DHS plans next steps for continuous monitoring program
The Department of Homeland Security this week plans to launch an online training portal for state and local governments interested in leveraging continuous diagnostics and mitigation program best practices. The training program, expected to be online as early as this Friday, is part of a larger DHS strategy to create a specialized cadre of cybersecurity professionals nationwide who are capable of monitoring and protecting a new, emerging architecture known as “critical application resilience.”
The initial training information will be posted on a special Web page hosted by the U.S. Computer Emergency Readiness Team, said John Streufert, director of federal network resilience at DHS. The training will cover the first phase of DHS’ CDM program, including hardware and software asset management, configuration management and vulnerability management.
But Streufert, speaking at the 2014 Cybersecurity Innovation Forum, sponsored by DHS and the National Institute of Standards and Technology, said the department will also be producing 20-minute training videos covering a wide variety of topics and best practices related to CDM for posting on either a government website or YouTube. George Moore, the technical director for DHS’ National Cyber Security Division, will produce the training.
“The basic theory is that we are going to portions of the 50 state governments that do not have robust security programs,” Streufert said. “We’re going to begin to provide them self-help mechanisms so they can begin to work on it themselves.”
The training, however, is only one part of a much larger strategy for the CDM program. According to Streufert, DHS is collecting lessons learned and best practices from the first phase of the CDM contract and assembling “toolkits” that can be used nationwide by state, local, tribal and territorial government agencies. The ultimate goal, he said, is to create a network security architecture that makes the best use of the small number of cybersecurity professionals across federal and state governments, and to facilitate better protection of critical applications, which account for as much as $47 billion of the government’s total IT budget.
Streufert displayed a critical application resilience architecture diagram of dedicated clouds connected by ingress and egress nodes containing diagnostics and mitigation, incident reporting, intrusion detection, and risk scoring. He referred to the potential model for the expansion of CDM as a “bottle cap” vision, in which the bottles represent dedicated agency clouds and the bottle caps represent information-sharing nodes staffed by security experts with advanced CDM capabilities.
“The theory is in the state governments, where one state has 32,000 government employees and only three of their units are well-protected, they would organize in dedicated clouds and put their most capable security professionals watching the ingress and egress points,” Streufert said. “It makes more sense to get the economy of leveraging the most skilled security professionals across the larger base.”
DHS is creating a subunit of the CDM program that will focus on critical application resilience. So far, the department has signed memorandums of agreement with almost all the 124 largest civilian federal organizations, and is now working on establishing security services for those applications.
Other plans currently underway include automating the software patching process across a wider range of civilian agencies, and preparing for a cloud security model where most critical applications are hosted in dedicated clouds.
Future of the DATA Act: Are OMB and the administration on the same page?
(Photo: White House Flickr)The Office of Management and Budget has called for key changes to a piece of milestone transparency legislation, but those close to the issue say the story may be more about how OMB’s take on the bill compares with the administration’s open data policy.
“OMB’s position is in contradiction to the president’s stance on using open data to make government transparent and accountable and undermines landmark legislation that promotes federal spending transparency,” said Daniel Schuman, policy director at Citizens for Responsibility and Ethics in Washington.
The landmark legislation is referring to the Digital Accountability and Transparency Act, which passed the House in November, and focuses on standardizing and publishing federal spending data.
“Federal spending data, if it were standardized and published, has so much potential to create new industries and new jobs,” said Hudson Hollister, executive director of the Data Transparency Coalition. “If OMB’s revisions succeed, then federal spending data will not become that public resource, and the opportunity will be lost.”
OMB’s edits are in response to Sen. Mark Warner’s attempt to pass the bill unanimously in the Senate. What Warner is attempting to pass in the Senate includes an offset, or the total cost of the bill — which requires all members of Congress to sign off on it. However, according to Hollister, the Treasury Department first needs to sign off on it, which is where the holdup started.
The Treasury Department was informed by OMB not to sign off on the bill. OMB then provided edits if Warner wanted approval for unanimous consent, according to Hollister.
“The Obama administration talks a lot about transparency, but these comments reflect a clear attempt to gut the DATA Act,” Warner said in an emailed statement to FedScoop. “DATA reflects years of bipartisan, bicameral work, and to propose substantial, unproductive changes this late in the game is unacceptable.”
