Group items tagged

As the National Security Council works on its comprehensive review of federal cybersecurity programs for President Obama, it is going to great lengths to consider privacy and civil liberty issues, some Congress members said Thursday. The House Cybersecurity Caucus on Thursday met with Melissa Hathaway, the acting senior director for cyberspace for the National Security and Homeland Security Councils, who is conducting for the administration a 60-day cybersecurity review. Rep. James Langevin (D-R.I.), co-chair of the House Cybersecurity Caucus, said Hathaway has been meeting with privacy and civil liberties groups to receive their input on how to reform cybersecurity. Those issues are "a forethought rather than an afterthought," he said. "Because these are such powerful tools (to grant federal authorities to regulate cyberspace), we're going to have to have the buy-in of the public and have their support." While the Senate is working on its own plan for White House-run cybersecurity efforts, Langevin said Hathaway's assessment may ultimately suggest a strategy with a stronger emphasis on inter-agency efforts. Langevin said it is still unclear whether Hathaway will recommend that a new office for cybersecurity should be created within the Executive Office of the President--a move some senators are pushing for. Certainly, though, policy will have to come from the White House. "This is going to have to be an ongoing strategy of collaboration and cooperation directed out of the White House," Langevin said. "But there won't be one king, so to speak, at the end of the day. The chief information officers at the departments and agencies are still going to have a role to play."

It's unclear whether a report being prepared for President Barack Obama on federal information security preparedness will support recent calls for the creation of a new cybersecurity office within the White House, two lawmakers said last week. Instead, the report may recommend a more collaborative and cooperative strategy among federal agencies on the issue of cybersecurity without a single agency or department in charge, they said. Members of the U.S. House Cybersecurity Caucus met with Melissa Hathaway, acting senior director for cyberspace for the National Security Council and Homeland Security Council. Hathaway, who is conducting a 60-day review of federal cybersecurity preparedness on behalf of the president, Thursday presented a status report to members of the caucus. Speaking with reporters after the briefing, Rep. James Langevin (D-R.I.), co-chair of the caucus, and Rep. Yvette Clarke (D-N.Y.), chairwoman of a subcommittee within the Committee on Homeland Security, said it was unclear yet what Hathaway might recommend. Rather than "include another structure" within the White House, there may be a call for an increase in staffing within the White House Office of Management and Budget (OMB) in a bid to improve its current role of overseeing government cyberaffairs, said Langevin. Chances are "there will not be one king," he said. Langevin co-chaired a commission at the Center for Strategic and International Studies, a bipartisan think tank, that has called for the creation of a centralized cybersecurity office in the White House to be named the National Office for Cyberspace. The new office could combine the National Cyber Security Center (NCSC) and the Joint Interagency Cyber Task Force, two existing agencies that are handing cybersecurity today. The U.S. Government Accountability Office (GAO) has also called for a new office dedicated to cybersecurity within the White House. Calls have been prompted by what is perceived as the inability of the U.S. De

Former Booz Allen Hamilton management consultant Melissa Hathaway's much anticipated 60-day review of U.S. cybersecurity policy is scheduled to hit President Obama's desk this Friday. All eyes of the tech security community will be watching. It will signal what approach Obama will take in the complicated task of stemming cyber threats. Obama has said he will make the Internet safer for citizens and businesses, while playing catchup to China and Russia who are far ahead in the cyberwarfare arms race. "We're trying to do cybersecurity in a democracy," says Leslie Harris, President and CEO of the Center for Democracy & Technology. "Doing cybersecurity in China, my guess, is a lot easier." CDT held a press briefing this morning at which it warned that a cybersecurity bill, introduced earlier this month by Sen. John Rockefeller, D-W.Va, and Sen. Olympia Snowe, R-Maine, is the first of several that likely will be proposed once Hathaway's review is out. Harris said CDT agrees with a provision in the Rockefeller-Snowe bill that would create a cabinet-level cybersecurity adviser reporting directly to President Obama, but questions some of the extraordinary federal enforcement powers that could be created. CDT says it doesn't want citizens' civil liberties trampled upon. CDT general counsel Greg Nojeim gave Hathaway high marks for keeping her review process relatively open, in contrast to the Bush administration's penchant for secrecy. "So far the White House review team gets high grades on transparency," Nojeim said. Hathaway has held closed briefings in the past several weeks with Congressional committees, industry groups and privacy organizations, said Nojeim. "But the real test will be whether their recommendations reflect a commitment to transparency in the execution of the program," said Nojeim.

