Cybersecurity: IT Security
10/04/2007 - When the Zotob worm appeared only days after Microsoft released a patch that would have prevented infection, 700 Department of Transportation (DOT) computers were infected after a contractor connected a laptop to the DOT’s network against the department’s policy. This incident, which is recounted in a report on the department’s IT security by the DOT’s Inspector General (IG), is just one indication that some federal IT professionals are having trouble in meeting the challenges of locking down networks.
Here’s another. The IG notes that “about half of all Federal Railroad Administration computers are not subject to routine vulnerability checks because they are being used by employees who telecommute (or travel around the country) for the majority of the year.” As is made clear by the Zotob example, these laptops, “if infected with hostile software, could become conduits for spreading problems to the rest of the networks.”
@ The IG’s full report is available at SM Online.
SM Online: Crime
10/04/2007 - Bureau of Justice Statistics reports on crime victimization in 2004. Read the report online.
SM Online: Terrorism
10/04/2007 - Two new reports from the 9/11 Commission examine the progress made on the commision's 41 recommendations.
News & Trends
09/28/2007 - Revenue from sales of chemical and biological detectors surged past $700 million in 2006, and is projected by forecaster Frost & Sullivan to reach $952 million in 2011. Purchases by the U.S. military have driven, and are expected to continue driving, these numbers.
News & Trends: Education
09/28/2007 - All 97,000 public schools in the United States are expected to receive hazard-warning radios, free of charge, from the Department of Homeland Security.
Government: Public-Private Partnerships
09/28/2007 - To comply with the government’s Federal Information Security Management Act of 2002 (FISMA), federal agencies must apply baseline security controls.
Homeland Security: ID issues \ Identity Theft
09/28/2007 - Terrorists had no problem getting driver’s licenses, which they used as identification to get airline tickets for their 9-11 attacks. That prompted Congress to pass the REAL ID Act in 2005 to force states to beef up security for licenses. Later this month or early next year the federal government will finally issue draft or interim rules telling states exactly what they need to do to be in compliance with that law, which includes only general mandates; it requires states, for example, to verify so-called breeder documents, such as birth certificates, before issuing a license, but it doesn’t say how.
Legal Report: Risk Management
09/28/2007 - The bill would have required that the government dole out first-responder funds based on risk. This differed from the current funding scheme which follows an equal-distribution approach, with all jurisdictions receiving funding even if those funds are not needed. The bill was designed to provide more funding for metropolitan areas that face greater risks of terrorist attack and less for rural areas.
Legal Report: Legislation
09/28/2007 - The bill would have prevented reprisals against government workers who publicly released information regarding waste, abuse, or gross mismanagement in the federal government.
SM Online: Government Reports (GAO etc.)
09/27/2007 - The GAO gives recommendations to the Defense Department on how to improve the response to an attack on mail facilities.
News & Trends: Contingency Planning \ Disaster Management
09/26/2007 - 14
Percentage of Arkansas trial court judges who said that their courthouses had written security policies and plans, according to a survey by the state’s Administrative Office of the Courts. Only 7 percent said they had written emergency plans for natural disasters.
Editor's Note: Privacy
09/25/2007 - Privacy, security, and hypocrisy.
Cybersecurity: Loss Prevention
09/25/2007 - After a spate of well-publicized thefts of government laptops earlier this year, Clay Johnson III, deputy director for management with the Office of Management and Budget, sent a memorandum to department heads urging them to take action to safeguard information properly.