A NIST panel, working with the electric industry, has developed a guide for centralizing ID and access management to better protect the evolving Smart Grid from online and internal threats. As the electric power industry upgrades its legacy systems to an interactive Smart Grid that enables remote monitoring and a two-way flow of information, vulnerabilities … Continue reading “How To” Guide for ID and Access Management in the Electric Industry
Publications
FCC Reminds Commercial WiFi Providers that the Airwaves Belong to the public
The FCC has fined a networking company for blocking independent WiFi access in convention halls, the second major action against companies using deauthentication technology in two years. Blocking any legal radio communications is illegal. If you take your laptop or tablet to tradeshows and conferences, you know it can be a headache connecting to the … Continue reading FCC Reminds Commercial WiFi Providers that the Airwaves Belong to the public
U.S. Seeks Better International Cooperation on Cybersecurity Standards
The Obama administration wants to leverage U.S. participation in international standards-making to improve the nation’s cybersecurity. The Obama administration wants to improve coordination between federal agencies and with other nations in developing technical standards to help improve U.S. cybersecurity. The nation’s economy and security increasingly depend on the use of commercial IT products and international … Continue reading U.S. Seeks Better International Cooperation on Cybersecurity Standards
FedRAMP Continues its Evolution
Six months into FedRAMP Forward, a two-year initiative to improve agency adoption of cloud services, the program is citing success and continuing to fine tune policies. The FedRAMP Program Management Office says that 82 percent of more than 1,400 federal cloud implementations have received FedRAMP authorization and that the program saves an estimated $70 million … Continue reading FedRAMP Continues its Evolution
Senators Want Agencies to Get Serious About Cybersecurity; But is Congress Serious?
A Senate bill would require agencies to deploy the EINSTEIN intrusion prevention system and implement basic cybersecurity practices in an effort to stem breaches of federal information systems. It remains to be seen whether additional congressional mandates would make any difference. The Senate Homeland Security and Governmental Affairs Committee has approved a bill that would … Continue reading Senators Want Agencies to Get Serious About Cybersecurity; But is Congress Serious?
Working to keep PIV credentials up-to-date
The government has issued millions of PIV cards containing digital credentials to federal employees and contractors. Although government still lags in using these credentials for secure access to IT systems, NIST is working to keep the credentials relevant in a mobile world. The National Institute of Standards and Technology is asking for feedback on a … Continue reading Working to keep PIV credentials up-to-date
IPv4 enters the final countdown in North America
The pool of available IPv4 addresses—Internet Classic—is entering its final phase of depletion, according to North America’s regional Internet registry. This does not mean that IPv4 will be disappearing any time soon, but it does mean that growth in the Internet will require adoption of the next generation IPv6 addresses, or that organizations will have … Continue reading IPv4 enters the final countdown in North America
It’s time to ditch the “glitch”
The term “computer glitch” has become a shorthand way of avoiding responsibility for failures when information technology doesn’t work. With IT underlying so much of our lives and economy we should expect to know what went wrong and why. It has been a busy week for the computer glitch. On Wednesday, July 8, United Airlines … Continue reading It’s time to ditch the “glitch”
DHS gets mandate to implement interoperable communications
More than a decade after its creation, agencies of the Homeland Security Department still are not able to effectively communicate with each other. A bill now awaiting the president’s signature would require DHS to create a strategy for interoperable communications. Since its formation in 2003, the Homeland Security Department (DHS) has awarded $18.5 billion in … Continue reading DHS gets mandate to implement interoperable communications
GAO: Agencies still have a long way to go in improving cybersecurity
Some governmentwide programs offer the promise of improved security in federal information systems, but cybersecurity remains a high risk area and threats to sensitive personal information continue to grow. After almost 20 years on the Government Accountability Office’s (GAO) list of high risk programs, federal information security remains inadequate and threats to sensitive information being … Continue reading GAO: Agencies still have a long way to go in improving cybersecurity