Advanced search Help
Searching for terms: ALL (Cyber AND Infrastructure AND Protection) in: title or summary
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
Cybernotes: September 15, 1999
The document includes a table summarizing software vulnerabilities identified between August 28 and September 9, 1999. The table provides the hardware/operating system, equipment/software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates from previous issues of Cybernotes are listed in bold. Cybernotes is published every two weeks by the National Infrastructure Protection Center (NIPC). Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, hacker exploit scripts, hacker trends, virus information, and other critical infrastructure-related best practices.
National Infrastructure Protection Center (U.S.)
1999-09-15
-
Cybernotes: September 1, 1999
The document includes a table summarizing software vulnerabilities identified between August 13 and August 27, 1999. The table provides the hardware/operating system, equipment/software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates from previous issues of Cybernotes are listed in bold. Cybernotes is published every two weeks by the National Infrastructure Protection Center (NIPC). Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, hacker exploit scripts, hacker trends, virus information, and other critical infrastructure-related best practices.
National Infrastructure Protection Center (U.S.)
1999-09-01
-
Cybernotes: January 14, 2002
This document includes a table summarizing software vulnerabilities identified between December 7, 2001 and January 11, 2002. The table provides the vendor, operating system, software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates to items appearing in previous issues of Cybernotes are listed in bold. New information contained in the update will appear in italicized colored text. Where applicable, the table lists a "CVE number" (in red) which corresponds to the Common Vulnerabilities and Exposures (CVE) list, a compilation of standardized names for vulnerabilities and other information security exposures. Cybernotes is published every two weeks by the Department of Homeland Security/Information Analysis and Infrastructure Protection (IAIP) Directorate. Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices.
National Infrastructure Protection Center (U.S.)
2002-01-14
-
Cybernotes: September 25, 2000
The following document includes a table summarizing software vulnerabilities identified between September 7 and September 21, 2000. The table provides the hardware/operating system, equipment/software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates to items appearing in previous issues of Cybernotes are listed in bold. New information contained in the update will appear as red and/or italic text. Where applicable, the table lists a "CVE number" which corresponds to the Common Vulnerabilities and Exposures (CVE) list, a compilation of standardized names for vulnerabilities and other information security exposures. Cybernotes is published every two weeks by the National Infrastructure Protection Center (NIPC). Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, hacker exploit scripts, hacker trends, virus information, and other critical infrastructure-related best practices.
National Infrastructure Protection Center (U.S.)
2000-09-25
-
Cybernotes: September 11, 2000
The following document includes a table summarizing software vulnerabilities identified between August 25 and September 11, 2000. The table provides the hardware/operating system, equipment/software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates to items appearing in previous issues of Cybernotes are listed in bold. New information contained in the update will appear as red and/or italic text. Where applicable, the table lists a "CVE number" which corresponds to the Common Vulnerabilities and Exposures (CVE) list, a compilation of standardized names for vulnerabilities and other information security exposures. Cybernotes is published every two weeks by the National Infrastructure Protection Center (NIPC). Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, hacker exploit scripts, hacker trends, virus information, and other critical infrastructure-related best practices.
National Infrastructure Protection Center (U.S.)
2000-09-11
-
Cybernotes: October 9, 2000
The following document includes a table summarizing software vulnerabilities identified between September 21 and October 5, 2000. The table provides the hardware/operating system, equipment/software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates to items appearing in previous issues of Cybernotes are listed in bold. New information contained in the update will appear as red and/or italic text. Where applicable, the table lists a "CVE number" which corresponds to the Common Vulnerabilities and Exposures (CVE) list, a compilation of standardized names for vulnerabilities and other information security exposures. Cybernotes is published every two weeks by the National Infrastructure Protection Center (NIPC). Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, hacker exploit scripts, hacker trends, virus information, and other critical infrastructure-related best practices.
National Infrastructure Protection Center (U.S.)
