MeriTalk - Where America Talks Government
Cyber Security Exchange

Delicious Digg StumbleUpon
View All Entries
Popular Tags
Posted: 2/14/2014 - 0 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

As promised, on February 12, 2014, the National Institute of Standards and Technology released their "Framework for Improving Critical Infrastructure Cybersecurity." Attached here, the Framework focuses on using business drivers to guide cybersecurity activities and ensure businesses consider cybersecurity risks as part of the organization’s risk management processes.

The Framework consists of three parts:

  • Framework Core:  Set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors, providing the detailed guidance for developing individual organizational Profiles
  • Framework Profile:  Will help the organization align its cybersecurity activities with its business requirements, risk tolerances, and resources
  • Framework Implementation Tiers:  Provides a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk

Now that this new highly-anticipated framework has been released, what are your thoughts on it?

Do you think these standards will be implemented effectively by agencies?  If not, what is missing from the framework?

Share your thoughts and comments below.

Posted: 12/4/2013 - 0 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

30 Years of Cyber Security

Although it seems like a lifetime ago, the creation of the Internet was what began cyber security discussions and the realization that we needed to figure out how to defend our nation’s online resources.

GCN published a timeline of key cyber security milestones over the last 30 years.

Here are some highlights from the article:

1988 – First computer worm is created by a Cornell University student

1994 – Secure Sockets Layer is created by Netscape to secure online transactions

2008 – “Operation Buckshot Yankee” occurs; the worst breach of U.S. computers to date, exposing data on classified and unclassified systems.

2003 – DHS begins operations, creates the National Cyber Security Division

– U.S. Cyber Command goes operational

Click here to view the full timeline.

What do you remember as a key cyber security milestone over the last 30 years – whether on this list or not?

What are you hopeful for regarding the future of cyber security accomplishments?

Posted: 8/20/2013 - 0 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

The Obama administration has appointed Phyllis Schneck, a senior executive at McAfee, to be the Department of Homeland Security’s top cyber security official. Schneck, vice president and chief technology officer for the public sector at McAfee, a unit of Intel, will start in early September as the deputy undersecretary for cyber security. She steps into a position that has seen quite the turnover rate lately. Her predecessor, cyber security veteran Mark Weatherford, held the position for less than 18 months and left in April. His interim replacement, Bruce McConnell, announced his departure a short three months later.

Washington has struggled of late to determine how much of a role it will play in managing the private sector. One touchy subject is whether the government should set minimum standards that companies in key industries, like banking and energy, must meet in order to protect their networks from cyber attacks. Companies generally want to set up their own criteria. It’s unclear where Schneck stands in this dialogue. What do you think her stance will be, and why? What is your stance?


Posted: 4/23/2013 - 1 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

The House of Representatives passed a cyber security bill that allows corporations to share customers' personal data with other firms and the U.S. government. The act, known as CISPA, passed by a margin of 288 to 127, despite receiving a late veto threat from the Obama administration, which warned that the bill does not sufficiently protect civil liberties.

The ball is now in the Senate's court to pass legislation aimed at bolstering the nation's defenses against cyberattacks.  After the Senate struggled to pass a comprehensive bill twice last year, they aren’t as far along on cyber security legislation as it was last Congress.

What do you think the Senate needs to draft to get this bill passed in this Congress? What are your thoughts on cyber security legislation being passed by the Senate, or even the White House? 

Posted: 12/10/2012 - 4 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Since the Cyber Security Act of 2012 is stalled in Congress, there has been much discussion that the President’s administration is drafting an Executive Order that would enforce cyber security standards. Is the government moving too slowly on implementing security measures? Is an Executive Order what we need in order to protect our critical cyber systems?

Posted: 2/15/2012 - 0 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]
Tags: Security

To guard against the nation’s increasing vulnerability to cyber attack, a group of  Senate Homeland Security and Governmental Affairs Committee leaders introduced bipartisan legislation February 14 to secure cyber systems of  the essential services that keep the U.S. running.  How does this differ from past legislation?  Well, the press release points out that the bill proposes no kill switch, no special White House cybersecurity office, and nothing resembling SOPA or PIPA. 

Is the Cybersecurity Act of 2012 what we need to protect our critical cyber systems? Check out the full bill here and share your thoughts below.

For more discussion, head back to the discussion board.

Posted: 1/26/2012 - 2 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]
Tags: Security

For the past six months, we have been meeting with Federal cyber security leaders to get a sense for their priorities - and lay the groundwork for Cyber Security Exchange. We learned a lot from these conversations, and the latest My Cup of IT blog outlines the key takeaways. We want your thoughts, too, as we work toward our inaugural bi-monthly meeting on March 21. Take a look and let us know if you agree, disagree, or have anything to add to the Fed cyber security wish list.

For more discussion, head back to the discussion board.

Posted: 1/24/2012 - 0 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]
Tags: Security

The National Institute of Standards and Technology wants your input on three interagency reports focusing on continuous monitoring:

NIST Interagency Report 7756: CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture. CAESARS stands for Continuous Asset Evaluation, Situational Awareness and Risk Scoring

NIST Interagency Report 7799: Continuous Monitoring Reference Model Workflow, Subsystem, and Interface Specifications

NIST Interagency Report 7800: Applying the Continuous Monitoring Technical Reference Model to the Asset, Configuration, and Vulnerability Management Domains

Submit your feedback to by Friday, February 17 - and feel free to share your thoughts below.

For more discussion, head back to the discussion board.

Posted: 1/24/2012 - 0 comment(s) [ Comment ] - 0 trackback(s) [ Trackback ]

Los Alamos National Laboratory has announced that its QKarD (Quantum Smart Card) technology provides uncrackable data encryption and can fit inside a standard smart phone.  Potential applications include banking, online transactions, access to secure facilities, border crossings, digital rights management controls, and electronic voting. 

How else might we leverage this technology to improve cyber security?  Read more here and share your thoughts below:

For more discussion, head back to the discussion board.