28 Nov

New cybersecurity incident reporting guidelines will go into effect on April 1, 2017, designed to help federal, state, and local organizations.

By hrcadmin In Uncategorized /   No Comments

The U.S. Computer Emergency Readiness Team (US-CERT) announced its new cybersecurity incident notification guidelines, which will go into effect on April 1, 2017.

The guidelines will affect all Federal departments and agencies, as well as state, local, tribal, and territorial government entities, according to the US-CERT statement. Information Sharing and Analysis Organizations and foreign, commercial, and private-sector organizations will also need to adhere to the new requirements when submitting incident notifications.

Continue reading….

Read More
11 Nov

Government Cyber Security – An Assessment of How Governments are Securing Cyberspace – Research and Markets

By hrcadmin In Uncategorized /   No Comments

DUBLIN–(BUSINESS WIRE)–Research and Markets has announced the addition of the “Government Cyber Security” report to their offering.

Governments worldwide are realizing that a holistic security strategy is incomplete without securing the digital assets. Today, governments do not exist as isolated entities – several private stakeholders and public functionaries are involved in carrying out their responsibilities in an efficient manner. These stakeholders may not give cyber security adoption the priority it deserves.

Thus, governments are reforming their approach towards cyber security and are trying to ensure that all stakeholders in the IT ecosystem adopt cyber security in vulnerable areas through policy, regulation, strategy, and specific institutions. Countries are adopting different approaches towards cyber security.

Some have deployed elaborate nationwide intrusion detection and prevention systems, spanning the entire government network, whilst others are following a more decentralized approach, using legislation and penalties to mandate cyber security practices.

New specialized cyber security centres and emergency response teams are being set up, with the involvement of stakeholders from governments, vendors, and critical national infrastructure (CNI) operators. These actions are changing governments’ expectations from the industry in terms of product portfolio and services demanded.

This report seeks to identify the major changes that governments are executing on the cyber security front and throws light on how these changes will affect suppliers. An effort is made to correlate the policy flux with the nature of services, which will be in high demand. Key countries and their cyber security set-ups – government stakeholders and private entities, their policies in force, and various stages of development – are presented.

Key Topics Covered:

1. Government Cyber Security

2. Executive Summary

3. Market Overview

4. Drivers and Restraints

5. Europe Analysis

6. North America Analysis

7. Latin America Analysis

8. APAC Analysis

9. The Middle East and Africa Analysis

10. The Last Word

Read More
04 Nov

New cyber security strategy changes relationship between government and IT suppliers

By hrcadmin In Articles /   No Comments

Computerweekly.com

When the government launched the latest iteration of its National Cyber Security Strategy (NCSS), the media inevitably focused on the sexy bits (the Russians are coming!) and entirely ignored a much bigger story.

To be fair, this may have been the government’s intention all along. It was certainly surprising to see the chief of MI5 give an unprecedented interview to The Guardian, setting out his concern about Russian cyber attacks, just days before the new strategy was published.

Doubtless cyber security really is front of mind for senior ministers and Whitehall mandarins, especially as they roll out the Gov.uk Verify identity assurance system and move as many public services and procurement processes online as possible. However, the most significant thing about the new NCSS is not where the threat is coming from, but what the government intends to do about it.

The new strategy sets out dramatic policy changes in three areas.

First, the government wants suppliers to the public sector to be subject to much more stringent and far-reaching cyber-related regulation. For example, all services and equipment delivered to government will have to be “secure by default”, meaning high-level security features are installed automatically and have to be removed manually by the user if they do not want them.

Similarly, all suppliers will be measured against a new cyber security rating system, which will be published so that public sector budget holders – and ordinary members of the public – can see which companies are rated highly and which are not.

More intrusively, the government also plans to actively test suppliers’ cyber security measures – and insist on enhancements where it thinks they are needed.

Swimming with sharks

These additional regulatory measures are seen as an unalloyed “good thing” by the government. It is said that you don’t have to be able to outswim a shark to avoid being eaten – you just have to be able to outswim your friend. In the same way, Whitehall believes there is a competitive advantage in the UK being more cyber secure than other European markets, even if we are not completely safe, especially in the light of Brexit. The government explicitly says that cyber security regulation here will be “as high as, or higher than, comparative advanced economies”.

Equally worrying for companies working with the public sector, the government insists that suppliers themselves will be liable for cyber breaches that affect public services. The government maintains it will tell businesses how to protect themselves and then it is up to suppliers to take necessary defensive measures.

he new strategy paper makes clear that “businesses must understand that if they are the victim of a cyber attack, they are liable for the consequences”. The government says it will take over a supplier’s functions if they are not secure enough and pose a threat to national security, including the delivery of public services.This makes early engagement with the National Cyber Security Centre an essential step for any company that wants to mitigate risk by demonstrating it has done everything it can to be cyber safe.

But the changes are certainly not all doom and gloom for suppliers working in the public sector. Indeed, there are significant commercial opportunities. Most legacy systems in the public sector will not meet the government’s own new cyber security standards, for example, so there will need to be very heavy investment in getting those systems up to scratch.

Cyber skills

At the same time, the government needs to demonstrate major investment in cyber skills, so companies that can prove existing levels of staff expertise and the ability to train the next generation of talent will have an edge in any contract tender.

All of these changes have a political angle, too. It is especially notable that the Chancellor, Philip Hammond, has taken personal responsibility for announcing the NCSS. Whereas the government’s last set of cyber security plans were presented and managed from the Cabinet Office, this edition will be led directly by the Treasury. In other words, they really do matter to the government and it wants to see things getting done.

Given that the NCSS has such significant implications for every organisation in the public sector, as well as for very many private companies and charities, Hammond has put his political credibility on the line by promising to deliver the strategy.

Major initiatives like the NCSS inevitably come up against practical challenges, and the government will be ready for these. However, the complexity of the threat, combined with the extent of the reforms designed to keep us safe, means this will not be an easy ride for Whitehall. In fact, there is every chance that journalists will still be writing about the NCSS long after they have forgotten about Russian gangsters.

Greig Baker is chief executive of Guide – www.theguideconsultancy.co.uk

Read More