2000-10-09
-
Cybernotes: January 28, 2002
This document includes a table summarizing software vulnerabilities identified between January 10 and January 24, 2002. The table provides the vendor, operating system, software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates to items appearing in previous issues of Cybernotes are listed in bold. New information contained in the update will appear in italicized colored text. Where applicable, the table lists a "CVE number" (in red) which corresponds to the Common Vulnerabilities and Exposures (CVE) list, a compilation of standardized names for vulnerabilities and other information security exposures. Cybernotes is published every two weeks by the Department of Homeland Security/Information Analysis and Infrastructure Protection (IAIP) Directorate. Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices.
National Infrastructure Protection Center (U.S.)
2002-01-28
-
Cybernotes: February 11, 2002
This document includes a table summarizing software vulnerabilities identified between January 21 and February 7, 2002. The table provides the vendor, operating system, software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates to items appearing in previous issues of Cybernotes are listed in bold. New information contained in the update will appear in italicized colored text. Where applicable, the table lists a "CVE number" (in red) which corresponds to the Common Vulnerabilities and Exposures (CVE) list, a compilation of standardized names for vulnerabilities and other information security exposures. Cybernotes is published every two weeks by the Department of Homeland Security/Information Analysis and Infrastructure Protection (IAIP) Directorate. Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices.
National Infrastructure Protection Center (U.S.)
2002-02-11
-
Cybernotes: March 11, 2002
This document includes a table summarizing software vulnerabilities identified between February 19 and May 8, 2002. The table provides the vendor, operating system, software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates to items appearing in previous issues of Cybernotes are listed in bold. New information contained in the update will appear in italicized colored text. Where applicable, the table lists a "CVE number" (in red) which corresponds to the Common Vulnerabilities and Exposures (CVE) list, a compilation of standardized names for vulnerabilities and other information security exposures. Cybernotes is published every two weeks by the Department of Homeland Security/Information Analysis and Infrastructure Protection (IAIP) Directorate. Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices.
National Infrastructure Protection Center (U.S.)
2002-03-11
-
Cybernotes: January 29, 2001
This document includes a table summarizing software vulnerabilities identified between January 9 and January 29, 2001. The table provides the vendor/operating system, software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates to items appearing in previous issues of Cybernotes are listed in bold. New information contained in the update will appear as red and/or italic text. Where applicable, the table lists a "CVE number" (in red) which corresponds to the Common Vulnerabilities and Exposures (CVE) list, a compilation of standardized names for vulnerabilities and other information security exposures. Cybernotes is published every two weeks by the National Infrastructure Protection Center (NIPC). Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices.
National Infrastructure Protection Center (U.S.)
2001-01-29
-
Cybernotes: February 26, 2001
This document includes a table summarizing software vulnerabilities identified between February 6 and February 23, 2001. The table provides the vendor/operating system, software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates to items appearing in previous issues of Cybernotes are listed in bold. New information contained in the update will appear as red and/or italic text. Where applicable, the table lists a "CVE number" (in red) which corresponds to the Common Vulnerabilities and Exposures (CVE) list, a compilation of standardized names for vulnerabilities and other information security exposures. Cybernotes is published every two weeks by the National Infrastructure Protection Center (NIPC). Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices.
National Infrastructure Protection Center (U.S.)
2001-02-26
-
Cybernotes: February 12, 2001
This document includes a table summarizing software vulnerabilities identified between January 23 and February 7, 2001. The table provides the vendor/operating system, software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates to items appearing in previous issues of Cybernotes are listed in bold. New information contained in the update will appear as red and/or italic text. Where applicable, the table lists a "CVE number" (in red) which corresponds to the Common Vulnerabilities and Exposures (CVE) list, a compilation of standardized names for vulnerabilities and other information security exposures. Cybernotes is published every two weeks by the National Infrastructure Protection Center (NIPC). Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices.
National Infrastructure Protection Center (U.S.)
