A reflection of the Department of Homeland Security logo in the eyeglasses of a cybersecurity analyst at the watch and warning center of the Department of Homeland Security’s secretive cyber defense facility in Idaho Falls, Idaho. // Mark J. Terrill/AP File Photo
This story has been updated to clarify the Einstein program’s role in detecting cyber intrusions.
The Department of Homeland Security has spelled out its intentions to proactively monitor civilian agency networks for signs of threats, after agencies arguably dropped the ball this spring in detecting federal websites potentially harboring the Heartbleed superbug.
Annual rules for complying with the 2002 Federal Information Security Management Act released Friday require agencies to agree to proactive scanning. The regulations also contain new requirements for notifying DHS when a cyber event occurs.
“The federal government’s response to the ‘Heartbleed’ security vulnerability highlighted the need to formalize this process, and ensure that federal agencies are proactively scanning networks for vulnerabilities,” Office of Management and Budget Director Shaun Donovan said in an Oct. 3 memo to department heads. “This year’s guidance clarifies what is required of DHS and federal agencies in this area.”
In April, researchers discovered Heartbleed, a glitch in widely used data encryption software.
More at Source: http://goo.gl/iWeC8c