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

The U.S. government's director for cybersecurity resigned on Friday, criticizing the excessive role of the National Security Agency in countering threats to the country's computer systems. "He has tendered his resignation," Amy Kudwa, a Department of Homeland Security spokeswoman told Reuters. Former Silicon Valley entrepreneur Rod Beckstrom said in a resignation letter published by the Wall Street Journal it was a "bad strategy" to have the National Security Agency, which is part of the Department of Defense, play a major role in cybersecurity. Beckstrom headed the National Cybersecurity Center, which was created last March to coordinate all government cybersecurity efforts and answers to the Department of Homeland Security. Homeland Security said in a statement that it has a strong relationship with the NSA and continues to work closely with all of its partners to protect the country's cyber networks. Beckstrom wrote to Homeland Security Secretary Janet Napolitano on Thursday in his resignation letter that the NSA currently dominates most national cyber efforts. "While acknowledging the critical importance of NSA to our intelligence efforts, I believe this is a bad strategy on multiple grounds," he wrote in the letter posted by the Wall Street Journal on its website. National Security Agency officials could not immediately be reached for comment. Beckstrom said in his letter that the cybersecurity group did not receive adequate support to accomplish its role during the previous administration of President George W. Bush, which only provided the center with five weeks of funding in the last year. His resignation will be effective March 13, the letter said. The newspaper said the Obama administration was conducting a 60-day review of the cybersecurity program started by Bush last year to protect government networks.

Obama administration cybersecurity advisor Melissa Hathaway, in her much anticipated speech before the RSA Conference on Wednesday, suggested that the findings of a study she submitted Friday to President Obama calls for cybersecurity policy to be run from the White House. "The White House must lead the way forward with leadership that draws upon the strength, advice and ideas of the entire nation," said Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils. Scant on details, Hathaway in her 2,400-word speech did not explain how federal cybersecurity should be governed, even if it's based in the White House. Two months ago, President Obama charged Hathaway to head up a team to review current cybersecurity policies and processes. "It can be said that the federal government is not organized appropriately to address this growing problem because responsibilities for cyberspace are distributed across a wide array of federal departments and agencies, many with overlapping authorities and none with sufficient decision authority to direct actions that can address the problem completely," Hathaway said. "We need an agreed way forward based on common understanding and acceptance of the problem." Hathaway said the team she assembled addressed all missions and activities associated with the information and communications infrastructure, including the missions of computer network defense, law enforcement investigations, military and intelligence activities and the intersection of information assurance, counter intelligence, counter terrorism, telecommunications policies and general critical infrastructure protection. Task force members held more than 40 meetings with different stakeholder groups during the 60 days and received and read more than 100 papers that provided specific recommendations and goals, she said. "We identified over 250 needs, tasks, and recommendations," Hathaway said. "We also solicited input from gov

Legislation to reform the Federal Information Security Management Act of 2002 will be introduced in the Senate on Tuesday, a Senate staffer who helped draft the bill told a panel at the RSA Conference in San Francisco on Thursday. Erik Hopkins' presentation provided further evidence that the White House could assume greater control in coordinating federal government security. In the panel - The New FISMA: Security Finally Transcends Compliance - Hopkins offered a diagram illustrating the bill that showed a cyber office reporting directly to the president. Hopkins, who works for the Senate Committee on Homeland Security and Governmental Affairs, was the third federal official addressing conference attendees to suggest the White House will be given more authority in safeguarding federal government information systems. On Wednesday, Obama administration cybersecurity advisor Melissa Hathaway - who last week submitted to the president an assessment of federal cybersecurity policy - said the White House must lead federal government cybersecurity efforts. A day before, National Security Agency Director Keith Alexander said NSA would not lead the nation's cybersecurity efforts, suggesting a greater role for the White House. Hopkins said the benefits of FISMA reform includes improved coordination of security efforts, better economies of scale and greater situational awareness of security threats such as knowing where they originate and how the government will respond.