Warner is referring to the open data executive order that came out in May 2013, which requires all agencies to make their data both useful and publicly available. The administration’s support of transparency and data-driven innovation have also been championed by U.S. Chief Technology Officer Todd Park and U.S. CIO Steven VanRoekel.
“The administration believes data transparency is a critical element to good government, and we share the goal of advancing transparency and accountability of Federal spending,” Frank Benenati, spokesman at OMB, told FedScoop in an email. “We will continue to work with Congress and other stakeholders to identify the most effective [and] efficient use of taxpayer dollars to accomplish this goal.”
A significant change between the original and the revised bill is the language around governmentwide data standards. The new language directs OMB to “review, and if necessary, revise standards to ensure accuracy and consistency through methods such as establishing linkages between data in agency financial systems and information.” According to Hollister, the qualifier “if necessary” in the new provision doesn’t actually require anyone to do anything.
OMB’s revisions, according to the Data Transparency Coalition, go against recommendations released by the president’s Government Accountability and Transparency Board.
“After OMB’s revisions, the DATA Act no longer compels the government to adopt common identifiers for grants, contracts, grantees, and contractors, which means the infrastructure recommended by President Obama’s GATB will not be built,” the coalition said on its website.
OMB’s markup also does not require agencies to report data to usaspending.gov using encoded data standards, as originally stated in the bill. In addition, agencies will have to report data quarterly instead of every month.
“OMB’s proposed revisions would nullify the bill’s main purpose to standardize and publish government data, contrary to the clear consensus that has brought together both parties, both chambers, and advocacy groups across the political spectrum,” Hollister said in a statement. We cannot support the DATA Act if it becomes a dead letter.”
However, this is not the end of the road for the DATA Act; senators still can negotiate with OMB, and Hollister said it is not too late for the White House to change its position.
Warner is equally focused.
“We look forward to passing the DATA Act, which had near universal support in its House passage and passed unanimously out of its Senate Committee,” Warner told FedScoop. “I will not back down from a bill that holds the government accountable and provides taxpayers the transparency they deserve.”
Scott Maucione contributed to this report.
FedWire: Space stations, civic tech and staying warm
FedWire is FedScoop’s afternoon roundup of news and notes from the federal IT community. Send your links and videos to tips@fedscoop.com.
ISS is broadening economic horizons.
Watch Obama prep for SOTU.
It’s all about power.
Code for America releases 2014 civic tech forecast.
Remember to stay warm during this cold snap, here are some tips.
CFPB is accepting applications for its Academic Research Council.
STEM students will be sitting with the first lady during the State of the Union.
How to digitally preserve the Great Smokey Mountains.
DARPA interviews John Willison.
Column: An investment in STEM is an investment in our future
In this op-ed for Huffington Post, FedScoop CEO and Founder Goldy Kamali discusses why an investment in STEM — science, technology, engineering and math — is an investment in the future of the nation.
Today, President Obama will deliver his fifth State of the Union address, laying out a legislative agenda for the months, and years, ahead. In his previous SOTU speeches, the president has focused on the importance of STEM education, citing the need to impart the next generation with skills necessary to compete and succeed in the modern workforce.
Read the rest of the column on Huffington Post.
White House to allow tech giants to disclose more details on surveillance requests
The Obama administration will for the first time allow Microsoft, Google, Facebook and other technology industry companies to disclose details about the surveillance orders they receive from the government.
“The administration is acting to allow more detailed disclosures about the number of national security orders and requests issued to communications providers, and the number of customer accounts targeted under those orders and requests including the underlying legal authorities,” said Attorney General Eric Holder and Director of National Intelligence James Clapper in a joint statement today. “Through these new reporting methods, communications providers will be permitted to disclose more information than ever before to their customers.”
The change to the long-standing gag order comes on the heels of President Barack Obama’s pledge to reform National Security Agency surveillance programs and to increase transparency.
“Permitting disclosure of this aggregate data resolves an important area of concern to communications providers and the public,” the statement reads. “In the weeks ahead, additional steps must be taken in order to fully implement the reforms directed by the president.”
Although Holder and Clapper maintained in the statement that the data had been properly classified, “the public interest in disclosing this information now outweighs the national security concerns that required its classification.”
