"The cloud is not such a special technology necessarily that it is exempt from a security perspective, but is just another implementation of IT, and is a natural evolution of where we come from," Federal CIO Vivek Kundra says.
The Federal Aviation Administration is inadequately securing medical and personal information on the more than 3 million airmen who it certifies as being fit to operate an aircraft, according to a new report.
"It is essential that U.S.-CERT and the public and private sectors share cybersecurity information to ensure that appropriate steps can be taken to mitigate the potential effect of a cyber incident," Homeland Security Inspector General Robert Skinner says.
"Without this authority, U.S.-CERT is limited in its ability to mitigate effectively ever evolving security threats and vulnerabilities," writes DHS Inspector General Richard Skinner in this article adapted from his House testimony.
Deputy Undersecretary Philip Reitinger questions provisions in a Senate bill to establish a component within DHS to focus on cybersecurity at a time the department seeks to address jointly physical and virtual threats.
"Allowing systems with existing security vulnerabilities into the headquarters domain puts department data at risk of unauthorized access, removal, or destruction," a Department of Homeland Security Inspector General audit says.
Veterans Affairs CIO tells a House panel that the VA has taken significant steps to prevent further IT security breaches that have plagued the agency, but auditors testify that the department faces alarming consequences because of a lack of security controls.
Implementing security controls and implementing the proper security controls aren't always the same thing, the Government Accountability Office points out in an audit of the Federal Housing Finance Agency.
Securing federal IT systems is a continuous fight, and will likely remain so into the foreseeable future, says Gregory Wilshusen, director of information security issues at the Government Accountability Office.
The federal government could be doing a better job in implementing two key information security initiatives, the Federal Desktop Core Configuration and Trusted Internet Connection, the General Accountability Office suggests in two new reports.