The National Institute of Standards and Technology officially released Open Security Controls Assessment Language 1.0.0, a federal government effort to standardize authorization packages and streamline security reviews using a common machine-readable language.
In-Q-Tel, the innovation and venture arm of the U.S. intelligence community, has published several open source themed posts recently, including “Toward Secure Code Reuse” and, most recently, one about GitGeo, a tool it developed that analyzes the geography of developers associated with a GitHub repository.
The National Security Agency announced the creation of a new fifth domain-focused internal organization that will “work to prevent and eradicate threats to national security systems and critical infrastructure, with an initial focus on the defense industrial base and the improvement of our weapons’ security.”
Whether it’s online, on land, underwater or in space, CNN national security correspondent Jim Sciutto’s “The Shadow War: Inside Russia’s and China’s Secret Operations to Defeat America” offers ominous insights into how the United States’ key adversaries are changing the dynamics of national security.
The White House announced updates to the federal government Trusted Internet Connections initiative with the intent to empower agencies with security practices that aim to remove barriers to modern technology adoption.
The U.S. Government Accountability Office launched a new Center for Strategic Foresight to help Congress better understand issues related to emerging notorious technologies, such as deep space and deep fakes, that impact a well-functioning democracy.
ODNI and CIA named new leaders of their respective privacy, civil liberty units.
The new Netflix documentary, The Great Hack, is an eye-opening account of how voter and social media profile data, particularly from Facebook, combined with a sophisticated, incendiary digital media campaign, can undermine democracy, as we saw happen with Brexit and the 2016 presidential campaign.
Because “responding to foreign interference requires a whole of society approach,” the U.S. Department of Homeland Security has published resources that help educate the public on ways hackers can impact U.S. elections.
Based on recent cyber incidents aboard commercial vessels, the U.S. Coast Guard issued a security alert to vessel and facility owners and operators that is essentially basic security practices, even ones that could potentially save governments from the ransomware attacks we see happening more frequently.
If we’re ever going to get security right, technologists must embrace the need for policy and government leaders must do the same with technology, which is why Bruce Schneier’s Click Here to Kill Everybody: Security and Survival in a Hyper-connected World is the 2019 must-read book for every government leader, elected and administrative.
Two good things just happened in Washington – these days that should be enough of a headline.
The Defense Information Systems Agency has released a series of videos and request for information for the National Background Investigation System, created in the wake of security incidents that lead to data breaches of millions of federal government employees and contractors.
In a Hacker News post, the cloud.gov team shares that the platform has attained FedRAMP Ready status, moving it closer to operating as a full-service cloud provider for federal technology projects.
The U.S. Department of Homeland Security announced it has awarded startup GovReady a $1.1M certification and accreditation contract that will be critical to bringing an open source approach to security.
Join a select cross-disciplinary class that will put you hands-on with the masters of lean innovation to help bring rapid-fire innovative solutions to address threats to our national security.
The company’s authority to operate, granted in May, was sponsored by the U.S. Department of Energy.
The report emphasizes the importance of case studies to highlight open source execution within government, bringing more awareness to support and warranty options, simplify code release process and increase education around license guidance and procurement.