2001-02-12
-
Top Management Challenges, Department of Transportation [2011]
"As required by law, we [Office of Inspector General ] have identified the Department of Transportation's (DOT) top management challenges for fiscal year 2011. […] We continue to build a body of work to assist DOT with its critical mission; improve the management and execution of programs; and protect its resources from fraud, waste, abuse, and violations of law. We considered several criteria in identifying the following nine challenges, including their impact on safety, documented vulnerabilities, large dollar implications, and DOT's ability to effect change in these areas: 1) Ensuring Transparency and Accountability in the Department's Recovery Act Programs 2) Maintaining Momentum in the Department's Oversight of Highway, Motor Vehicle, Hazardous Materials, and Transit Safety 3) Maintaining Momentum in Addressing Human Factors and Improving Safety Oversight of the Aviation Industry 4) Improving the Department's Oversight of Highway, Transit, and Pipeline Infrastructure 5) Identifying Sufficient Funding Sources To Support Future Federal Investment in Surface Transportation Infrastructure 6) Transforming the Federal Railroad Administration To Address Significantly Expanded Oversight Responsibilities 7) Advancing the Next Generation Air Transportation System While Ensuring the Safe and Efficient Operation of the National Airspace System 8) Implementing Processes To Improve the Department's Acquisitions and Contract Management 9) Improving the Department's Cyber Security".
United States. Department of Transportation. Office of Inspector General
2010-11-15
-
Section-By-Section Revised Cybersecurity Act of 2012, S. 3414 (Introduced on July 19, 2012)
This bill includes sections on public-private partnerships to protect critical infrastructure, voluntary cybersecurity practices and programs for critical infrastructure, and assessment and international cooperation. In addition, the bill discusses Federal information security management; national security systems and information technology management; research and development; education, outreach, and workforce; and information sharing.
United States. Congress. Senate. Committee on Homeland Security and Governmental Affairs
2012-07-19
-
Vulnerability Assessment and Survey Program: Lessons Learned and Best Practices
This report summarizes initial lessons learned and best practices that have been captured as part of a multifaceted effort by the U.S. Department of Energy's Office of Energy Assurance (OEA) to work with the Energy Sector in developing the capability required for protecting the nation's energy infrastructures. Over the last three years, a team of national laboratory experts, working in partnership with the energy industry, has performed a series of vulnerability assessments as part of OEA's Vulnerability Assessment and Survey Program. The goal is to help energy-sector organizations identify and understand the threats to and vulnerabilities (physical and cyber) of their infrastructures, and to stimulate action to mitigate significant problems. Because the assessments are conducted on a confidential basis, the information in this report is intentionally presented at a high level so as not to reflect on specific companies or industry segments. A separate report entitled Vulnerability Assessment and Survey Methodology describes, at a high-level, the methodology developed for the program.
United States. Office of Energy Assurance
2001-09-28
-
Approach to Vulnerability Assessment for Navy Supervisory Control and Data Acquisition (SCADA) Systems
"The unfortunate events of September 11, 2001 have caused a renewed effort to protect our Nations Critical Infrastructures. SCADA systems are relied upon in a large number of the sectors that make up the critical infrastructure and their importance was reinforced during the massive power outage that occurred in August 2003. Growing reliance upon the Internet has emphasized the vulnerability of SCADA system communications to cyber attack. Only through diligent and continuous vulnerability assessment and certification and accreditation of these systems will the United States be able to mitigate some of the vulnerabilities of these systems. A case study presented here has validated the need for continued focus in this area. This thesis consolidates some of the research that has already been done in the area of SCADA vulnerability assessment and applies it by developing an initial vulnerability assessment checklist for Department of the Navy systems. This checklist can and should also be used in the certification and accreditation of DoN SCADA systems. A promising technology was also discovered during this research that should be explored further to secure SCADA communications. This will be touched on briefly."
Naval Postgraduate School (U.S.)
Hart, Dennis J.
2004-09
-
[Letter from Janet Napolitano to Representative Bennie G. Thompson on March 1, 2013 Sequestration]
From the introductory paragraph of the letter: "The Department of Homeland Security (DHS) shares your deep concerns about the effects this unprecedented budget reduction to Fiscal Year (FY) 2013 funding will have on DHS, its missions, and our Nation's security and economy. Reductions mandated by sequestration would undermine the significant progress the Department has made over the past ten years and would negatively affect our ability to carry out our vital missions. Sequestration would roll back border security, increase wait times at our Nation's land ports of entry and airports, affect aviation and maritime safety and security, leave critical infrastructure vulnerable to attacks, hamper disaster response time and our Surge Force capabilities, and significantly scale back cyber security infrastructure protections that have been developed in recent years. In addition, sequestration would necessitate furloughs of up to 14 days for a significant portion of our frontline law enforcement personnel, and could potentially result in reductions in force at the Department."
