FedScoop http://fedscoop.com Federal technology news and events Mon, 22 Dec 2014 00:17:22 +0000 en-US hourly 1 The Sony hack and its larger implications for cybersecurity http://fedscoop.com/sony-hack-matters/ http://fedscoop.com/sony-hack-matters/#comments Fri, 19 Dec 2014 19:22:28 +0000 http://fedscoop.com/?p=66970 The FBI Friday officially linked the cyber attack against Sony Pictures Entertainment to the government of North Korea. Does this incident hold any meaning for the future of critical infrastructure protection?

The post The Sony hack and its larger implications for cybersecurity appeared first on FedScoop.

The FBI Friday officially linked the cyber attack against Sony Pictures Entertainment to the government of North Korea.

Forensic analysis of the November attack, which destroyed thousands of Sony computers and stole large quantities of personal and proprietary financial data that forced the company to cancel the release of a movie, shows that the infrastructure and malware used in the attack could be linked to other incidents carried out by North Korean hackers, including last year’s attack against South Korean banks and media companies.

“For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” the FBI said in a statement released Friday. The FBI also discovered “several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack,” the statement said.

“North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt — whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens,” the FBI said.

Does the Sony example matter?

The biggest security threats to track for 2015. InfoGraphic by Untangle (www.untangle.com)

The biggest security threats to track for 2015. (Credit: InfoGraphic by Untangle)

President Barack Obama said Friday the U.S. “will respond proportionally” to the attack, but that Sony had “made a mistake” by pulling the movie. “I wish they would have spoken to me first,” Obama said during a press conference.

Obama made a clear connection between the impact of the attack on Sony and what other attackers could attempt to do in the future by targeting critical infrastructure. Future attacks are a certainty, Obama said. “They’re going to be costly. They’re going to be serious,” he said. “We cannot have a society in which some dictator some place can start imposing censorship on the United States.”

There is a legitimate debate taking place as to the broader implications of the Sony hack. Some experts look at the attack on Sony as a watershed moment in national cybersecurity policy, not because of its success in blocking the release of a goofball comedy or because George Clooney is worried about the chilling effect it might have on Hollywood’s willingness to take on controversial topics, but because of what it may portend for the future of critical infrastructure protection.

But others, like Christopher Budd, global threat communications manager at Trend Micro Inc., view the Sony attacks as largely irrelevant to critical infrastructure protection.

“What happened to Sony is basically cyber vandalism on steroids,” Budd said in an interview with FedScoop. “We’ve had concerns [about critical infrastructure cybersecurity] long before the Sony event. In that regard, it’s almost irrelevant. What we’re really concerned about is determined attackers focused on destruction.”

There’s little doubt as to the financial influence that Sony wields in Hollywood. There’s also little doubt that by caving in to the hackers’ demands and canceling the release of “The Interview,” Sony has allowed a foreign force to change the rules governing free speech in America. But Sony is not a critical infrastructure. Americans do not depend on Sony for electric power, drinking water, emergency communications, banking and financial transactions, government services, or transportation. Sony is just another large company with poor cybersecurity.

So why should policymakers care? The reality is that while Sony has suffered from multiple security breaches during the past several years, this latest incident demonstrates the ability of well-funded cyber attackers to target private sector entities with overwhelming digital force and leverage their intrusion to coerce their victims to take actions that undermine American social and financial stability.

Kevin Mandia, founder of the security firm Mandiant — which was hired by Sony to help investigate the breach — described the attack as “unprecedented in nature” and an “unparalleled crime,” according to an internal memo leaked to reporters. Not only was the attack undetectable by existing security systems, but it was of such sophistication that “neither SPE nor other companies could have been fully prepared,” Mandia wrote.

Such well-planned, well-funded, destructive attacks no longer seem to be the exception. This should raise serious concerns about the current state of cybersecurity among the private sector companies that own and operate U.S. critical infrastructure. These companies, including electric power grid operators and others, have been shown to be riddled with security vulnerabilities, many of which have been similar to those exploited in the Sony attack — weak passwords, vulnerable administrator accounts and a lack of defense-in-depth protections to provide a buffer between critical systems and the public Internet.

The electric power grid and other industrial processes around the country rely upon supervisory control and data acquisition (SCADA) systems. These are the systems, including real-time programmable logic controllers, that manage the actual flow of electricity and natural gas and perform other critical functions in other industries,  such as chemical processing, water purification and delivery, wastewater management, and manufacturing. Control, disruption or alteration of critical commands, instructions and monitoring functions performed by these systems can be an issue of regional and possibly national security.

And that could raise the bar for cyber extortion attacks in the future. Although extortion is not new to the cybersecurity arena, the rise of politically motivated cyber extortion is new, Budd said. For now, however, “Sony is a good example of what it means to truly own a network,” Budd said.

“In this interconnected digital world, there are going to be opportunities for hackers to engage in cyber assaults both in the private sector and the public sector,” Obama said, adding that the first priority of the administration is to work with industry to improve information sharing and prevention strategies. “We’ve been coordinating with the private sector, but a lot more need to be done. We’re not even close to where we need to be.”


The post The Sony hack and its larger implications for cybersecurity appeared first on FedScoop.

http://fedscoop.com/sony-hack-matters/feed/ 0
NetApp’s Rob Stein discusses the state of federal IT http://fedscoop.com/netapps-rob-stein-discusses-state-federal/ http://fedscoop.com/netapps-rob-stein-discusses-state-federal/#comments Fri, 19 Dec 2014 14:39:23 +0000 http://fedscoop.com/?p=66967 Rob Stein, vice president of public sector at NetApp, joined FedScoop TV at FedTalks 2014 to discuss the state of federal IT.

