Cybersecurity touches almost every aspect of modern life and permeates many fields beyond technology, including homeland security, law enforcement, national security, foreign policy, the economy, and even emergency response. In developing the Fiscal Year 2014 Cybersecurity budget, the nation…

The confirmation on June 6, 2013 by the US National Security Agency (NSA) that it has been secretly collecting on-line data that originated overseas from non-U.S. citizens, has re-ignited an old controversy about the growth of domestic surveillance by the U. S. Federal Government.[1]  This…

What is a Cloud?

There has been much “hype” about cloud and a lot of confusion, especially regarding risk management and security concerns. The groundwork is quietly being laid for security and privacy services in public cloud ecosystems. The collaboration and …

A few years ago, I drafted the first version of a paper for the Federal Public Key Infrastructure Policy Authority (FPKIPA), entitled “The Realized Value of the Federal Public Key Infrastructure (FPKI).” At that time, we declared it mature and proudly documented its value to the Federal PKI…

The concept of reusing credentials is nothing new. A host of standards and technologies have grown up over the last decade. SAML, WS-Federation, OAuth, OpenID, and others, have matured from nascent concepts to standards with broad adoption in COTS products. These standards continue to evolve to…

The White House has received considerable praise for highlighting Critical Infrastructure Cybersecurity in the State of the Union speech this year, and the Executive Order that accompanied the speech takes several important steps in resolving the complex problems facing industry, governments and…