Syrian Electronic Army comes after US military

It’s supposedly taken down The New York Times, The Washington Post, Huffington Post and Twitter in the last week alone. And on Labor Day, it came after the U.S. government.

The Syrian Electronic Army, a hacker group supporting the Syrian regime, has been launching cyber-attacks for most of Syria’s two-year civil war. But its U.S. hacking efforts have ramped up over the last week as the administration and Congress debate whether to launch military strikes against the Syrian government.

Visitors Monday to “www.marines.com,” the Marines’ official recruitment website, were redirected a black page with a 10-line letter addressed “Message to the United States Marines corps.” The letter called for Marines to support the Syrian regime’s soldiers, “who have been fighting Al Qaeda for the 3 years.”

The middle of the letter was broken up by five images of men in U.S. military garb, holding signs in front of their faces reading things like “I Will NOT Fight for Al Qaeda In Syria.”

The attack comes shortly after the FBI and Department of Homeland Security warned of a heightened risk for cyber-attacks from Syria, and the Pentagon has actually been working to strengthen military website security. Marines officials said Monday no information had been compromised by the attack.

Here’s the letter, in full:

This is a message written by your brothers in the Syrian Army, who have been fighting Al Qaeda for the last 3 years.

We understand your patriotism and love for your country so please understand our love for ours.

Obama is a traitor who wants to put your lives in danger to rescue Al Qaeda insurgents.

Marines, please take a look at what your comrades think about Obama’s alliance with Al Qaeda against Syria.

Your officer in charge probably has no qualms about sending you to die against soldiers just like you, fighting a vile common enemy. The Syrian army should be your ally not your enemy.

Refuse your orders and concentrate on the real reason every soldier joins their military, to defend their homeland.

You’re more than welcome to fight alongside our army rather than against it.

Your brothers, the Syrian army soldiers. A message delivered by the SEA

Outgoing FBI Director Mueller reflects on changes since 9/11

Robert Mueller — the FBI’s longest-serving director since J. Edgar Hoover — will step down from his post next Wednesday.

Mueller started as director Sept. 4, 2001, exactly one week before the indelible terrorist attacks on the World Trade Center, which permanently altered the FBI’s role. In his 12 years as director — extended by Congress past the normal 10-year maximum — Mueller oversaw a significant expansion: 18 new overseas posts and major investments in new information technology. Of the FBI’s 36,000 employees, more than half joined since 2001.

“When I first came on board, I thought I had a fair idea of what to expect,” Mueller said recently during a farewell ceremony at FBI Headquarters. “But the Sept. 11 attacks altered every expectation.”

The bureau changed from a domestic law enforcement-focused agency to a counterintelligence and counterterrorism-focused organization.

Friday, the FBI released a video of Mueller reflecting on his term as FBI director. Check it out below:

FCC names new CIO, acting managing director

The Federal Communications Commission has added two new faces to its senior management team.

Mark Stephens was today named acting managing director, while David Bray was tapped as CIO, according to an FCC announcement.

Stephens, who joined FCC in 1991 and most recently served as chief financial officer in the commission’s Office of Managing Director, will manage FCC’s budget and financial programs. His area of responsibility also will include HR, contracts, purchasing, communications, computer services and security.

As CIO, Bray will implement a strategy to equip employees with effective technology, reduce costs and migrate the commission’s IT to the cloud. His government career began in 1993, and he since worked with the Energy Department and the National Institutes of Health, among others. Bray’s most recent role was as executive director for the National Commission for the Review of the Research and Development Programs of the U.S. Intelligence Community.

Both Stephens and Bray will work in the Office of the Managing Director to coordinate the administration and management of the commission.

In addition to these appointments, David Valdez has been named special counsel. A former Verizon and CompTIA senior executive, Valdez will oversee issues relating to regulatory reforms to help innovation in government and assist in managing FCC’s advisory committees.

