Cybersecurity | The Contracting Education Academy

November 20, 2018 By cs

Supply chain task force looks to keep ‘lemons’ out of the federal IT ecosystem

The Department of Homeland Security announced the roll out of its supply chain security task force on Information and Communications Technology.

At a Nov. 1 meeting of the Information Security and Privacy Advisory Board, a DHS official provided more details on the group’s composition and mission.

The task force will consist of approximately 60 members — drawn equally from the federal government, the tech sector and the communications sector, according to Emile Monette, a cybersecurity strategist at DHS and co-chair. Monette told FCW after the meeting that “most” of the group’s membership has been solidified, but that DHS is planning to provide more specifics in the next few weeks.

An executive committee, roughly half the full task force’s size, will meet in mid-November to begin laying out priorities and setting up work streams, such as tweaking to Federal Acquisition Regulation rules requiring the government to purchase certain IT and communications products from the original manufacturer or authorized resellers.

Keep reading this article at: https://fcw.com/articles/2018/11/01/supply-chain-dhs-lemons.aspx

November 8, 2018 By cs

DoD task force addresses the growing threats to critical technology

Amid an alleged campaign of hacking by the Chinese government, efforts are taking place to prevent the exfiltration of data and protect sensitive information that is stored in the U.S. government and the defense-industrial base.

In a memo dated Oct. 24, Secretary of Defense Jim Mattis announced the creation of the Protecting Critical Technology Task Force to safeguard critical American technology.

“Each year, American businesses lose hundreds of billions of dollars while our military superiority is challenged,” Deputy Secretary of Defense Patrick M. Shanahan said in a statement. “Together with our partners in industry, we will use every tool at our disposal to end the loss of intellectual property, technology and data critical to our national security.”

The PCTTF will report to Shanahan and Gen. Paul Selva, the vice chairman of the joint chief of staff. It includes representatives from the Central Intelligence Agency and the Defense Security Service, according to an industry official briefed on the matter.

Keep reading this article at: https://www.fifthdomain.com/dod/2018/11/02/a-new-dod-task-force-addresses-the-growing-threats-to-critical-technology/

November 6, 2018 By cs

Cyber supply chain task force to meet soon

A task force focused on reducing cybersecurity risks in the nation’s technology and communications supply chain will meet for the first time in the next few weeks, the Homeland Security Department announced last week.

Homeland Security Secretary Kirstjen Nielsen announced the task force’s creation during a cyber conference in New York in July during which she also announced the creation of a new Homeland Security division, the National Cyber Risk Management Center, focused on long-range cyber issues.

The task force will be chaired by private sector leaders but will be sponsored by the risk management center, according to a Homeland Security news release.

The task force will focus on government and industry supply chains and criminal and nation-state hacker efforts to compromise contractors and subcontractors deep within those supply chains, the department said.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2018/10/cyber-supply-chain-task-force-meet-soon/152429/

October 12, 2018 By cs

GAO reviews agency actions in the wake of Equifax data breach

It’s easy to forget that roughly a year ago, Equifax was hacked, which compromised the personal information of roughly 145.5 million individuals.

The scope of the breach was concerning for a number of reasons, not the least of which was the fact that Equifax was providing identity verification services for three federal agencies at the time it was attacked.

In a recent report, GAO reviewed how these agencies responded to the attack. While not making any specific recommendations at this time, GAO’s report does highlight the extent to which federal agencies were not fully prepared for cyberattacks on private contractors.

Prior to the Equifax breach, the IRS, the Social Security Administration, and USPS contracted with Equifax to provide identity verification services. These agencies relied on Equifax’s databases to verify the identities of individuals applying for various services. For example, the IRS used Equifax servers to verify identities for tax return purposes.

Following the Equifax cyberattack, agencies took a variety of steps to assess the situation and make proactive changes to their contracts with Equifax. Foremost was notifying impacted individuals. While there was no breach of agency systems in connection with the Equifax attack, there was nevertheless concern that impacted individuals may have had an increased risk for identity theft. Accordingly, one of the first actions taken by the impacted agencies was to notify impacted individuals.

Keep reading this article at: http://smallgovcon.com/uncategorized/gao-reviews-agency-actions-in-the-wake-of-equifax-data-breach/

October 10, 2018 By cs

Senate agrees federal cybersecurity office should have name to match

The lead office governmentwide for handling cybersecurity issues in the public and private sector was finally granted something officials had long sought: actually including “cybersecurity” in the office’s name.

Wednesday, Senate lawmakers passed a long-awaited bill to rename the Homeland Security Department’s point office for cybersecurity, the National Protection and Programs Directorate, to something more fitting. The Cybersecurity and Infrastructure Security Agency Act of 2017—which passed by unanimous consent—would change the office’s title to the Cybersecurity and Infrastructure Security Agency, or CISA.

As the name suggests, the office will lead efforts on cybersecurity of federal networks and critical infrastructure and coordinating between the government and private sector. The legislation also gives the office purview over “DHS’s responsibilities concerning chemical facilities antiterrorism standards.”

Keep reading this article at: https://www.nextgov.com/cybersecurity/2018/10/senate-agrees-federal-cybersecurity-office-should-have-name-match/151791/

The Department of Homeland Security announced the roll out of its supply chain security task force on Information and Communications Technology.

Amid an alleged campaign of hacking by the Chinese government, efforts are taking place to prevent the exfiltration of data and protect sensitive information that is stored in the U.S. government and the defense-industrial base.

A task force focused on reducing cybersecurity risks in the nation’s technology and communications supply chain will meet for the first time in the next few weeks, the Homeland Security Department announced last week.

It’s easy to forget that roughly a year ago, Equifax was hacked, which compromised the personal information of roughly 145.5 million individuals.

The lead office governmentwide for handling cybersecurity issues in the public and private sector was finally granted something officials had long sought: actually including “cybersecurity” in the office’s name.

Search this Website