The post NetApp’s Rob Stein discusses the state of federal IT appeared first on FedScoop.


Rob Stein, vice president of public sector at NetApp, joined FedScoop TV at FedTalks 2014 to discuss the state of federal IT.


The post NetApp’s Rob Stein discusses the state of federal IT appeared first on FedScoop.

http://fedscoop.com/netapps-rob-stein-discusses-state-federal/feed/ 0
Microsoft’s Surface Pro 3 reviewed for government http://fedscoop.com/microsofts-surface-pro-3-reviewed-government/ http://fedscoop.com/microsofts-surface-pro-3-reviewed-government/#comments Fri, 19 Dec 2014 13:00:29 +0000 http://fedscoop.com/?p=66709 The Microsoft Surface Pro 3 tablet has been green lit for federal government service, but is it truly ready? We do a deep dive review of the new SP3 and find out.

The post Microsoft’s Surface Pro 3 reviewed for government appeared first on FedScoop.

News that Microsoft’s Surface Pro 3 was authorized for government service isn’t that surprising given the quality and features of the new slate tablet, especially when paired with its optional detachable keyboard. Microsoft loaned me a brand-new Surface Pro 3 and asked me to put it through its paces, evaluating it to see if the SP3 is ready for government service.

The Microsoft Surface Pro 3, shown here with the upgraded Surface Pen and the optional detachable keyboard.

The Microsoft Surface Pro 3, shown here with the upgraded Surface Pen and the optional detachable keyboard. (Credit: Microsoft)

I’ve actually been fortunate to evaluate the entire Surface lineup over the past couple years, starting with the somewhat ill-conceived Surface RT, which was simply too underpowered to be much good to anyone. The Surface Pro gave us a full Windows 8 operating system but was still a little too weak for serious government tasks. Finally the Surface Pro 2 upped the ante and got things just about right, creating a tablet with a good balance of performance, features and security. In fact, the Surface Pro 2 is a perfectly fine tablet already in service with a lot of state governments. But it’s simply out-classed by the amazing Surface Pro 3.

The biggest upgrade on the Surface Pro 3 is the addition of the Intel iCore line of processors. The unit tested had a middle-of-the-line Core i5 processor, which made the SP3 extremely fast when opening even very advanced and complicated programs. When opening up a 100-page federal budget document, the SP3 took less than three seconds. In fact, the new Surface scored 2,112 on the Passmark Performance Benchmarks, an almost unheard of score for a table computer. That actually puts it up there in terms of performance with many midrange laptops or even standard desktop computers. Microsoft said that SP3s with eve faster Core i7 chips should be available soon, as well as a less expensive Core i3 model.

The real feat of engineering with the SP3 is that Microsoft found a way to fit an enterprise-level processor and all the supporting hardware inside a tablet that is only .36-inches thick. There is even a cooling fan inside the unit, though you can’t really hear it and probably wouldn’t know that it exists. The tiny fan works with special metal fins to vent the heat all across the edge of the Surface. We ran the SP3 for several uninterrupted hours and didn’t measure any hot spots at the conclusion of the test. One additional benefit to using every edge of the unit as a vent and heat sink is that it’s just about impossible to block the all the vents no matter how the tablet is handled.

The Surface Pro 3 has a larger screen than any of the previous models, with a full 12-inch diagonal and a very precise 2,160 by 1,440 native resolution. Many tablet users will likely be thankful that the aspect ratio of the SP3 is set up to be 3:2 instead of the 16:9 found on almost every other tablet on the market. While 16:9 is the way a movie theater screen is configured, it’s not the best format for note taking and giving presentations. The squarer 3:2 screen of the Surface Pro 3 is still technically a wide screen, and can play movies just fine, but it also gives government users some much-needed height and a more natural working environment.

While the detachable keyboard, which is magnetic and snaps into place, is optional — though highly recommended — every SP3 does come standard with an upgraded Surface Pen, which is heavier and has more input buttons than before. It has the weight of an expensive fountain pen and a natural feel. It can be used to take notes directly on the touchscreen and feels almost as natural as writing on paper. It even knows to draw thicker lines when you press down harder with the pen and would be accurate enough for signature-capture applications as well.

The SP3 lasted for eight hours and 10 minutes in battery testing where the screen was constantly in use. It charged back up to full in less than an hour. In addition to a 250-gigabyte hard drive, the Surface Pro 3 offers 15GB of online storage through Microsoft OneDrive, which automatically syncs files between the tablet and the cloud if requested. As a bonus, Office 365 subscribers can increase that storage space to a full terabyte.

For security, like all Windows 8.1 devices, the Surface Pro 3 boots off of a Unified Extensible Firmware Interface (UEFI), which replaced the aging BIOS. The SP3 also has a Trusted Platform Module (TPM) chip that creates a hash value for every component inside the system. It will only allow the SP3 to boot if every component matches that hash and if nothing has been added or changed on the unit. The UEFI can also be set to not allow USB-booting as an extra security precaution. The SP3 has a USB 3.0 port, which is an amazing advantage, so turning off its ability to boot while keeping all its other features enabled can be a perfect compromise for federal security.

The Surface Pro 3 also is designed to work with Microsoft BitLocker, which uses the TPM to lock down unique encryption keys. The entire hard drive and all its contents remain encrypted until the TPM verifies that the tablet hasn’t been tampered with. This prevents someone from stealing data by removing the hard drive, which would remain encrypted and locked. Valid users can enter a password to decrypt their files, but a compromised SP3 won’t even boot.

