FedScoop http://fedscoop.com Federal technology news and events Wed, 23 Jul 2014 03:06:00 +0000 en-US hourly 1 AT&T to provide secure IP phone systems for State http://fedscoop.com/att-provide-secure-ip-phone-systems-state/ http://fedscoop.com/att-provide-secure-ip-phone-systems-state/#comments Wed, 23 Jul 2014 03:06:00 +0000 http://fedscoop.com/?p=61375 From Podgorica, Montenegro to Kiev, Ukraine, the United States has nearly 300 embassies and consulates overseas. A new deal between AT&T and the State Department will ensure that all of them are connected with secure internet protocol telephony.

The post AT&T to provide secure IP phone systems for State appeared first on FedScoop.

]]>
From Podgorica, Montenegro to Kiev, Ukraine, the United States has nearly 300 embassies and consulates overseas. A new deal between AT&T and the State Department will ensure that all of them are connected with secure internet protocol telephony. 

The Foreign Post Telephone Program, announced Monday, is valued at up to $275 million. The five year deal was awarded through the General Services Administration’s Connections II indefinite delivery, indefinite quantity contract. 

“It essentially is a program where AT&T will provide all of the support services to design, engineer, deploy and maintain telephony systems in up to the nearly 300 embassies, posts and consulates overseas,” Stacy Schwartz, vice president of AT&T government solutions said in a phone interview with FedScoop. “So it’s a mix of service and equipment and design and some pretty interesting locations to support the state department.”

AT&T will design and procure the systems for a mix of new equipment installations and upgrades. In order to roll out this service, security-cleared AT&T techs will need to be on-site at every installation worldwide. The personnel will install, integrate, test and bring these systems online, according to the release.

“Our value proposition was as the State Department looks to evolve its technology, or evolve its future technologies, that we would be there to help do that for them as they steadily change out some of their architecture in embassies,” Schwartz said. “So, trying to get them future-ready for things such as unified communications.”

The company is now beginning the process of talking with the State Department about how it can implement the technology on an international scale.

“We’re just now sitting down with the State Department on what our future planning would be in terms of looking at various regions and locations for some of those unique visits, so that’s really what’s exciting about this,” Schwartz said. “There’s an intent to really rationalize or look at all those disparities across various geographies and how to best deploy the right systems that will have longevity and will position the State Department to use the best technology in the future.”

The State Department did not respond to FedScoop’s request for comment by publication time.

“It is a big, very important program if you think about what’s going on in all those embassies,” Schwartz said. “So we’re just really feeling quite proud to have been selected for this.”

The post AT&T to provide secure IP phone systems for State appeared first on FedScoop.

]]>
http://fedscoop.com/att-provide-secure-ip-phone-systems-state/feed/ 0
USGS 3-D mapping data aims to save lives and money http://fedscoop.com/usgs-3-d-mapping-data-aims-save-lives-money/ http://fedscoop.com/usgs-3-d-mapping-data-aims-save-lives-money/#comments Wed, 23 Jul 2014 02:52:13 +0000 http://fedscoop.com/?p=61380 The Interior Department's U.S. Geological Survey, along with several other federal agencies, launched a $13.1 million partnership called the 3-D Elevation Program earlier in July. Working together with academia, private companies and state and local governments, the agencies aim to develop 3-D mapping and enhanced elevation data of the U.S. for more accurate topographical representations.

The post USGS 3-D mapping data aims to save lives and money appeared first on FedScoop.

]]>
A lidar representation of Mount St. Helens (credit: USGS).

A lidar representation of Mount St. Helens (credit: USGS).

The White House earlier this year reported in its third National Climate Assessment that climate change is taking a major toll on the nation’s environment. In an effort to combat those perceived changes — growing temperatures and rising sea levels, among others — President Obama has since introduced several actions to create a more-resilient infrastructure, one of which is an initiative to develop advanced 3-D mapping data and tools.

The Interior Department’s U.S. Geological Survey, along with several other federal agencies, this month launched a $13.1 million partnership called the 3-D Elevation Program, or 3DEP. Working together with academia, private companies and state and local governments, the agencies aim to develop 3-D mapping and enhanced elevation data of the U.S. for more accurate topographical representations.

Using “lidar” — radar’s relative that uses light detection rather than radio detection — 3DEP data will be applied in several climate impact areas, such as flood management, water resource planning, mitigation of coastal erosion and storm surge impacts and the identification of landslide hazards, as well as others detailed in the National Enhanced Elevation Assessment, according to the program’s website.