In a move that could reshape the federal government's cybersecurity efforts, President Obama on Monday said a former Booz Allen consultant would conduct an immediate two-month review of all related agency activities. The announcement indicates that the White House's National Security Council may wrest significant authority away from the U.S. Department of Homeland Security, which weathered withering criticism last fall for its lackluster efforts. Obama selected Melissa Hathaway, who worked for the director of national intelligence in the Bush administration and was director of an multi-agency "Cyber Task Force," to conduct the review with an eye to ensuring that cybersecurity efforts are well-integrated and competently managed. "The president is confident that we can protect our nation's critical cyber infrastructure while at the same time adhering to the rule of law and safeguarding privacy rights and civil liberties," said John Brennan, the president's homeland security adviser. Hathaway's appointment comes as Obama plans to overhaul the National Security Council, expanding its membership and effectively centralizing more decision-making in the White House staff. That would vest more authority in a staff run by James L. Jones, a former Marine Corps commandant who warned at a speech in Munich over the weekend that terrorists could use "cyber-technologies" to cause catastrophic damage. During a panel discussion that CNET News wrote about last fall, Hathaway defended Homeland Security's efforts to develop what it called a National Cyber Security Initiative, saying there was "unprecedented bipartisan support" for it. "Over the past year cyber exploitation has grown more sophisticated, more targeted, and we expect these trends to continue," she added. "Our cybersecurity approach to date has not kept up with the threats we've seen."

Is the price to safeguard America's information systems and networks on a collision course with efforts to rescue the economy? One would hope not, but the $789 billion stimulus package that contains nearly $10 billions for IT-related projects offered very little for cybersecurity. Still, the president sees protecting government and private-sector information systems as crucial to the economic vitality of the country. So, when Acting Senior Director for Cyberspace Melissa Hathaway hands the President her recommendations on securing the nation's information infrastructure later this month, a sharper picture should emerge on how much money the government will need to spend to do just that. What Price Security? The government isn't a spendthrift in protecting its IT networks; it earmarked $6.8 billion a year on cybersecurity this fiscal year, up from $4.2 billion five years ago, according to the White House Office of Management and Budget. But is that enough? Appropriating money to find new and innovative ways to protect our critical information infrastructure doesn't seem to be a government priority, at least not yet. Of the $147 billion the government planned to spend on all types of research and development this fiscal year, only $300 million or 0.2 percent was slated for cybersecurity, according to the Securing Cyberspace in the 44th Presidency report issued by the Center for Strategic and International Studies. By comparison, the budget contained five times as much money $1.5 billion for nanotechnology R&D.

Should responsibility for defending against cyberattacks be moved from the Dept. of Homeland Security to the military? Air Force Gen. Kevin Chilton suggested as much at a Congressional hearing where he warned of U.S. vulnerability to cyberwarfar "across the spectrum." Such attacks "potentially threaten not only our military networks, but also our critical national networks," Chilton told a House Armed Services subcommittee, the Washington Post reported. As head of Strategic Command, the general isn't responsibel for defending civilian networks, just government computers. [Stratcom's responsibility is] "to operate and defend the military networks only and be prepared to attack in cyberspace when directed. I think the broader question is, who should best do this for the other parts of America, where we worry about defending power grids, our financial institutions, our telecommunications, our transportation networks, the networks that support them." Well, that's where the 60-day interagency overview of cybersecurity comes in. At the end of that, Chilton said, responsibility for protecting private sector networks may well fit under Stratcom's duties. So what impact in having the military at the center of cybersecurity? Importantly, it brings offensive ops into the defense game. And where the military is involved, can NSA be far behind? No. Operational control over both [offensive and defensive ops], Chilton said, has been delegated to Lt. Gen. Keith B. Alexander, the head of the National Security Agency. … NSA, according to Chilton, already has a role in information security, and the agency's support "has been instrumental in our efforts to operate and particularly to defend our networks," he said. Combining oversight of cyber defense and offense made sense, Chilton said, "because they're so interconnected. . . . As you consider offensive operations, you want to make sure your defense are up."

