Morning Security Brief: Baseline Security Requirements Established, Emergency Services Cybertech, and More
The government is reforming how agencies acquire technology in order to bolster cybersecurity. The GAO recommends increased focus on protecting 911 databases. Target credit card databases were accessed with vendor credentials. And security for the Super Bowl ramps up ahead of the game.
► Protecting digital assets must become an integral part of government infrastructure, according to a U.S. General Services Administration report released Wednesday. This means establishing baseline security requirements for evaluating technology purchases and considering new technologies from startups. Traditionally, there is no consistency on how federal agencies acquire technology, and many agencies sacrifice cybersecurity needs for “lowest price technically acceptable” contracts. This reform encourages agencies to reach out to technology startups with cutting-edge technologies. Access to that innovation is important, a GSA advisor told news agencies. “The government’s buying practices are not the most nimble.”
► As first-responder databases become more interconnected, the risk of cyberattacks increases—which could greatly impact the availability of 911 services. The U.S. Government Accountability Office (GAO) reviewed online coordination between federal, state, and local public safety entities and found that more attention needs to be put on strengthening cybersecurity in these sectors. The GAO called on the U.S. Department of Homeland Security (DHS) to coordinate the implementation of cybertechnology-based initiatives for emergency services. “Until DHS, in collaboration with stakeholders, addresses the cybersecurity implications of the emerging technologies in planning activities, information systems are at an increased risk of failure or being unavailable at critical moments,” the report states.
► The hackers who stole more than 40 million credit card numbers from Target accessed the store’s systems by using electronic credentials stolen from a vendor , according to The Wall Street Journal. This method of access highlights the increased security concerns when working with multiple third-party companies. A human resources Web site called eHR and a database for suppliers called Info Retriever are two such vendors under investigation.
► Although New Jersey law enforcement officials are not aware of any specific threats to Sunday’s Super Bowl, the city is preparing for mass transit attacks such as the recent bombings in Russia in the run-up to the Winter Olympics. In response, officials have greatly limited parking at MetLife Stadium, where the game will be held. And authorities have begun scanning all vehicles that enter the stadium area and will continue to do so through Sunday.