Here are the top cyber news and stories of the day.
- NIST publishes IT supply chain risk guidance - Supply Chain Risk management will be a growing concern as we continue to source almost all of our silicon and technology from foreign countries. The NIST document "calls for procurement organizations to establish a coordinated team approach to assess the ICT supply chain risk and to manage this risk by using technical and programmatic mitigation techniques." Full document here. Via FedScoop, more here.
- VanRoekel: Open data policy to be published in early 2013 - The OMB is planning to release a government-wide open data policy next year. Federal CIO VanRoekel says "the policy will be informed by open data initiatives now underway by the Presidential Innovation Fellows." VanRoekel sees these policies as informing the way agencies buy. Via FierceGovernmentIT, more here.
- Standardising cloud encryption is key to improving security - "The first problem that we lawyers have when we hear "data" and "cloud" used in the same sentence is that data is valuable, and the cloud concentrates that value." Via TechWorld, more here.
- FBI explores $150,000 payroll hack at Wisconsin school - A hacker rerouted $150,000 from a school payroll into a bank account. It appears that the money was rerouted in transfer, rather than at the bank. Via InfoSecurity Magazine, more here.
- 'Significant deficiency' with Social Security Administration cybersecurity, say auditors - The SSA's annual FISMA report is not looking rosy for the agency. There are issues with the continuous monitoring strategy, lack of access controls and weak controls allowing red-teamers to obtain PII. Via FierceGovernmentIT, more here.
- DOD on target with data center consolidation - One of every 13 DoD data centers has already been shut down. DoD has shut down a total of 114 data centers, more than one-quarter of the federal data centers that have closed. This is a great first step, but only about one-tenth of the total data centers DoD needs to consolidate. Via Federal Computer Week, more here.
- BYOD: Why Mobile Device Management Isn't Enough - Michael Davis over at InformationWeek examines what to look for in mobile device management software. He takes a look at what limitations IT organizations face when allowing employee devices. Via InformationWeek Global CIO, more here.
- New DoD safeguards for autonomous systems exempt cyber - The new rules which DoD issued 21 Nov to prevent collateral damage from autonomous weapons do not apply to cyber systems. "Under the directive, autonomous and semi-autonomous weapon systems must be designed so human operators can exercise judgment over the use of force." These issues will have ramifications on viruses such as Stuxnet and other cyber weapons. Via FierceGovernmentIT, more here.
- Mobile Security Threats Expected in 2013 - The Dubai Chronicle has an excellent list of mobile security threats that may change in the new year. This includes cross-platform mobile threats and malware that resides in the App Stores. Via Dubai Chronicle, more here.