Over the last few decades, many network security architecture products have come to market, all with useful features to help secure networks. If we assume that all of these security products are deployed in operational networks, why do we still see so many leaks and breaches?
Some say the users are not leveraging the full capabilities […]
On December 30, 2015, the U.S. Department of Defense (DoD) published a three-page interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS), revising its earlier August 2015 interim rule on Safeguarding Covered Defense Information.
This new interim rule is a ticking time bomb that gives government contractors a deadline of December 31, 2017 to […]
The Shadow Brokers are turning out the lights. On their way out they dumped another suite of alleged National Security Agency hacking tools. Unlike last time, where the released exploits focused on network gear from vendors such as Cisco and Fortinet, these tools and exploits target Microsoft Windows operating systems. Most of the sixty plus […]
Willis H. Ware, a research scientist at the Rand Corporation working for the United States Air Force in 1967, predicted that ARPAnet would be a disaster if security wasn’t built into the project.
He was overruled.
In January 2013, the Final Report of the Defense Science Board Task Force on Resilient Military Systems and the […]
Last month, Secretary of Commerce Penny Pritzker appeared in front of the President’s Commission on Enhancing National Cybersecurity and the subsequent article in FedScoop caught my attention.
She is very concerned that the President’s Commission could mandate that all US Federal Government information technology be consolidated under one organization’s authority. According to Secretary Pritzker, a […]
SIGNAL | September 15, 2016
By J. Wayne Lloyd
When it comes to cybersecurity, I have heard many people express consternation and wonderment as to why the government cannot protect the Internet. It boils down to two things: No authorization, and officials only have visibility into a scant number of networks under their control.
Last week, the Shadow Brokers hacker group made national headlines by leaking zero-day firewall vulnerabilities, and offering additional exploits for sale through auction. In response, the RedSeal team produced:
A blog post on how major infrastructure vulnerabilities produce the same questions – and how digital resilience puts organizations in the best position to respond. A […]
Last month, Wallace Sann, the Public Sector CTO for ForeScout, and I sat down to chat about the current state of cybersecurity in the federal government. With ForeScout, government security teams can see devices as they join the network, control them, and orchestrate system-wide responses.
Many of our customers deploy both RedSeal and ForeScout side […]
An anonymous intelligence agency had a problem.
Their vulnerability assessment program was expensive and sub-optimal. The program was run by two internal employees and 16 contractors. Going to data center to data center, each assessment could take anywhere from 2 months to a full year to conduct.
First, they had to inventory each data center […]
This blog post first appeared in Signal on April 6, 2016
Federal agencies clamor for industry best practices to implement findings resulting from last year’s 30-day “Cybersecurity Sprint,” part of the administration’s broader effort to bolster federal cybersecurity. A new mandatory directive for all civilian government agencies, the Cybersecurity Strategy Implementation Plan (CSIP), provides a […]