recommended reading


Cyber Policy Still Stuck in the ‘90s

By Jessica Herrera-Flanigan // October 22, 2014

Maksim Kabakou/

A few weeks ago, I wrote about the need to move the cybersecurity dialogue to its next stage and to start to seriously consider what disruptors are sitting out there that could help us do so.

I identified four areas ripe for discussion.

  • Policy disruptors
  • Data breaches vs. cybersecurity
  • Cyber weaponization
  • Post-Snowden security  

Let’s start this disrupting conversation by looking at policy disruptors.

To do that, we have to go back to the Clinton administration.

Back in 1997 and 1998, we saw the issuance of the President’s Commission on Critical  Infrastructure Protection. This was a report on the scope and nature of the vulnerabilities and threats to the nation’s key industries, like power and water systems. Then, in 1998 came the release of Presidential Decision Directive 63.

Those cutting-edge Clinton-era efforts talked about the “shared responsibility and partnership between owners, operators and government.” They discussed incentives and only using regulation in the “face of a material failure of the market.”  

Research and development investments as well as government procurement were also discussed. Information sharing, including the legal impediments and possible liability issues, insurance and standards were all evaluated and deemed necessary.

Fast forward 17 years, through countless...

Do We Need to ‘Disrupt’ the Cybersecurity Status Quo?

By Jessica Herrera-Flanigan // September 25, 2014

Maksim Kabakou/

Next Wednesday marks the beginning of the 11th annual Cybersecurity Awareness Month.

The Department of Homeland Security says the month is designed to “engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident.”

In anticipation of the celebration – the National Cyber Security Alliance has deemed it something to “celebrate.” 

I have not written a great deal in the last several months about cybersecurity. In fact, one of my posts earlier this year noted that it seemed as if there was cybersecurity overkill going on, and I wanted to step back and take a deep breath and do an inventory of cybersecurity policy. 

Now, as we embark on a month of “cyber-celebration,” it seems like a good time to step back into the fray and give some thoughts on the topic. 

Specifically, I thought it would be helpful to look at how we could “disrupt” cybersecurity in the way Netflix disrupted video watching, Uber disrupted the taxi/car service, Zillow disrupted how we went about making housing decisions and other companies are disrupting various aspects of how...

Will Obama's New Tech Squad Include Cyber Experts?

By Aliya Sternstein // August 25, 2014

Erika Cross/

It remains to be seen whether data security experts will be assigned to a White House tech squad recently forged to ensure government websites work better than the initial, botched, Obama administration officials said Monday.

Privacy advocates, and even Google, are calling on websites worldwide to offer stronger safeguards, following a spate of data breaches and allegations of government snooping.

In June, a study on online trust found that social networks outperform government sites in protecting site visitors with encryption.

The new U.S. Digital Service was described Aug. 11 by officials as a small team of America’s best digital experts who will “remove barriers to exceptional service delivery and help remake the digital experience that people and businesses have with their government.”

Why was there no mention of security or privacy in a Digital Service blog post or fact sheet released that day?

Officials on Monday told Nextgov they are still building the crew and consulting with agencies to identify weak spots in site design and performance, so the focus of projects is unknown.

If the past year is any indicator, security is a “gap area” in government-speak.

Federal Sites Not Immune To Security Concerns


How Cyber Scary Is It Outside Today?

By Aliya Sternstein // July 16, 2014

We have shrunk ThreatWatch, Nextgov's online rundown of the latest reported breaches, into an iPhone app that offers more news and numbers. 

You'll still find depictions of hacks hitting agencies, retailers and every sector daily, but now there also are threat-level scores and story feeds from around the globe.

This infotainment tool – “NG Cybersecurity” -- is designed to raise cybersecurity awareness among the uninitiated and keep experts up to date. 

For instance, today's government sector score is 29, on a 100-point scale, according to data analytics company HackSurfer. The health care industry is on the lower end of the spectrum, at 5. Recent agency-related hacks include allegations a Chinese entrepreneur stole data about a U.S. military cargo plane. In the health world, a plastic surgeon provided a female's before-and-after photos to a television station for a public broadcast. 

You'll see tech security stories from the Guardian, Wired and other reputable publications streamed constantly, along with commentary from cyber firms, such as Sophos and Malwarebytes. Nextgov's award-winning reporting is also in the mix.

The app is free and available for download at the iTunes App Store

Senate Defense Bill Unearths NSA ‘Sharkseer’ Program

By Aliya Sternstein // May 28, 2014


Highlights from the Senate Armed Services Committee's new defense policy bill show lawmakers would like to drop $30 million on an obscure National Security Agency cybersecurity program called Sharkseer. 

There is little official, public information on the program. Based on a job posting for a contractor position, its sounds like an automated network-surveillance system -- just for military networks -- fueled by intelligence on potential hazards. Hazards like the leaks on domestic spying by ex-NSA contractor Edward Snowden? Unclear. 

All we officially know about the program, from committee spokeswoman Tara Andringa, is that the Senate’s 2015 National Defense Authorization Act would authorize money for NSA to use technology available in the marketplace for detecting suspicious communications and blocking them before they can do damage.

“Defense needs to explore a wide range of approaches to address the ever-increasing cyber threat,” she told Nextgov on Wednesday afternoon. “Taking advantage of creative solutions developed in the private sector is a path that we can't afford to neglect.”

A September 2013 job opening at Leidos, a spinoff of defense contractor SAIC, provides a few more details, including that Sharkseer will combine the company's CloudShield hardware with "vendor software such as McAfee, FireEye...