Technically Speaking

The White House has recently issued an Executive Order, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”  The Order is broad in scope, and features positive provisions, some unfortunate omissions and a seemingly excessive set of reporting requirements.  Let’s take a look.

Data breach statistics are staggering. Through the end of March 2017, there have already been over 300 major breaches and over nine million records stolen. It’s a challenging problem and one that doesn’t come with a lot of solutions. Part of the problem is understanding what the patterns are. Today’s attacks have several stages from initial reconnaissance to object completion, as depicted in the Cyber Kill Chain which describes the phases of a targeted attack.

Autodesk InfraWorks 360 and AutoCAD Civil 3D 2018 are here! For infrastructure and transportation civil engineers and designers, the new releases incorporate feedback from users and stress better economics, practicality, resiliency and attractiveness in the conception, design and construction of road, highway, bridge, land, and other infrastructure projects.

U.S. public sector organizations are moving further into the cloud. That’s according to a new study from DLT partner, SolarWinds. In fact, 96% of public IT practitioners, managers, and directors report that they have migrated critical applications and infrastructure over the past year.

What does privilege have to do with your agency’s security controls? The fact is that most data breaches start with privilege abuse. Think Edward Snowden. In the wake of his leaks, the NSA pledged to reduce system administrator privileges by 90%. Then there are outsiders. Most recent federal data breaches originate from attackers who exploited the login accounts of employees or contractors to gain access to sensitive data.

In our recent webinar, three industry experts dissected the recently revised primary standard for security controls for federal information systems, NIST 800-53 revision 4. As more agencies in the public sector and their partners move to the cloud, security remains a top concern. Thought leaders from DLT, AWS and Evident.io exchanged perspectives on what NIST 800-53 compliance means for government agencies and private organizations alike.