Cyber developments and insights for the government contracts community

Latest Developments


Marine Cyber Chief: Do Not Fear RMF

Ray Letteer, chief of the Marine Corps' Cybersecurity Division, says the government's Risk Management Framework is no different from the old certification and accreditation process, but an evolution of the decades-old process of assessing risk and protecting data. And although…

Why Privilege Can Be Risky

Even with more detailed information becoming available about network users' behavior, federal IT managers still have concerns about privileged users and the potential for malicious insider access, according to a new study by the Ponemon Institute.

Office of the National Coordinator for Health IT Releases Draft Interoperability Standards

Yesterday, the Office of the National Coordinator for Health Information Technology published the draft 2017 Interoperability Standards Advisory for public comment. The ISA is a coordinated catalog of standards and implementation specifications that are available for use by the health…

Federal Agencies Will Be Required to More Accurately Track Software Licenses

Under provisions of the recently enacted MEGABYTE Act, agency CIOs will need to create a comprehensive licensing policy to manage software inventories. Source

HHS OCR Expanding Investigations into Smaller Data Breaches

Iliana Peters, a senior adviser for HIPAA compliance and enforcement in the Department of Health and Human Services Office of Civil Rights, says OCR is expanding and standardizing how regional offices investigate health data breaches affecting fewer than 500 individuals.…

HIPAA Turns 20: Why It’s an Effective Law for Healthcare

HIPAA was intentionally written to strike a balance between being overly prescriptive vs. too general. HIPAA is firm when it comes to certain non-negotiable requirements, like the need to encrypt patient data on mobile devices that could be stolen, but…

DoD’s Risk Management Framework: 5 Useful Tips to Start Your Compliance Transition Off on the Right Foot

Procedural guidance for the Department of Defense’s new Risk Management Framework is vague on details about how the framework can be effectively implemented within a DoD environment and how to transition from the Defense Information Assurance Certification and Accreditation Process…

Taking Stock of the New French-German Encryption Proposal

France’s and Germany’s interior ministers have proposed an EU law requiring tech companies to decrypt data for investigators. The proposal, which the European Commission will consider at a meeting next month, reflects deepening frustration with fragmented European counterterrorism operations and…

Rise in State-sponsored Cyber Espionage: The Tipping Point of Cyber Warfare?

The potential hack of the National Security Agency raises numerous questions about cyber espionage allegedly carried out by foreign governments or state-sponsored groups, including how to define an act of cyberwarfare and how government should respond.

House Homeland Security Committee Hearing Will Examine Vulnerability Disclosures

House Homeland Security Committee ranking member Bennie Thompson (D-MS) says his committee will hold a hearing on cybersecurity on September 28. Witnesses have not yet been announced, but a Thompson spokesman said Thompson wants to address issues related to the…

State Department Has Not Fully Implemented Logical Access Controls, Multifactor Authentication

According to the results of an independent audit released by the Department of State Office of Inspector General, the department and the Broadcasting Board of Governors have yet to fully implement local access controls and multifactor authentication for covered systems,…

Sixth Circuit Allows Lawsuit to Proceed Against Electronic Monitoring Software Company

In a 2-1 decision on August 16, the Sixth Circuit refused to dismiss a claim against the maker of an online surveillance tool for wiretapping under both federal and state laws, and for intrusion against seclusion.  While the breadth of…

Vulnerabilities Leave CMS Open to Hackers

Security controls at the Centers for Medicare and Medicaid Services are effective at preventing some wireless cyberattacks, but leave open some significant vulnerabilities, according to a new report from the Department of Health and Human Services Office of Inspector General.…

Despite Billions Spent on Cybersecurity, Companies Aren’t Truly Safe from Hacks

Last year, private sector firms spent more than $75 billion globally on cybersecurity software and that amount is expected to grow by 7 percent annually. However, many experts say systems and data aren’t any safer, because bad actors have gotten…

Report: Cyber Crimes Will Cause $6 Trillion Worth of Damage by 2021

In a new report, Cybersecurity Ventures predicts that cybercrime will cause some $6 trillion in damages annually by 2021, more than double the $3 trillion in estimated damages experienced by governments, industry, and private citizens this year. Source

Report: U.S. Retailers Aren’t Investing in Cybersecurity Even as Breaches Persist

According to the results of a new survey by accounting firm KPMG, 55 percent of U.S. retailers have not invested in cybersecurity in the last year, even though some 50 percent of consumers would avoid or abandon a retailer that…

Saving Money on Security Software by Improving Cyber Posture, Report

Cybersecurity experts say corporations can save on their IT security budgets and still possibly prevent major data breaches by simply better securing a handful of popular attack vectors and by properly educating staff on cyber security. Source

DoD Targets 3,000 Civilian Workers for New Cyber Excepted Service

The Department of Defense plans to ask up to 3,000 of its current cybersecurity workforce to migrate to a new Cyber Excepted Service personnel system, which has the potential to increase their pay and promotion prospects, but offer fewer job…


Upcoming Events