The Federal Emergency Management Agency looks to be one of the biggest beneficiaries of the initiative. With plans for a new Map Service Center website — what the agency says is the official source for flood hazard information produced in support of the National Flood Insurance Program — FEMA will be able to integrate the new data and mapping and reduce the time it takes to update its flood maps. While the MSC update is set to go live July 25, the 3DEP data will be acquired over an eight-year period, meaning 3DEP won’t be as readily available on the FEMA site.

A 3-D model of the University of Nebraska's Memorial Stadium produced by lidar (creditL USGS).

A 3-D model of the University of Nebraska’s Memorial Stadium produced by lidar (creditL USGS).

The new USGS mapping technique not only means better data utilization — and therefore increased disaster prevention, mitigation and response — but also economic stimulation. USGS cited one example in which lidar data could support nearly $2 billion worth of precision agriculture nationwide each year.

But the data also will provide cost savings in preventing catastrophes. With enhanced elevation data, each of the impact areas 3DEP will serve comes with big-time business activity, as described in USGS’ enhanced elevation assessment. For instance, the improved data could bring between $295 and $502 million in economic benefit through flood risk management alone, according to federal estimates.

The transition to 3DEP will be a gradual one, according to USGS. As the agency begins implementing the program, it will continue to produce data and maps in older technologies until the transition to 3DEP is completed.

Additionally, USGS is looking for other agencies to partner in acquiring the 3-D mapping data.

USGS and FEMA this Friday will host a congressional briefing on ways 3DEP can better Americans’ lives and boost the economy.

The post USGS 3-D mapping data aims to save lives and money appeared first on FedScoop.

]]>
http://fedscoop.com/usgs-3-d-mapping-data-aims-save-lives-money/feed/ 0
Micro-virtualization security picking up federal steam http://fedscoop.com/micro-virtualization-security-picking-federal-steam/ http://fedscoop.com/micro-virtualization-security-picking-federal-steam/#comments Tue, 22 Jul 2014 22:09:05 +0000 http://fedscoop.com/?p=61377 Federal agencies are beginning to experiment with a new hardware isolation method of detecting malicious code hidden in browsers, browser plugins and widely deployed productivity applications.

The post Micro-virtualization security picking up federal steam appeared first on FedScoop.

]]>
Federal agencies are beginning to experiment with a new hardware isolation method of detecting malicious code hidden in browsers, browser plugins and widely-deployed productivity applications.

Unlike other sandboxing applications, which run at the kernel level, a number of federal agencies are evaluating a new tool by Cupertino, California-based Bromium Inc. that offers micro-virtualization at the processor level. This so-called hardware isolation emulates a complete system and allows malware to execute without infecting the system. The software then removes the malicious code, stopping zero-day attacks emanating from the most common untrusted tasks and threat vectors, including browsing the Internet, downloading documents, opening email attachments and launching files from authorized removable storage devices.

Last September, the Department of Health and Human Services issued a solicitation for Bromium’s vSentry software, describing it as a unique capability that plugs a significant gap in endpoint security — relying on signature-based antivirus and security software to detect unknown zero-day exploits in some of the most common and widely-deployed software tools.

“The unique micro visor architecture that runs on the CPU rather than the Kernel Level sandboxing offered by other vendors offers a level of protection and analytical capabilities that has been previously unobtainable on a common user’s system,” HHS said in a solicitation posted to the Federal Business Opportunities website.

A slide presented by security officials at Sandia National Laboratory during the National Laboratories Information Technology Summit this month describing the agency's ongoing pilot testing of Bromium's vSentry software.

A slide presented by security officials at Sandia National Laboratory during the National Laboratories Information Technology Summit this month. Sandia is pilot testing Bromium’s vSentry and LAVA software.

And now additional agency testing is underway at the Defense Department and the Energy Department’s national laboratories. Sandia National Laboratory is currently pilot testing Bromium’s vSentry and the company’s live attack visualization and analysis tool for forensic analysis of malicious behavior.

The testing and evaluation come as the company released a new report detailing a skyrocketing increase in vulnerabilities in Microsoft’s Internet Explorer, as well as Java, Flash, Adobe Acrobat Reader and office productivity applications.

“Microsoft’s Internet Explorer set a record high for reported vulnerabilities in the first half of 2014,” according to an advance copy of the Bromium report received by FedScoop. Meanwhile, “Adobe Flash is the primary browser plugin being targeted by zero day attacks this year.”

