Topic: Government Policy

The U.S. Passport card or PASS (People Access Security Service) card, a new travel document, is slated for issue by the federal government in the spring of this year. A poor cousin to the standard passport, it's more compact and less expensive, but valid only at land and sea points of border entry into the United States, not for air travel. The PASS card emerged as part of the Western Hemisphere Travel Initiative (WHTI), which phases out drivers' licenses as border-crossing documents for the U.S.

I've heard two starkly contrasting opinions on the security of the PASS card...

Click here to listen/download (09:40).

Speaking of Security Blogger Shannon Kellogg talks with Matt Buckley about the state of information security from a Washington, D.C. point of view.

An anniversary recently passed amid a heightened focus in Washington, D.C. on the status of federal information security: the Federal Information Security and Management Act (FISMA) just completed its fifth year on the books as a federal law.

As the follow up to the Government Information Security Act of 2000, FISMA established an updated legal framework for federal information security, including baseline security standards for federal agencies. I remember that the information security community was excited about FISMA and its promise.

So, what's the verdict five years later? In my opinion it's a mixed bag. On one hand, FISMA has arguably increased awareness of, and focus on, federal information security...

Not since the infamous U.S. Veterans Administration breach, when a laptop containing information on 26.5 million veterans was stolen in 2006, have we seen a breach of sensitive data like the one that occurred in the United Kingdom last week. According to news reports, two disks containing the records of 7.25 million families and around 25 million people were lost by Her Majesty's Revenue and Customs agency as they were being transferred to the UK's National Audit Office.

Earlier this month, President Bush requested $154 million in FY2008 funding for expanding cyber security initiatives at the Department of Homeland Security (DHS) and other federal agencies. The majority of the initial budget request (which would shift current government fiscal year money from other projects) will reportedly be focused on expanding DHS's "Einstein" program, which is run by the U.S. Computer Emergency Readiness Team. See this Federal Computer Week story by Jason Miller titled White House officials ask for $154 million in new cybersecurity spending for more background.

I traveled quite a bit during the month of October - which was National Cyber Security Awareness month here in the U.S. - and there was one issue that came up frequently during my various business trips to locations around the U.S. and one to London: software assurance. It's really a continuation of a theme that I have come across during the course of the last couple of years: as breaches of information security have become more and more frequent - whether perpetrated by cyber-criminals looking to make a fast buck; or by nefarious actors breaking into systems to commit espionage; or in the case of entire countries (e.g. Estonia) that have seen their critical infrastructure attacked via cyberspace - governments have become increasingly focused on product security. The issue of security within products that are integral parts of systems or networks is clearly gaining the attention of government decision makers around the world...

Click here to listen/download (08:07).

Last week's RSA Conference Europe is over but you can hear from some of last week's expert speakers, like Marika Konings, Director of European Affairs for the Cyber Security Industry Alliance, in the Conference Podcasts section of www.rsaconference.com/2007/europe. Paul gets an event recap from the Conference Manager, Linda Lynch, and we share part of an interview with Marika from the show floor in this week's podcast.

On October 16th, in the bowels of the U.S. Capitol Building, the Business Software Alliance organized a briefing on cyber-crime issues that was attended by congressional staff members, industry experts and media representatives. Art Coviello, President of RSA, The Security Division of EMC, delivered the industry keynote; U.S. Representative Steve Chabot (R-OH) provided remarks from a congressional perspective. Congressman Chabot is a co-sponsor of H.R. 2290, the Cyber Security and Enhancement Act of 2007, along with U.S. Representative Adam Schiff (D-CA). H.R. 2290, if passed, would include changes to law that would: criminalize malicious botnet attacks...