Explore top 10 tips to secure your open-source projects now. Read More
×Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies. . It's believed to be the first payout on a 'False Claims Act' case over failure to meet cybersecurity standards. The lawsuit began eight years ago, in the year 2011, when Cisco subcontractor turned whistleblower, James Glenn, accused Cisco of continue selling a video surveillance technology to federal agencies even after knowing that the software was vulnerable to multiple security flaws. The link for this article located at The Hacker News is no longer available. . Cisco is negotiating a settlement concerning allegations that it sold defective video surveillance systems to governmental bodies, despite being aware of their shortcomings.. Cisco Systems, Video Surveillance, Cybersecurity Standards, Security Flaws, Lawsuit Settlement. . Brittany Day
U.S. businesses for years have urged the government to let them set computer-security standards of their own, but their inability to do so could now prompt Congress to step in, experts say. Those who worry that regulation may stifle innovation say the business community may have already missed an opportunity to prove the government's help is not needed. . "The market is in a much better position to respond to this challenge...but corporate America has not provided evidence across the board that they've taken this issue seriously enough to protect consumers," said Bob Dix, a lobbyist for Citadel Security Software, who until last year handled cybersecurity for a congressional subcommittee. The private sector is under scrutiny after a string of incidents at data brokers, retailers and other businesses exposed at least half a million U.S. citizens to identity theft. The business community for years has argued that any government regulations would quickly become outdated in a rapidly changing field, and a 2003 Bush administration plan called on the private sector to set its own standards. Working with the the Homeland Security Department, an industry-led task force issued a set of guidelines in April 2004 that called for company chief executives to take direct responsibility for their computer systems. One year later, only two companies have adopted the guidelines: Entrust and RSA Security, whose chief executives co-chaired the task force. The link for this article located at ZDNet News is no longer available. . Legislators are ready to implement rules regarding digital privacy as American companies encounter pressure due to the absence of voluntary guidelines.. Data Privacy Laws,Cybersecurity Standards,Corporate Responsibility. . Brittany Day
Federal regulators are proposing to add computer security standards to their criteria for installing new computerized safety systems in nuclear power plants. The US Nuclear Regulatory Commission (NRC) quietly launched a public comment period late last month on a proposed 15-page update to its regulatory guide "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants." The current version, written in 1996, is three pages long and makes no mention of security. . The replacement would expand existing safety and reliability requirements for digital safety system, and infuse security requirements into every stage of a system's lifecycle, from drawing board to retirement. The link for this article located at TheRegister.co.uk is no longer available. . The proposed update aims to enhance cybersecurity standards for nuclear safety systems, updating regulations for modern needs.. Nuclear Safety,Cybersecurity Standards,NRC Protocols,Digital Safety Systems. . Benjamin D. Thomas
The new Cyber Security Industry Alliance could benefit from greater cross-industry cooperation, says Giga Group security analyst Michael Rasmussen. "Otherwise this could be one more voice in the wilderness." . . .. The new Cyber Security Industry Alliance could benefit from greater cross-industry cooperation, says Giga Group security analyst Michael Rasmussen. "Otherwise this could be one more voice in the wilderness." Seeking strength in numbers, leading security companies have joined forces to create the Cyber Security Industry Alliance (CSIA), whose stated mission is to push for policy initiatives, public-sector partnerships, educational programs and industry technology standards. Executive director Paul Kurtz, former Homeland Security Council member and senior director for National Security of the Office of Cyberspace Security, told NewsFactor that the primary objective is to bring I.T. security experts together so that they can speak with one voice. . The Digital Safety Consortium aims to improve inter-industry collaboration to promote stronger protection protocols.. Cyber Security Industry, IT Security, Industry Standards. . Anthony Pell
