FedScoop » News http://fedscoop.com Federal technology news and events Thu, 25 Sep 2014 15:28:41 +0000 en-US hourly 1 Postal Service strives to innovate despite 4th straight Treasury default http://fedscoop.com/postal-service-strives-innovate-despite-4th-straight-treasury-default/ http://fedscoop.com/postal-service-strives-innovate-despite-4th-straight-treasury-default/#comments Thu, 25 Sep 2014 15:28:41 +0000 http://fedscoop.com/?p=63473 The United States Postal Service will default on a more than $5.5 billion prefunding payment to the U.S. Treasury, according to the agency’s chief financial officer.

The post Postal Service strives to innovate despite 4th straight Treasury default appeared first on FedScoop.

]]>
mail box stacks of dollars

The United States Postal Service will default on a more than $5.5 billion prefunding payment to the U.S. Treasury, according to the agency’s chief financial officer.

It won’t be the first time USPS has missed this prefunding payment, though. In 2012, the agency defaulted on both its 2011 and 2012 retiree health benefit payments (RHB). The 2011 payment had been rescheduled to Aug. 1, 2012. It happened again in 2013 and will happen again this year. All told, the defaulted payments will top $16.7 billion total after the Postal Service misses next week’s payment deadline.

Despite four defaults in three years, USPS CFO Joseph Corbett told FedScoop that neither current employees or retirees should be worried about losing their benefits anytime soon. From past years of financial success, the agency has already funded about $50 billion to the U.S. Treasury for its RHBs.

Joseph Corbett, CFO of USPS Photo Courtesy of USPS

Joseph Corbett, CFO of USPS
Photo Courtesy of USPS

“No, [employees or retirees won’t lose their benefits]. Absolutely not,” Corbett said. “We have funded almost $50 billion sitting in the Treasury toward our retiree health care plan. The rest of the federal government doesn’t fund it all, and most commercial companies don’t fund it all, so our retirees and employees are far better off than their colleagues in other agencies or people in commercial companies. They will continue to receive benefits.”

According to Corbett, it would take decades for the $50 billion in the treasury to be exhausted.

But Corbett and the USPS don’t want to let it get to that point. In a proposal sent to the U.S. Congress that has turned into legislation in both houses, the USPS would be able to require retirees to integrate Medicare into their health plan “like every other self-funded organization in the country does,” the CFO said.

“If you did that, the amount of the liability we’d calculate for the Postal Service would be $50 billion,” Corbett said. “We have just about $50 billion already funded with the Treasury, so we actually would be fully-funded and these payments would be unnecessary.”

However, due to the way the post office was established and due to the subsequent legislation in the more than two centuries since its establishment, any change like that must go through Congress. Both pieces of reform legislation are awaiting consideration by their respective houses and were introduced during the summer of 2013.

Despite the Postal Service’s upcoming fourth default, that doesn’t mean that the agency is nearing bankruptcy as a whole. The agency has addressed the looming Treasury default for months, even as early as the first quarter. By acknowledging it would miss the payment, USPS instead set its financial sights elsewhere. In fact, according to Corbett, since the end of the recession, the agency has generated positive cash.

“We’ve done that through internal measures,” Corbett said. “We’ve consolidated over 200 plants and we’ve taken other measures to save cash.”

Since the early 2000s, Corbett said, the agency has shrunk by about 250,000 employees, all the while processing 40 percent of the world’s mail with just 10 percent of the world’s postal workers.

“We have had enough cash to run the organization in a pretty innovative way, in a very efficient way,” Corbett said. “The money we’ve been able to save through downsizing and just becoming more efficient, we’ve been reinvesting in the business. We haven’t stopped making investments.”

The Postal Service spends almost $1 billion each year in capital investments, including technological advancements and innovations, like intelligent barcoding, which allows the mail to be processed through an automated process where the only transactions of the mail come when a customer hands it to a postal employee and when a carrier takes it out for delivery.

The agency has also been investing in its website, USPS.com, which according to Corbett is one of the most visited websites in the country. Additionally the agency is partnering with digital competitors to implement technological tools for advertising mail.

“Essentially, it used to be that digital competed with us,” Corbett said. “Now, we’re actually teaming with digital means in order to make the mail more attractive from a marketing perspective.”

In addition to encouraging mailers to add QR codes to advertising mail to allow recipients to use their smartphones to learn more about an advertisement, the Postal Service is also working with mailers to bring augmented reality to the mail.

“Similar to QR codes, you can pull out your smartphone and the picture jumps off the page at you,” Corbett said. “There’s a special message hidden in the picture and things like that.”

The Postal Service will also use some of the positive cash flow from 2013 and 2014 to improve the customer experience in retail locations. For instance, in the top 3,000 USPS retail locations, the agency is rolling out mobile point of sale terminals similar to the Apple Store and Nordstrom, where an associate will allow you to pay and get a receipt right from a mobile device anywhere in the store.

“We haven’t been, in terms of our existing postal products, we really have not been constrained by our financial situations because we have set a priority, frankly, of making sure that we protect our brand, which is our fiduciary responsibility,” Corbett said. “We continue to keep the Postal Service as financially viable as possible. It’s impossible to do that without, obviously, paying all of our employees and suppliers, but also without innovating.”