Two-factor authentication is also easy to set up with the addition of a PIN-based security program that can be set to activate as part of the boot-up process, or to activate if the SP3 is waking from a sleep cycle. The PIN can be numerical or use letters, as a full on-screen keyboard is available for setting and entering the PIN.

Finally, the Surface Pro 3 comes with native Absolute Computrace support. While the data remains encrypted and locked if stolen, the Computrace app will signal for help if the SP3 is ever stolen, meaning that in addition to keeping data safe, there is a good chance that a stolen government device can also be recovered. We removed the Computrace app as part of this review, and found that it automatically reinstalled itself. So a thief won’t be able to cover their tracks very easily.

The Surface Pro 3 works as hard as a laptop or even a desktop, especially when equipped with an optional keyboard. But it can also be detached and work as a light and powerful tablet. Packed with some great security features, the Surface Pro 3 can likely find a good home with any government agency that has a need for mobility, power and reliability.

The post Microsoft’s Surface Pro 3 reviewed for government appeared first on FedScoop.

http://fedscoop.com/microsofts-surface-pro-3-reviewed-government/feed/ 0
Could a freelance market find a home in the U.S. intelligence community? http://fedscoop.com/the-intelligence-community-graham-plaster-freelance-marketplace/ http://fedscoop.com/the-intelligence-community-graham-plaster-freelance-marketplace/#comments Fri, 19 Dec 2014 13:00:24 +0000 http://fedscoop.com/?p=66930 A Navy veteran wants to build a freelance marketplace that aims to upend the defense industry’s lumbering workforce practices.

The post Could a freelance market find a home in the U.S. intelligence community? appeared first on FedScoop.

TheIntelligenceCommunity.com aims to supply a freelance market for the U.S. national security sector. (Credit: TheIntelligenceCommunity.com)

TheIntelligenceCommunity.com aims to supply a freelance market for the U.S. national security sector. (Credit: TheIntelligenceCommunity.com)

As industries look to increase efficiency, relying on freelancers who now account for nearly one-third of the American workforce, the defense sector stands out as lumbering monolith that has been slow to change. Defense companies, often operating with a high overhead, seek out employees with a finely tuned set of skills or security clearances and struggle to fit everything into a dwindling budget.

A Navy veteran with extensive foreign policy experience, a background in humanities and a community of 50,000 LinkedIn users would like to change that.

That veteran is Graham Plaster, and his platform is TheIntelligenceCommunity.com, which would introduce a pipeline of freelancers to the country’s military-industrial complex. Framed in the model of ODesk or Elance — the online job platforms that connect businesses and freelancers — TheIntelligenceCommunity.com would host job opportunities in the national security space that could be filled by freelance workers or independent contractors of all sorts of skill levels.

Job opportunities would break down by a unique set of layers, including filters by clearance level in the GSA schedule, the ability to verify language levels and whether work would fall into a HUBZone region.

Plaster said the opportunities will span an array of skills and levels, with job postings geared toward geo-political consulting, translation, technical writing and business intelligence.

“If you are a retired ambassador or an undersecretary, and do business development consulting for $1,000 an hour, and you are doing it from your house in Fiji, I don’t see any restriction to doing that,” Plaster said. “If you are still in college and you’re a computer science guy, and you don’t have a clearance, but you’d like to do a little bit of app development for a government agency that would like to hire you, there will be a way to do that, too.”

Unlike traditional job boards like USAJobs.gov or Indeed.com, Plaster’s site would aim to help applicants avoid the arduous hiring process tied to government work.

“Generally, you go to LinkedIn or you go to Indeed, you search for a job, you find full-time employment with a contracting company or the government, and the whole cycle to apply and try to get into that job is very competitive and long,” he said. “A lot of them require clearances and to be on site. Contrast all of that with the idea that we are building a marketplace where you’ll quickly be able to find short-term jobs that don’t require clearance, [allow you to] work from home and piece together a bunch of jobs to make ends meet.”

For the time being, the marketplace is still just a concept. Right now, Plaster is focused on initial development and getting freelancers matched up with small businesses. Plaster told FedScoop in October that the platform would be in beta for about a year, leveraging insights gained from the LinkedIn community.

Armed with a technological curiosity along with a vast contact network from his days as a United Nations liaison and a Navy foreign area officer, Plaster is trying to overcome a mindset within the defense community that is comfortable with sticking to the status quo or worried about the regulatory hurdles they would have to overcome in order to use the site.

“We will face a lot of obstacles in allowing the government to use this platform directly,” he said. “We would like to be able to offer matchmaking services for small business contract vehicles in the platform.. some sort of recommendation engine to say ‘OK, government office, you want freelancer to do “X,” here is the company that can facilitate it.’ We are not in the business of priming or [sub-contracting] any of these contracts. We’re just facilitating the link up.”

Yet even as Plaster explains this to potential partners, they still look at the platform through the lens of government contracting, which is something he would like to stay away from.

“Anybody that I talk to that is in government contracting talks in terms of ‘OK, so what contracts are you going to bid on?’ What I told people is I don’t want to get wrapped around the axle of government contracting because I see us as a tool that people use who are bidding on contracts,” he said. “If we bid on a bunch of contracts, then we are going to be taken in a bunch of random ways that have to tailor to what we are building.”

