calls for improvements in federal cybersecurity and, especially, information sharing between the government and the private sector on attacks and vulnerabilities. Some of this has been going on behind the scenes in Washington for a long time in an ad hoc fashion, but it appears it’s been getting more organized of late.
From CNet News (Stephanie Condon)
The Conficker Working Group several months ago discovered several hundred medical devices that had been infected with the Conficker worm and set about alerting the affected hospitals to the problem. The disinfection process should have been straightforward, but the tangle of regulations that govern medical facilities prevented the hospitals from making changes to the devices for three months.
Microsoft has developed an ultra-secure version of Windows XP, with many settings locked down by default. But the hardened OS isn’t for sale to the general public; it’s made specifically for the military. Microsoft built the secure version of XP a few years ago at the direction of the Air Force, which had grown weary of the constant updates to other Windows versions and had just seen its network defenses abused in a pentration test by the National Security Agency.
A study conducted by the National Academy of Sciences found that the United States military needs to create an open, public dalogue to clarify its plans around using offensive weapons in cyberspace. The study also recommends that the military explain what offensive capabilities it has and how they might be used to counter conventional military attacks.