US government releases draft cybersecurity framework

The National Institute of Standards and Technology released its draft cybersecurity framework for private companies and infrastructure networks on Tuesday. These standards are part of an executive order that President Obama proposed in February.

The aim of NIST's framework (PDF) is to create guidelines that companies can use to beef up their networks and guard against hackers and cybersecurity threats. Adopting this framework would be voluntary for companies. NIST is a non-regulatory agency within the Department of Commerce.

The framework was written with the involvement of roughly 3,000 industry and academic experts, according to Reuters. It outlines ways … Read more

McAfee, NIST partner to boost U.S. cyberdefenses

Security firm McAfee is working with the National Institute of Standards and Technology to try to shore up America's defenses against cyberthreats.

McAfee announced today that the company is now part of the the National Cybersecurity Excellence Partnership and will join cybersecurity professionals from both the private and public sector to tackle the escalating problem of computer-based threats.

The partnership is part of the National Cybersecurity Center of Excellence, which is hosted by NIST in collaboration with the state of Maryland and Maryland's Montgomery County.

Launched in February 2012, the center has a particular slant toward sharing technology … Read more

New mini sensor can measure brain's magnetic activity

An atom-based magnetic sensor the size of a sugar cube has successfully measured human brain activity, a milestone that could ultimately lead to advancing our understanding of a wide range of neurological conditions and diseases, according to researchers at the National Institute of Standards and Technology (NIST).

We first reported on an earlier iteration of the sensor, which has been in development since 2004, back when the team was first able to use the sensor to track a human heartbeat in 2010.

This week, the researchers report in the journal Biomedical Optics Express that their tiny sensor -- which consists … Read more

Obama moves forward with Internet ID plan

The Obama administration said today that it's moving ahead with a plan for broad adoption of Internet IDs despite concerns about identity centralization, and hopes to fund pilot projects next year.

At an event hosted by the U.S. Chamber of Commerce in Washington, D.C., administration officials downplayed privacy and civil liberties concerns about their proposal, which they said would be led by the private sector and not be required for Americans who use the Internet.

There's "no reliable way to verify identity online" at the moment, Commerce Secretary Gary Locke said, citing the rising … Read more

Report finds smart-grid security lacking

Echoing concerns of security experts, a new report from the Government Accountability Office warns that smart-grid systems are being deployed without built-in security features.

Certain smart meters have not been designed with a strong security architecture and lack important security features like event logging and forensics capabilities used to detect and analyze cyberattacks, while smart-grid home area networks that manage electricity usage of appliances also lack adequate built-in security, according to the report (PDF) released last week by the GAO, the auditing and investigative arm of the U.S. Congress.

"Without securely designed smart-grid systems, utilities will be at … Read more

The rise of the community cloud

In the fevered world of cloud computing, much is possible certainly. After all, the concept was first discussed as a grandiose parallel to the rise of the electric grid and the replacement of locally created power by a commoditized utility. Internet worrywart Nick Carr chronicled this in his book "The Big Switch" and went so far as to view it as a coming cause of major employment disruptions, as labor-intensive local computing operations were widely replaced by mega-datacenters with just a handful of operators.

There's certainly a kernel of truth here; more computing happens in other places, … Read more

Are the feds the first to a common cloud definition?

Update: Corrected Reuven Cohen's title and added link to Chris Hoff's post.

Update 2:The NIST has added a Web page with links to the definition, and an email address where one can send comments.

Reuven Cohen, CTO of cloud infrastructure vendor Enomaly, recently posted a review of his trip to Washington, D.C. to speak to a variety of federal officials about the potential for cloud computing in government. Reuven points out that the enthusiasm with which the federal government is pursuing the cloud may in fact be putting the private sector to shame.

And it makes … Read more

Public-private security cooperation at RSA

In past years, I looked at the RSA security conference as a high-tech flea market staffed by the world's best security carnival barkers. Yes, important security topics were discussed, but the real focus of the show was selling products and doing deals.

This year's event has its share of tacky presentations and booth babes, but I'm hearing a lot of chatter about a far more important topic: the state of information security and its impact on us all. Finally, the combination of unending data breaches, sophisticated malware, and the very real cybersecurity threat has everyone paying attention. … Read more

Feds seek comments today on cell phone security guidelines

Mobile devices today are far more capable, and capacious, than the analog bricks of decades past. That also creates new security risks, which the feds are asking the public to address in comments due Friday.

"Mobile devices are expected to continue to become more powerful and communicate at higher speeds, eventually giving people the power and functionality of a full desktop," the National Institute of Standards and Technology says in its draft of Guidelines on Cell Phone and PDA Security. "Besides increasing productivity, such improvements are rapidly turning cell phones into extensive data reservoirs capable of holding … Read more

Free copies of Vista and XP from your uncle

I downloaded a copy of Windows Vista off the Internet last night. And since the same site had XP, I got that too.

I figured it was okay, since I was doing research for the blog here.

It was all very convenient. The server where I found them has a lot of bandwidth, so the files (4.5GB and 1.8GB respectively) downloaded quickly. These are pre-installed disk images, so there's no trouble with activation.

The greatest irony is that the group providing them for download has configured them for maximum security-- so once you have them running, you … Read more