Plaster’s platform has received praise from former Defense Intelligence Agency Director Michael Flynn, who was responsible for overseeing a big pivot toward innovation before leaving the agency earlier this year.

“The U.S. Intelligence community should take its cues from the innovation and networking conversations occurring via TheIntelligenceCommunity.com,” Flynn has said when speaking about the site. “This forum demonstrates collaboration at its best focusing on solutions and is the virtual place to be for all intelligence professionals and all who care about our national security.”

The platform could also fill some holes in the federal workforce, which has been focused on hiring key demographics: veterans and millennials. While the federal government has launched a multitude of efforts to hire veterans, the overall veteran unemployment rate (4.5 percent) is lower than the national rate (5.8 percent). Gulf War-era II veterans — which the Bureau of Labor Statistics defines as those who served after September 2001 — retain the highest unemployment rate among veterans (5.7 percent), with females more than 2 percentage points higher (8.1 percent). Also, a report in June found that millennials only account for 7 percent of the federal workforce, the lowest figure in nearly a decade.

In order to get the platform off the ground, Plaster has shied away from debt or equity financing — “We’re trying to build relationships,” he said — and turned to crowdsourcing. When Plaster spoke to FedScoop in October, he was gearing up to launch an Indiegogo campaign that he hoped would raise $625,000 to cover the cost of building a proprietary platform. Unfortunately, that effort fell far short, with only a little more than $10,000 raised when the effort closed on Dec. 5.

Yet, instead of considering the venture a failure, Plaster started to explore other options. He came upon near-me.com, a white-label, customizable software that can build Plaster’s platform, costing no more than what was raised through crowdfunding, complete with the added bonus of launching nearly nine months faster than he initially expected.

He says the Indiegogo campaign was “an experiment like everything else,” as well as a learning experience.

“The reason why we set such a high goal is because we had no idea what the turnout would be,” Plaster said when FedScoop caught up with him in December. “We learned several things that are worth a lot to us. People are excited about the platform, but they didn’t quite understand it yet. It takes a lot more explanation of what we are going to be doing.”

It seems like some government minds are beginning to get what Plaster’s platform could do for the national security community. Despite his efforts to dodge government contracts, he did find a space to pitch his wares: His company will be part of a recently awarded contract from the National Geospatial-Intelligence Agency, which will use the platform to pull volunteer analysis into the agency’s Map of the World service.

It is awards like this that give Plaster hope he can continue to harness the power of this network and disrupt a sector that’s in dire need of innovation.

“The whole cycle to apply and try to get into [a government] job is very competitive and long,” Plaster said. “A lot of them require clearances and to be on site. Contrast all of that with the idea that we are building a marketplace where you’ll quickly be able to find short-term jobs that don’t require clearance, [allow you to] work from home and piece together a bunch of jobs to make ends meet. Maybe that’s ideal for the veteran with a retirement check coming in. Maybe it’s ideal for a stay-at-home spouse who was prior military. Maybe it’s ideal for a student that’s part-time working. If you can’t find full-time employment out there, you can piece together jobs with us.”

The post Could a freelance market find a home in the U.S. intelligence community? appeared first on FedScoop.

http://fedscoop.com/the-intelligence-community-graham-plaster-freelance-marketplace/feed/ 0
Hashmi: Budget boosts shouldn’t revert CIOs to old habits http://fedscoop.com/hashmi-budget-boosts-shouldnt-sway-cios-back-old-habits/ http://fedscoop.com/hashmi-budget-boosts-shouldnt-sway-cios-back-old-habits/#comments Thu, 18 Dec 2014 22:44:57 +0000 http://fedscoop.com/?p=66931 As money makes its way back into the federal government post-sequestration and as agency chief information officers might soon have more influence over technology spending with new IT acquisition reform close to becoming law, some CIOs aren't in a rush to return to the money-slinging ways of IT days past.

The post Hashmi: Budget boosts shouldn’t revert CIOs to old habits appeared first on FedScoop.

Hashmi (Credit: FedScoop)

Sonny Hashmi, CIO at the General Services Administration (Credit: FedScoop)

As money makes its way back into the federal government post-sequestration and as agency chief information officers might soon have more influence over technology spending with new IT acquisition reform close to becoming law, some CIOs aren’t in a rush to return to the redundant, money-slinging ways of IT days past.

Sonny Hashmi, CIO at the General Services Administration, said, though he’s still curious where that money coming back is going because he hasn’t seen it, sequestration taught the government good lessons about how to operate lean.

“Smart people have taken advantage of this time that we’ve lived through … and made some really smart choices,” Hashmi said Thursday at a luncheon hosted by the Association for Federal Information Resources Management. “If you’ve used the last couple years to build that muscle … to test your assumptions and test your peers’ assumptions, then hopefully you’ll continue to do that. We need to continue that discipline, because one of the reasons we got to where we are today, why we have thousands of websites, thousands of data centers and thousands of these redundant, duplicative platforms and solutions is because there was just no forcing function to ask yourself the hard questions. And it’s easy to get back into that habit.”

After all, the mission to serve the American public hasn’t changed with more money, he said, and any reductions through efficiency can be used elsewhere.

“You’ll always have more that you’ll need to be doing that will directly impact the American people,” Hashmi said. “By going back to ‘OK, now that we have the money back, let’s pull the email system back in’ doesn’t make sense to me. [The current] discipline needs to continue because every dollar we save in commodity, in common, in reuse — those things can legitimately, effectively go to a more-commoditized, cheaper, more cost-effective solution.”

