OMB: Agencies Need Help With Old Problems

Chris WiedemannBy Chris Wiedemann, consultant

The cybersecurity challenges facing the government are well understood. Combine a highly federated environment, huge volumes of sensitive, classified or legally-protected data, all running on outdated legacy technology, and you get the government’s current situation: struggling to stay ahead of the latest threats in an increasingly dangerous digital environment.

Federal networks are very popular targets. The government deals with thousands of attacks each year – 35,277 in FY17, according to the most recent FISMA report. Moreover, the consequences of a successful attack are significant. Perhaps no data breach better exemplifies the dangers of lax security than the OPM attack in 2015, which exposed the personally identifiable information of millions of individuals to malicious actors and prompted a round of reports, recommendations and recriminations on the security posture of agency networks – as well as a renewed sense of urgency around security at the agency leadership level.

Read more of this post

Will AI be able to stop cybercrime?

cybersecurity, artificial intelligenceLloyd McCoy Jr.Real talk is finally starting on how to actually implement proactive cyber defense. We have to stop taking it on the chin from bad actors who find cyber intrusion and electronic warfare relatively simple and free from consequence.

Artificial intelligence (AI) is being touted as the next go-to technology for understanding potential threats in nearly every theater of war—from cybercrime to electronic warfare.

At a recent forum for government IT professionals, Ardisson Lyons of the Defense Intelligence Agency (DIA) said using standardized cloud-based platforms can improve big data analysis and consumption. An “Intelligent Simulation Center” can help immerse decision-makers in the information in a dynamic way.

Read more of this post

Technology’s risky. Can this security solution help?

Lloyd McCoy Jr.The recent media coverage about data leaks and breaches  and government surveillance has so much to do with privacy, security and access. We might as well as get comfortable with security as a major challenge given that people aren’t ready to part with their mobile devices and the convenience of being able to work wherever they want.

At the same time, business interest in the internet of things, especially in government agencies is growing.  But security in IoT is still a major hurdle, causing some agencies to pump the brakes a bit.

So where does that leave the tech sector? There may be a continuing stream of risk, but there’s also opportunity, especially for companies with Identity Access Management (IAM) solutions that can address some of these valid security concerns.

Read more of this post

When deception is a good thing

Silhouette of a hacker with binary codes on background

nick-mirabile-resized2By Nick Mirabile, director of cybersecurity

In 2013, a pro-Assad group known as the Syrian Electronic Army hacked into the Associated Press’ Twitter account and broadcast a fake report about explosions at the White House. It caused the Dow Jones industrial average to drop nearly 150 points, erasing $136 billion in market value.

This is cyber deception in action. Cyber attackers have long embraced deception with tactics such as social engineering help-desk employees to install Trojans or obtain users’ credentials. If deception can be used to attack, can it also be used in cyber defense?

Read more of this post

New Background Investigations System Has Significant IT Needs

Lloyd McCoy Jr.databreach_07212016By Lloyd McCoy Jr., DOD Manager

When more than 21 million background investigation records get stolen, you can bet your bottom taxpayer dollars that changes are afoot.

Enter the National Background Investigations Bureau (NBIB), the name of the new organization that will host an entirely new (and hopefully improved) background investigations system. Organizationally, this office will fall under the Office of Personnel Management (OPM), but the Defense Information Systems Agency (DISA) will handle the development and operation of the underlying IT system infrastructure.

Read more of this post

%d bloggers like this: