The Cybersecurity Framework is a work in progress. It has been generally well received by industry, but the old bugaboo of cybersecurity sharing remains a challenge as NIST mulls the next steps.
The United States is capable of wonderful innovation and spectacular achievements, from highway systems to fleets of satellites. But a lack of appetite for maintaining these accomplishments threatens our security and well-being.
The federal government has produced a body of standards and guidelines—including the NIST Cybersecurity Framework—that can help the private sector as well as government agencies improve information security.
Antivirus company Avira reports a new wrinkle in malware: A phishing e-mail that contains explicit instructions for infecting your computer. It’s so crazy, it just might work.
Agencies are getting more and better technology, but IT is not providing the productivity and return that it could. Federal customers need to partner with vendors to focus on mission and outcome for IT, not just functionality and affordability.
With many states relying on IT systems that are 20 years old or more, government agencies are challenged to secure legacy technology that is no longer supported and often hidden from view.
While the Justice Department is trying to get backdoors into mobile consumer devices, NIST is working to improve security and privacy of electronic medical records and devices.
Cybersecurity has a high profile in the president’s agenda for his final year. There are some good ideas in his Cybersecurity National Action Plan, but whether they translate into improved security will depend on Congress and the next president.
The Defense Department has given contractors two years to meet new requirements for securing sensitive DOD data on nonfederal IT systems, responding to industry concerns over moving too quickly to the new standards.
DHS plans to begin an automated threat information sharing program for the private sector this month. Not everyone is enthusiastic, but some think the department can be a catalyst for improved cybersecurity collaboration.