Built with cost and performance in mind, interconnected systems contain vulnerabilities that are increasingly attractive to attackers looking for protected information or who want to disrupt public services. Some tools are emerging to help.
The public will weigh in on NIST's choice of new a secure hash algorithm developed in response to advances in techniques for breaking of federal document encryption standards.
Debates over the state of antivirus technology and tools has resurfaced yet again after the executive in charge of Symantec's information security business was quoted as saying antivirus is dead.
It's not a new problem, but it is getting worse, and government needs to be more agile in responding to the influx of consumer IT into the enterprise.
A new survey shows that with little money to spend on tools aimed at insider threats, most organizations have to limp along by jerry-rigging existing, and unsuitable, cybersecurity tools to do the job.
The government says it did not know about the OpenSSL vulnerability before it was publicly disclosed. But if it had known, it might not have told us, says White House Cybersecurity Coordinator Michael Daniel.
New guidelines on improving encryption tools in the wake of the Heartbleed bug offer a range of options for improving encryption, but bigger changes loom down the road.
Having a single credential that can be authenticated by a trusted authority and accepted by multiple users can reduce the attack surface by maintaining personally identifiable information at a single point.
Despite all of the fervor and money that's being directed at government cybersecurity, a more immediately effective remedy might be to tighten up on information handling processes and procedures and general data hygiene.
Open source software is not inherently more risky than proprietary, but you should be involved if you use it. “If it’s open source and it’s not secure, it’s partly your fault.”