Cybersecurity News

The U.S. Environmental Protection Agency is lagging behind on cybersecurity, according to a recent report published by the Government Accountability Office.

Released Monday, the 41-page report claims EPA, which houses a wealth of the nation’s environmental data, failed to update and secure several of its networks, devices, software and systems.

“The agency did not fully implement access controls, which are designed to prevent, limit and detect unauthorized access to computing resources, programs, information and facilities,” noted the GAO report.

As a result, the GAO said EPA was “jeopardizing the agency’s ability to sufficiently protect the confidentiality, integrity and availability of its information and systems.”

Under the Federal Information Security Management Act (FISMA), each agency is required to establish and implement an information security program, assessing risks and creating policies and procedures to secure federal systems.

While EPA does have a FISMA-based plan in place, the GAO said it had “not yet fully implemented its agency-wide information security program to ensure that controls are appropriately designed and operating effectively.”

And as EPA digests the lashing and its list of recommendations, another agency is also catching heat for its cyber vulnerabilities.

According to the NASA Office of Inspector General (OIG), the space agency’s Security Operations Center (SOC), which heads up IT security, had failed to monitor all of NASA’s computer networks.

“Even though networks we reviewed had their own incident management program that included network monitoring… the networks’ management programs do not provide the centralized continuous monitoring coverage afforded by the SOC,” advised the OIG in a brief overview of the classified cyber audit.

While the OIG’s cybersecurity recommendations were not disclosed in the report, the inspector general’s office said Linda Cureton, the agency’s chief information officer, had reviewed the plan and was prepared put its new procedures into place.

____

Following are some additional cyber headlines you may have missed:

FEDERAL NEWS:

Former White House cybersecurity official joins security start-up (New York Times)

New NIST security guidelines may force federal agencies to replace old websites (PCWorld)

DHS teams with Girl Scouts on Cyber awareness campaign (Government Security News)

INDUSTRY OVERVIEW:

US looks into claims of security flaw in Siemens gear (Reuters)

Google ups bug bounties amid booming exploit market (InformationWeek)

Industry survey finds IT security unprepared for targeted attacks (CIO)

Security teams working to shield cars from computer viruses (Reuters)

Cyber attack using PDFs targets industries (Government Security News)

General Dynamics joins in cybersecurity action with acquisition of Fidelis Security Systems (Washington Post)

CYBER INSIGHTS:

Juniper Networks VP: Congress can’t improve #\cybersecurity alone (Politico)

Did the cyber war just expand to banks and neutral states? (The Atlantic)

CIOs must address growing mobile device security threat (Forbes)

The myth of the aging hacker and how to fight it (Huffington Post)

INTERNATIONAL  OUTLOOK:

Infamous hacker Sabu gets six-month sentencing delay for helping Feds (Fox News)

Tech trade groups push for party platforms to oppose UN Web regulation (The Hill)

Canadian government and telecom firm mum about cybersecurity failure (Postmedia News)

Russia’s top cyber sleuth foils US spies, helps Kremlin pals (Wired)

India caught in crossfire of global cyber war (Times of India)

Cyber attack exposes UK children’s private record (The Telegraph)

Russian court that sentenced Pussy Riot suffers hacker attack (The Hill)

____

This report is also featured on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/835/cybersecurity-news-round-up-federal-agency-audits-show-cyber-vulnerabilities