Federal Blueprint Blog

Anonymous's picture
Written by
Federal BluePrint Editorial Team

Are you watching the World Cup?

It’s great to see how the best players in the world work together on defense to shut down their opponents. Cybersecurity is the same way. All the pieces have to work together in order to have a strong defense.

Encrypted Traffic – Seeing Downfield

Anonymous's picture
Written by
David Rubal, CISSP

The use of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption for Internet and enterprise traffic is growing steadily. Modern cloud applications that use SSL communications by default – such as SharePoint, Exchange, WebEx, Salesforce.com, and Google Apps – are commonplace and rapidly growing.

Anonymous's picture
Written by
Aubrey Merchant-Dest

Recent events surrounding the OPM breach only serve to highlight the realities of computer network defense (CND), further supporting that it’s difficult to stop what we can’t describe to a machine via signatures and/or policy. We’ve all heard stories of malicious email getting though various layers of network and host defenses only to be characterized as ‘shady’ after close inspection of a vigilant individual, that’s right, a human. Yet somehow we continue to be wooed by new shiny point products, which aim to cure specific issues, hoping they will provide additive risk protection and security. What other choice do we have, right?

Anonymous's picture
Written by
David Rubal, CISSP

Cyber and information security are top of mind as an increasing and continuous challenge across the U.S. Federal government. With every successful cyber attack like the one recently reported by the U.S. Office of Personnel Management, historic levels of personal employee information were compromised for over 4 million U.S. Government employees. This is only the most recent example in a growing story of active, ongoing and multiple-stage attacks on U.S. government agencies and entities. In this journey to proactively thwart attacks, agencies must evolve to think and execute differently to create a comprehensive approach to full life-cycle of cybersecurity (prevention, detection, mitigation and forensics) in order to fully protect citizen, employee, mission and classified information at all levels.

Anonymous's picture
Written by
Federal BluePrint Editorial Team

Sen. Rand Paul’s recent 11-hour filibuster illustrated the intense partisan divide in Washington over surveillance legislation and whether to reauthorize section 215 of the Patriot Act.

But surveillance isn’t the only piece of tech legislation worth talking about. Members of Congress are also discussing information sharing and data breaches, and both issues to watch as lawmakers consider numerous bills.

Anonymous's picture
Written by
Federal BluePrint Editorial Team

Federal agencies don’t always like to disclose the volume of cybersecurity threats they face because it can provide the bad guys with insight and expose their vulnerabilities.

So it was worth noting when Department of Veterans Affairs (VA) Chief Information Officer Stephen Warren, taking a cue from the Wizard of Oz, pulled the curtain back during a press call and exposed his agency’s cyber secret – the agency faces an incredible number of cybersecurity threats each day.

His agency probably isn’t alone.