The newly released guidance is a second draft revision of the Computer Security Incident Handling Guide, which was originally released in March 2008.

The guidance provides framework for agencies to establish incident response teams to analyze cybersecurity threats and determine appropriate solutions.

The guide also outlines various threats agencies should consider when implementing a counter-prevention strategy.

NIST said it is accepting feedback on the revision via email through March 16.

Navy Photo

The General Service Administration is asking for industry input in creating a database search engine to instantly check prices of commercial and government products.

In a request for information, GSA said it wants to create the database to let all federal agencies compare current prices of selected products.

The database would search both commercial and government websites such as the Defense Department‘s email, GSA Advantage and NASA‘s Solutions for Enterprisewide Procurement.

Searchable fields within the database should include:

• Delivery times
• Item description
• Manufacturer
• National stock number
• North American industry classification service code
• Part number
• Quantity discounts
• Shipping cost
• Unit of issue

GSA said responses should include a rough cost estimate with an associated project schedule and the agency is accepting responses through than Feb. 29.

Teri Takai

Defense Department Chief Information Officer Teri Takai wants to use multiple approaches to handle mobile device usage in the Pentagon, she told the “Leadership” executive journal.

“Leadership” is published quarterly by CGI‘s collaborative government initiative.

The Pentagon hosts a highly mobile workforce in a time of mobile device proliferation and Takai told “Leadership” the Pentagon has a complex need when it comes to mobility.

Takai also manages the Pentagon’s data center consolidation and acquisition processes, among other tasks, in a tough budget environment.

Takai said she has several approaches to handle the Pentagon’s supply-chain management and acquisition process, including partnerships with technology companies to protect the supply chain.

Takai also included in her strategies:

• Using currently in pilot status where the Pentagon shares cyber information with contractors
• Drawing a plan to maintain the Pentagon’s mission when breaches do occur

Read the full report on Takai’s mobile and supply chain strategy in “Leadership” here.

Dorothy Robyn, deputy defense undersecretary for installations and environment, and Paul Anastas, EPA assistant administrator, signed the memorandum of understanding to establish the partnership.

Scientists and engineers from both the Pentagon and the EPA’s research and development office will collaborate to develop the technologies.

The Pentagon said the partnership allows both agencies to use military bases as testing environments for the technologies, which the Pentagon hopes to spread into civilian communities.

Photo: GSA.gov

The General Services Administration released its step-by-step instruction guide on following FedRAMP procedures Tuesday.

The 47-page concept of operations outlines how agencies and contractors should proceed in certifying services so a service from one contractor could be used in multiple agencies.

GSA says products including infrastructure-as-a-service tools will be the first to go through the FedRAMP process.

Independent auditors that undergo an application process to be government-approved will evaluate products’ compliance.

Cloud providers that successfully go through the authorization process will be listed on the FedRAMP website.

After passing the audit phase, officials from the Department of Homeland Security and FedRAMP will evaluate and continue to re-evaluate services deployed in agencies.

Service providers may re-submit a product or service to the auditors for reconsideration and a panel of security experts will reassess whether the product will be used or not.

GSA’s guide designates the DHS as the lead body in coordinating recovery efforts in the event of a breach on the agency side.

DHS will also “assist government-wide and agency-specific efforts to provide adequate, risk-based and cost-effective cybersecurity” and develop guidance to implement trusted services and cybersecurity.

George Little

Pentagon Press Secretary George Little took questions Monday; not from journalists, but from Twitter users.

According to AFPS, Little answered questions from hundreds of users on topics ranging from Syria, Iran cybersecurity and Pentagon energy savings initiatives.

Little said fielding the questions was a challenge and needed help to manage the questions, but added that he chose the questions.

Sharon Burke, assistant defense secretary for operational energy plans and programs, joined the conversation after several users asked questions on the Pentagon’s energy conservation efforts.

“There were several good questions,” Little said to AFPS. “They varied widely, but I certainly after this experience see the power of this format.

“On certain issues you can connect people to other organizations. You can address very briefly a national security issue, and you can dialogue directly with people without filters.”

Little told AFPS he may participate in more Twitter town halls.

Maj. Gen. Brett Williams

The Air Force is placing more emphasis on capabilities relating to intelligence, surveillance and reconnaissance in response to budget reductions, Federal Computer Week reported.

At a briefing Feb. 6, Air Force officials said their main concerns include gathering intelligence from large amounts of data, securing cyberspace and training new airmen.

Brig. Gen. Scott Bethel, vice commander of the Air Force’s ISR agency, said the Air Force is working on cross-cuing tools where sensors communicate automatically with each other.

Maj. Gen. Brett Williams said the Air Force will also address cyber threats that could damage critical infrastructure.

Williams added the the Air Force will assess risks and determine what its most valuable technological assets are.

Photo: DHS.gov

A House subcommittee cleared a bill last week that would create nonprofit organization to promote information sharing across the public and private sectors, Federal News Radio reports.

Bill sponsor Rep. Dan Lungren (R-Calif.) said the bill makes the Department of Homeland Security the focal point for protecting federal networks and private sector-owned critical infrastructure.

Lungren is chairman of the House Homeland Security subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies.

Under the proposed legislation, the National Information Sharing Organization would facilitate the sharing of cybersecurity and infrastructure protection between the federal government and the private sector.

Lungren told Federal News Radio NISO would establish trust between the private sector and the government.

Lungren also said the government would provide funds for NISO’s first three years, then participants would contribute to the center’s funding.

Heidi Shyu

President Obama has nominated Heidi Shyu assistant army secretary for acquisition, logistics and technology, the White House announced Friday.

Shyu has served as acting assistant secretary since Malcolm O’Neill resigned in June 2011.

The nomination is subject to Senate approval, after which she will become the Army’s top weapons buyer.

Shyu previously held executive positions at Raytheon from 1997 to 2010.

Shyu’s most recent position at Raytheon was vice president of technology strategy for space and airborne systems.

While at Raytheon, she also served as vice chair of the Air Force‘s scientific advisory board.

Photo: Attila Toro

A House subcommittee will review cyber threats in the U.S. during a Wednesday hearing, according to the The Hill newspaper.

Rep. Greg Walden, (R-Ore.) chairman for the House Energy and Commerce subcommittee on communications and technology, said the subcommittee will consider botnets, hacking and supply-chain vulnerability.

Industry representatives and security experts are scheduled to testify, addressing cybersecurity practices and the government’s role in protecting cyberspace.

According to The Hill, several House committees have moved forward with cybersecurity bills and want bring them to the full House floor for debate before the election.

A compromise proposal from the Senate Commerce and Homeland Security committees would impose regulations on companies that operate critical infrastructure.

Walden said in a news briefing the subpanel’s agenda for the year includes authorizing spectrum auctions and progressing two bills that overhaul the Federal Communications Commission‘s way of doing business, The Hill reported.