In the first half of 2014, the growth in zero day exploits continued unabated. “Unsurprisingly, all of the zero day attacks targeted end-user applications such as browsers and productivity applications like Microsoft Office,” the Bromium Labs report states. “Typically these attacks are launched leveraging users as bait using classic spear-phishing tactics. The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray. Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers.”

Kelly Collins, vice president of public sector at Bromium, said while some applications have been blacklisted in government because of security concerns, the browser remains the most prolific software application in government and there’s just no way for agencies to keep up with security patches for each and every application plugin.

“Signature-based security cant keep up with that threat model,” Collins said in an interview with FedScoop. She characterized trying to keep old versions of Java patched, as well as browsers, document readers and productivity apps to a “game of whac-a-mole futility.”

According to Collins, the Defense Department has tested Bromium’s ability to detect and isolate 100 percent of the threats that come across the vectors of attack covered by vSentry. The department is currently evaluating the software for approval to run on DOD networks, Collins said.

 

The post Micro-virtualization security picking up federal steam appeared first on FedScoop.

]]>
http://fedscoop.com/micro-virtualization-security-picking-federal-steam/feed/ 0
NTIA’s Strickling: ICANN oversight transition won’t harm Internet http://fedscoop.com/ntias-strickling-icann-oversight-transition-wont-harm-internet/ http://fedscoop.com/ntias-strickling-icann-oversight-transition-wont-harm-internet/#comments Tue, 22 Jul 2014 21:39:38 +0000 http://fedscoop.com/?p=61381 The U.S. government's transition away from ICANN oversight does not spell doom and gloom for the Internet, Lawrence Strickling said in a speech Tuesday.

The post NTIA’s Strickling: ICANN oversight transition won’t harm Internet appeared first on FedScoop.

]]>
Lawrence Strickling wants everyone to relax. The Internet will be fine.

That was the overall message Tuesday as Strickling, the National Telecommunications and Information Administration’s assistant secretary of commerce for communications and information, spoke about plans for the United States to transfer its oversight of Web domains to an international consortium as soon as next year.

Strickling, who issued his remarks at an American Enterprise Institute event on Internet governance, said the transition will not fundamentally change the Internet for anyone.

“At the outset, I want to put your minds at ease,” Strickling said. “Contrary to some initial concerns that we were giving away the Internet, the response from the global Internet community has been overwhelmingly supportive…The discussions to date demonstrate that the community is taking this transition very seriously and is determined to develop a transition plan that will ensure that the Internet [domain name system] continues to support a growing and innovative Internet.”

The remarks come after the NTIA announced in March that it would step away from its role overseeing the Internet Corporation for Assigned Names and Numbers, the nonprofit group responsible for assigning IP addresses and keeping track of top level domain URLs.

“Before any transition takes place, the businesses, civil society and technical experts of the global Internet community must present a consensus plan that ensures the uninterrupted and stable functioning of the Internet and its present openness,” Strickling said, adding that if the September 2015 deadline for the transition is not met, the NTIA can extend its contract with ICANN for up to four years.

Strickling also addressed thoughts that the U.S. should keep its current ICANN role in order to prevent nations that do not support an open Internet, such as Iran or Russia, from gaining the ability to make decisions that could have global impacts on the Internet. He said that transitioning into a multistakeholder model will only help squash government censorship.

“As one group of stakeholders in the ICANN process, governments have unique power to speak to the public interest when they speak as one based on consensus positions,” Strickling said. “I want to emphasize this point: The Internet does not respect national boundaries. No one country, no two countries, no ten countries can claim to speak on behalf of the public interest…The idea that governments could enhance their influence within ICANN by changing its rules to allow for a majority vote on policy issues reflects a misunderstanding of the policymaking process at ICANN as well as a misunderstanding of the meaning of the word ‘consensus.’”

Strickling said the NTIA’s transition has the approval of tech companies like Google, telecoms like AT&T and Cisco and civil society groups like Human Rights Watch and Public Knowledge.

Even with skeptics worried about what this plan could mean for the Internet’s future, Strickling is clear that the NTIA will be transparent as it can be throughout the entire process, which should help continue to put minds at ease.

“The multistakeholder model allows anyone the opportunity to participate and be heard,” Strickling said. “That includes all of you in this room today. So I urge all of you to show your support for the transition process by participating in it. We have made it crystal clear that the plan should be developed in an open and transparent manner.”

