- While most are looking at the financial, socio-economic and national defense ramifications of the election, Nextgov takes a look the cyber ramifications of the election – Many federal leaders are political appointees, especially in the cyber realm. When the fallout from this election clears, we will have new appointees, ones who will dictate our cyber future. While neither candidate has openly discussed the issue, it will certainly happen. Via Nextgov, more here.
- Watchdog Warns of “Very Serious” Cybersecurity Failures at DOL – a September 7 letter from the DOL assistant inspector general for audit shows “significant weaknesses” in the PIV-II security program. ‘More than 75% of the users examined, the letter states, “were granted system access privileges exceeding authorization.”‘ Yikes. Weaknesses included former employees holding accounts after separation, role-based users (IE admins) holding accounts and accounts not being disabled. Via Heritage.org, more here.
- After Stuxnet: The new rules of cyberwar – Stuxnet has completely changed the way that critical infrastructure must approach information security. NERC chief cybersecurity officer Tom Roxy stated that “Awareness of the problem has been the biggest change.” Via Computerworld, more here.
- DHS continuous monitoring can’t automatically track devices or connections – In the annual assessment of DHS information systems, DHS has yet to fully automate matters and is lacking in tracking and managing devices. Additionally, DHS is manually tracking cloud-based systems inventory. Via FierceGovernmentIT, more here.
- New group strives to clarify, simplify cyber basics for agencies – The Consortium for Cybersecurity Action “will release an updated baseline of the 20 most important cyber controls, and it wants to become a resource to help agencies implement those security checks.” Via Federal News Radio, more here.