Government docs top identity fraud complaints
A recent report by the Congressional Research Service recommends placing more restrictions on the use of Social Security numbers because of a spike in identity theft involving government documents and benefit fraud.
According to the report, dated Jan. 16, of the 369,132 identity theft complaints received by the Federal Trade Commission in 2012, the most prevalent form of identity theft was government documents or benefits fraud. And within those categories, FTC has noted “a particularly large increase” in identity theft related to tax return fraud, involving as many as 43 percent of all complaints received.
One of the strategies recommended to Congress by CRS to combat identify theft involves restricting the use of Social Security numbers. SSNs, as they are called, have become the most prevalent piece of personally identifiable information, and are used on everything from Medicare ID cards to federal grant programs. Congress has already enacted several restrictions on the use of SSNs, including forcing states to remove them from driver’s licenses, motor vehicle registrations and personal identity cards.
As of 2013, an estimated 50 million Medicare ID cards display the recipient’s SSN. And while Congress may consider forcing Medicare to adopt a new identifier, the Government Accountability Office has said such a change would cost between $255 million and $317 million.
Another policy option offered by the CRS report involves granting federal agencies with authority to curb the use of SSNs throughout the private industries that those agencies regulate.
“There are few restrictions on the use of SSNs in the private sector, and therefore the use of SSNs is widespread,” the report states. Restricting the use of SSNs or mandating that private companies use truncated SSNs in their records would help reduce the number of identity theft cases resulting from data breaches, the report states.
Cyber-criminals use personally identifiable information, such as a person’s name, date of birth and SSN, to create fake or counterfeit documents, such as birth certificates, licenses and Social Security cards. The creation of fraudulent documents has also fueled an illegal underground market in fake identities for unauthorized immigrants living in the United States, as well as fake passports for people trying to illegally enter the country, according to the report.
In September 2013, for example, three defendants pleaded guilty for their roles in “a sophisticated scheme to produce and sell high-quality false identification documents throughout the nation … generating profits of more than $3 million over several years.” They operated a company called “Novel Design,” and sold more than 25,000 fraudulent driver’s licenses throughout the nation. They even outsourced some of the manufacturing of the fake documents to entities in Bangladesh and China.
GSA makes changes to conference schedule
For the second year in a row, the General Services Administration has canceled its Training and Expo conference.
Increased fiscal strain on agencies, including reduced travel budgets, led the agency to this decision, according to its website.
“After careful review of projected attendance and continued travel budget reductions, GSA has made the decision to not hold an Expo in 2014,” GSA said on its conference website. “GSA remains committed to addressing the need for training and will identify the most effective way to offer Expo 2015 to deliver better value and savings for our government partners, our vendors and the American people.”
There has also been a change with the GSA SmartPay Training Forum. GSA announced on its website this year the conference will be held virtually. The virtual event will offer the chance for employees to take more than 100 training courses, earn CLP credit and interact with GSA, the contractor banks and other attendees.
Many of these cutbacks come after the Office of Management and Budget tightened the reins on agencies following a scandal involving a 2010 GSA conference in Las Vegas an agency audit found excessive. In 2012, OMB directed agencies to reduce travel spending by 30 percent and put a spending cap of $500,000 on conferences.
This news was first reported by Federal Times.
FedWire: Smarter robots, DARPA space programs, and snow satellite
FedWire is FedScoop’s afternoon roundup of news and notes from the federal IT community. Send your links and videos to tips@fedscoop.com.
DARPA programs create new future for space.
Smarter robots likely in Army’s future.
NASA, JAXA prepare rain and snow satellite for launch.
How to win digital like a Grammy.
IARPA program to enhance adaptive reasoning, problem-solving.
The most accessible, interactive SOTU yet.
Renewed commitment to unleash open data about the Earth:
Leadership, tech transform Walter Reed Medical Center
Lt. William Walders works with his team while in South America.Despite subfreezing, record-breaking January temperatures, the Walter Reed Military Medical Center in Bethesda, Md., is hot with activity — buzzing with employees, veterans, their family members, medical staff and visitors.
