Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: PC Security

Federal Information Security: Actions Needed to Address Challenges

Federal Information Security: Actions Needed to Address Challenges, GAO-16-885T: Published: Sep 19, 2016. Publicly Released: Sep 20, 2016.

“Cyber incidents affecting federal agencies have continued to grow, increasing about 1,300 percent from fiscal year 2006 to fiscal year 2015. Several laws and policies establish a framework for the federal government’s information security and assign implementation and oversight responsibilities to key federal entities, including the Office of Management and Budget, executive branch agencies, and the Department of Homeland Security (DHS). However, implementation of this framework has been inconsistent, and additional actions are needed: Effectively implement risk-based information security programs. Agencies have been challenged to fully and effectively establish and implement information security programs. They need to enhance capabilities to identify cyber threats, implement sustainable processes for securely configuring their computer assets, patch vulnerable systems and replace unsupported software, ensure comprehensive testing and evaluation of their security on a regular basis, and strengthen oversight of IT contractors. Improve capabilities for detecting, responding to, and mitigating cyber incidents. Even with strong security, organizations can continue to be victimized by attacks exploiting previously unknown vulnerabilities. To address this, DHS needs to expand the capabilities and adoption of its intrusion detection and prevention system, and agencies need to improve their practices for responding to cyber incidents and data breaches. Expand cyber workforce and training efforts. Ensuring that the government has a sufficient cybersecurity workforce with the right skills and training remains an ongoing challenge. Government-wide efforts are needed to better recruit and retain a qualified cybersecurity workforce and to improve workforce planning activities at agencies…”

Article excerpt from new book – “Rise of the Machines: A Cybernetic History”

This article is published via the Passcode – Modern field guide to security and privacy from The Christian Science Monitor”: The cypherpunk revolution-How the tech vanguard turned public-key cryptography into one of the most potent political ideas of the 21st century, by Thomas Rid, July 20, 2016. “…But amid the hype [in the 1990s with… Continue Reading

ACRL – Keeping Up With Cybersecurity, Usability, and Privacy

Snipped – via Bohyun Kim. Associate Director, Library Applications and Knowledge Systems, at the University of Maryland-Baltimore, Health Sciences and Human Services Library – Keeping Up With Cybersecurity, Usability, and Privacy What is Cybersecurity? Cybersecurity is a broad term. It refers to the activities, practices, and technology that keep computers, networks, programs, and data secure… Continue Reading

CRS – Stealing Trade Secrets and Economic Espionage

Stealing Trade Secrets and Economic Espionage: An Overview of the Economic Espionage Act, Charles Doyle, Senior Specialist in American Public Law. August 19, 2016. “Stealing a trade secret is a federal crime when the information relates to a product in interstate or foreign commerce, 18 U.S.C. 1832 (theft of trade secrets), or when the intended… Continue Reading

BYU – Why We Disregard Security Warnings

BYU Marriott School News – “Software developers listen up: if you want people to pay attention to your security warnings on their computers or mobile devices, you need to make them pop up at better times. A new study from BYU, in collaboration with Google Chrome engineers, finds the status quo of warning messages appearing… Continue Reading

Information Security: Agencies Need to Improve Controls over Selected High-Impact Systems

Information Security: Agencies Need to Improve Controls over Selected High-Impact Systems, GAO-16-501: Published: May 18, 2016. Publicly Released: Jun 21, 2016. “In GAO’s survey of 24 federal agencies, the 18 agencies having high-impact systems identified cyber attacks from “nations” as the most serious and most frequently-occurring threat to the security of their systems. These agencies… Continue Reading

A Few Easy Steps Everyone Should Take to Protect Their Digital Privacy

Via ACLU – “Much of the privacy protection we need in today’s world can’t happen without technological and legislative solutions, and the ACLU will continue leading the fight for digital security and privacy through our litigation and advocacy efforts. But there are simple steps that everyone can take to improve their digital privacy. While there… Continue Reading

Judicial Conference Committee seeks to implement wider law enforcement surveillance

Follow up to Supreme Court expands surveillance powers of intelligence agency via EFF – With Rule 41, Little-Known Committee Proposes to Grant New Hacking Powers to the Government – The government hacking into phones and seizing computers remotely? It’s not the plot of a dystopian blockbuster summer movie. It’s a proposal from an obscure committee… Continue Reading

Supreme Court expands surveillance powers of intelligence agency

Via The Intercept: “The Supreme Court on approved [April 28, 2016] changes that would make it easier for the FBI to hack into computers, including those belonging to victims of cybercrime. The changes will take effect in December, unless Congress adopts competing legislation. Previously, under the federal rules on criminal procedures, a magistrate judge couldn’t… Continue Reading

DoD tests public key infrastructure for DTIC secure website access

SecureIDNews:  “The federal government’s use of user IDs and passwords for access to its applications could soon give way to more secure PKI-based credentials if more government entities follow the lead of the U.S. Department of Defense. The Defense Department is leveraging PKI to better protect its information systems, with the intent of making access… Continue Reading

Reminder – no more IE support for versions prior to 11

Via Microsoft for Business – “What is end of support? Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical supports and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and… Continue Reading

Operationalizing Cybersecurity Due Diligence: A Transatlantic Comparative Case Study

Shackelford, Scott and Russell, Scott, Operationalizing Cybersecurity Due Diligence: A Transatlantic Comparative Case Study (January 12, 2016). South Carolina Law Review, 2016. Available for download at SSRN: http://ssrn.com/abstract=2714529 “Although much work has been done on applying the law of warfare to cyber attacks, far less attention has been paid to defining a law of cyber… Continue Reading