Eleven of the nation's top computer security companies are forming a new organization to lobby on cyber-security issues in Washington, breaking ranks with the broader technology industry in hopes that a more cooperative approach to protecting the nation's critical information infrastructure will avert heavy-handed regulation by Congress and the White House. Leaders of the Cyber Security Industry Alliance (CSIA) stress that they remain wary of any government effort to regulate security practices. They are, however, willing to concede that some requirements, perhaps developed under existing federal laws, could improve computer security practices without foisting onerous mandates on businesses. . . .. Eleven of the nation's top computer security companies are forming a new organization to lobby on cyber-security issues in Washington, breaking ranks with the broader technology industry in hopes that a more cooperative approach to protecting the nation's critical information infrastructure will avert heavy-handed regulation by Congress and the White House. Leaders of the Cyber Security Industry Alliance (CSIA) stress that they remain wary of any government effort to regulate security practices. They are, however, willing to concede that some requirements, perhaps developed under existing federal laws, could improve computer security practices without foisting onerous mandates on businesses. That concession marks a departure from the technology industry's traditional anti-regulatory philosophy and signals an attempt by the computer security community to speed up efforts to implement a White House-sponsored plan to secure the nation's electronic communications networks. "Rather than saying to Congress, 'This is not an issue, stay out,' we as an industry need to figure out how to solve these problems in a proactive way before someone gets fed up and says it's time to legislate," said Sanjay Kumar, the chief executive of Islandia, N.Y.-based Computer Associates and a leading figure in the new organization. One of thefirst tasks on the alliance's agenda is to develop common standards for reporting and sharing information on the latest Internet security threats. A presidential commission report submitted to the White House earlier this month found that the anti-virus software vendors often create public confusion by giving different names and threat levels to the same computer viruses and worms. Richard Clarke, the former White House adviser who led the drafting of the White House's National Strategy to Secure Cyberspace, said the spate of worms and viruses that plagued the Internet in 2003 put added pressure on the security industry to take action. "Last year was the worst in history in terms of the damage from cyber-attacks," Clarke said. "I think we're getting to the point where Congress wants something to happen, the people and American corporations that buy information technology want something to happen, and so having the technology security industry organized to be part of that debate makes a lot of sense." The link for this article located at WashingtonPost is no longer available. . Eleven of the nation's top computer security companies are forming a new organization to lobby on cy. eleven, nation's, computer, security, companies, forming, organization, lobby. . Anthony Pell
The department of energy has done something unusual for a federal agency. It has become an example of excellent cyber-security practice. It has done this by pressuring Oracle to elevate security in its 9i database product--in the process, taking software out . . . . The department of energy has done something unusual for a federal agency. It has become an example of excellent cyber-security practice. It has done this by pressuring Oracle to elevate security in its 9i database product--in the process, taking software out of the shadows of "as is" licenses and putting it in the spotlight of a government procurement action. DOE's action could begin a process that improves the security of the technologies available to the public and private sectors alike. To win this open-ended deal, Oracle promised to deliver its database in a secure configuration and took responsibility for the security of the software going forward. Future patches must be delivered quickly and cannot create new problems or vulnerabilities if Oracle wants to continue getting paid. It's the kind of vendor commitment that every enterprise merits but that only the $59 billion IT buying power of the federal government can effect right now. The link for this article located at eWeek is no longer available. . The energy sector establishes a benchmark by insisting on advanced safety measures from Microsoft for fortified cloud infrastructure.. Database Protection, Cybersecurity Standards, Government Procurement, Vendor Accountability. . Anthony Pell
Do you think there should be network security standards set by the government? According to MSNBC "insurance companies and the security industry are considering quasi-government regulation to try to compel Internet firms to take basic security steps." This was . . . . Do you think there should be network security standards set by the government? According to MSNBC "insurance companies and the security industry are considering quasi-government regulation to try to compel Internet firms to take basic security steps." This was probably complled by the fact that there are "125,000 networks with the same flaw that allowed the attacks" that occured six months ago on major US websites. The link for this article located at ZDNet is no longer available. . With rising digital threats, a debate emerges on mandatory cybersecurity rules for online companies, balancing user protection and industry innovation.. Network Security Standards, Internet Safety, Cyber Attack Prevention, Government Regulation. . Anthony Pell
Get the latest Linux and open source security news straight to your inbox.