The simple faces of the buildings look the same as many other government structures; however, there’s more to this campus than meets the eye: The man who in the last two years has worked with his team to bring the base up to pace on the latest health technology.
Lt. William Walders, chief information officer of the organization, manages a budget of just under $100 million, oversees IT operations for 32 hospitals and clinics and 240 staff, but says his job is to get out his employees’ way and give them the tools they need to get the job done.
A sign outside of the office reads, “Business drives IT,” a credo by which Walders tries to lead.
“In two years, I’ve seen drastic change; this campus has changed in the seven years I’ve been coming back and forth to it,” Walders said. “To be able to deliver world-class health care to our patients is huge.”
The base has lately seen a major transformation. In 2011, the Walter Reed Hospital merged with what was the National Naval Medical Center in Bethesda, Md., and Walders dealt with the tail end of that integration.
One of the first projects he took on in the new role was virtualization, or virtual desktop integration.
Walders said when he first got to Walter Reed Bethesda, no one had shared drives or any way to store data because it was all on their computers. That data was at risk to be erased if it wasn’t copied onto CDs, etc., and there wasn’t personal back-up technology.
The pilot for the VDI project has just been completed and Walders said it is scaling quickly. It has the capacity, he said, to grow to 9,000 devices, roughly three-quarters of the desktops at Walter Reed.
Luis Lopez, Walter Reed’s Information Technology Department chief operations officer, worked closely with Walders on several IT projects, including VDI. However, he says one of the greatest accomplishments to come out of the OCIO is upgrading all computers to Windows 7.
In a six-month deadline that saw a government shutdown and continued furloughs, the team updated 10,000 computers; 14,000 including laptops.
Lopez said the update was a major win for IT customers and senior leadership, and also demonstrated Walders’ unique style as CIO.
“He challenges employees, he understand IT from the ground up — the customer side to the back end,” Lopez said. “He’s going to push us to the next level, and be the first to do it.”
Another win was the successful implementation of Wi-Fi throughout the entire campus. Patients have had Wi-Fi at Walter Reed for much longer, but the military network is now wireless.
“Anything we do, we can now do wirelessly: wireless monitoring of our patients, wireless infusion pumps, for example,” Walders said. “We have teams of people looking for wheelchairs all day. Now, with Wi-Fi, we can just put a tag on the wheelchair and locate them.”
There is a large amount of data in military medicine, and Walders plans to tap into that.
“We’ve been collecting massive amounts of data and now we have petabytes of it down in Alabama,” Walders said. “There’s a rich potential to access [the data] and do some advanced data analytics.”
And that’s where big data comes into play at Walter Reed.
Walders listed many initiatives that leverage big data he’s hoping to bring to reality in 2014. One example is giving employees FitBits, UP bands or other types of health bands to monitor their activity level and report it back to officials.
“One of our main missions on base, besides savings lives, is having a ready and fit fighting force,” Walders said. “With these bands, we can track people’s activity levels and intervene if necessary to make sure everyone is on track.”
It can also be used from an electronic health records standpoint. Big data collection can be used to help track employees’ trips to clinics or counselors, and connect the dots back to absenteeism, for example, or legal services. Walders said it may help management know when it may or may not be time for an intervention with an employee.
Walders said these use case examples could be ready to be deployed “any day.”
With such a large staff and budget at his disposal, Walders has established strategies for picking which technologies to invest in, and most of those decisions come right from his team. In a management style that could be described as hands off, Walders encourages his team to make requests for programs, tools or systems they want. There’s a committee especially for this: to determine what types of technologies should be bought into.
“We have people come in and pitch ideas, and the doctors make educated decisions on something we need,” Walders said. “I’m just the IT guy in the room, making sure we can do it and we’re not overstating it.”
Walders has been in the CIO role since March 2012, about as long as the average lifespan of a CIO in the federal government. However, CIOs in the military serve three-year terms, a measure intended to grow diversity in leadership.
“One challenge we have is finding the right fit of an IT worker,” Walders said. “We seem to have high turnover; one person a day would not be an overstatement. It’s about getting the right fit, and I think [the field is] so saturated with people that it’s a big challenge.”
Regarding the role of the CIO in government, Walders said they should in fact have more authority — if they’ve earned it.