You can read Strickling’s full remarks on NTIA’s website or watch the full AEI event below.

The post NTIA’s Strickling: ICANN oversight transition won’t harm Internet appeared first on FedScoop.

]]>
http://fedscoop.com/ntias-strickling-icann-oversight-transition-wont-harm-internet/feed/ 0
Significant national security challenges remain 10 years after 9/11 commission report http://fedscoop.com/new-old-issues-challenge-national-security-10-years-911-commission-report/ http://fedscoop.com/new-old-issues-challenge-national-security-10-years-911-commission-report/#comments Tue, 22 Jul 2014 16:32:17 +0000 http://fedscoop.com/?p=61359 A decade after the 9/11 Commission issued its final report on the Sept. 11, 2001 terrorist attacks against the United States, the threat from global terrorism may be more pronounced than ever, with major new vulnerabilities emerging in cyberspace and a Congressional homeland security oversight system plagued by duplication and turf battles.

The post Significant national security challenges remain 10 years after 9/11 commission report appeared first on FedScoop.

]]>
The 9/11 Commission. From left to right (top row)  Richard Ben-Venista, John Lehman, Timothy Roemer, James Thompson, Bob Kerrey, Slade Gorton. (Bottom row) , Fred Fielding, Lee Hamilton, Thomas Kean, Jamie Gorelick.

The 9/11 Commission. From left to right (top row) Richard Ben-Veniste, John Lehman, Timothy Roemer, James Thompson, Bob Kerrey, Slade Gorton. (Bottom row) Fred Fielding, Lee Hamilton, Thomas Kean, Jamie Gorelick.


A decade after the 9/11 Commission issued its final report on the Sept. 11, 2001, terrorist attacks against the United States, the threat from global terrorism may be more pronounced than ever, with major new vulnerabilities emerging in cyberspace and a congressional homeland security oversight system plagued by duplication and turf battles.

Members of the National Commission on Terrorist Attacks Upon the United States, led by former New Jersey Gov. Thomas Kean and former Indiana Democratic Rep. Lee Hamilton, reconvened as private citizens Tuesday — a decade after completing their work — to reflect on the nation’s progress acting upon the commission’s recommendations and to discuss new threats that pose significant challenges in the post-9/11 era.

“Many Americans think that the terrorist threat is waning—that, as a country, we can begin turning back to other concerns. They are wrong,” the commission wrote in a new 46-page report analyzing the current state of homeland security. “On issue after issue — the resurgence and transformation of al Qaeda, Syria, the cyber threat — public awareness lags behind official Washington’s. If this gap persists, the political support for needed national security capabilities will fade.”

Terrorist threat assessment by the Bipartisan Policy Center.

Terrorist threat assessment by the Bipartisan Policy Center.

Director of National Intelligence James Clapper echoed that conclusion. “The terrorist threat to the United States is still very, very real,” Clapper said, speaking at an event hosted by the Bipartisan Policy Center focusing on the tenth anniversary of the 9/11 Commission report. “It is spreading globally and morphing into more and more so-called franchises.”

But in addition to a more dangerous, geographically dispersed and morphing terrorist threat, the nation faces a growing number of vulnerabilities in cyberspace, the latest report states.

“Every current and recent-former official with whom we spoke described the cyber threat in urgent terms,” the report states. “Yet public awareness is lagging far behind official awareness. If the American people hear this message, they will be willing to support the measures needed to counter cyber threats.”

“As a nation…we are accepting more risk than we were three years ago or even one year ago,” Clapper said, referring to what he called a “perfect storm” of budget cuts, information leaks and damaged international relationships that make information sharing, especially on cybersecurity issues, more difficult.

But there is hope, according to Clapper. The intelligence community workforce hired since Sept. 11, 2001, think differently about information sharing and are, for the first time, being equipped with the cyber tools needed to make information sharing and data security a reality. “They look upon integration as a reality. They come to us integration-minded,” Clapper said. He thanked the 9/11 Commission for recommendations that made IT integration a priority for intelligence reform.

“For the first time ever, [the Intelligence Community IT Enterprise] will integrate in a single IT enterprise the entire IC,” Clapper said. “This will take integration to the next level. It will both promote integration and security. The bumper sticker is tag the data, tag the people,” he said, referring to the need to tighten insider security in the wake of massive leaks by former National Security Agency contractor Edward Snowden.

The more difficult issue facing the Department of Homeland Security, however, is a problem it has faced since its inception. There are 92 committees and subcommittees in Congress with oversight roles and responsibilities for DHS — a major problem that formed one of the key recommendations of the original 9/11 report.

