GovInfoSecurity.com RSS Syndication

Keeping IT Secure During a Budget Crisis

Adopting a Trusted-Internet-Connection Model as a Money Saver
California CISO Mark Weatherford looks to spend precious IT security dollars more efficiently and with more smarts as the nation's largest state tries to stay financially afloat.

DoD Units Fail to Sanitize Hard Drives Before Shipment

IG Report: Social Security numbers, other data exposed
Several military units failed to adequately sanitize hard drives of data, including Social Security numbers of military personnel, before shipping the IT equipment to other organizations, in violation of Department of Defense rules, the DoD inspector general said in a report.

Senate Kills 'Czar' Testimony Amendment

Democratic Whip Objection Helps Sink Measure
The Senate killed an amendment from a Susan Collins, R.-Maine, to compel President Obama's cybersecurity coordinator and other so-called 'czars' to testify before Congress or face losing funds for their offices.

NIST SP 800-102: Recommendations for Digital Signature Timeliness

"Establishing the time when a digital signature was generated is often a critical consideration."

NIST SP 800-120: Recommendation for EAP Methods Used in Wireless Network Access Authentication

Recommendations formalizes a set of core security requirements for EAP methods when employed by the U.S. Federal Government for wireless access authentication and key establishment.

NIST Special Publication 800-85B-1 PIV Data Model Test Guidelines (Draft)

Test guidelines specify the derived test requirements, detailed test assertions and conformance tests.

NIST: Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography

Use of algorithms requires the establishment of shared secret keying material in advance.

Key Considerations for Business Resiliency

Business Resiliency is the combination of Crisis Management, Incident Response, Business Continuance and Disaster Recovery into one succinct set of processes and capabilities.

This combination allows organizations to have minimal disruption in the event of a business-impacting incident that affects the entire organization instead of one that involves specific information infrastructure areas.

When evaluating Business Resiliency capabilities, it is important to understand that they only are as effective as the proactive planning and considerations that go into their development. Too often, planning accounts for only the most obvious considerations and does not incorporate essential considerations that have the most impact, including:

Information Infrastructure Requirements;
Remote Workforce/Pandemic Preparation;
Overlooked Threat Scenarios;
Table Top vs. Actual Tests.

This session will discuss the key elements of Business Resiliency and the considerations which should be made when developing or maturing this capability.

Biometrics: From Kabul to Washington

Interview with Lisa Swan
Deputy Director
Biometrics Task Force, U.S. Army

American combat forces deployed in Afghanistan and Iraq employ biometrics to tell our friends from insurgents and terrorists. Back home, the Defense Department uses similar fingerprint, iris and facial recognition tools to manage access to military bases and IT systems.

Coordinating Defense Department efforts to find new uses of biometrics on the battlefield and back home is the Army's Biometrics Task Force, which leads Defense Department efforts to program, integrate and synchronize biometric technologies and capabilities. The task force also operates DoD's biometrics database that supports the nation's security strategy.

In an interview with GovInfoSecurity.com's Eric Chabrow, Deputy Director Lisa Swan discusses the:

Synergy between the use of biometrics in combat and in the office;

Best situations to employ biometrics as a tool to authentic user access to IT systems; and

Evolution of biometrics as an authentication tool and where new research may pay off.

Swan began her government service 20 years ago. Prior to her current assignment, she served as director of the task force's Biometrics Integration Directorate, overseeing the integration, coordination, and synchronization of biometric technologies and capabilities across the Department of Defense. She holds a BS in material engineering from North Carolina State University and two MS degrees, one in systems engineering from Virginia Tech and the other in national resource management from the National Defense University.

Training Next Gen Army Brass on IT Security

Interview with Lt. Col. Gregory Conti of West Point

Army Lt. Col. Gregory Conti is a man on a mission, not only to educate the next generation of Army officers on cybersecurity, but to change the culture of the military to put cybersecurity on the same footing as an Air Force pilot, a Navy ship officer or an Army combat leader in career advancement.

In an interview with GovInfoSecurity.com, Conti, an academy professor of computer science at West Point who coordinates the United States Military Academy's cyber warfare curiccula, discusses the:

Importance of cybersecurity training at the academy, not just to computer science majors, but to all cadets;

Differences between cybersecurity and cyber warfare; and

Idea of creating a fourth military branch dedicated to defending the nation's IT assets.

Conti earned a bachelor degree in computer science at West Point in 1989, a year before laptops became standard issue to all cadets. Since then, Conti has earned a master and doctorate in computer science from Johns Hopkins University and George Institute of Technology, respectively. He also has written two books on cybersecurity, Googling Security (Addison Wesley, November 2008) and Security Data Visualization (No Starch Press, September 2007) as well as co-authoring with Army Col. Col John "Buck" Surdu an article proposing a fourth, coequal military branch focused on cybersecurity. Eric Chabrow, GovInfoSecurity.com managing editor, interviewed Conti.

Lockheed Martin's Point Man on Fed Cybersecurity

Interview with Charles Croom

Determining how best to secure the nation's critical IT infrastructure must be a collaborative effort by the federal government and the private sector, says Charles Croom, vice president of cybersecurity solutions at defense contractor and IT integrator Lockheed Martin.

A retired Air Force lieutenant general, Croom is an astute observer of government-private sector cooperation, having served as director of the Defense Information Systems Agency and commander of the Joint Task Force for Global Network operations.

In an interview, Croom discussed the:

Teamwork needed for government agencies to help develop federal cybersecurity policy regardless of the role the Department of Homeland Security plays;

Research and development efforts at Lockheed Martin that emphasize proactive cybersecurity solutions; and

Incentives government should provide businesses to comply with cyber regulations.

Croom spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.