“CIOs do need to be empowered,” Walders said. “But it is important that these CIOs are vetted. If they’re going to be empowered, then they need to be capable.”
2015 privacy forecast: Cloudy with a chance of drones
Predator B drone, operated by U.S. Customs and Border Protection. (Photo: CBP)Drones, or unmanned aerial vehicles, promise to introduce a wealth of new efficiencies and benefits for industry and government. But being able to capture high-definition video and images within a few feet of somebody’s living room window shouldn’t be one of them.
Just ask Sen. Diane Feinstein, D-Calif. The chairman of the Senate Intelligence Committee, who’s been criticized for her staunch defense of the National Security Agency and its controversial telephone surveillance programs, said she knows first-hand how the unregulated application of commercial drone technology can destroy one’s sense of privacy. According to Feinstein, demonstrators once used a drone to peer into the windows of her home.
“I went to the window to peek out and see who was there, and there was a drone right there at the window looking out at me,” Feinstein said, holding her hand up a few inches from her face as she recounted the story at a Jan. 15 hearing of the Senate Committee on Commerce, Science and Transportation. The pilot of the drone was apparently as surprised as Feinstein, because “the drone wheeled around and crashed,” she said.
The drone in question may have been a toy, like those sold in every Wal-Mart store in the country, or it could have been a more sophisticated UAV that have captured the imaginations of hobbyists with their ability to fly at high altitudes, for extended periods of time, and come equipped with camera mounts.
But the type of drone used outside of Feinstein’s home isn’t really the issue. The real issue, as she recalled to the committee, is the rapid proliferation of advanced drone technologies and the complete lack of privacy regulations to protect ordinary Americans from thousands of little flying eyes in the sky.
“What kind of camera was mounted on it? What kind of microphone? Could an enterprising person have fastened a firearm to it?” Feinstein asked. “These are questions that demand answers.”
But answers to such questions and many others are hard to come by, said Chris Calabrese, a legislative counsel at the American Civil Liberties Union. Sen. Edward Markey, D-Mass., asked Calabrese if an ordinary citizen would have any way to know what data a drone might be collecting on them, if a citizen could find out who the operator of a drone was if they suspect a drone was being used to collect data on them, and if there are any federal laws requiring a commercial drone operator to delete photos they might have taken of private citizens. The answer in each case was no.
The Federal Aviation Administration is currently tasked with testing drone safety and devising a plan to integrate them into the national airspace system by the end of 2015. But the agency has no authority and no plans to incorporate privacy regulations into its final commercial licensing requirements.
In an interview with FedScoop, Calabrese said momentum is building at both the federal and state level to deal with the thorny issues surrounding drones and privacy. Although “it’s notoriously difficult to predict what Congress will do,” Calabrese said at least 43 states have introduced privacy legislation dealing with drones and at least nine have enacted restrictions on drone use.
“When you see that kind of activity, that tends to spur congressional action as well,” he said.
Committee chairman Sen. John D. Rockefeller, D-W.Va., said he worries about the privacy implications surrounding drone use in the U.S. because of the “rampant” desire of Americans to want to learn about other Americans, whether celebrities or political opponents.
Calabrese said while constant surveillance is not in the American tradition, there is a danger that if a surveillance infrastructure is allowed to be created around commercial drones, other government organizations will be tempted to take advantage of the capabilities and availability of the data. And the technological possibilities are staggering.
The Defense Advanced Research Projects Agency, for example, has developed a 1.8 gigapixel camera capable of videotaping and auto-tracking every moving object within a 36 square-mile radius. Known as the Autonomous Real-Time Ground Ubiquitous Surveillance Imaging System, the camera is composed of 368 cellphone cameras each with a resolution of 5 megapixels.
The ARGUS video camera can be attached to a high-altitude static blimp “and can videotape an area the size of a medium-sized city,” Calabrese said. “So everyone in that city can be videotaped at one time. You can zoom in and identify particular individuals. I could be tracked by that camera as I stepped out of my door … and as I moved about my day,” he said. “That type of detailed and persistent tracking is very troubling.”
This type of technology, when combined with smaller drones and a commercial surveillance infrastructure raises concerns about the “super-sizing of surveillance by the government,” Calabrese said.
Video: Here’s a look at the world’s highest-resolution camera.