POLICY: February 2009 Archives

The National Institute of Standards (NIST) have released revised guides providing advice for protecting the wide variety of private and mobile devices from threats.  Together with the preponderance of dangerous malware on the Web, the vulnerability of wireless transmissions from mobile devices has created dramatic new security challenges. READ MORE

"In terms of remote access security, everything has changed in the last few years. Many Web sites plant malware and spyware onto computers, and most networks used for remote access contain threats but aren't secured against them," says Karen Scarfone of NIST's Computer Security Division. "However, even if teleworkers are using unsecured networks, the guide shows the steps organizations can take to protect their data."

Among these steps is the recommendation that an organization's remote access servers--the computers that allow outside hosts to gain access to internal data--be located and configured in ways that protect the organization. Another is to ensure that all mobile and home-based devices used for telework be configured with security measures so that exchanged data will maintain its confidentiality and integrity. Above all, Scarfone says, an organization's policy should be to expect trouble and plan for it.

"You should assume external environments contain hostile threats," she says. "This is a real philosophy shift from several years ago, when the attitude was essentially that you could trust the home networks and public networks used for telework."

The new guide provides recommendations for organizations. DOWNLOAD

A companion publication* offers advice for individual users on securing their own mobile devices. DOWNLOAD

At the recent Black Hat DC conference Paul Kurtz's keynote address gave a sobering view of info sharing and deterrence in the cyber security world.

If there were a major failure of Internet infrastructure a "cyber-Katrina"--he said it simply isn't clear which government agency would be in charge of fixing it. "That's pretty darn scary," he added.  READ MORE

To see Dr. Kurtz's keynote at the Black Event and the Black Hat kickoff,  click here...

In a recent report to the Senate Select Committee on Intelligence the Director of National Intelligence outlined the key findings of the "Annual Threat Assessment of the Intelligence Community." 

Given that Al Qaeda and affiliated terrorist groups have made it clear that they would like to attack in a way that dramatically impacts America's economic stability, a catastrophic attack or attacks during this time of fiscal instability could be potentially devastating. READ MORE

Annual Threat Assessment of the Intelligence Community

President Obama has directed the National Security and Homeland Security Advisors to conduct an immediate 60-day review of the plan, programs, and activities underway throughout the government dedicated to cyber security. READ MORE

White House Brief

The U.S. House of Representatives has passed a bill that seeks to reduce the over-classification of intelligence information and increase the amount that gets shared. "Though hard to believe, sheriffs and police chiefs can't readily access the information they need to prevent or disrupt a potential terrorist attack because those at the federal level resist sharing information," U.S. Representative Jane Harman said. "Over-classification and pseudo-classification -- stamping with any number of sensitive but unclassified markings -- remain rampant." READ MORE

BACKGROUND: The House Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment had a Hearing: "A Report Card on Homeland Security Information Sharing" in September 2008. Recommend folks read the testimony by John McKay.  He presents a good summary of the "real state" of information sharing programs. MORE

The Office of Director of National Intelligence has recently released the report An Overview of the United States Intelligence Community for the 111th Congress...

The annual "Report Card" produced by the American Society of Civil Engineers concludes the nation's infrastructure programs still stands at a D average. Deteriorating conditions and inflation have added hundreds of billions to the total cost of repairs and needed upgrades. ASCE's current estimate is $2.2 trillion, up from $1.6 trillion in 2005. READ MORE