In a state of the business address to postal customers, Patrick Donahoe, the USPS postmaster general, said there were a lot of reasons to be optimistic about the role of the Postal Service in American marketing.

According to a release from the agency, Donahoe highlighted the role of technology in driving USPS growth.

“The Postal Service is making great strides with the rich data we provide to our customers,” Donahoe said. “We are enhancing our products and services based on a much stronger data and technology platform, and that is driving a lot of exciting opportunities for America’s marketers and businesses.”

In the third quarter of 2014, the Postal Service reported a two percent increase in revenue and a $2 billion loss. According to a release from the agency, USPS has recorded a loss in 21 of the last 23 quarters. The third quarter loss adds to a second quarter loss of $1.9 billion and a first quarter loss of $354 million.

“It’s really hard to capture. It’s a very difficult story to tell or situation to describe, but for the Postal Service, this year, we’ll have a positive cash flow with the absence of not paying the $5.7 billion payment,” Corbett said. “We don’t have enough money to pay that, so that just cannot be paid. But we did generate cash.”

But just one piece of legislation that addresses the Treasury payment is not enough to bring the post office back into the green, Corbett said. With a looming pressure of wage increases and inflation on the horizon, the agency doesn’t have enough flexibility to grow revenue in the top line.

“We’re doing pretty well this year,” Corbett said. “But we do need more than just the legislation related to retiree health benefits.”

The post Postal Service strives to innovate despite 4th straight Treasury default appeared first on FedScoop.

]]>
http://fedscoop.com/postal-service-strives-innovate-despite-4th-straight-treasury-default/feed/ 0
Education’s Camsie McAdams talks about the importance of STEM http://fedscoop.com/camsie-mcadams/ http://fedscoop.com/camsie-mcadams/#comments Thu, 25 Sep 2014 14:42:06 +0000 http://fedscoop.com/?p=63479 Camsie McAdams, deputy director in the Education Department's Office of STEM, sat down with FedScoop TV at the first ever Tech Town Hall to discuss the importance of STEM in America.

The post Education’s Camsie McAdams talks about the importance of STEM appeared first on FedScoop.

]]>

Camsie McAdams, deputy director in the Education Department’s Office of STEM, sat down with FedScoop TV at the first ever Tech Town Hall to discuss the importance of STEM education in America.

The post Education’s Camsie McAdams talks about the importance of STEM appeared first on FedScoop.

]]>
http://fedscoop.com/camsie-mcadams/feed/ 0
Critical Mozilla vulnerability discovered http://fedscoop.com/critical-mozilla-vulnerability-discovered/ http://fedscoop.com/critical-mozilla-vulnerability-discovered/#comments Thu, 25 Sep 2014 14:14:23 +0000 http://fedscoop.com/?p=63471 Researchers at Intel Security announced yesterday they have uncovered a critical vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate businesses and other organizations.

The post Critical Mozilla vulnerability discovered appeared first on FedScoop.

]]>
Researchers at Intel Security announced yesterday they have uncovered a critical vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate businesses and other organizations.

Dubbed “BERserk,” the vulnerability could allow an attacker to forge RSA signatures, thereby allowing the bypass of authentication to websites using Secure Sockets Layer or Transport Layer Security cryptographic protocols, known as SSL and TLS, respectively.

“Given that certificates can be forged for any domain, this issue raises serious concerns around integrity and confidentiality as we traverse what we perceive to be secure websites,” said Mike Fey, chief technology officer of Intel Security.

The Mozilla NSS library is commonly used in the Firefox Web browser, but it can also be found in Thunderbird, Seamonkey and other Mozilla products.

James Walter, director of advanced threat research at Intel Security, said the company notified both Mozilla and the U.S. Computer Emergency Readiness Team about the vulnerability. Although Intel Security is unaware of any attacks exploiting BERserk, Walter said Intel Security strongly advises individuals and organizations using Firefox to take immediate action to update their browsers with the latest security update from Mozilla.

Google has also released updates for Google Chrome and ChromeOS, as these products also utilize the vulnerable library.

Why it’s called BERserk

This attack exploits a vulnerability in the parsing of ASN.1 encoded messages during signature verification. ASN.1 messages are made up of various parts that are encoded using BER (Basic Encoding Rules) and/or DER (Distinguished Encoding Rules). This attack exploits the fact that the length of a field in BER encoding can be made to use many bytes of data. In vulnerable implementations, these bytes are then skipped during parsing. This condition enables the attack. BERserk is a variation on the Bleichenbacher PKCS#1 RSA Signature Verification vulnerability of 2006.

BERserk

Source: Intel Security

The post Critical Mozilla vulnerability discovered appeared first on FedScoop.