Karen Britton, CIO in the Office of Administration at the Executive Office of the President, told attendees that just because she might have more dollars to spend, that doesn’t mean there will be the same or less to spend it on. In her office especially, IT commodities like more storage space for preserving emails continue to rise.

“We’ve got to separate out the costs of business in running versus what we’re trying to build and deliver,” Britton said. Her big goal is to work on being more efficient. Five-year strategic plans, she said, are one example of what’s not working in federal IT.

“I really don’t think that CIOs should have five-year strategic plans,” Britton said. “I think we need to flip this thing on its head and get some of our boardroom members, our senior staff that are involved in some of the decisionmaking of our budget, to understand that we need to really look at one to two years, we really need to look at tech insertion and not look at long-term plans because honestly, we don’t necessarily know [what will happen]. What we lay out today on paper in terms a of a five-year plan is going to change in the next year. So there needs to be a lot of that flexibility.”

Hashmi took it even further, saying thinking beyond six months in federal IT is hazardous.

“You don’t have the luxury anymore, just because of the industry we live in, to have long-term strategic plans [or] even to have long-term projects that go beyond six months,” he said. “If a project lasts more than six months, I can assure you that things will change so dramatically during that time that you will have to do a rethink.

She added, “You have to create an environment in a way that you can pivot. If your contracts are so rigid that you cannot change along the way, then you’ve almost failed before you even started.”

GSA has rethought the business process of IT in years past, and, though as a result its budget is 22 percent less, it has made its IT operations and made it more efficient. And now that the Federal Information Technology Acquisition Reform Act is getting close to giving Hashmi and other CIOs more IT budget authority, he hopes other agencies will reduce the complexities of their IT operations and boost efficiency.

“We’ve only been able to do that and not cut critical missions because we really asked ourselves” hard questions, Hashmi said. “I’m hoping with this new legislation, we can put more of that kind of energy to federal IT in general and get some more results in other agencies as well.”

The post Hashmi: Budget boosts shouldn’t revert CIOs to old habits appeared first on FedScoop.

http://fedscoop.com/hashmi-budget-boosts-shouldnt-sway-cios-back-old-habits/feed/ 0
Another OPM background check contractor breached http://fedscoop.com/another-opm-background-check-contractor-breached/ http://fedscoop.com/another-opm-background-check-contractor-breached/#comments Thu, 18 Dec 2014 21:24:15 +0000 http://fedscoop.com/?p=66939 OPM confirmed Thursday afternoon that more than 48,000 federal employees may be at risk after a background check contractor was breached.

The post Another OPM background check contractor breached appeared first on FedScoop.

The Office of Personnel Management confirmed Thursday afternoon that more than 48,000 federal employees may be at risk after a background check contractor’s network was breached.

OPM spokeswoman Nathaly Arriola confirmed in an email to FedScoop that KeyPoint Government Solutions, a Fairfax, Virginia-based company contracting for the agency, faced a cybersecurity breach of a network containing information on federal employees. OPM plans to notify 48,439 individuals Thursday who may be at risk and will offer them free credit monitoring services.

“We take very seriously our responsibility to protect sensitive data in background investigations, and our top priority is to make sure the networks that handle that data are secure,” Arriola wrote. “KeyPoint has worked closely with OPM to implement additional security controls that will afford its network greater protection.”

FedScoop obtained an internal email sent by OPM Chief Information Officer Donna Seymour to the agency’s employees explaining how her office was reacting to the breach.

“We have worked closely with technical experts at the Department of Homeland Security to investigate this incident, and while we found no conclusive evidence that PII was taken by the intruder, OPM has elected to conduct these notifications and offer credit monitoring to affected individuals out of an abundance of caution,” Seymour wrote. She said the less than 50 OPM employees at risk in the breach, as well as the thousands more around the government, should receive a notification shortly.

“Following the discovery of the problem, KeyPoint implemented numerous controls to strengthen the security of its network,” Seymour wrote. “The immediacy with which KeyPoint was able to remediate vulnerabilities has allowed us to continue to conduct business with the company without interruption.”

That differs somewhat from an otherwise similar network breach in August of Falls Church, Virginia-based USIS, which led to the compromise of personal information on more than 25,000 federal employees. OPM immediately ceased all “field investigative work with USIS,” OPM communications director Jackie Koszczuk told FedScoop then. Just over a month later, OPM ended its contract with USIS.

The post Another OPM background check contractor breached appeared first on FedScoop.

http://fedscoop.com/another-opm-background-check-contractor-breached/feed/ 0
Transportation Department launches app to curb drunk driving http://fedscoop.com/transportation-department-launches-app-curb-drunk-driving/ http://fedscoop.com/transportation-department-launches-app-curb-drunk-driving/#comments Thu, 18 Dec 2014 19:40:51 +0000 http://fedscoop.com/?p=66876 The National Highway Traffic Safety Administration unveiled a new app that helps users call a taxi, call a friend or find their location. Through the app, the agency hopes to keep drunk drivers off the roads.

The post Transportation Department launches app to curb drunk driving appeared first on FedScoop.

Credit: NHTSA

(Credit: NHTSA)

New data from the National Highway Traffic Safety Administration shows that drunk driving deaths declined by 2.5 percent in 2013; however, that’s not stopping the agency from trying to drop that number even more. On Tuesday, the agency announced the launch of the SaferRide Mobile App, designed to keep drunk drivers off the roads.

