Thursday, August 16, 2012
Recently, I spent some time with a group of people considering cyber security from a number of different sides and levels. We had an interesting scenario discussion where we debated the correct way to handle a specific behavior-related situation.
Tuesday, May 22, 2012
Something you have, and something you know resulting in a secure connection to whatever you were connecting to. Security being the prime protector the way we keep the information at our fingertips but not at the fingertips of those whom we are protecting against.
Friday, May 18, 2012
Utah’s Governor has just fired the state’s CIO over a data breach that let foreign hackers steal the social security numbers of 280,000 state residents. Why did this unfortunate episode happen, and what can we learn from it?
Civitas Group, Thursday, May 17, 2012
The technical capabilities for ensuring a secure cloud computing environment already exist. Why, then, are security concerns still the number one obstacle preventing Federal CIOs from adopting cloud computing technology?
Thursday, April 19, 2012
The distance between a great idea and an operational solution is often very short – but sometimes good ideas get swamped by the reality of implementation. As cybersecurity bills work their way through Congress, there is a growing consensus that embracing the sharing of cyber threat and vulnerability information is a great idea. Less well understood is that a dedicated (possibly government-sponsored) cloud architecture may be one implementation solution that bridges the chasm between this great idea and the reality of a functioning information sharing system.
In our Critical Perspectives series, SafeGov.org asks its experts to offer their views on critical public sector cloud issues. This week's question: Congress is currently debating two conflicting visions for new cybersecurity legislation. One vision calls on the Department of Homeland Security to exercise close scrutiny and tight regulatory control over cybersecurity measures deployed by private industry in key sectors of the economy. The other vision promotes a looser regulatory approach that gives companies specific incentives to upgrade their cyber defenses and share information with each other and the government. Both camps agree that our critical infrastructure is vulnerable to cyber attack, but the division over how best to protect it is real. What action do you recommend that Congress take this year regarding the proposed cybersecurity bills?
Thursday, March 15, 2012
Embroiled in diverging approaches of how to best secure the nation’s critical information systems from cyber attack, Congress once more faces the danger of a stalemate. One bill, the Cybersecurity Act of 2012, would give the Department of Homeland Security (DHS) the authority to regulate cybersecurity performance requirements for designated private sector critical infrastructure providers. Its alternative, the Republican-backed Secure IT Act, would look to forgo regulation and instead promote voluntary information sharing between the government and private sector to communicate cyber threats. To be sure, the divide between these approaches in their treatment of critical infrastructure providers and other members of the private sector is significant, but what Congress could be in danger of forgetting is the consensus between the two proposals to enhance the security of government information networks.
Maryann Lawlor, SIGNALScape, Wednesday, February 29, 2012
While the general perception is that a cloud is a cloud, that won’t be the case for government agencies. Experts revealed more specifics about federal, state and local migration to cloud computing during the first panel at AFCEA International’s Homeland Security Conference. Eventually a governmentwide cloud for all services and data may be created, but today, while some services can move to the cloud environment, others will require customized clouds. For example, email services are a good candidate for the cloud, but those agencies that require extra security are likely to create private clouds for data storage and exchange. The latter not only applies to the usual suspects of national security agencies but also to local and regional law enforcement agencies that need to restrict access and protect information during ongoing investigations
Camille Tuutti, Federal Computer Week, Wednesday, February 29, 2012
The public sector is inching closer to a more widespread adoption of cloud computing, with cost savings cited as the greatest driver for state, local and federal governments, and governments around the world. A new survey from auditing firm KPMG shows that more than 40 percent of government respondents globally say they are already testing or implementing cloud solutions, and nearly 30 percent are working on a cloud strategy.
Marcia Savage, SearchCloudSecurity.com, Wednesday, February 29, 2012
What do you do if your cloud provider is breached? Well, hopefully you’ve already planned for it ahead of time in your cloud contract. At the RSA Conference 2012 on Tuesday, a session offered advice to cloud users on how to plan for cloud computing breaches in their cloud computing contracts. Contracts “are an important initial line of defense in dealing with breaches in the cloud,” said James Shreve, an attorney in the Washington, D.C. office of BuckleySandler LLP.