With forecasts of more frequent, sophisticated and targeted attacks, government's best bet might be to limit the damage rather than trying to prevent the threats completely.
In the wake of 16 years of information security problems at the Veterans Affairs Department, Congress is considering legislation to focus management attention on the sprawling department's struggling security program.
Attacking U.S. networks has become a profit-driven big business that will put government confidence in its cyber forces to the test.
Twelve years after launching its Trustworthy Computing initiative, Microsoft has reduced the vulnerabilities in its operating systems and helped to change the way software is developed.
If the iris changes as people age, then ID systems based on iris recognition could cause security chaos.
More current Windows versions finally are replacing Microsoft's XP operating system, but a surprising number of critical systems are still running the 12-year-old OS and will need to be protected after Microsoft ends its support in April.
Bills introduced recently at the state level could bar many technology companies from doing business not only with the NSA, but also with state and local government entities.
While agencies still struggle with BYOD security, wearable devices are poised to enter the government workplace, bringing a new set of concerns.
Recent multistage attacks against high-value targets confirm what we should already know: It is difficult if not impossible to set limits on what kind of infrastructure is critical enough to receive cybersecurity attention.
NIST is preparing a publication explaining the technique called approximate matching that helps analysts spot malicious code in files using functions that look for similarities.