Cybersecurity

ARCHIVES

Will Obama's New Tech Squad Include Cyber Experts?

By Aliya Sternstein // August 25, 2014

Erika Cross/Shutterstock.com

It remains to be seen whether data security experts will be assigned to a White House tech squad recently forged to ensure government websites work better than the initial, botched HealthCare.gov, Obama administration officials said Monday.

Privacy advocates, and even Google, are calling on websites worldwide to offer stronger safeguards, following a spate of data breaches and allegations of government snooping.

In June, a study on online trust found that social networks outperform government sites in protecting site visitors with encryption.

The new U.S. Digital Service was described Aug. 11 by officials as a small team of America’s best digital experts who will “remove barriers to exceptional service delivery and help remake the digital experience that people and businesses have with their government.”

Why was there no mention of security or privacy in a Digital Service blog post or fact sheet released that day?

Officials on Monday told Nextgov they are still building the crew and consulting with agencies to identify weak spots in site design and performance, so the focus of projects is unknown.

If the past year is any indicator, security is a “gap area” in government-speak.

Federal Sites Not Immune To Security Concerns

Several ...

How Cyber Scary Is It Outside Today?

By Aliya Sternstein // July 16, 2014

We have shrunk ThreatWatch, Nextgov's online rundown of the latest reported breaches, into an iPhone app that offers more news and numbers. 

You'll still find depictions of hacks hitting agencies, retailers and every sector daily, but now there also are threat-level scores and story feeds from around the globe.

This infotainment tool – “NG Cybersecurity” -- is designed to raise cybersecurity awareness among the uninitiated and keep experts up to date. 

For instance, today's government sector score is 29, on a 100-point scale, according to data analytics company HackSurfer. The health care industry is on the lower end of the spectrum, at 5. Recent agency-related hacks include allegations a Chinese entrepreneur stole data about a U.S. military cargo plane. In the health world, a plastic surgeon provided a female's before-and-after photos to a television station for a public broadcast. 

You'll see tech security stories from the Guardian, Wired and other reputable publications streamed constantly, along with commentary from cyber firms, such as Sophos and Malwarebytes. Nextgov's award-winning reporting is also in the mix.

The app is free and available for download at the iTunes App Store

Senate Defense Bill Unearths NSA ‘Sharkseer’ Program

By Aliya Sternstein // May 28, 2014

m00osfoto/Shutterstock.com

Highlights from the Senate Armed Services Committee's new defense policy bill show lawmakers would like to drop $30 million on an obscure National Security Agency cybersecurity program called Sharkseer. 

There is little official, public information on the program. Based on a job posting for a contractor position, its sounds like an automated network-surveillance system -- just for military networks -- fueled by intelligence on potential hazards. Hazards like the leaks on domestic spying by ex-NSA contractor Edward Snowden? Unclear. 

All we officially know about the program, from committee spokeswoman Tara Andringa, is that the Senate’s 2015 National Defense Authorization Act would authorize money for NSA to use technology available in the marketplace for detecting suspicious communications and blocking them before they can do damage.

“Defense needs to explore a wide range of approaches to address the ever-increasing cyber threat,” she told Nextgov on Wednesday afternoon. “Taking advantage of creative solutions developed in the private sector is a path that we can't afford to neglect.”

A September 2013 job opening at Leidos, a spinoff of defense contractor SAIC, provides a few more details, including that Sharkseer will combine the company's CloudShield hardware with "vendor software such as McAfee, FireEye ...

HHS, DHS and EPA Don’t Need to Dole Out New Cyber Rules

By Aliya Sternstein // May 22, 2014

White House Cybersecurity Coordinator Michael Daniel
White House Cybersecurity Coordinator Michael Daniel // Ann Heisenfelt/AP

White House officials on Thursday announced that the departments of Homeland Security and Health and Human Services, along with the Environmental Protection Agency, do not need to impose new regulations to defend industry against hacks, because voluntary measures will suffice.

Obama administration officials stopped short of saying whether independent regulatory agencies should prescribe new cyber rules for the energy, financial and other critical sectors. 

A February 2013 presidential executive order required agencies to determine whether current rules are sufficient to carry out forthcoming industry cyber standards. The standards, which came out in February and presently are voluntary, instruct organizations on how to identify, respond and recover from network disruptions. 

"The major outcome is that the administration’s analysis supports our current voluntary approach to address cyber risk," White House Cybersecurity Coordinator Michael Daniel said in a blog post. "The administration has determined that existing regulatory requirements, when complemented with strong voluntary partnerships, are capable of mitigating cyber risks to our critical systems and information."

Much of the nation's critical infrastructure is governed by independent regulators, which were not required to do an analysis, he noted. 

"The analysis conducted pursuant to [the order] represents a limited subset of critical infrastructure ...

USPS Employees Get Fake USPS Phishing Emails, Too

By Aliya Sternstein // May 21, 2014

Paul Sakuma/AP file photo

Postal Service personnel, who, like all of us, receive bogus emails claiming to be from the USPS, have a few ways of dealing with the threats that are sometimes part of mass spam campaigns and occasionally hack attempts targeted at feds.

An exchange of emails among users of the U.S. government's Web content managers listserv highlights the desire to keep tabs on the motives in play. 

A couple of years ago, listerv users, including "From: @USPSOIG.GOV,” wrote about receiving malicious Postal Service emails. The Postal Service IG recipient asked other government Web managers to send similar emails for record-keeping purposes. In reply, listserv user "From: @US.ARMY.MIL" forwarded one such bogus message that he or she received.

The government provided Nextgov with the listserv messages in response to an open records request, after redacting the individuals’ names.

The exchange transpires as follows:

From: @USPSOIG.GOV>

Date: Friday, May 18, 2012 11:00

Subject: Re: [CONTENT-MANAGERS-L] Any USPS members on the list?

To: CONTENT-MANAGERS-L@LISTSERV.GSA.GOV

Hi -

I'm with USPS-OIG.

 

There are a series of malicious spam, phishing scheme and/or virus

emails going around masked as coming from USPS. I actually

received some myself ...