United States. Department of Homeland Security
Napolitano, Janet
2013-02-13
-
Memorandum: Transforming Our Nation's Electric Grid Through Improved Siting, Permitting, and Review, Memorandum for the Heads of Executive Departments and Agencies, June 7, 2013
"Our Nation's electric transmission grid is the backbone of our economy, a key factor in future economic growth, and a critical component of our energy security. Countries that harness the power of clean, renewable energy will be best positioned to thrive in the global economy while protecting the environment and increasing prosperity. In order to ensure the growth of America's clean energy economy and improve energy security, we must modernize and expand our electric transmission grid. Modernizing our grid will improve energy reliability and resiliency, allowing us to minimize power outages and manage cyber-security threats. By diversifying power sources and reducing congestion, a modernized grid will also create cost savings for consumers and spur economic growth. Modernizing our Nation's electric transmission grid requires improvements in how transmission lines are sited, permitted, and reviewed. As part of our efforts to improve the performance of Federal siting, permitting, and review processes for infrastructure development, my Administration created a Rapid Response Team for Transmission (RRTT), a collaborative effort involving nine different executive departments and agencies (agencies), which is working to improve the efficiency and effectiveness of transmission siting, permitting, and review, increase interagency coordination and transparency, and increase the predictability of the siting, permitting, and review processes. In furtherance of Executive Order 13604 of March 22, 2012 (Improving Performance of Federal Permitting and Review of Infrastructure Projects), this memorandum builds upon the work of the RRTT to improve the Federal siting, permitting, and review processes for transmission projects. Because a single project may cross multiple governmental jurisdictions over hundreds of miles, robust collaboration among Federal, State, local, and tribal governments must be a critical component of this effort."
United States. Office of the Federal Register
Obama, Barack
2013-06-07
-
Computer Security Division: 2012 Annual Report
"With the continued proliferation of information, the explosion of devices connecting to the expanding communication infrastructure and the evolving threat environment, the need for cybersecurity standards and best practices that address interoperability, usability and privacy continues to be critical for the Nation. The Computer Security Division (CSD), a component of the Information Technology Laboratory at the National Institute of Standards and Technology (NIST) is responsible for developing standards, guidelines, tests, and metrics for the protection of non-national security federal information and communication infrastructure. These standards, guidelines, tests, and metrics are also important resources for the private sector. In 2012, CSD aligned its resources to enable greater development and application of practical, innovative security technologies and methodologies, and to enhance our ability to address current and future computer and information security challenges in support of critical national and international priorities. CSD extended its research and development agenda for high-quality, cost-effective security and privacy mechanisms to foster improved information security across the federal government and the global information security community. In 2012, NIST concluded the five-year SHA-3 Cryptographic Hash Algorithm Competition with the selection of KECCAK for standardization and worldwide adoption. The selection of this cryptographic hash algorithm, an indispensable component for the information and communication systems that support commerce in the modern era, confirmed NIST's well-respected and trusted technical authority in this field."
United States. Department of Commerce; National Institute of Standards and Technology (U.S.)
O'Reilly, Patrick J.
2013-06
-
EMR-ISAC: InfoGram 16-12 [April 18, 2012]
This document from the Emergency Management and Response Information Sharing and Analysis Center is "distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures." Sections include: "Cyber Attacks on Critical Infrastructure and 9-1-1"; "Federal Excess Personal Property (FEPP) Program"; and "Carbon Monoxide Poisoning Prevention Toolkit".
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2012-04-18
-
Remarks by Secretary of Homeland Security Tom Ridge at a Joint Press Conference with Secretary of the Interior Santiago Creel [November 9, 2004]
In these remarks, Secretary of Homeland Security Tom Ridge speaks with Mexico's Secretary of the Interior Santiago Creel on border security issues. They discuss the Border Security and Cooperation Working Group and its commitment to solidify border security and safety. He outlines some key points in the 22-point Border Action Plan: Creation of a Cyber-Security Working Group, establishment of a new Strategy Document to guide the Bi-national Infrastructure Protection Working Group, successful implementation of the US-Mexico Agriculture/Food Critical Infrastructure website to exchange information more efficiently, US-VISIT working group's coordinated effort to allow border-crossing cardholders to enjoy expanded time limits, review of the Secure Electronic Network for Travelers Rapid Inspection (SENTRI) program, and Free and Secure Trade program implemented at seven of the largest ports on the border.