A disconnect exists between federal government CIOs, CISOs and IT hiring managers and the human resources professionals charged with finding qualified candidates with cybersecurity skills, according to a just-published report. The report, Cyber In-Security: Strengthening the Federal Cybersecurity Workforce from the Partnership for Public Service, concludes that IT managers are less satisfied than their HR counterparts with the quality of cybersecurity recruits and the time it takes to hire IT security personnel. "The human capital management process is broken; operations and HR people should be joined at the hip and collaborate across the government," the report quotes Norman Lorentz, former chief technology officer at the White House Office of Management and Budget. Indeed, one third of chief information officers, chief information security officers and IT hiring managers surveyed for the report expressed unhappiness with candidate quality vs. 10 percent for HR managers. Sixty-one percent of HR managers vs. 40 percent of IT managers expressed satisfaction with candidate quality (see chart).

A group of federal agencies and private organizations, including the National Security Agency and the Department of Homeland Security, has released a set of guidelines defining the top 20 things organizations should do to prevent cyberattacks. The Consensus Audit Guidelines (CAG) describe the 20 key actions, referred to as security controls, that organizations should take to defend their computer systems. The controls are expected to become baseline best practices for computer security, following further public- and private-sector review. CAG is being led by John Gilligan, formerly the CIO for both the U.S. Air Force and the U.S. Department of Energy, and a member of the Obama transition team dealing with IT in the Department of Defense and various intelligence agencies. "We are in a war, a cyberwar," Gilligan said on a media conference call. "And the federal government is one of many large organizations that are being targeted. Our ability at present to detect and defend against these attacks is really quite weak in many cases." Borrowing an analogy he attributed to an unnamed federal CIO, Gilligan said, "We're bleeding badly and we really need triage and we need to focus on things that will keep this patient alive." The CAG initiative represents part of a larger effort, backed by the Center for Strategic and International Studies (CSIS) in Washington, D.C., to implement recommendations from the CSIS Commission report on Cybersecurity for the 44th Presidency.

US senators have drafted legislation that would give the federal government unprecedented authority over the nation's critical infrastructure, including the power to shut down or limit traffic on private networks during emergencies. The bill would also establish a broad set of cybersecurity standards that would be imposed on the government and the private sector, including companies that provide software, IT work or other services to networks that are deemed to be critical infrastructure. It would also mandate licenses for all individuals administering to strategically important networks. The bill, which is being co-sponsored by Senate Commerce Committee chairman John Rockefeller IV and Senator Olympia Snowe, was expected to be referred to a senate committee on Wednesday. Shortly after a working draft of the legislation began circulating, some industry groups lined up to criticize it for giving the government too much control over the internet and the private companies that make it possible. "This gives the president too much power and there's too little oversight, if there's any at all," said Gregory Nojeim, senior counsel at the Center for Democracy and Technology. "It gives him the power to act in the interest of national security, a vague term that has been broadly defined." Nojeim was pointing to language in the bill that permits the president to "order the limitation or shutdown of internet traffic to and from any compromised federal government or United States critical infrastructure information system or network" after first declaring a national cybersecurity emergency. A separate provision allows the executive in chief to "order the disconnection of any federal government or United States critical infrastructure information systems or networks in the interest of national security." "It applies to any critical infrastructure," Nojeim added. "Surely, the internet is one." The bill would also require NIST, or the National Institute of Standards and Techn

"Rep. Loretta Sanchez, Chair, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities With many committees and subcommittees having oversight over government cybersecurity, Rep. Loretta Sanchez thinks it would be a good idea to gather them together to map out steps Congress can take to help secure government IT."

US Government agencies collaborate to help secure information assets & protect our infrastructure and citizens? What an idea!

An explosion in threats against the nation's cybernetworks has led the Pentagon to develop a cyberwar strategy and prompted states to open cybersecurity offices.