]]>
http://fedscoop.com/critical-mozilla-vulnerability-discovered/feed/ 0
As commercial space travel approaches, FAA issues recommendations http://fedscoop.com/commercial-space-travel-approaches-faa-issues-recommendations/ http://fedscoop.com/commercial-space-travel-approaches-faa-issues-recommendations/#comments Wed, 24 Sep 2014 22:01:44 +0000 http://fedscoop.com/?p=63440 NASA isn’t the only federal player in space travel anymore. As commercial space travel gets closer to reality, the Federal Aviation Administration released a framework of recommended practices for human space flight safety.

The post As commercial space travel approaches, FAA issues recommendations appeared first on FedScoop.

]]>
 

SpaceX's unmanned Dragon craft has already been to and from the International Space Station, but new FAA recommendations indicate that soon those spacecraft could be manned.  Source: Wikimedia

SpaceX’s unmanned Dragon craft has already been to and from the International Space Station, but new FAA recommendations indicate that soon those spacecraft could be manned.
Source: Wikimedia

NASA isn’t the only federal player in space travel anymore. As commercial space travel gets closer to reality, the Federal Aviation Administration released a framework of recommended practices for human space flight safety.

The document, called Recommended Practices for Human Space Flight Occupant Safety, was released Sept. 16 by the administration to “serve as a starting point should there be a need for the government to issue regulations at some point in the future.”

Commercial space travel has been gaining traction recently, especially after the end of NASA’s shuttle program in 2011. The agency is currently awarding private sector companies contracts to send the first commercial crew to the International Space Station.

On the same day the FAA released their framework, NASA awarded Boeing and SpaceX contracts — worth a combined total of $6.8 billion — to launch astronauts into space. In a news conference in Florida at the Kennedy Space Center, NASA Administrator Charles Bolden said by allowing private companies to send humans to the ISS, the space agency can instead focus on sending humans to Mars.

“Turning over low-Earth orbit transportation to private industry will also allow NASA to focus on an even more ambitious mission – sending humans to Mars,” Bolden said. “Today we are one step closer to launching our astronauts from U.S. soil on American spacecraft and ending the nation’s sole reliance on Russia by 2017.”

Since the end of the shuttle program in 2011, American astronauts have been relying on Russian launches to ferry them to the ISS.

However, by releasing the recommended practices for human space flight safety, the FAA could be ushering in a new era of space travel spearheaded by private companies. Despite NASA’s dominance of the space travel sphere, the FAA has actually been responsible for regulating and licensing any private companies and individuals involved in commercial space transportation.

In fact, according to a fact sheet from the FAA, the agency’s Office of Commercial Space Transportation (AST) has licensed more than 220 successful launches, including commercial launches by companies like Lockheed Martin, Boeing and SpaceX.

The fact sheet says an FAA license is required for any craft’s launch or reentry carried out by U.S. citizens anywhere in the world or by anyone within U.S. airspace. The FAA only covers commercial flight regulations; however, any NASA or Defense Department launches do not require an FAA license.

The license evaluation process includes a public safety review, an environmental review, a national security or foreign policy review and an insurance requirement.

In anticipation of a future commercial space travel industry, the FAA will also issue experimental permits instead of full licenses for launch or reentry of reusable suborbital rockets, those that do not complete one total orbital revolution around the Earth. In addition, the FAA’s document assumes that any vehicle will stay in Earth’s orbit for no more than two weeks and has the ability to return to Earth within 24 hours if necessary.

“Orbital rendezvous and docking, flights longer than two weeks, extravehicular activity and any flights beyond Earth’s orbit are not explicitly addressed,” the document said. “Future versions of this document may cover such additional human space flight operations and missions.”

But although on the way, commercial human spaceflight is not here just yet.

“No person may operate a reusable suborbital rocket under a permit for carrying any property or human being for compensation or hire,” the fact sheet said.

The recommended practices are also solely focused on the safety of potential human occupants and not focused on public safety or mission assurance. The document was compiled through the analysis of 50 years of human space flight, according to the introductory section of the recommendations.

“AST reviewed existing government and private sector requirements and standards, including those from NASA, the European Space Agency and the International Association for the Advancement of Space Safety,” the document said. “Our purpose was not to copy NASA’s requirements, but to use them as a means to capture safety practices and judge whether they are, at a general level, appropriate for the commercial human space flight industry.”

The document makes recommendations to commercial spacecraft manufacturers and space travel providers on design, manufacturing and operations.

However, despite being issued as commercial space travel grows in popularity and possibility, the recommended practices document from the FAA actually has no regulatory power.

“The document may serve as a starting point for a future rulemaking project, should there be a need for such an effort at some point in the future,” the document said. “However, this document is not a regulation.”

The post As commercial space travel approaches, FAA issues recommendations appeared first on FedScoop.

]]>
http://fedscoop.com/commercial-space-travel-approaches-faa-issues-recommendations/feed/ 0
New DHS headquarters ‘a monument to mismanagement’ http://fedscoop.com/new-dhs-headquarters-monument-mismanagement/ http://fedscoop.com/new-dhs-headquarters-monument-mismanagement/#comments Wed, 24 Sep 2014 21:55:11 +0000 http://fedscoop.com/?p=63462 Two prominent House Republicans reprimanded the Department of Homeland Security and the General Services Administration last week for mismanaging the construction of the new DHS headquarters facility, which officials say is more than $1 billion over budget and not expected to be completed for another 12 years.