United States. Department of Homeland Security. Press Office
Ridge, Thomas J.
2004-11-09
-
CSSP: Security Control Systems Security Program
This Department of Homeland Security (DHS) document outlines the functions of a Control Systems Security Program (CSSP) in hopes to protect critical infrastructure and key resources. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber attack against critical infrastructure control systems through risk-mitigation activities.
United States. Department of Homeland Security
-
EMR-ISAC: InfoGram, Volume 22 Issue 1, January 6, 2022
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "National Wildfire Coordinating Group releases new training module on wildland fire mental health"; "CISA's [Cybersecurity and Infrastructure Security Agency] Office for Bombing Prevention videos illustrate how to prevent attacks"; "Staffing for Adequate Fire and Emergency Response (SAFER) grant application period now open"; "Webinar: Collaborating and Bringing No Cost Resources to Indian Country"; and 'Cyber Threats."
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2022-01-06
-
Federal Cybersecurity After the OPM Data Breach: Have Agencies Learned Their Lesson? Hearing Before the Subcommittee on Information Technology of the Committee on Oversight and Government Reform, United States House of Representatives, One Hundred Fourteenth Congress, Second Session, November 16, 2016
This is from the November 16, 2016 hearing, "Federal Cybersecurity After the OPM [Office of Personnel Management] Data Breach: Have Agencies Learned Their Lesson?" before the House Subcommittee on Information Technology. From the statement of Renee P. Wynn: "Chairman Hurd, Ranking Member Kelly, and members of the Subcommittee, thank you for the opportunity to testify before you today about NASA's efforts to manage our information technology (IT) resources and protect national assets in an ever-changing threat landscape. The NASA Administrator and all of NASA's leadership considers this to be a very high priority. As NASA's Chief Information Officer (CIO), my office provides IT products and services including policy and procedure for all of NASA. Currently about 17,100 civil servants and 40,000 contractors work at nine NASA Centers and one Federally Funded Research and Development Center, as well as several smaller satellite facilities. We also collaborate with space agencies around the world and have deep partnerships with researchers, engineers and scientists all over the world. Each day, hundreds of thousands of NASA personnel, contractors, academics and members of the public access some part of NASA's IT infrastructure -- a complex array of 418 information systems with over 140,000 components geographically dispersed around the globe. This infrastructure plays a critical role in every aspect of NASA's mission, from controlling spacecraft to processing scientific data." Statements, letters, and materials submitted for the record include those of the following: Renee P. Wynn, Jonathan Alboum, and Robert Klopp.
United States. Government Publishing Office
2017
-
EMR-ISAC: InfoGram, Volume 21 Issue 46, November 18, 2021
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "The state of research on firefighter PFAS [Per- and Polyfluoroalkyl Substances] exposures"; "Behavioral Approach to Violence Prevention reference aid for homeland security partners"; "FEMA launches new Building Science Resource Library and advocates use of building codes to increase resilience to natural disasters"; "CISA [Cybersecurity and Infrastructure Security Agency] holds 2021 Chemical Security Summit as virtual seminar series in December"; "CISA adds four known exploited vulnerabilities to catalog"; "Iranian government-sponsored APT [advanced persistent threat] cyber actors exploiting Microsoft Exchange and Fortinet vulnerabilities"; "Bad form: FBI server sending fake emails taken offline and fixed, no data impacted"; "Ohio teen linked to group accused in more than 30 nationwide bomb threats, swatting incidents"; "Your DDR4 [Double Data Rate 4] memory could be facing the return of some serious assaults"; and "Emotet makes a comeback."