Here are five interesting factoids regarding information security culled from documents and statements accompanying President Obama's fiscal year 2010 budget: The current number of positions filled in the federal IT workforce totals 17,785, with 8,407 of them - or 47 percent - deemed IT security. The Department of Homeland Security seeks $75.1 million more in the coming year to develop and deploy cybersecurity technologies for the entire government to counter continuing, real-world national cyber threats and apply effective analysis and risk mitigation strategies to detect and deter threats. Homeland Security also seeks $37.2 million, a $6.6 million increase, to address critical capability gaps identified in the government's Comprehensive National Cybersecurity Initiative. Specifically, says DHS Secretary Janet Napolitano, this effort would seek and/or develop technologies to secure the nation's critical information infrastructure and networks. Nearly half of the federal workforce - 2.7 million individuals - have been issued credentials that provide for digital signature, encryption, archiving of documents, multi-factor authentication and reduced sign-on to improve security and facilitate information sharing. The total federal IT budget for 2010, including funds earmarked to secure data and systems, tops $75.8 billion, up $5.1 billion or 7.2 percent from the current fiscal year.

The federal GLBA, HIPAA, FACTA and its Red Flags and Disposal Rules, state data Breach Notification Laws and many other federal and state laws and industry regulations like PCI-DSS are intended to protect the privacy and security of consumer's personally identifiable and financial information entrusted to businesses and other organizations. Many suchidentity theft, id theft, government security, government privacy regulations aim to prevent identity theft and privacy violations. While some businesses have been negligent in securing information, other businesses have been victimized by black hat hackers or "crackers" who operate ahead of the cybersecurity technology curve. Cybersecurity is an ongoing challenge for businesses and for government as discussed in the President's Cyberspace Policy Review. In the four-year period ending in 2008, 23% of all data breaches reported were attributed to hackers. For those data breaches involving more than one million profiles, hacking was identified as the cause in 66% of the breaches according to a recent research report on data breach risk factors.

Congress already has more than 40 committees and well over 100 subcommittees. Does it really need one more? How about another task force? Or a working group? Yes, says Sen. John McCain: A new panel is needed to cope with a relatively recent and unquestionably grave threat - hacking.

Incident demonstrates that even agencies that put in security controls are still vulnerable The Federal Aviation Administration was doing such a good job at protecting data in its computer systems that the Office of Management and Budget chose it in January to be one of four agencies to guide other federal agencies in their cybersecurity efforts. Just a month later, FAA officials had to admit that hackers breached one of the agency's servers, stealing 48 files. Two of the files contained information on 45,000 current and former FAA employees, including sensitive information that could potentially make them vulnerable to identity theft. The security breach, although significant and potentially far reaching, is not necessarily a reflection on FAA's security measures. Rather, it demonstrates the problems of securing federal computer systems and difficulty in evading every potential attack. "Every agency is living through the same problems," but most are being less forthcoming about reporting them, said Alan Paller, director of the SANS institute. "FAA should get kudos for rapid action. Slamming them shows a complete lack of understanding about the state of security in federal agencies."

The Payment Card Industry Data Security Standard (PCI DSS) is ineffective and major payment processing infrastructure improvements are needed to secure credit and debit card transactions, lawmakers said Tuesday. The House Subcommittee on Emerging Threats, Cybersecurity, Science, and Technology, part of the House Committee on Homeland Security, held a hearing in Washington, D.C., on Tuesday to examine the effectiveness of PCI DSS. "The bottom line is that if we care about keeping money out of the hands of terrorists and organized criminals, we have to do more, and we have to do it now," said U.S. Rep. Yvette Clarke (D-N.Y.), who chairs the subcommittee. "The payment card industry and issuing banks need to commit to investing in infrastructure upgrades here in the United States." Clarke called on the industry to implement encryption on its credit and debit card processing networks and said the deployment of chip and PIN technology could significantly reduce the amount of stolen payment data. Chip and PIN technology is used in Asia and Europe. The technology replaces the magnetic strip on the back of a card and adds a four-digit personal identification number (PIN) to confirm a payment.

Since Obama's landmark speech on cybersecurity in May, his administration hasn't revealed much about its long-percolating plans to shore up the government's defenses against hackers and cyberspies. But privacy advocates monitoring the initiative are already raising concerns about what they know and what they don't: the details that have trickled out--including the involvement of the National Security Agency--and the veil of classified information that still covers much of the multibillion-dollar project. "It feels like the Bush administration all over again," says Pam Dixon, executive director of the World Privacy Forum. "Not enough people know the details about these programs to have a good public discussion. We all want good security of government systems, but you have to balance the cloak and dagger elements with civil liberties."