FedWire: NIST’s cyber framework, new ATF director, and eBuy Mobile

FedWire is FedScoop’s afternoon roundup of news and notes from the federal IT community. Send your links and videos to tips@fedscoop.com.

Army awards second technology under $7 billion renewable energy MATOC.

GSA’s eBuy Mobile.

FirstNet board holds first meeting.

DON CIO Terry Halvorsen on preventing cyber-attacks.

State OIG releases FY 2014-2019 strategic plan.

New ATF director gets sworn in.

New Digital Analytics Program help for agencies.

Department of the Navy readies to face new challenges.

West Wing Week, March on Washington anniversary edition:
http://youtu.be/ZIa_asFvzSg

The new cyber framework draft: beefed up, but still much to discuss

The newest draft of the government’s cybersecurity framework, released Wednesday, fleshes out the bare bones outline from July and adds some illustrative graphics, but still leaves much to be discussed and decided.

The National Institute of Standards and Technology — which the president tasked with creating the framework — published the draft in advance of the last of four workshops it has held on the matter. From Sept. 11-13, private industry, academia and government will convene in Dallas to hammer out some of those final details for the framework, due in October.

The updated draft tweaks the evaluation rubric slightly from the previous iteration. The framework is built around five functions: identify, protect, detect, respond, recover (swapping out “know” and “prevent” — the first two steps in the prior draft). The idea of the function setup is that a company can’t protect its system until it identifies and does risk assessments on its assets, data and capabilities. And it can’t detect intrusions until it has protective measures in place. And so on.

Each of those five functions is now broken down into categories and subcategories. Categories are various cybersecurity activities “closely tied to programmatic needs.” So under the function “identify,” for instance, one category is “asset management,” part of understanding your networks. Other categories for later functions include “access control” — under “protect” — and “detection processes” — under “detect.”

Subcategories are the actual activities required to technically achieve each category. So for “identify” a company would have to “inventory and track physical devices and systems within the organization.”

Finally, after all of these steps, the new draft includes “informative references,” which could crudely be referred to as “solutions.” In NIST parlance, they are “standards and practices common among the critical infrastructure sectors and illustrate a method to accomplish the activities within each subcategory.”

To show how this framework would map onto the real world, a related document walks through three examples of a company using the functions, categories, subcategories and informative responses for specific issues: cybersecurity instructions, malware and insider threats.

The new draft also lays out a four-tier scale for companies to rate themselves on implementation, from Tier 0 — “partial” — to Tier 3 — “adaptive.” The tiered adoption scale will be a focus of the upcoming discussion in Dallas. As the framework is just a set of guidelines, not specific standards to meet, it is unclear exactly how each company would rate itself on the tiered scale.

Adoption incentives will also feature prominently in the discussion. In early August, the White House released a set of eight incentives to galvanize the private sector into adopting NIST’s framework. From enhanced cybersecurity insurance, to federal grants and liability protections for compliant companies, the list ranged from the realistic — just needing an executive order — to the idealistic — needing action from a recalcitrant Congress. The Dallas forum will be the first large-scale venue for the private industry to comment on those incentives.

How King’s ‘Dream’ boosted the FBI’s domestic surveillance program

The Defense Landscape is a weekly conversation on the national security news of the day.

Wednesday marked the 50th anniversary of the historic March on Washington for Jobs and Freedom. On that day, half a century ago, hundreds of thousands of people flooded the National Mall in Washington, D.C., marching out to the Lincoln Memorial.

It was there Martin Luther King Jr. then gave his iconic “I Have a Dream” speech.

The speech is remembered for its impassioned oratory and as a galvanizing moment during the civil rights movement. Less remembered about King’s speech was its impact on the FBI. King had been under government surveillance since 1958, but the 1963 speech caused the FBI to ramp up its efforts to monitor and uncover seditious acts by King.

This week, Tony Capaccio in The Washington Post and Jelani Cobb in the New Yorker examined the FBI’s surveillance programs for King and many civil rights leaders.