The post New DHS headquarters ‘a monument to mismanagement’ appeared first on FedScoop.

]]>
DHShq_GSA

GSA rendering of part of the new DHS headquarters facility planned for construction at St. Elizabeths in Washington, D.C.

Two prominent House Republicans reprimanded the Department of Homeland Security and the General Services Administration last week for mismanaging the construction of the new DHS headquarters facility, which officials say is more than $1 billion over budget and not expected to be completed for another 12 years.

“The project has become a monument to mismanagement,” said Rep. Jeff Duncan, R-S.C., chairman of the Subcommittee on Oversight and Management Efficiency, during a hearing Sept. 19 focused on a new 77-page report by the Government Accountability Office detailing the schedule delays and cost overruns that have plagued the construction of the new facility on the grounds of the historic St. Elizabeths hospital in Washington, D.C.

“DHS’ cost and schedule estimates aren’t worth the paper they’re printed on. The truth is DHS and GSA don’t have any idea how much St. Elizabeths will cost or when it can be finished,” Duncan said, calling the government’s oversight of the effort “leadership malpractice.”

DHS and GSA selected the St. Elizabeths site in 2006 to become the future home of a DHS headquarters that would help integrate the massive, sprawling collection of component organizations into a single agency — DHS’ so-called “One DHS” vision. But construction did not begin until 2009. The facility was supposed to be completed this year, but so far only the U.S. Coast Guard has moved in.

But the latest GAO report slammed both agencies for failing to use leading best practices for capital decision making and reliable cost and schedule estimates.GAO recommended that Congress make future funding for the project contingent upon DHS and GSA developing new plans for St. Elizabeths that follow these established guidelines.

David C. Maurer, director of Homeland Security and Justice programs at GAO, emphasized the problems facing the DHS headquarters consolidation effort are not new and could have been avoided.

“Seven years ago, we issued a report expressing concerns about the future of the project,” Maurer said. “We recommended, among other things, that GSA and DHS develop a comprehensive cost analysis and comparison of alternatives.” The agencies, however, did not see the need to refine their estimates or consider alternatives, he said. “That proved to be a missed opportunity.”

Homeland Security Committee Chairman Rep. Michael McCaul, R-Texas, urged DHS to reassess the project and said any further funding from Congress should be conditional to the department’s creation of a new plan.

Norman Dong, the commissioner for public buildings service at GSA, defended the first phase of the headquarters consolidation project involving a new Coast Guard building. “This state-of-the-art facility will use sustainable technologies to drop energy use to more than 30 percent below industry standards and cut water usage by nearly 50 percent,” Dong said. “Additionally, this phase included perimeter security, the renovation of several historic buildings, infrastructure improvements throughout the campus, and a 2,000 car parking garage. We completed Phase 1 on time and on budget, and in the process, eliminated five leases and moved nearly 1 million square feet of space to federal ownership.”

But of the 181 leases for office space in the 53 locations that currently house DHS components, more than 150 are scheduled to expire by 2016, adding more uncertainty to the extent of potential cost overruns by the time St. Elizabeths construction is completed in 2026. 

Rep. Ron Barber, D-Ariz., the ranking member on the subcommittee, raised the specter of a broader problem for DHS facilities management nationwide. According to Barber, DHS recently built houses for U.S. Customs and Border Protection agents valued at nearly $700,000 each in small retirement community where the average home value is only $88,000.

“This is not just an issue at St. Elizabeths,” Barber said. “We have to be concerned about a broader problem, and that is how does this third largest federal agency manage the money that the taxpayers give to us and we to them to fund the agency’s mission.”

 

The post New DHS headquarters ‘a monument to mismanagement’ appeared first on FedScoop.

]]>
http://fedscoop.com/new-dhs-headquarters-monument-mismanagement/feed/ 0
Are the keys to interoperable health IT hidden outside the health care field? http://fedscoop.com/key-interoperable-health-hidden-outside-health-care-field/ http://fedscoop.com/key-interoperable-health-hidden-outside-health-care-field/#comments Wed, 24 Sep 2014 20:05:48 +0000 http://fedscoop.com/?p=63444 Some leading health IT experts say the key to finding new ideas to modernize the health care industry is to not look in the health care industry. So where are those ideas hiding?

The post Are the keys to interoperable health IT hidden outside the health care field? appeared first on FedScoop.

]]>
EHR

To build a truly modern and interoperable health care system, some leading health IT experts think critical answers may be hidden in industries typically thought to be unassociated with health care.

“Sometimes I think we’ve been working to define or consider solutions in the health IT space thinking about health care, but I think the truth is there are assets and strategies that have worked in other arenas that we should look to leverage if it makes sense and get ourselves out of that traditional thinking of the house of medicine,” said Karen DeSalvo, the national coordinator for Health Information Technology, during an ACT-IAC health care panel Wednesday that will set the agenda for a health IT working group.