The app's home screen. (Credit: NHTSA)

The app’s home screen. (Credit: NHTSA)

“Too many lives are still being cut far too short because of drunk driving,” Transportation Secretary Anthony Foxx said in a release. “We’re making progress in the fight against drunk driving by working with law enforcement and our safety partners, and by arming people with useful tools such as our new SaferRide app.”

Available on iOS and Android platforms, SaferRide prompts the user with text at the top of the screen saying “Let’s get you home” and gives the user the option to call a taxi, call a friend or find the user’s location. The app officially launched Wednesday and joins the already-existing NHTSA app SaferCar, which launched in February 2013.

“NHTSA encourages drivers to not drive drunk and offers the SaferRide mobile app to provide anyone who has been drinking an easy way to find a safe ride home,” an NHTSA official told FedScoop in an email.

SaferRide’s “Get Taxi” option redirects the user to a Yelp page in the app that displays the contact information for taxi companies in the vicinity, based on a user’s location.

According to the NHTSA official, there are currently no plans to integrate Uber or any other ridesharing apps into the DOT app. When FedScoop tested the application in Washington, D.C., Uber showed up as the top result and prompted the user to open the already installed app.

When setting up the app, a user can designate a specific person in their contacts list as their “friend,” so that when a user presses the “Call Friend” option, that contact is automatically called. The “Where Am I” option displays the user’s location on an in-app map.

Despite the app’s location-sharing option and integration with Yelp, the NHTSA official told FedScoop that consumer privacy would not be affected.

“Our public service app interfaces with Yelp’s content without sacrificing consumer privacy,” the official said. “The app does not automatically share the user’s location, but it does provide the user with their own location so they can share this information as needed.”

The app gives the user the option to call a taxi, which pulls data from Yelp. Credit: NHTSA

The app gives the user the option to call a taxi by tapping into Yelp data.
(Credit: NHTSA)

At this point in development, the official said there are no additional plans for the application, but the agency is “constantly looking for new ways that we can help keep the driving public safe.”

The launch of the app comes alongside the Transportation Department’s annual “Drive Sober or Get Pulled Over” holiday crackdown on drunk driving, the release said. In 2013, more than 10,000 people died in crashes involving a drunk driver, equivalent to one death every 52 minutes. Presumably due to the holiday crackdown, December 2013 saw the lowest number of drunk driving fatalities.

The 2014-2015 crackdown began this week and will last until New Year’s Day. According to the release, more than 10,000 police departments and law enforcement agencies will be participating in the effort.

The post Transportation Department launches app to curb drunk driving appeared first on FedScoop.

http://fedscoop.com/transportation-department-launches-app-curb-drunk-driving/feed/ 0
ICANN: Phishing attack compromised systems http://fedscoop.com/icann-hacked/ http://fedscoop.com/icann-hacked/#comments Thu, 18 Dec 2014 17:28:54 +0000 http://fedscoop.com/?p=66924 ICANN said it is investigating a breach of its internal systems that may have compromised several staff members' credentials.

The post ICANN: Phishing attack compromised systems appeared first on FedScoop.

The Internet Corporation for Assigned Names and Numbers — the nonprofit organization responsible for assigning and monitoring the Internet’s IP addresses and domain names — said it is investigating a breach of its internal systems that may have compromised several staff members’ credentials.

The U.S.-based organization said a “spear phishing” attack — a malicious email spoof targeted at one person or a small group of individuals — that appeared to come from an ICANN domain led to hackers gaining access to several ICANN systems.


(Credit: iStockphoto.com)

The culprits accessed ICANN’s Centralized Zone Data Service, a repository that stores, among other things, data related to information needed to pair domain names with IP addresses. ICANN said hackers accessed copies of that data, as well as names, postal addresses, email addresses, fax and telephone numbers, usernames, and passwords. While the passwords were stored as salted cryptographic hashes, ICANN said it has taken steps to deactivate the entire library.

ICANN also said a members-only wiki page, the organization’s WHOIS listing and blog were also compromised.

The organization said the attack was initiated some time in late November and does not impact any of ICANN’s other systems, including ones related to the Internet Assigned Numbers Authority.

The attack comes as the U.S. is in the midst of handing over its oversight of ICANN to an international consortium in 2015. The National Telecommunications and Information Association, which oversees ICANN, assured people in July that the handover would not disrupt the Internet as the public has come to know it.

“Contrary to some initial concerns that we were giving away the Internet, the response from the global Internet community has been overwhelmingly supportive,” NTIA assistant secretary of commerce for communications and information Lawrence Strickling said at an event in July. “The discussions to date demonstrate that the community is taking this transition very seriously and is determined to develop a transition plan that will ensure that the Internet [domain name system] continues to support a growing and innovative Internet.”

The post ICANN: Phishing attack compromised systems appeared first on FedScoop.

http://fedscoop.com/icann-hacked/feed/ 0
Symantec’s Rob Potter discusses cybersecurity http://fedscoop.com/symantecs-rob-potter-discusses-cybersecurity/ http://fedscoop.com/symantecs-rob-potter-discusses-cybersecurity/#comments Thu, 18 Dec 2014 15:00:59 +0000 http://fedscoop.com/?p=66823 Rob Potter, vice president of federal sales for Symantec, joined FedScoop TV at FedTalks 2014 to discuss cybersecurity.

The post Symantec’s Rob Potter discusses cybersecurity appeared first on FedScoop.


Rob Potter, vice president of federal sales for Symantec, joined FedScoop TV at FedTalks 2014 to discuss cybersecurity.