We’ll discuss exactly what the FBI was doing and how its surveillance then is relevant to the current debate over surveillance programs.

We’ll also listen to a 2012 interview on Democracy Now! with Tim Weiner, a Pulitzer Prize-winning reporter who has covered surveillance, the Pentagon and CIA for decades. In 2012, he released a book “Enemies: History of the FBI” which detailed the rise of the FBI’s surveillance programs. Weiner will explain exactly how the FBI monitored and threatened King for the last decade of his life.

New project shines light on VA mismanagement

A Republican lawmaker leveraged the power of the Internet on Thursday to shine a light on the Veterans Affairs Department.

Jeff Miller, R-Fla., chairman of the House veterans affairs committee, launched the VA Accountability Watch, an extension of Veterans.House.Gov, to highlight VA’s “growing pattern of rewarding failure.”

“First and foremost, VA Accountability Watch is about ensuring our veterans get the care and benefits they deserve, but it’s also an effort to protect those who work for VA,” Miller said. “The vast majority of the department’s more than 300,000 employees are dedicated and hard working. They deserve better than to have the reputation of their organization dragged through the mud by a bunch of executives who are too busy patting themselves on the back to take responsibility for their own incompetence.”

VA, which is responsible for 22 million veterans, has been making headlines recently for cases in which officials who oversaw management failures were rewarded with hefty bonuses. The Government Accountability Office found that bonuses distributed to officials had no clear link to performance.

There have also been revelations of preventable deaths in VA hospitals, and benefit and construction delays because of management shortcomings.

The site lists state by state the amount VA officials received in bonuses, despite ongoing issues.

A few examples here:

Buffalo, N.Y.
David West, a VA health official in New York, pocketed nearly $26,000 in bonuses while overseeing chronic misuse of insulin pens that potentially exposed hundreds of veterans to blood-borne illnesses.

Pittsburgh, Pa.
After persistent management failures led to a deadly Legionnaires’ disease outbreak in the VA Pittsburgh Healthcare System, VA Pittsburgh Director Terry Gerigk Wolf received a perfect performance review. Regional Director Michael Moreland, who oversees VA Pittsburgh, collected a $63,000 bonus.

Washington, D.C.
Diana Rubens, VA executive in charge of the nearly 60 offices that process disability benefits compensation claims, collected almost $60,000 in bonuses while presiding over a near-seven-fold increase in backlogged claims.

Recently, VA has been taking measures to increase its accountability. Anyone can monitor the Veterans Benefit Administration through the VBA performance website, which is a part of VBA’s transparency program. Based on organizational performance goals, senior executives in VBA will not receive performance awards for fiscal year 2012. The funds have instead been reinvested in eliminating the backlog. In the last five months alone, VA said it has reduced its backlog by 20 percent.

A Washington oversight group applauded the pressure the committee put on VA.

“It’s terrific to see Congress doing this kind of public engagement on oversight,” Angela Canterbury, director of public policy at the Project on Government Oversight, told FedScoop. “We have been really impressed by the work being done by the investigators for the House Veterans’ Affairs Committee. This is just the latest example of the committee’s dedication to holding the VA accountable to ensure our veterans get the care they deserve.”

VMware’s Doug Bourgeois on lowering the cost of government

Doug Bourgeois, VP and chief cloud officer, public sector, VMware, talks with FedScoopTV about some of the approaches to lower the cost of government.

Dell’s Jeffrey Lush on FedRAMP and ‘certified once, use many times’

Jeffrey Lush, CTO, Dell Services Federal Government, shares in this FedScoopTV interview how IT — and cloud computing, specifically — can lower the cost of government

Department of the Navy’s Terry Halvorsen on preventing cyber-attacks

Terry Halvorsen, CIO, Department of the Navy, discusses with FedScoopTV what agencies can do to thwart cyber-attacks.