Ten years since the inception of the the Office of the National Coordinator for Health IT within the Department of Health and Human Services, the American health care system is experiencing an unprecedented abundance of data. “The priorities then of course included some of the same priorities we still want to carry forward, such as connecting care through the movement of data across the care continuum and beyond,” DeSalvo said. “But we did not have data to share in the way that we do today.”

While more data is an obvious boon to creating an effective electronic health record system, something required of ONC and others in the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, leveraging it and making it work together is a difficult task.

David Bowen, chief information officer of the Military Health System and director of health information technology for the Defense Health Agency, described the Defense Department’s health records as a “spaghetti pile of data.” To clean up that mess, Bowen said, they have to work on standardizing the different services, all of which he said do things in their own unique and different ways.

“All of our military treatment facilities, our 400 or so hospitals and clinics, have been pretty much been doing their own things in terms of infrastructure, and so no we’ve got to get our arms around that and provide a standardized platform,” he said.

Within the Veterans Health Administration, Chief Medical Information Officer Theresa Cullen said she has similar concerns about interoperability, but her agency wants to get beyond that.

“We want to get to operability,” Cullen said. “So it’s that interoperability, I have your data, you have my data. But then I operate on it, I act on it, I know what to do with it. So it’s not just the sharing of that data, it’s the ability to use that data to improve care.”

To get there, she offered, we need to start peering beyond the “the four walls” of traditional health care and “into this continuum of care, into this recognition that your most important care taker maybe your person at home or it may be the person that’s 3,000 miles away.”

And some of the solutions might be outside the realm of health care. “How many opportunities are we missing within the federal space because we haven’t been provocative enough and challenged ourselves enough to think ‘Somebody else may really know how to do this, and how can I leverage that?’” Cullen said.

Kshemendra Paul, program manager for the Information Sharing Environment in the Office of the Director of National Intelligence, deals with two missions in his role: terrorism-related information sharing in the government and information interoperability, information sharing best practices. Through the latter mission, health care IT is a big focus, one that’s often more treacherous than dealing with terrorism information, he said. But both can inform each other through what Paul called “cross-fertilization.”

“In my core problem area of terrorism information sharing, there’s a lot of similarities structurally, a lot of opportunities, I believe, to leverage lessons learned and best practices into both directions with the health care IT, public safety and human services domain,” Paul said. “The problem you all are facing in the health IT, human services area is much more complicated than the one I have in terrorism-related information sharing.”

Leveraging infrastructure owned by state and local partners, Paul gave an example of how his organization has been able to monitor in real time the spread of heroin, merging the fields of public safety and public health.

In a similar fashion, DeSalvo said ONC is planning to leverage the United States Postal Service as a pilot to experiment with new health record interoperability.

“They have hundreds of thousands of employees for whom they are making a personal health record and a portal so they can access their health information,” she said. “They also have a potential platform to create a way that every American has an identifier, like an address” they registered online.

“I think we have this really unique opportunity as we look forward and embrace the amazing work that other non-traditional health partners have done in the federal sector that we can accelerate,” Cullen said.

“It’s not the level of authentication the DOD would expect, but it does an interesting identity opportunity that opens your mind to the potential for data being centered around a person,” DeSalvo said. “That gets us to an ecosystem that is not so dependent on the health care institutions hosting the data.”

The post Are the keys to interoperable health IT hidden outside the health care field? appeared first on FedScoop.

]]>
http://fedscoop.com/key-interoperable-health-hidden-outside-health-care-field/feed/ 0
Former official: ‘GSA for Spectrum’ idea misses the mark http://fedscoop.com/federal-spectrum-reform/ http://fedscoop.com/federal-spectrum-reform/#comments Wed, 24 Sep 2014 19:17:53 +0000 http://fedscoop.com/?p=63445 To understand how valuable spectrum is to the federal government, Scott Wallsten compared it to another commodity the country has a vested interest in: oil. “We wouldn’t consider allowing the government to have $200 billion worth of oil without having to pay for it,” Wallsten, the vice president for research at the Technology Policy Institute, said during a panel at The Brookings Institution on Tuesday. “If you take some of the same numbers that others use to estimate spectrum value [at] a $1-per-MhZ-POP (a measure of people covered under certain spectrum bands), basically we are talking $200 billion to $600…

The post Former official: ‘GSA for Spectrum’ idea misses the mark appeared first on FedScoop.

]]>
wireless spectrum

The government is sitting on a lot of spectrum. How can it better release it to commercial carriers without losing what it needs for its own mission?

To understand how valuable spectrum is to the federal government, Scott Wallsten compared it to another commodity the country has a vested interest in: oil.

“We wouldn’t consider allowing the government to have $200 billion worth of oil without having to pay for it,” Wallsten, the vice president for research at the Technology Policy Institute, said during a panel at The Brookings Institution on Tuesday. “If you take some of the same numbers that others use to estimate spectrum value [at] a $1-per-MhZ-POP (a measure of people covered under certain spectrum bands), basically we are talking $200 billion to $600 billion in assets that the federal government gets to use without having to consider its opportunity costs. That’s a big deal.”