“Do something with regard to the massive, inefficient, ineffective oversight procedures dealing with the Department of Homeland Security,” former Secretary of Homeland Security Tom Ridge said. “I can think of only one reason [for this problem's continued existence] and it’s about turf.”

The need to reform congressional oversight of DHS is absolutely “imperative to maximize the efficiency and effectiveness of this department,” Ridge said. “If you want to make America more secure, one of the most important things you can do is…change your oversight and change your committee structure. It is a national security issue.”

The post Significant national security challenges remain 10 years after 9/11 commission report appeared first on FedScoop.

]]>
http://fedscoop.com/new-old-issues-challenge-national-security-10-years-911-commission-report/feed/ 0
FedMentors: Presidential Management Council Fellow Mika Cross http://fedscoop.com/fedmentors-mika-cross/ http://fedscoop.com/fedmentors-mika-cross/#comments Tue, 22 Jul 2014 13:28:37 +0000 http://fedscoop.com/?p=61356 Mika Cross, a presidential management council fellow for workplace transformation strategy in the Office of Personnel Management, talks with FedScoop TV about her career in federal government.

The post FedMentors: Presidential Management Council Fellow Mika Cross appeared first on FedScoop.

]]>

Mika Cross, a presidential management council fellow for workplace transformation strategy, talks with FedScoop TV about her career in federal government.

The post FedMentors: Presidential Management Council Fellow Mika Cross appeared first on FedScoop.

]]>
http://fedscoop.com/fedmentors-mika-cross/feed/ 0
Inside the Pentagon’s scaled back audit expectations http://fedscoop.com/pentagon-quietly-scaled-back-audit-expectations/ http://fedscoop.com/pentagon-quietly-scaled-back-audit-expectations/#comments Tue, 22 Jul 2014 11:00:45 +0000 http://fedscoop.com/?p=61320 A memorandum issued in 2011 by former Defense Secretary Leon Panetta gave the military services until Sept. 30 of this year to get their Statement of Budgetary Resources ready for audit. But the Pentagon quietly changed its game plan and is now working toward a significantly scaled-back set of expectations.

The post Inside the Pentagon’s scaled back audit expectations appeared first on FedScoop.

]]>
Pentagon-Audit

In 2011, former Secretary of Defense Leon Panetta gave the military services until Sept. 30, 2014 to get their Statement of Budgetary Resources ready for audit. But the SBR, as it is known, is not what they are preparing.

A memorandum issued in 2011 by former Defense Secretary Leon Panetta gave the military services until Sept. 30 of this year to get their Statement of Budgetary Resources ready for audit. But the Pentagon has changed its game plan and is now working toward a significantly scaled-back set of expectations.

A FedScoop review of the Pentagon Comptroller’s Financial Improvement and Audit Readiness updates, as well as interviews with Navy and Defense Department officials, revealed what one official described as a significant “de-scoping” of the accelerated deadline for producing an audit-ready SBR mandated by Panetta and required by law no later than 2017. Instead, the military services have been working toward preparing what is known as a Schedule of Budgetary Activity — a far less rigorous requirement that uses only current year appropriation activity and transactions.

Defense Department spokesman Commander William Urban told FedScoop the department’s goal remains to have all business processes and systems used to produce an SBR “audit-ready” by Sept. 30. But once that level of readiness is achieved, the services will begin an audit of their Schedule of Budgetary Activity, he said.

“After reviewing the lessons from the Marine Corps audit experience, we determined that this was the most cost-effective approach to achieving auditability of the full Statement of Budgetary Resources and ultimately auditability of all financial statements,” Urban said in an email to FedScoop. “This approach represents a deliberate decision that will allow us to cost-effectively build the foundation for auditability that will be used beginning in FY 2015 and into the future.”

The SBR presents all budgetary resources that a reporting entity has available, the status of those resources at period end, a reconciliation of changes in obligated balances from the beginning to the end of the period and cash collections and disbursements for the period reported. The SBA, however, will exclude unrestrained and unexpended funds carried over from prior years’ appropriations, as well as information on the status and use of such funding in subsequent years. It is a major change that underscores the difficulty the services have been experiencing in preparing their business processes and IT systems for a major audit.

