Continuous monitoring

What seemed like a simple objective, to develop and issue a standardized, electronically-verifiable identification card for civilian agency personnel, continues to encounter a barrage of technical and cultural challenges at a time when identification has become a critical component in the government’s efforts to embrace mobile and remote computing.

Despite the government’s aggressive push under the Identity, Credential and Access Management (ICAM) plan, only three departments are above minimum fielding levels and using the civilian personal identity verification (PIV) cards, said Paul Grant, director for cybersecurity policy in the Office of the DOD Chief Information Officer. And it remains unclear when the cards will be universally fielded across the civilian government. Keep reading →

The number of reported cybersecurity incidents involving federal information networks continues to increase while the posture of federal agencies to defend against them appears to be weakening in 2012, according to projected data from a Congressional watchdog agency.

The Government Accountability Office’s director of information security issues, Greg Wilshusen, in a presentation to federal and industry security officials, said that the rate of reported security incidents, which had leveled off in 2011 after a steady four-year climb, was expected to jump again in 2012. Keep reading →

The push to adopt continuous monitoring as a more advanced means for ensuring network security can only work if other network technologies are made secure, said a leading computer scientist from the National Institute of Standards and Technology.

Agencies need to understand the underlying security issues, beyond what continuous monitoring can offer, because adversaries can take advantage of weaknesses to bring down network capabilities, said Ron Ross, senior computer scientist and fellow at NIST. Ross (pictured above, seated far left) made the remarks at the recent Symantec Government Symposium on government security practices. Keep reading →

The recent GFIRST Conference – a forum for incident response and security teams – covered the gamut of security topics with a surprisingly colorful and entertaining array of session titles. While my session title, “Continuous Monitoring 2.0” , may have lacked the bedazzle factor of “Hack the database…and other cocktail party tricks”, “Bad Karma Chameleon”, “Welcome to McSecurity, would you like fries with your scan?”, it did capture audience sentiment about the government’s CyberScope initiative and the push for continuous network monitoring.

So what’s causing the angst among federal IT security managers about CyberScope’s current state of play? Keep reading →

Digital data is exploding and government agencies are facing a data visibility crisis.

By 2016, analysts predict there will be 760 million tablets in use worldwide and 1 billion people will own smartphones. And according to a survey by CDW Government, 99% of federal IT professionals have deployed mobile devices to agency employees with 44% of federal employees reporting using their personal mobile devices for work purposes. Keep reading →