How the government could better use, sell and allocate this wealth of spectrum was Tuesday’s topic of discussion at Brookings. As growth in wireless technologies continues to boom, industry and policy leaders are looking at ways the government can relinquish spectrum without losing the capabilities it needs to carry out its various missions.

One idea put forward was the prospect of establishing a “GSA for Spectrum,” a service that would be similar to the General Service Administration’s Public Building Service, which specializes in property management for the federal government. The National Telecommunications and Information Association, which manages the federal government’s use of spectrum, would use this model to serve as a landlord for spectrum, charging “rent” and incentivizing agencies to more efficiently use the bands in their possession.

Dorothy Robyn, a former commissioner of GSA’s Public Buildings Service, said the model is a good start, but it doesn’t completely translate from real estate to spectrum management.

“A GSA for spectrum would not provide the level of centralized management control that some envision,” Robyn wrote in a study for Brookings. “The factors that limit GSA’s reach (agencies’ desire to control specialized and mission-critical assets) are even more dominant when it comes to spectrum than they are for real property.”

Robyn also said this quasi-regulatory authority would also run into problems with the Defense Department, due to the amount of spectrum Defense holds for the military.

That ethos mirrors what Stuart Timerman, director of the Defense Information System Agency’s Defense Spectrum Organization, said during DISA’s industry day last month and what former DOD CIO Terri Takai said earlier this year about DOD working with others to fulfill an Obama administration order to free up 500 MHz of spectrum by 2020.

“In order to be able to allow future use of commercial wireless [spectrum], as well as DOD’s requirements in the future, we have to learn how to evolve and how to utilize the spectrum much more robustly than we currently do,” Timerman said at DISA’s industry day. “How do we make sure that DOD can perform their mission, but at the same time, how do we allow the U.S. economy to grow by allowing more commercial access to spectrum that is currently set aside for federal use?”

Another idea being considered is a “BRAC for Spectrum,” modeled after the Base Realignment and Closure process that has consolidated or closed Defense Department bases.

“There may be value in having a group of outside experts to help identify spectrum bands that the executive branch could analyze as candidates for ‘realignment or closure,’” Robyn wrote. “However, unlike in BRAC, the recommendations of the Spectrum Commission could not be conditionally binding, because that would preempt agencies’ decisions on a complex matter closely tied to their missions.”

However, Robyn said GSA has always been committed to getting rid of property the government doesn’t use and that same philosophy could have a great impact on spectrum reform.

“Getting rid of excess federal property, under-utilized federal property is a passion, it is a mindset. That culture is still very deep,” Robyn said. “I think GSA is good model for NTIA to emulate.”

However the government decides to reallocate spectrum, Tom Power, deputy chief technology officer for the White House’s Office of Science and Technology Policy, said he is ready to “pull all the levers so this can be an evolving success story.”

“Even in recession, wireless was one area where we did see continued growth, including job growth,” Power said Tuesday. “We need to keep supporting this virtuous cycle.”

With the government relinquishing a large amount of spectrum in the past few years (and a much publicized Advanced Wireless Services auction scheduled for November), experts do not expect the calls for spectrum reform to diminish.

“We care about it not just because of the increasing demand in wireless services, but because it is inherently a valuable asset,” Wallsten said.

The post Former official: ‘GSA for Spectrum’ idea misses the mark appeared first on FedScoop.

]]>
http://fedscoop.com/federal-spectrum-reform/feed/ 0
NSTIC head Jeremy Grant wants to kill passwords http://fedscoop.com/nstic-head-jeremy-grant-wants-kill-passwords/ http://fedscoop.com/nstic-head-jeremy-grant-wants-kill-passwords/#comments Wed, 24 Sep 2014 18:41:46 +0000 http://fedscoop.com/?p=63434 I may have been a little hasty last week when I predicted that the National Strategy for Trusted Identities in Cyberspace may "never see the light of day," and this week NSTIC head Jeremy Grant let me know it.

The post NSTIC head Jeremy Grant wants to kill passwords appeared first on FedScoop.

]]>
I may have been a little hasty last week when I predicted that the National Strategy for Trusted Identities in Cyberspace may “never see the light of day,” and this week NSTIC head Jeremy Grant let me know it. Grant, the senior executive advisor for NSTIC, explained that while short term, low-level security methods that come out of NSTIC may rely on passwords in some form, the ultimate goal is to eliminate them all together – something he says is entirely possible by the program’s 2020 deadline.

Jeremy Grant

Jeremy Grant

“Passwords are a disaster from a security perspective,” Grant said. “We want to shoot them dead.”

Yet, right now, most of the Internet relies on passwords, and that is limiting the development of new technology and the deployment of innovative government programs. “Every year agencies come up with killer apps, but they don’t deploy them because they can’t verify the person on the other end,” Grant said. “Passwords aren’t secure enough for the agency to be sure that the person on the other end isn’t a proverbial dog on the Internet.”

Instead of a system where users have to remember dozens of passwords, Grant envisions identity management in the future being based on other models such as two-factor authentication or tokens. Passwords in some form may play a role, but it all depends on the level of data being protected.

