In the waning months of the Obama administration, the White House is racing to lay the groundwork for an enduring plan to shore up the nation's critical digital infrastructure.Yesterday, President Obama described the digital age as a sort of double-edged sword, at once delivering "incredible opportunity, incredible wealth," while also presenting a new set of complex and evolving security challenges that arise from an environment where "more and more of our lives are being downloaded, being stored, and as a consequence are a lot more vulnerable."[ Related: Government ranks last in fixing software security holes ]To read this article in full or to leave a comment, please click here
WASHINGTON -- It's a scary prospect, barreling down the highway when a hacker seizes control of your brakes and power-steering system.The specter of hacking a vehicle, potentially a matter of life and death, demands auto makers to elevate security as a priority as they develop ever-more sophisticated in-car technology, a member of the Federal Trade Commission is warning.[ Related: Senators call for investigation of potential safety security threats from connected cars ]To read this article in full or to leave a comment, please click here
The Federal Trade Commission yesterday unveiled a revamped online hub where victims of identity theft can file complaints and receive a personalized recovery plan to regain control of their personal and financial information and accounts.[ Related: Identity theft hit 7% of U.S. population last year ]At IdentityTheft.gov, consumers can navigate through a series of questions about how their information was compromised (e.g. data breach, lost wallet, etc.) that will then produce a list of steps to take to mitigate the damage from the identity theft.To read this article in full or to leave a comment, please click here
Even as an overwhelming majority of large global enterprises feel vulnerable to data breaches and other security threats, too many organizations continue to approach cybersecurity as a compliance exercise, according to a new survey from the security vendor Vormetric.In a poll of more than 1,100 security executives around the world, 91 percent of respondents consider their organization to be vulnerable to internal or external data threats.And yet, 64 percent of respondents express the view that compliance is a "very" or "extremely" effective strategy in staving off data breaches, up six percentage points from last year's survey.To read this article in full or to leave a comment, please click here
Authorities at the Federal Trade Commission are working overtime to keep up with the ever-changing online privacy landscape, a fast-moving environment that is highly technical but also keys into the core consumer-protection functions of the agency.FTC officials recently hosted a day-long privacy conference that saw a parade of academics present their latest research on the ways that online companies are collecting and using their customers' personal information.FTC Chair Edith Ramirez has made no secret of her worry that some companies may be stepping over the line in their information-gathering practices, deliberately obscuring the details of what data they collect, how long they hold onto it and what they do with it.To read this article in full or to leave a comment, please click here
The association representing state CIOs has an ambitious policy agenda in the nation's capital this year, when members and their advocates will be appealing to Congress for help in securing critical infrastructure and for relief from a thicket of federal regulations.At the top of the list is cybersecurity, perhaps unsurprising given that members of the National Association of State CIOs (NASCIO) ranked that issue at the top of their own set of operational priorities late last year.[ Related: State CIOs will focus on security and cloud in 2016 ]To read this article in full or to leave a comment, please click here
The nation's top technology regulators provided a glimpse of the year to come this week at the Consumer Electronics Show in Las Vegas, offering a warning about privacy and an ambitious projection for a spectrum auction to boost mobile broadband capacity.Tom Wheeler and Edith Ramirez, the respective chairs of the Federal Communications Commission and Federal Trade Commission, sat for an on-stage interview with Gary Shapiro, head of the Consumer Technology Association, which puts on the annual tech gala.Privacy and consumer protection top FTC’s priority list
Privacy and consumer-protection considerations remain at the forefront at the FTC, which has been probing the consumer implications of a variety of emerging technologies, including big data and the Internet of things.To read this article in full or to leave a comment, please click here
Satya Nadella will have you know that cybersecurity takes a village.The Microsoft CEO took to the stage this week in the nation's capital to describe a new, collaborative approach the company is taking as it deals with an evolving set of digital threats targeting an increasingly distributed tangle of users, devices and systems.[ Related: CISOs learn 5 tough lessons about conveying security risks ]Nadella positions the cyber challenge as the latest entry on a continuum of threats that have emerged with new methods of communication, recalling the emergence of mail fraud and wire fraud, and calling cyber "one of the most pressing issues of [our] time."To read this article in full or to leave a comment, please click here
When the Office of Management and Budget rolled out its far-reaching blueprint for federal agencies to improve their cybersecurity posture, it identified a number of areas where government CIOs and CISOs can improve, including rapid detection and response to incidents and the need to recruit and retain top security talent.The Cybersecurity Strategy and Implementation Plan (PDF available here) also highlights the need for agencies to take steps to mitigate one of the more pervasive -- and overlooked -- security risks: insider threats.[ Related: Insider threats force balance between security and access ]To read this article in full or to leave a comment, please click here
