The VA is on the way to agency wide reform that will help the agency better serve our nation’s veterans, and the Defense Department is ready to “get real” about cloud data. Welcome to the weekly news kick off… enjoy these highlights.
VA takes first step in implementing agency wide reform
The Veterans Affairs Department is taking the first steps in an agency wide initiative to overhaul the way the agency interacts with veterans. The program, called MyVA aims to reform the way the VA interacts internally and with the veterans it serves, said Bob Schneider, a former VA deputy assistant secretary who is heading up the MyVA implementation task force. The agency is taking the first steps under the MyVA initiative to realign its many organizational maps into one common map with five regions, FierceGovernment reports.
Halvorsen to industry: “Let’s be real” with each other on cloud data
On Jan. 29, acting Defense Department CIO Terry Halvorsen called on commercial cloud providers to own up to the challenges of data liability and information sharing, measures he sees as instrumental to the Pentagon reaping the benefits of the commercial cloud, reports FCW. Halvorsen’s blunt talk at a DoD cloud industry day held at the Commerce Department was the latest step in the Pentagon’s effort to court the private sector for cloud services.
FedRAMP high draft designed for “thoughtful” dialogue
The Federal Risk and Authorization Management Program released the high-impact baseline for cloud services Tuesday. Officials are asking industry and federal stakeholders to examine the controls and justifications and provide constructive feedback. With past iterations, FedRAMP officials have simply issued drafts and asked for stakeholders to provide their opinions. This time around, the draft document includes specific justifications as to why each control was selected, Federal Times reports.
NIST outlines process for vetting mobile apps
As federal employees look to do more and more work on their mobile devices, the National Institute of Science and Technology has developed a set of standards for testing the security of mobile software called the “app vetting process.” The new special publication (800-163) outlines the process for vetting a third-party application, from setting security standards to developing analytics tools to approval or rejection, Federal Times reports. The document also includes an extensive list of questions to help administrators identify specific security concerns.
Half Of Enterprises Worldwide Hit By DDoS Attacks, Report Says
New data illustrates how distributed denial-of-service (DDoS) attacks remain a popular attack weapon—and continue to evolve, reports Information Week. The report says about half of all enterprises were hit with a DDoS attack last year, and most ISPs and enterprises also suffered more stealthy DDoS attacks aimed at flying under the radar. Some 90% of ISP and enterprise respondents in Arbor Networks’ 10th Annual Worldwide Infrastructure Security Report say they experienced application-layer (versus network connection-sapping) DDoS attacks, and 42% say they were hit by DDoS attacks that used a combination of bandwidth-sapping, application-layer, and state exhaustion methods.