The post Symantec’s Rob Potter discusses cybersecurity appeared first on FedScoop.

http://fedscoop.com/symantecs-rob-potter-discusses-cybersecurity/feed/ 0
2014 Year-in-Review: Big names and big stories http://fedscoop.com/2014-year-review/ http://fedscoop.com/2014-year-review/#comments Thu, 18 Dec 2014 14:00:15 +0000 http://fedscoop.com/?p=66464 SPECIAL REPORT: Fedscoop's 2014 Year-in-Review. We take a look back at this year's biggest newsmakers in federal IT and the challenges that government technology professionals faced as they tried to keep pace with the fast-moving world of tech.

We have you covered through the 12 days of federal IT, from acquisition to cloud computing, Congress, cybersecurity, Defense, FAA, FCC, health IT, patent and trademark, Veterans Affairs, the White House and workforce issues.

The post 2014 Year-in-Review: Big names and big stories appeared first on FedScoop.

The French have a saying for the type of year 2014 has been for the federal government and its information technology workforce: Plus ça change, plus c’est la même chose — the more things change, the more they stay the same.

Nothing demonstrates that adage more than a comparison of how 2014 began and how it ended. In January, we reported on a Gallup poll that found almost two-thirds of Americans were dissatisfied with the workings of the federal government. That poll was nearly triple the all-time low of 23 percent, set in 2002. Fast-forward to Dec. 9 and the annual workforce survey conducted by the Partnership for Public Service found that overall federal employee satisfaction fell to its lowest levels since the poll launched in 2003.

The lesson? A lot has changed during the past year in government, particularly in government technology, but few are ready to claim victory.

There was at least one double reversing trend to make note of in 2014 — the changing fortunes of the National Security Agency. The year began with the wounds of the 2013 domestic surveillance revelations still raw. Privacy groups continued their angry attacks, calling for nothing short of a total dismantlement of the government’s national security apparatus, and Americans finally began to ask serious questions about the proper balance between civil liberties and security. But by August, the American people seemed to have decided in favor of the NSA. A poll obtained by FedScoop in August conducted by the Chicago Council on Global Affairs found that a super-majority of Americans — 7 out of 10 — thought it was more important for the government to investigate possible terrorist threats, even if that meant minor intrusions on personal privacy.

Speaking of polls: The year also started off with a poll of chief information officers. “The Great Schism: Digital Strategist of Traditional CIO,” released by CIO Magazine, polled 722 CIOs and found that more than a third (37 percent) said they were asked to be innovative but just weren’t sure how to do it. Two-thirds of those CIOs thought it was hard to balance innovation and operational excellence.

Oh, what a difference a year makes.

Big names make big news

New Microsoft CEO, Satya Nadella. Photo: Microsoft

New Microsoft CEO, Satya Nadella. (Credit: Microsoft)

Two industry giants made the first personnel headlines of 2014. Satya Nadella took the helm at Microsoft Corp., replacing Steve Ballmer. Within 10 months of his rise to the top of the world’s largest software company, Nadella was in Washington, D.C., announcing the general availability of Azure Government cloud services.

As Nadella was taking over at Microsoft, Linda Hudson was closing a long and storied career as president and CEO of BAE Systems Inc., where she was known as the so-called “first lady of defense.” In her last major public appearance as CEO, Hudson issued a harsh review of America’s performance in cultivating its future science, technology, engineering and mathematics leadership.

“With U.S. 15-year-olds today ranking 25th in math skills, I fear the likelihood of some day seeing an end to America’s winning record in technological leadership becoming all too possible,” Hudson said during a Jan. 30 farewell speech hosted by the Northern Virginia Technology Council. “Let’s face facts: We have seen America’s science and math report card, and we have fallen off the honor roll.”

One of the first feds to jump ship in 2014 was Casey Coleman, who left her job as General Services Administration CIO for a gig with AT&T Government Solutions, followed by former Coast Guard CIO Rear Adm. Robert E. Day Jr., who retired in April. Sonny Hashmi, who had served as GSA’s deputy CIO since 2011, got the official nod in May to take over for Coleman as CIO.

U.S. CTO Todd Park (right) and CIO Steven VanRoekel address attendees at FedScoop's U.S. Innovation Summit on Wednesday.

Former U.S. CTO Todd Park (right) with former U.S. CIO Steven VanRoekel (File photo: FedScoop)

Change came to the White House as well in 2014. Todd Park, the former U.S. chief technology officer, abruptly left his position in August to return to Silicon Valley, where he is reportedly working on tech recruiting for the government when he’s not being subpoenaed by Congress to testify on the botched rollout of Healthcare.gov.

Steven VanRoekel spent most of 2014 talking about the difficulties of moving agencies to the cloud and sharing his opinions on the need for the Federal IT Acquisition Reform Act, or FITARA, while serving as U.S. CIO. But then Ebola took over national headlines and spurred a major U.S. government response effort. That effort was enough to lure VanRoekel out of the White House to a technology advisory role at the U.S. Agency for International Development.

Following Coleman, Park and VanRoekel was Energy Department CIO Bob Brese, who took an industry role; longtime National Oceanic and Atmospheric Administration CIO Joseph Klimavicz, who took over as CIO at the Justice Department; Robyn East, who retired after three years as Treasury Department CIO, making room for Sanjeev “Sonny” Bhagowalia; and Shawn Kingsberry, who entered the private sector after a stint as the CIO at the Recovery Accountability and Transparency Board and 22 years of federal service.

Meanwhile, U.S. Postal Service Chief Information Security Officer Chuck McGann had been contemplating leaving government for months — a difficult decision made somewhat easier by a massive data breach at the agency. Dr. Karen DeSalvo stepped down in October from her role as the national coordinator for health IT to take over as acting assistant secretary for health in the Department of Health and Human Services.

