by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : May 15, 2015
The interconnectivity of the Internet of Things leaves public and private computer systems essentially inde- fensible, and no amount of security guidance can help. That’s the sobering assessment of a top analyst at the National Insti- tute of Standards and Technology, the agency responsible for providing such guidance. Federal officials can implement as many security controls as they want, said Ron Ross, a fellow in NIST’s Computer Security Division, but hackers will still “have a slice of that pie that will always be accessible because there are things that are off our radar due to their complexity.” “You can comply perfectly with all of that stuff, and you can still have a very vulnerable infrastructure because of the complexity,” Ross said at an event hosted by AFCEA’s Bethesda chapter in April. “There are things that those standards and guidance... don’t touch.” NIST is one of the primary dispens- ers of federal security guidance, which is not in short supply. As Ross put it, agencies are “drowning in guidance.” His answer to the challenge is, ironi- cally, more guidance. NIST official: Internet of Things is indefensible civilian federal employees work on cybersecurity 1in22 Trending Ross and his colleagues are work- ing on a publication he hopes will be a rubric for applying security controls throughout the life cycle of IT systems. He told FCW that his goal for the docu- ment is to “do a better job of engaging the right people in the organization, the decision-makers who are taking those risk-based decisions, and get them involved early in the process.” A draft of that publication, NIST 800- 160, has been published, and Ross said he hopes to release a second draft in the next few months and the final ver- sion by the end of the year or early in 2016. The nonbinding document is aimed at anyone involved with or affected by IT engineering in the public and private sectors. That means systems and soft- ware engineers, acquisition managers and C-suite security officials, to name a few. Ross said tackling the insecurity wrought by the Internet of Things would require the kind of collabora- tion among government, the private sector and academia that helped the United States in its space race with the Soviet Union in the 1960s. In a separate interview, Robert Big- man, a former chief information secu- rity officer at the CIA, said “there’s a bigger problem” than the need for vol- untary security standards. “We don’t have any governance policy or regu- lations at the...federal level over this entire issue of the Internet of Things. No one’s tackled this issue, and frankly, no one wants to tackle the issue.” Bigman, now a private IT security consultant, said the Office of Manage- ment and Budget should ask NIST to come up with recommendations for regulating the Internet of Things. Hacks have occasionally raised eye- brows, but “no one’s paying attention to the bigger issue,” he said, referring to the lack of federal regulation. — Sean Lyngaas FCW CALENDAR Commerce IT Washington Technology’s first industry IT day focuses on Commerce’s key component agencies and their projected $2.3 billion in fiscal 2016 IT spending. Falls Church, Va. is.gd/FCW_CommerceIT Innovation ACT-IAC’s annual Management of Change conference will dig into continuous delivery, workforce development and the Internet of Things. Cambridge, Md. is.gd/FCW_MOC2015 5/28 5/17-19 May 15, 2015 FCW.COM 3 NOMINATIONS NOW OPEN Nominations for the 2015 Rising Star awards are now being accepted. Learn more at fcw.com/2015risingstars. OSS-INSTITUTE.ORG “You can comply perfectly with all of that stuff, and you can still have a very vulnerable infrastructure because of the complexity.” — RON ROSS, NIST 0515fcw_003-010.indd 3 4/22/15 11:57 AM
April 30, 2015
May 30, 2015