“That’s a pretty big de-scoping because the SBA technically isn’t a financial statement,” said Danny Chae, a Navy financial management analyst, in an interview with FedScoop. “It’s just a schedule. It’s a pretty big difference if we’re not looking at prior years and beginning balances. We’re basically just drawing a line in the sand saying everything prior to FY 2015 we’re not looking at.”

The Defense Department may not have had a choice in the matter. The reality is that studies by the department’s own inspector general as well as the Government Accountability Office show the military branches have had their share of challenges when it comes to preparing their systems, data and business processes for an independent audit. Although the Marine Corps received an “unqualified” favorable audit opinion in December 2013, it was for an SBA. And it is that experience, along with the struggles the Army, Air Force and Navy have reported, that informed the Pentagon’s change in strategy.

“First, it would be extremely expensive to conduct the in-depth research needed to develop the historical transactional level detail an initial audit of the SBR would require,” Urban said. “Second, this allows us to develop a foundation of transactional documentation and better controlled systems that will ensure that we can support audits of all financial statements beginning in 2018, consistent with our 2017 audit readiness goal.”

De-scoping a global challenge

That goal, first established by the 2010 National Defense Authorization Act, in many ways remains a moving target. The sheer size and complexity of the Defense Department is proving to be a formidable challenge to even the most experienced financial and IT managers.

“When the auditors first get on board here in December, they’re going to be in for a shock,” Chae said. “I know the largest corporations in the world have gone through successful audits and I’m sure they have a lot of systems too, but they don’t have them as spread out all over the world like we do.”

The Navy is perhaps the best example of how challenging it can be to prepare a massive IT infrastructure for a major financial audit. For example, Navy IT and financial analysts have identified a large number of common problems and deficiencies with all of their systems, but they lacked a framework that would enable a common solution.

“We were finding that you could have the same access control problem on various systems, but every system was handling that differently,” Chae said.

Other common problems discovered included lack of policies and procedures for disabling inactive accounts, managing configuration changes and procedures for identification and resolution of segregation of duties conflicts.

But perhaps the biggest challenge for the Navy and the other branches is the large number of systems and the level of duplication. In the Navy, for example, officials counted 80 financial systems that perform basically the same functions. In addition, there were 24 contractor pay systems, 24 standard requisition systems and 13 reimbursable work order systems.

“We don’t need 80 systems to run the Navy’s business,” Chae said. “There’s definitely redundancy and overlap that we can streamline and consolidate.”

But streamlining and consolidating IT systems has to be done in a deliberate, thoughtful manner.

“Since the dawn of time we’ve been trying to reduce our footprint,” Amira Tann, a financial management analyst in the Efficiencies and Analysis Branch of the Navy’s CIO Office, said in an interview. “We don’t necessarily want to tackle them all at the same time and remove something from the process that impacts a long-term end product. We want to make sure that for any given process that if that system goes away that it doesn’t contain a unique feature where now that particular process, which is very important to our mission or commanders, cannot get done.”

Tann characterized the Navy’s challenge as a process architecture challenge — trying to figure out all of the Navy’s financial processes and then tying them to specific IT systems.

“This is why we’re so kind of set on being locked in step between the financial management and CIO community,” Tann said. “The audit impacts us all. The big thing that really got us to sit at the same table and finally talk to the same common goal is the fact that audit is more than just a financial management problem. It really touches everything. All of our financial statements go through some type of system.”

The post Inside the Pentagon’s scaled back audit expectations appeared first on FedScoop.

]]>
http://fedscoop.com/pentagon-quietly-scaled-back-audit-expectations/feed/ 0
Significant security flaws in Treasury Department, FDIC computer systems http://fedscoop.com/gao-report-security-flaws-treasury-department-fdic/ http://fedscoop.com/gao-report-security-flaws-treasury-department-fdic/#comments Mon, 21 Jul 2014 22:41:48 +0000 http://fedscoop.com/?p=61321 The Government Accountability Office released two reports last week that detailed security weaknesses in two federal agencies responsible for large chunks of the country’s financial information. A GAO report released Thursday found that the Federal Deposit Insurance Corporation has weaknesses in its information security controls that “place the confidentiality, integrity, and availability of financial systems and information at unnecessary risk.” The GAO released a similar report on Friday saying the Treasury Department’s Bureau of the Fiscal Service — which is responsible for oversight of the federal debt — has a “significant deficiency” in internal controls related to financial reporting. In the…

The post Significant security flaws in Treasury Department, FDIC computer systems appeared first on FedScoop.

]]>
The Government Accountability Office released two reports last week that detailed security weaknesses in two federal agencies responsible for large chunks of the country’s financial information.