The Office of Management and Budget has defined four levels of assurance, of which the different technologies being developed will serve. Agencies classify the four levels of authentication assurance according to the potential consequences of an authentication error. At level one, only a password is required. At level three, dual factor authentication comes into play, with something like an encrypted key software token required before access is granted. At level four, an actual hardware token would be required, such as a PIV card. According to Grant, level three is where most public-facing websites run by the federal government have the most need.

Most of what the NSTIC does is with the private sector. The pending launch of Connect.gov, where users of certain government websites would be able to use a shared credential given to them by a separate identity vendor like Google or PayPal, is just a way for government to take advantage of the increase in security the new technologies offer. It will only be used for low-level transactions, such as signing up for a newsletter or some other activity where a security breach would not be considered catastrophic for the end users. Grant described it as an interim step along the road to eliminating passwords.

“Connect.gov is really an easy button for government agencies to tap into these new technologies,” he said. “It will let users login to sites without much risk for low levels of assurance.” But the real focus is still to first add a second factor of authentication to passwords and then to eliminate them all together, he added.

Grant also explained that the government was not micromanaging the program through the NSTIC but mostly supporting companies trying to develop password-killing technology. “To a certain extent the government is not particularly concerned about the technology itself,” he said. “In fact, one of the worst things that we could probably do is to try and standardize on one thing and make everyone adopt it.” This supporting role has already gained some notable successes, with a handful of vendors already certified as approved identity services for various levels of assurance.

One solution Grant pointed out is ID.me, which was awarded $2.8 million to serve the veteran community with better authentication. “Everyone wants to give discounts and services to veterans, but how do organizations know if a person is a veteran without asking them to carry around their discharge papers?” Grant asked. “With ID.me it allows veterans to set up secure credentials that can be used to claim discounts at stores that offer them. We want to use that same credential to allow them to also log into the [Department of Veterans Affairs] to get access to their records.”

As someone who studies the evolving efforts to kill passwords once and for all, Grant is in a unique position to predict whether the NSTIC will be successful in reaching that long-term goal by 2020. “I think we will make it,” Grant said. “We are already seeing some major advancements with programs like Internet 2 deploying multi-factor authentication to hundreds of universities, and advancements from the FIDO (Fast IDentity Online) Alliance using the fingerprint readers and cameras in phones for authentication. There aren’t many technologies where you can point to the day they became ubiquitous, but I think with this we are getting very close to that tipping point.”

 

The post NSTIC head Jeremy Grant wants to kill passwords appeared first on FedScoop.

]]>
http://fedscoop.com/nstic-head-jeremy-grant-wants-kill-passwords/feed/ 1
Agencies shine in new Twitter handbook for government and elections http://fedscoop.com/twitter-uses-agency-examples-new-handbook-government/ http://fedscoop.com/twitter-uses-agency-examples-new-handbook-government/#comments Tue, 23 Sep 2014 21:41:58 +0000 http://fedscoop.com/?p=63410 Citing examples from several departments and agencies, Twitter released a guide for government and elections usage last week, covering the basics from what the social media network is and how to compose a tweet to more complex topics like live-tweeting events, constituent engagement and Twitter question and answer sessions.

The post Agencies shine in new Twitter handbook for government and elections appeared first on FedScoop.

]]>
Twitter Government and Elections HandbookThe 2012 election was dubbed “the Twitter election” by spectators, and almost as soon as the polls closed federal agencies and departments began studying how the social network could be leveraged as a driving force for more effective communications.

Citing examples from several departments and agencies, Twitter released a guide for government and elections usage last week, covering the basics from what the social media network is and how to compose a tweet to more complex topics like live-tweeting events, constituent engagement and Twitter question and answer sessions.

Globally, according to the handbook, Twitter has more than 271 million active users monthly and the network sees more than 500 million tweets per day.

“The conversation doesn’t end on election day,” the handbook said. “Twitter lets you bring your constituents with you every day as an elected official and behind the scenes during Inauguration Day, town halls and office hours.”

The guide used the Interior Department’s Twitter profile, @Interior, to show the different parts of a Web profile page, including the best, pinned and filtered tweets features. In addition, the guide mentions the State Department’s, through @StateDept, use of the Twitter Lists to organize tweets from various divisions and entities within the department.

Twitter handbook

The Interior Department is also credited as an example of an account that shows “responsiveness and personality in its tweets” stemming from its response to a tweet about the origins of the department’s name.

The guide highlighted the Education Department’s call to action for National Teacher Appreciation Day as a way to engage users to interact with the #ThankATeacher hashtag and post an accompanying photo. Education Secretary Arne Duncan’s educational technology Twitter chat in October 2013 was also mentioned as a good example of a Twitter Q&A.

The first tweets of the Central Intelligence Agency and Secretary of State John Kerry were modeled as good examples of opening tweets that introduce a new user to the Twitter universe.

Using the CIA and Kerry as examples, Twitter encouraged government users to be personal in their tweets, while still maintaining a professional decorum.