On the eve of a significant agreement between the United States and China on trade and information security, the head of the National Security Agency cautioned that the two superpowers must develop a set of norms that would curb cyber-espionage and theft of intellectual property from U.S. firms.Adm. Michael Rogers appeared in a rare open hearing of the Senate intelligence committee to offer an update on the agency's work, with a particular focus on the various cyberthreats, which increasingly are coming from state-sponsored actors.[ Related: What would a U.S.-China cybertreaty really mean? ]To read this article in full or to leave a comment, please click here
Federal consumer-protection authorities have called on the entrepreneurs building tech startups to prioritize cybersecurity from the earliest stages of the development process.[ Related: Tech startups need to get serious about security ]But a variety of factors -- cost, lack of technical expertise, rush to market, etc. -- can make security seem like more of a burden or an impediment to the startup's growth than anything else.To read this article in full or to leave a comment, please click here
The head of the nation's primary consumer protection agency on Wednesday paid a visit to San Francisco, where she called on technology startups to do a better job of incorporating security protections as they race to bring new applications into the market.Federal Trade Commission Chairwoman Edith Ramirez's comments amplified the agency's "Start With Security" initiative, a program that aims to encourage businesses to prioritize cybersecurity as an integral part of their product development.[ Related: The 7 deadly sins of startup security ]To read this article in full or to leave a comment, please click here
Federal authorities are marching ahead with a new framework for opening government data, a process that aims to consolidate department and agency datasets into a standardized format and make them accessible for the public.Christina Ho, deputy assistant secretary for accounting policy and financial transparency at the Treasury Department, recently provided an update on the rollout of the 2014 DATA Act, a sweeping bill that for the first time mandates a holistic system for making government spending data transparent and freely available.To read this article in full or to leave a comment, please click here
Government CIOs have been struggling mightily with developing prudent policies to enable employees to use their personal mobile devices for work without putting sensitive information at risk or otherwise compromising the security of agency systems.[ All About BYOD: Strategies, Resources, News and More ]As it turns out, many federal employees haven't been waiting for those policies to take effect before introducing their devices into the workplace.To read this article in full or to leave a comment, please click here
WASHINGTON -- If startups in the tech sector and other high-growth industries are going to continue to emerge and thrive, the business landscape must become a more inclusive environment, one that is more welcoming of women, minorities and regions outside major urban and university centers, the White House is warning."We've got to make sure that everybody is getting a fair shot," President Obama said this week in remarks at the White House. "The next Steve Jobs might be named Stephanie or Esteban. They might never set foot in Silicon Valley. We've got to unleash the full potential of every American -- not leave more than half the team on the bench."To read this article in full or to leave a comment, please click here
It's no secret that U.S. government agencies and businesses are the target of around-the-clock cyber intrusions, many carried out by or at the behest of foreign nation-states.But how exactly should the feds respond to those incursions?Ask a random sample of Americans and you'll likely get a very different answer than if you polled the State Department.In a recent flash survey of more than 1,000 U.S. adults commissioned by the security vendor Vormetric, a quarter of the respondents said that the United States should cut off all ties to any nation responsible for compromising U.S. government data.To read this article in full or to leave a comment, please click here
The recently disclosed data breach at the U.S. government's Office of Personnel Management follows a long history of lax security at the agency, according to the inspector general's office.In testimony before a joint House subcommittee hearing, Michael Esser, OPM's assistant inspector general for audits, told lawmakers that the agency's "long history of systemic failures to properly manage its IT infrastructure" may have invited a pair of related hacking incidents that compromised more than 21 million current and former government employees' personal information.[ Related: The OPM lawsuit will only make the lawyers rich ]To read this article in full or to leave a comment, please click here
If government CIOs want to bring IT out of the shadows, they need to start by understanding what kind of tools agency personnel need to do their jobs.That's one of the chief takeaways from a new study looking at shadow IT in the government -- those unauthorized applications and services that employees use without the permission of the CIO and the tech team.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers
The new analysis, conducted by cloud security vendor Skyhigh Networks, identifies a startling amount of applications in use in public-sector organizations. According to an analysis of log data tracking the activities of some 200,000 government workers in the United States and Canada, the average agency uses 742 cloud services, on the order of 10 to 20 times more than the IT department manages.To read this article in full or to leave a comment, please click here
There is no shortage of interest in mobile health applications, which span everything from pedometers to Wi-Fi-enabled pacemakers, but what happens with all that data?The New American Foundation, a Washington think tank, waded into that debate with a pair of recent panel discussions where experts acknowledged that the security risks around health IT systems are high, and the medical profession, as a whole, has a ways to go to get its cyber house in order.[ Related: Will Healthcare Ever Take IT Security Seriously? ]To read this article in full or to leave a comment, please click here
Kenneth Corbin