A GAO report released Thursday found that the Federal Deposit Insurance Corporation has weaknesses in its information security controls that “place the confidentiality, integrity, and availability of financial systems and information at unnecessary risk.” The GAO released a similar report on Friday saying the Treasury Department’s Bureau of the Fiscal Service — which is responsible for oversight of the federal debt — has a “significant deficiency” in internal controls related to financial reporting.

GAO audit

This chart from a GAO report shows a number of security flaws at the FDIC. (Courtesy: GAO)

In the FDIC report, GAO measured a number of security recommendations the office made as part of its yearly audit for 2012. Among the recommendations the FDIC did not fully implement in 2013 were controls for identifying and authenticating users’ identity, restricting access or encrypting sensitive systems and data, completing background reinvestigations for employees and auditing system access.

The report on the Bureau of Fiscal Service found 14 new information system control deficiencies, with half of those related to access controls, which are tied to user passwords or limits placed on what files or resources users are allowed to access. The GAO said a number of these deficiencies have been unresolved since its 2012 audit.

Both reports were couched, with the GAO saying shortcomings did not amount to a “material weakness” in either agency’s system. However, GAO said both agencies are open to unnecessary risk or abuse by not fixing the problems in a timely manner.

Both agencies concurred with the GAO findings, with the commissioner of the Bureau of the Fiscal Service made aware of the weaknesses in a separately-issued, official-use-only report.

The GAO will follow up on the vulnerabilities in each agency with its 2014 audit.

The post Significant security flaws in Treasury Department, FDIC computer systems appeared first on FedScoop.

]]>
http://fedscoop.com/gao-report-security-flaws-treasury-department-fdic/feed/ 0
OSTP releases plan for future of civil Earth observations http://fedscoop.com/ostp-releases-plan-future-civil-earth-observations/ http://fedscoop.com/ostp-releases-plan-future-civil-earth-observations/#comments Mon, 21 Jul 2014 22:38:36 +0000 http://fedscoop.com/?p=61318 From checking the weather app on your smartphone to looking online for the water levels in a nearby stream, civil Earth observations — data pulled from Earth-observing systems — have become an integral part of how one interacts with the data of daily life.

The post OSTP releases plan for future of civil Earth observations appeared first on FedScoop.

]]>
From checking the weather app on your smartphone to looking online for the water levels in a nearby stream, civil Earth observations — data pulled from Earth-observing systems — have become an integral part of how one interacts with the data of daily life. And in its National Plan for Civil Earth Observations, the White House Office of Science and Technology Policy looks to set the course for the role the federal government will continue to play in these observations.

The plan, announced by Timothy Stryker, the director of the OSTP’s U.S. Group on Earth Observations program, in a blog post on the OSTP website, attempts to maximize the value of observations collected by federal agencies and advance observation systems. 

“Americans and people around the world benefit from Earth-observations data every day,” Stryker said. “Have you ever used your smartphone to get a weather forecast? Turned on the TV to check beach conditions? Read a newspaper or magazine article describing the relationship of extreme weather events to climate change? These services are driven by Earth-observations collected by the federal government, which are made routinely available to app-developers, news and weather organizations, mapping services, the scientific community and the general public.”

Improved coordination of these Earth observations will ensure the data derived from them can be used more widely and efficiently across the federal government, in addition to using the data to serve citizens, according to the report.

But efficiency is not the only possible benefit of improving the way Earth observations are handled at the federal level; the plan said there could be a possible economic benefit as well.

“The U.S. government is the largest provider of environmental and Earth system data in the world,” the plan states. “Conservative estimates indicate that federal Earth-observation activities could add $30 billion to the U.S. economy each year.”

Structured around “a balanced portfolio of Earth observations and observing systems,” the observations will be measured in two categories – sustained and experimental. Sustained observations will be taken routinely for an extended period of time, while experimental will only be taken for a short period of time.

The plan establishes five priorities for the program. The continuity of sustained observations for public services and Earth-system research are the top two, while the third priority is to continue to invest in experimental observations. The priorities also call for improvements to the observation networks and a continuous assessment and prioritization process.

In addition to establishing priorities, the plan also calls on agencies and the OSTP to coordinate and integrate observations from multiple platforms, improve access to data and increase efficiency and cost-savings.

While the plan said improvement in the sampling of the data was necessary, this improvement would only be conducted where appropriate and cost-effective. OSTP also encouraged continued maintenance for observation systems infrastructure, exploration of commercial solutions for Earth observations, international collaboration and data innovation.