“Sending personal tweets to friends and family for all of Twitter to see is a great way to show your personal side, and this resonates well with followers,” the guide said. “Being as personal as you feel comfortable being is a great way to develop and build a loyal following. Ultimately, personality wins on Twitter.”

The handbook also cited the effectiveness of agencies and government organizations using Twitter to boost a more global interaction with live events. NASA’s launch of the Maven Rocket to Mars in November 2013 was chronicled through the #NASASocial hashtag. In fact, the agency used the buzz around the launch on Twitter to invite 150 social media followers to the Kennedy Space Center to see the launch live, according to the guide.

NASA has been using Twitter for events like ‘tweetups,’ or real-life gatherings of its social media fans, since 2009, according to the guide. In fact, the #NASASocial hashtag came back into regular use this week as the space agency put the Maven Rocket into Mars’ orbit a little less than a year after it launched.

Twitter’s government and elections team could not be reached for additional comment by publication time.

The post Agencies shine in new Twitter handbook for government and elections appeared first on FedScoop.

]]>
http://fedscoop.com/twitter-uses-agency-examples-new-handbook-government/feed/ 0
White hat hackers try breaching Healthcare.gov, find ‘critical vulnerabilities’ http://fedscoop.com/white-hat-hackers-try-breaching-healthcare-gov-find-critical-vulnerabilities/ http://fedscoop.com/white-hat-hackers-try-breaching-healthcare-gov-find-critical-vulnerabilities/#comments Tue, 23 Sep 2014 21:20:23 +0000 http://fedscoop.com/?p=63390 White hat hackers within the Department of Health and Human Services' Office of the Inspector General set out to test the integrity of Healthcare.gov security earlier this year and found critical vulnerabilities, according to an IG report released Tuesday.

The post White hat hackers try breaching Healthcare.gov, find ‘critical vulnerabilities’ appeared first on FedScoop.

]]>
healthcare

White hat hackers within the Department of Health and Human Services’ Office of the Inspector General set out to test the integrity of Healthcare.gov security earlier this year and found critical vulnerabilities in the marketplace, according to an IG report released Tuesday.

The report, published in the wake of an actual July breach of Healthcare.gov, says white hat hackers conducted similar simulated attacks on the federal marketplace, as well as state marketplaces in Kentucky and New Mexico, in April and May.

Though the IG found that personally identifiable information (PII) was secured in the federal marketplace’s network, there were areas for the Centers for Medicare and Medicaid Services to improve security controls. Due to the highly sensitive nature of that information, the specifics were not revealed in the report.

Since launching Healthcare.gov in October 2013, CMS has improved several security aspects, the report said, but the website still showed vulnerabilities during the simulated attacks and vulnerability scanning, both on the website’s architecture and supporting databases containing critical user information. According to the report, CMS performs weekly vulnerability scans on its systems connected to the federal marketplace.

Although CMS had set up a plan to remediate the vulnerability found in the website’s architecture, it had not fully corrected the issues with the databases during the test hacks. “These critical vulnerabilities placed the confidentiality, integrity, and availability of PII at risk and could have allowed unauthorized access to consumer PII,” the report states.

The inspector general made classified recommendations to CMS, all of which the agency concurred with. However, according to the report, CMS disagreed with a recommendation on “encrypting files using an encryption module that has been FIPS 140-2 validated,” saying it had already conformed to that National Institute of Standards and Technology standard. HHS’ OIG said because it didn’t receive explicit documentation verifying the encryption module, it remains concerned.

Months after the OIG audit, an actual “malicious attack” occurred, breaching a Healthcare.gov test server with denial of service malware, according to HHS officials. There was no personal information obtained from that attack, which was confirmed Sept. 4, but the hack has thrust the security concerns of Healthcare.gov back into the national spotlight less than two months out from the Affordable Care Act’s second open enrollment period, beginning Nov. 15.

Testifying in front of the House Oversight and Government Reform Committee last week, CMS Administrator Marilyn Tavenner was grilled about the July breach. While she maintained no user information was compromised in the attack, she did confirm that personally identifiable information may have been vulnerable due to early technical glitches when the marketplace was launched.

The Government Accountability Office last week filed a similar report to the HHS OIG’s with 28 security vulnerabilities listed, most of which CMS and HHS agreed with. Oversight committee Chairman Rep. Darrell Issa, R-Calif., told Tavenner that by launch of the second enrollment period, CMS must take care of the vulnerabilities.

The IG tests also found that the Kentucky marketplace sufficiently protected personal information, but it lacked certain security controls. New Mexico used necessary security controls, but “its information technology policies and procedures did not always conform to Federal requirements to secure sensitive information stored and processed by the New Mexico Marketplace,” the report states. In all, the IG found 74 vulnerabilities in the New Mexico exchange.

An HHS OIG spokesperson said the office will continue to test both the federal and state health exchanges for vulnerabilities and follow up on CMS’ implementation of recommendations in the report.

The post White hat hackers try breaching Healthcare.gov, find ‘critical vulnerabilities’ appeared first on FedScoop.

]]>
http://fedscoop.com/white-hat-hackers-try-breaching-healthcare-gov-find-critical-vulnerabilities/feed/ 0