Conventional wisdom suggests China isn't interested in disabling industrial control systems in the U.S. After all, such an act would be against its own economic interest. But is that type of thinking right?
Congressional auditors contend the Internal Revenue Service has failed to implement effectively parts of its IT security program, which could adversely affect the confidentiality, integrity and availability of sensitive taxpayer information.
A software vulnerability brought down the website that gives the public access to the National Vulnerability Database, which is run by the National Institute of Standards and Technology, the U.S. federal agency that produces information security guidance.
The Department of Health and Human Services conducts three types of audits or investigations involving privacy and security issues. But preparing for any of these inquiries requires similar steps, experts say.
Companies wanting to share cyber-threat information with the government and other businesses should adopt the U.S. Defense Department's doctrine of information superiority, says Lares Institute Chief Executive Andrew Serwin.
Will Pelgrin and Rich Licht of the Center for Internet Security see a strong link between cyber and physical security, and that has led to the creation of a new unit at the center to help local and state governments to secure both.
The resumption of the HIPAA compliance audit program is on hold while regulators analyze pilot audit project results and implement the HIPAA Omnibus Rule, says Susan McAndrew of the HHS Office for Civil Rights.
Highly publicized breaches at Facebook, Twitter, the New York Times and other organizations in recent weeks suggest there's a new normal in the cyberthreat arena. But the onetime head of U.S. CERT, Mischel Kwon, doesn't think so.