Thursday, January 17, 2013
Recently, Microsoft’s Digital Crimes Unit discovered the botnet Nitol – Chinese malware embedded in more than 4,000 computers purchased by consumers from U.S. retailers. The malware equipped hackers with the ability to remotely turn on the machines; record users by hacking microphones and webcams; and log all keystrokes, including passwords and banking information. This breach shows us just how vulnerable our supply chains really are. The ease by which cyber thieves are attacking trusted U.S. providers is sobering.
Wednesday, January 16, 2013
If 2012 was the year for finalizing FedRAMP as a streamlined security program for government cloud computing, 2013 may be the year where the work pays off and vendors start announcing certified FedRAMP cloud computing solutions. But even as vendors get their solutions FedRAMP certified, does FedRAMP really address all the potential concerns an agency might have for implementing a robust cloud computing solution?
Friday, January 11, 2013
Despite major disagreements over the implications of Obamacare, both Democrats and Republicans have at least agreed on one issue that will benefit all Americans: a transition to electronic records is necessary to increase the effectiveness of the U.S. medical system and the privacy of medical records.
Thursday, August 16, 2012
Recently, I spent some time with a group of people considering cyber security from a number of different sides and levels. We had an interesting scenario discussion where we debated the correct way to handle a specific behavior-related situation.
Tuesday, May 22, 2012
Something you have, and something you know resulting in a secure connection to whatever you were connecting to. Security being the prime protector the way we keep the information at our fingertips but not at the fingertips of those whom we are protecting against.
Friday, May 18, 2012
Utah’s Governor has just fired the state’s CIO over a data breach that let foreign hackers steal the social security numbers of 280,000 state residents. Why did this unfortunate episode happen, and what can we learn from it?
Civitas Group, Thursday, May 17, 2012
The technical capabilities for ensuring a secure cloud computing environment already exist. Why, then, are security concerns still the number one obstacle preventing Federal CIOs from adopting cloud computing technology?
Thursday, April 19, 2012
The distance between a great idea and an operational solution is often very short – but sometimes good ideas get swamped by the reality of implementation. As cybersecurity bills work their way through Congress, there is a growing consensus that embracing the sharing of cyber threat and vulnerability information is a great idea. Less well understood is that a dedicated (possibly government-sponsored) cloud architecture may be one implementation solution that bridges the chasm between this great idea and the reality of a functioning information sharing system.
In our Critical Perspectives series, SafeGov.org asks its experts to offer their views on critical public sector cloud issues. This week's question: Congress is currently debating two conflicting visions for new cybersecurity legislation. One vision calls on the Department of Homeland Security to exercise close scrutiny and tight regulatory control over cybersecurity measures deployed by private industry in key sectors of the economy. The other vision promotes a looser regulatory approach that gives companies specific incentives to upgrade their cyber defenses and share information with each other and the government. Both camps agree that our critical infrastructure is vulnerable to cyber attack, but the division over how best to protect it is real. What action do you recommend that Congress take this year regarding the proposed cybersecurity bills?