In February 2011, OSTP created the National Earth Observations Task Force, which went on to establish the National Strategy for Civil Earth Observations and a framework designed to “improve discovery, access and use of Earth observations.” The task force also performed the first governmentwide Earth Observation Assessment in 2012, the results of which were used to develop this plan.

“The plan is a blueprint for future federal investments in and strategic partnerships to advance Earth observing systems that help protect life and property, stimulate economic growth, maintain homeland security, and advance scientific research and public understanding,” Stryker said in the blog post.

The post OSTP releases plan for future of civil Earth observations appeared first on FedScoop.

]]>
http://fedscoop.com/ostp-releases-plan-future-civil-earth-observations/feed/ 0
Cybercom event explores agency roles in cyber incident response http://fedscoop.com/cybercom-event-demonstrates-collaborative-agency-effort-cyber-incident-response/ http://fedscoop.com/cybercom-event-demonstrates-collaborative-agency-effort-cyber-incident-response/#comments Mon, 21 Jul 2014 21:31:08 +0000 http://fedscoop.com/?p=61317 Cybersecurity and incident response are practices engrained in most every 21st century federal agency. But when it comes to a massive cyber attack requiring the aid of multiple, partnering groups, which agency does what? Last week, the U.S. Cyber Command demonstrated a specific framework for how several critical agencies can play complementary roles in the national cyber incident response process.

The post Cybercom event explores agency roles in cyber incident response appeared first on FedScoop.

]]>
Cybersecurity and incident response are practices engrained in most every 21st century federal agency. But when it comes to a massive cyber attack requiring the aid of multiple, partnering groups, which agency does what? Last week, the U.S. Cyber Command demonstrated a specific framework for how several critical agencies can play complementary roles in the national cyber incident response process.

With Cybercom at the lead, the FBI hosted the two-week Cyber Guard 14-1 event — a series of cyber incident prevention, mitigation and recovery exercises —  at its Quantico, Virginia, headquarters, bringing together members of the National Guard, National Security Agency and reserves to test operations and coordination in supporting the Department of Homeland Security’s response to national cyber attacks.

While DHS is the highest in command during a domestic cyber threat, Cybercom emphasized a cooperative structure for federal agencies in their support. For instance, the FBI and Justice Department will follow DHS’ lead in prevention and response by investigating, attributing, disrupting and prosecuting cyber threats, as well as dealing with any domestic threat intelligence, according to a Defense Department release. DOD components are thereafter charged with defending the nation from further attack and collecting, analyzing and distributing any foreign threat intelligence, as well as backing DHS in its core roles. A the state level, the National Guard assists governments in recovery from the cyber incident, leaving DHS to focus on the federal effort.

“Practicing as an interagency team is essential to ensure national response to cyber events produce results that are effective and efficient,” said Greg Touhill, deputy assistant secretary of cybersecurity operations and programs at DHS, in a statement. “Exercises like Cyber Guard help us develop and refine key information sharing and coordination processes, understand each other’s capabilities and authorities, and operate in a manner that keeps us in the right formation to present the best national response.”

Cybercom describes Cyber Guard as a “whole-of-nation” effort, one that not only involves the critical defense and intelligence agencies, but also members of academia, industry and state government. In its third iteration, the interagency exercise brought in 550 participants, double the number of last year’s Cyber Guard.

“We talk all the time about physical networks connecting computers and communications,” Robert Anderson, executive assistant director of FBI’s criminal, cyber response and services office, said to participants. “But we must remember that on both ends of that computer network, there is a network of people working toward a common goal: to defeat our adversaries. Cyber Guard helps us get better at using the network of warriors on the front lines — like you — to achieve our goal.”

Attendees, like Coast Guard Rear Adm. Kevin Lunday, Cybercom’s director of training, noted how the event continues to simulate more realistic and intense cyber attacks, which strengthens the units responding in the exercises. The result is a stronger cyber incident response should a major domestic attack occur.

“What you’re doing here is critically important to how we will respond on behalf of our nation to a major cyberattack,” Lunday said to the crowd. “The more we know and share about the adversary and the better-defined our processes are, the better we can defend the nation.”

The post Cybercom event explores agency roles in cyber incident response appeared first on FedScoop.

]]>
http://fedscoop.com/cybercom-event-demonstrates-collaborative-agency-effort-cyber-incident-response/feed/ 0