Joining government in 2014 was Barry West as CIO at the Federal Deposit Insurance Corp. and Ashkan Soltani, who was hired to be the CTO at the Federal Trade Commission despite a very public role working with classified government information stolen by former NSA contractor Edward Snowden.

Megan Smith (Photo credit: Joi Ito Under a Creative Commons Attribution 2.0 license.)

Megan Smith (Credit: Joi Ito/Flickr)

Google and Twitter weren’t about to sit back and watch so much personnel upheaval derail all of the federal government’s innovation efforts. By September, Megan Smith, the former vice president of Google’s innovation platform, Google X, had joined the Obama administration as CTO. Twitter dispatched one of its former lawyers, Alexander Macgillivray, to serve as Smith’s deputy.

Healthcare.gov and Ebola — both unique crises in their own right — pressured the government to bring in additional talent from the private sector. Enter Mikey Dickerson, the former Google engineer who was instrumental in helping to resurrect the flat-lining Healthcare.gov website. Dickerson joined the government in August as the administrator of the U.S. Digital Service and deputy federal CIO. On the Ebola front, the Obama administration met with less success, appointing political operative Ron Klain to serve as the so-called “Ebola czar” — a move that has been widely criticized due to Klain’s lack of emergency management experience.

The Defense Department had a tumultuous year by any measure as far as personnel changes go. Rob Carey provided the first big news of the year in March when he abruptly announced his departure as principle deputy CIO under Teri Takai. Shortly after Carey recovered from what sources said was an unplanned departure from government, he landed at Computer Sciences Corp. as vice president and general manager of the firm’s public sector cybersecurity practice. Just weeks later, Takai was out as well, replaced by acting CIO Terry Halvorsen.

Adm. Michael Rogers took the helm at the NSA, setting a course for a new era at Fort Meade. And in July, a naval officer made headlines when she became the first woman to be promoted to admiral in the Navy’s 239-year history. Adm. Michelle Howard had previously also been the first African-American female officer to command a ship.

By far the biggest upheaval in government during 2014 occurred at the Department of Veterans Affairs. VA Secretary Eric Shinseki resigned under pressure in May after a long ordeal fueled by the waiting list scandal. Obama tapped former Procter and Gamble CEO Robert McDonald to take over VA. By Nov. 10, McDonald had introduced the largest reorganization in VA history, with a primary focus on streamlining VA’s Web presence.

Big stories

Readers would be hard-pressed to find two areas of the federal IT enterprise more active in 2014 than cloud computing and the tech and policy work of the Federal Communications Commission. FedScoop reporter Greg Otto has been all over these developments, covering the dominance of Amazon Web Services, the growing pains of the Federal Risk and Authorization Management Program (FedRAMP) and the Federal Communications Commission’s heated debates over net neutrality.

Major developments in IT acquisition, workforce issues and, of course, health IT made for a busy year for FedScoop’s Billy Mitchell. According to Mitchell, closing the STEM skills gap dominated workforce issues during 2014, while acquisition and health IT focused on reform and data initiatives.

Congress may have avoided a government shutdown with a last-minute vote Dec. 11, but, as Jake Williams reports, lawmakers left plenty of bills on the table, including the Reforming Federal Procurement of Information Technology Act and the Cybersecurity Information Sharing Act of 2014, sponsored by Sen. Dianne Feinstein, D-Calif. Meanwhile, the White House and the Federal Aviation Administration both experienced a year of tumultuous change in 2014, Williams reports.

The Defense Department, Veterans Affairs and overall federal cybersecurity efforts were other areas of great change and tumult during 2014. Among the most important developments coming out of the Pentagon was the May announcement of a postwar strategic plan by the Defense Information Systems Agency. From mobility to cloud and the ongoing development of the Joint Information Environment, the plan set the stage for much of the conversation and debate about DOD’s IT vision.

The VA would probably like to forget 2014. It was a year of great upheaval at the agency and systemic leadership failures. FedScoop covered the agency’s ups and downs every step of the way during 2014 and discovered that the role of IT was central to many of the agency’s failures.

From a cybersecurity perspective, 2014 was a year characterized by the continued rise of global cyber crime and increasing numbers of data breaches. As the current state of overall cybersecurity seemed to worsen, the Obama administration released the final version of the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity. The problem, of course, remains that the framework is a voluntary set of guidelines that neither the Department of Homeland Security nor NIST can say with any certainty are being widely adopted and followed.

The biggest fall from grace during 2014 goes to the U.S. Patent and Trademark Offices once-celebrated teleworking program.


Read more of our 2014 wrap-up coverage:

Federal IT acquisition 2014: A year of reform


2014 forges a new, more comfortable relationship with cloud for government


Congress 2014: The year of unfinished business


Cybersecurity 2014: The battle for mindshare


Defense 2014: The year of strategies and women


FAA 2014: From UAS integration to NextGen


The FCC’s 2014 in the spotlight may be just the beginning 


Health IT 2014: The push toward interoperable data


Patent and Trademark 2014: The downfall of a teleworking leader


Veterans Affairs 2014: The Year of Being Held Accountable


Federal workforce 2014: Hiring millennials and closing the STEM skills gap


White House 2014: Departures, digital service and Google



The post 2014 Year-in-Review: Big names and big stories appeared first on FedScoop.

http://fedscoop.com/2014-year-review/feed/ 0