There’s been a lot of light and heat in the last week when it comes to the U.S. government and cyber security. After all, President Obama just released his Executive Order on cyber security, which puts an emphasis on identifying and protecting critical infrastructure and, just maybe, pushes the sprawling federal bureaucracy towards better security practices. But a just-released report from the Government Accountability Office (GAO) makes clear that, in the big scheme of things, the Executive Order is just window dressing on the mess that is the Federal Government’s handling of cyber security. The report, GAO-13-187 (PDF), is a round-up and updating of previous reports that studied aspects of federal cyber security as they affect a wide range of federal agencies. The GAO’s conclusion? Uncle Sam has made negligible progress towards improving the security of its information systems, and has little to show in key areas such as responding to […]
Tag: Policy
Funding Cut, Military’s List of Critical Defense Technologies Languishes
The U.S. Department of Defense is failing to adequately maintain its main reference list of vital defense technologies that should be banned from export, despite rules requiring its use and upkeep, according to a new report from the Government Accountability Office (GAO). The Militarily Critical Technologies List (MCTL) is “outdated and updates have ceased,” the GAO found in a report released this week. The list was intended as the DOD’s main resource for tracking sensitive technology and preventing its export to foreign nations or entities. But the government agencies charged with using the list say it is too broad and out-of-date to be of much use and have long since abandoned it. Now budget cuts to the program that maintains the list are forcing export control officials in the government to use alternative information sources and informal “networks of experts” to tell them what technologies are in need of protection, […]
University Course Will Teach Medical Device Security
The University of Michigan will be among the first to offer graduate students the opportunity to study the security of advanced medical devices. The course, EECS 598-008 “Medical Device Security” will teach graduate students in UMich’s Electrical Engineering and Computer Science program “the engineering concepts and skills for creating more trustworthy software-based medical devices ranging from pacemakers to radiation planning software to mobile medical apps.” It comes amid heightened scrutiny of the security of medical device hardware and software, as more devices connected to IP-based hospital networks and add wireless monitoring and management functionality. The new course comes amid rapid change in the market for sophisticated medical devices like insulin pumps, respirators and monitoring stations, which increasingly run on versions of the same operating systems that power desktops and servers. In 2011, the US Food and Drug Administration (FDA) reported that software failures were the root cause of a quarter […]
Report Warns of Growing ‘Dark Side’ of Cyberspace
The head of a prominent human rights groups has warned that increased state involvement in cyberspace, including surveillance, censorship, propaganda campaigns and offensive cyber operations threatens the future of the Internet as much as endemic problems like cyber crime – part of a growing “dark side” to cyberspace. Writing in the Penn State Journal of Law and International Affairs, Ronald Deibert, Director of Citizen Lab and Canada Centre for Global Security Studies said that threats to human rights and individual liberties come from a variety of states – from authoritarian regimes, to Latin American narco-states to liberal democracies in the West, as governments increasingly leverage the power of the Internet to monitor citizens’ behavior and impose limits on free expression. Citizen Lab, part of the Munk School of Global Affairs at the University of Toronto, has played a key role in high-profile investigations of cyber espionage including the now-infamous Ghost Net attacks on […]
Report: Insecure SEC Laptops Toted To Black Hat
What’s worse than neglecting to encrypt the data on the government-issue laptop you use to handle sensitive data related to the workings of U.S. equities markets? How about hopping on a plane and bringing said laptop with you to the Black Hat conference in Las Vegas, one of the world’s largest gatherings of hackers. That’s just one of the allegations in an as-yet unreleased Inspector General report on irregularities at the U.S. Securities and Exchange Commission (SEC), according to a report on Friday by Reuters. The Inspector General’s report, a copy of which was reviewed by Reuters, found evidence of widespread lapses in information security within the agency that acts as a watchdog over stock markets and exchanges within the U.S. Among other errors, staff at the SEC failed to encrypt laptops containing sensitive stock exchange data or even install antivirus software on those systems, Reuters reported. The Inspector General […]
