Final NIST cloud roadmap sets 'action plans' for gov't cloud adoption

Molly Bernhart Walker, FierceGovernmentIT,  Wednesday, October 22, 2014

The National Institute of Standards and technology Oct. 21 published a final version of its U.S. Government Cloud Computing Technology Roadmap. The document lays out 10 requirements – each accompanied by "priority action plans" and target completion dates – necessary for cloud adoption by the federal government. The 10 specific requirements relate to the broader priorities of security, interoperability, portability, performance and accessibility.

Russia and China to join forces as cyber superpowers

Russia Direct,  Tuesday, October 21, 2014

Russia and China could soon sign an agreement on cooperation in the field of cybersecurity, a move that some see as an attempt to reduce American influence in the information technology field.

Chinese government launches man-in-middle attack against iCloud

Sean Gallagher, Ars Technica,  Monday, October 20, 2014

GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within the country. The attacks come as Apple begins the official rollout of the iPhone 6 and 6 Plus on the Chinese mainland. The attack, which uses a fake certificate and Domain Name Service address for the iCloud service, is affecting users nationwide in China. The GreatFire.org team speculates that the attack is an effort to help the government circumvent the improved security features of the new phones by compromising their iCloud credentials and allowing the government to gain access to cloud-stored content such as phone backups.

FBI Director Calls On Congress To 'Fix' Phone Encryption By Apple, Google

Ryan Reilly and Matt Sledge, Huffington Post,  Thursday, October 16, 2014

FBI Director James Comey called Thursday for "a regulatory or legislative fix" for technology companies' expanding use of encryption to protect user privacy, arguing that without such a fix, "homicide cases could be stalled, suspects could walk free, and child exploitation victims might not be identified or recovered."

Microsoft says NSA spying hit trust in the cloud

Doug Drinkwater, SC Magazine UK,  Friday, October 10, 2014

A senior Microsoft spokesman says that government surveillance has damaged trust in the cloud and in the company itself, pushing the latter to focus more on data privacy and security. The firm's principal cyber-security strategist Jeff Jones was presenting at the IP Expo Europe exhibition in London on Thursday, where he suggested that the leaks from NSA whistleblower Edward Snowden had impacted the Redmond technology giant and the cloud computing market as a whole. He then suggested that that the leaks had ‘affected' cloud in the enterprise, as well as the company's own ambitions in this area, before adding that the growing distrust in the cloud had come at a time where ‘perceptual concerns' around cloud security were dissipating on deployment.

Software group launches student privacy pledge

Julian Hattem, The Hill,  Tuesday, October 07, 2014

The software industry is making moves to beef up privacy protections for students. The Software and Information Industry Association (SIIA) joined with the Future of Privacy Forum, a think tank, to announce a new pledge for companies that make products for students in kindergarten through 12th grade. Under the pledge, a handful of companies have promised not to sell student information or target their ads based on students’ behavior. Companies will also only use data for specific educational purposes and will impose limits on how long that information is held.

Players picked for first federally-funded R&D center for cybersecurity

Aaron oyd, FederalTimes,  Tuesday, October 07, 2014

With cyber attacks being volleyed at U.S. infrastructure daily, the National Cybersecurity Center of Excellence (NCCoE) has awarded the first federally-funded research and development center (FFRDC) contract designed specifically to enhance the nation's cybersecurity. The new FFRDC — part of the National Institute of Standards and Technology’s (NIST) NCCoE — will be managed by non-profit MITRE Corp. with assistance from the University System of Maryland (USM), which includes campuses in College Park (UMCP) and Baltimore County (UMBC).

OMB changes security incident reporting procedures, tweaks FISMA metrics

Molly Bernhart Walker, FierceGovernmentIT,  Monday, October 06, 2014

The Office of Management and Budget said Oct. 3 that new guidelines issued to federal civilian agencies will improve the government's information security posture. The new guidelines update how agencies will report security incidents to the Homeland Security Department's computer emergency readiness team, or US-CERT, a process that will be tested for one year before a more permanent update is considered, an OMB memo (pdf) said. The new guidance – detailed in incident notification guidelines – establishes a standard set of data elements for reporting incidents, updated incident notification requirements, impact classifications and threat vectors used to categorize and address incidents, said OMB Director Shaun Donovan, in the Oct. 3 memo.

Microsoft will offer locally hosted cloud services in India

John Ribeiro, IDG News Service,  Monday, September 29, 2014

Microsoft CEO Satya Nadella wooed India's government and banks on Tuesday with an offer to host cloud services including Azure and Office 365 in the country. The Indian government has been pushing organizations to hold data locally, and Nadella's move could help drive business for the company from federal and state government customers, as well as banks.

Oracle opens two German data centres in wake of NSA snooping scandal

Madeline Bennett, V3,  Monday, September 29, 2014

Oracle has announced the opening of two data centres in Germany, along with teaming up with Vodafone to push the Internet of Things. The two new facilities, located in Frankfurt and Munich, will go live in the next few weeks and will be completely operational before the end of the year. They join the two other European countries that already have their own data centres, the UK and the Netherlands. The centers will provide cloud services to German organizations that want their data stored within German borders to prevent foreign authorities –notably the NSA – to access the information through their surveillance programs.