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2021-11-18
-
EMR-ISAC: InfoGram, Volume 21 Issue 24, June 17, 2021
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "Prepare your community for a safe summer with these free outreach materials"; "OSHA [Occupational Safety and Health Administration] issues COVID-19 [coronavirus disease 2019] Healthcare Emergency Temporary Standard, applicable to emergency responders providing health care services"; "DHS S&T [Science and Technology Directorate] successfully evaluates wildfire sensors with California emergency responders"; "Webinars: TRANSCAER [Transportation Community Awareness Emergency Response] hazardous materials training on emergency response to ethanol incidents"; "CISA [Cybersecurity and Infrastructure Security Agency] releases advisory on ZOLL defibrillator dashboard"; "'Fancy Lazarus' cyberattackers ramp up ransom DDoS [distributed denial-of-service] efforts"; "Critical ThroughTek flaw opens millions of connected cameras to eavesdropping"; "The FBI will feed compromised passwords to Have I Been Pwned"; "Cyber insurance: Insurers and policyholders face challenges in an evolving market."
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2021-06-17
-
EMR-ISAC: InfoGram, Volume 21 Issue 36, September 9, 2021
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "New report shows nearly three quarters of 9/11 responders have long-term illness"; "Drones: New CISA [Cybersecurity and Infrastructure Security Agency] guidance for emergency communications centers and FAA [Federal Aviation Administration] outreach events next week"; "Updated Land Mobile Radio (LMR) funding and sustainability guidance from SAFECOM [Aviation Safety Communiqué System] and NCSWIC [National Council of Statewide Interoperability Coordinators]"; "Webinar: Implementing Telemedicine in EMS [emergency medical service] and the 911 Communications Center, Sept. 22"; "US Cyber Command warns of ongoing attacks exploiting Atlassian Confluence flaw"; "Going beyond: Assessing security practices of IT [information technology] service providers"; "CISA releases the Cloud Security Technical Reference Architecture and Zero Trust Maturity Model for public comment"; and "Five ways to navigate the threat landscape conveyed in Verizon's DBIR [Data Breach Investigations Report] 2021."
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2021-09-09
-
Vulnerabilities Equities Policy and Process for the United States Government
From the Purpose: "This document describes the Vulnerabilities Equities Policy and Process for departments and agencies of the United States Government (USG) to balance equities and make determinations regarding disclosure or restriction when the USG obtains knowledge of newly discovered and not publicly known vulnerabilities in information systems and technologies. The primary focus of this policy is to prioritize the public's interest in cybersecurity and to protect core Internet infrastructure, information systems, critical infrastructure systems, and the U.S. economy through the disclosure of vulnerabilities discovered by the USG, absent a demonstrable, overriding interest in the use of the vulnerability for lawful intelligence, law enforcement, or national security purposes."
United States. White House Office
2017-11-15
-
Holistic Approaches to Cybersecurity Enabling Network Centric Operations, U.S. House of Representatives, Committee on Armed Services, Subcommittee on Terrorism, Unconventional Threats And Capabilities, One Hundred Tenth Congress, Second Session, April 1, 2008
From Adam Smith's opening statement: "As our forces move closer to the vision of network-centric operations, it's absolutely crucial that we make proper investments in cybersecurity. Net-centric warfare depends not only on the operation of network connections and infrastructure, but on being able to trust the information being shared across the networks in question. That means we have to not only protect highly vulnerable physical choke-points of global network infrastructure, but also take into account factors such as the potential security vulnerabilities posed by outsourcing of coding functions to overseas contractors, as well as the 'human factor'- weak passwords, vulnerability to social engineering, and the like." Statements, letters, and materials submitted for the record include those of the following: Subcommittee Chairman Adam Smith; Seymour Goodman, Chair, National Research Council Committee on Improving Cybersecurity Research in the U.S.; James Lewis, Director and Senior Fellow, Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), and Franklin Kramer, Distinguished Research Fellow, Center for Technology and National Security Policy.
United States. Government Printing Office
2009
-
EMR-ISAC: InfoGram, Volume 18 Issue 47, November 29, 2018
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "After-action review of fire response to Pulse nightclub shooting"; "DHS Regional Resiliency Assessment Program"; "New Cybersecurity and Infrastructure Security Agency"; and "Webinar: A Culture of Preparedness".
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2018-11-29
