Biden To Expand National Security Agency Role in Government Cybersecurity (wsj.com) 18
President Biden on Wednesday expanded the National Security Agency's role in protecting the U.S. government's most sensitive computer networks, issuing a directive intended to bolster cybersecurity within the Defense Department and intelligence agencies. From a report: The memorandum signed by Mr. Biden mandates baseline cybersecurity practices and standards, such as two-factor authentication and use of encryption, for so-called national security systems, which include the Defense Department and intelligence agencies and the federal contractors that support them. It effectively aligns the cybersecurity standards imposed on national security agencies with those previously established for civilian agencies under an executive order Mr. Biden signed last May. Affected agencies will soon be expected to implement various cybersecurity protocols, including use of certain cloud technologies and software that can detect security problems on a network. Cybersecurity failures have plagued the U.S. government for decades, including thefts of detailed personnel records and military secrets that have been blamed on Russia, China and other adversaries. While national security agencies are generally seen as more secure than their civilian counterparts, they have endured significant breaches, too.
Re: (Score:1, Flamebait)
Looks like the "beating a liberal tv show" guy has some competition now.
Re: (Score:2)
lol. I'm glad that someone still cares enough to try to be first, as pointless as it is.
Good luck! lol (Score:2)
Re: (Score:2)
The NSA is where most of the government sysadmins and programmers work, they have numerous large buildings full of the "best and brightest" whose current work almost entirely consists of filling databases full of information that would only be used in case of a major war.
They're definitely not the "1970s mainframe" department.
It's about time they're being assigned some useful tasks.
Define "National Security System" (Score:1)
Such a nebulous term that has no firm definition or meaning. It can't mean classified systems since those are already much more secure than any of the requirements in this EO.
Re:Define "National Security System" (Score:5, Informative)
You mean this?
What are National Security Systems?
National security systems are information systems operated by the U.S. Government, its contractors, or agents that contain classified information or that:
* involve intelligence activities;
* involve cryptographic activities related to national security;
* involve command and control of military forces;
* involve equipment that is an integral part of a weapon or weapons system(s); or
* are critical to the direct fulfillment of military or intelligence missions (not including routine administrative and business applications).
The definition for a National Security System, along with other applicable terms used in the National Security Community, are found in CNSSI 4009, "Information Assurance Glossary"
https://en.wikipedia.org/wiki/... [wikipedia.org]
https://www.cnss.gov/CNSS/abou... [cnss.gov]
So will the government now leak (Score:2)
Re: (Score:2)
Re: (Score:2)
Just the same. Cybersecurity doesn't do much to stop leaks, because leaks are *intentional* disclosures of information by people who have valid access to it.
Every administration complains about leaks, but no administration does much about them because often it's the very top of the administration that's doing the leaking. They leak to make things public without being seen publicly acknowledging them. They leak to float policy ideas they can walk back if the public freaks out. Sometimes it's the internal p
This will help (Score:2)
Obviously won't solve all problems, but it is good to see a president actually take cybersecurity seriously. Use 2FA, continuously update all the software and infrastructure, have active breach monitoring in place.
Not sure about this (Score:2)
If a system is already on an internet-connected network, then additional cloud-based intrusion, threat, and anomaly detection makes sense. This may be counterintuitive, but it is becoming necessary.
Intrusion and threat detection both get better as more resources are spent on investigating and classifying anomalies, so it makes sense to collaborate or outsource. As long as the service provider has adequate resources, it's a decent approach.
Having your own massive department of experts could be better, but it
How quickly we forget. (Score:2)
The NSA was originally tasked with securing secret information. It was later that they started spying on everyone. Who knows when they became more concerned with circumventing data security than with promoting it?