Federal CISO hails improving federal agency log management
Progress made by federal agencies with log management is helping to strengthen cybersecurity collaboration between government departments, according to the federal chief information security officer.
Speaking Thursday at the Zero Trust Summit, hosted by CyberScoop, Chris DeRusha noted that the White House had seen significant advances over agencies’ approach to sharing systems data and urged further progress.
He said: “We need this folks, we need it. Because if we can’t know what’s happening in these networks, we can’t know how the bad guys move around. We can’t know when they’re gone.”
DeRusha added: “I’m excited … I know it’s a hard one. But you know what else it’s doing? It’s helping us with centralization. It’s moving the ball forward because it’s forcing around specific things, specific projects to get all the federated components to be working together towards the common goal of getting them data in one place, so we ourselves together.”
Logging, log retention and log management requirements for federal government agencies were included in section eight of the May 2021 Cybersecurity Executive Order issued by the Biden administration in the wake of the SolarWinds attack.
The guidance, contained within the EO, focused on ensuring centralized access and visibility for the highest-level enterprise security operations center of each federal agency, and was followed by a memorandum instructing agencies to increase the sharing of relevant information.
The White House in that memo included a maturity model for event log management intended to guide agencies’ implementation of its requirements across four event logging (EL) tiers: not effective, basic, intermediate, and advanced.
Speaking at the event, DeRusha said he understood the costs associated with log management, and that over time the White House will continue to fine tune logging requirements for agencies.
White House cybersecurity strategy to force large companies to make systems secure by design
A forthcoming White House cybersecurity strategy document aims to force large companies to shoulder greater responsibility for designing secure products and to redesign digital ecosystems to be more secure, Camille Stewart Gloster, the deputy national cyber director for technology and ecosystem security, said at a CyberScoop event Thursday.
By “shifting the burden back from the smaller players” and toward larger players “that can build in security by design” the strategy aims to deliver broad security gains, Stewart Gloster said. The strategy documents also looks at how to “rearchitect our digital ecosystem” so “that we are creating future resilience,” she said.
According to an early draft of the document obtained by Slate — which White House officials have emphasized is not a final document — the strategy includes a wide range of mandatory regulations on American critical infrastructure companies to improve security and authorizes law enforcement and intelligence agencies to take a more aggressive approach to hack into foreign networks to prevent attacks or retaliate after they have occurred.
The strategy document is expected to broadly abandon the mostly voluntary approach that has defined U.S. policy in recent years in favor of more comprehensive regulation.
The Biden administration has worked to draft the strategy over the past year, an initiative that was spurred by a string of major breaches early in the administration — among them the SolarWinds and Kaseya breaches — that saw attackers exploit vulnerabilities at companies that occupy central positions in the computer security ecosystem.
Breaching these companies allowed attackers access to large numbers of client systems, and by mandating greater security requirements at companies that occupy these systemically important positions, the White House is looking to create security improvements for the large numbers of clients and users that rely on their services.
The recently retired National Cyber Director Chris Inglis served as the primary author of the document, and following his retirement last week, the highly anticipated strategy is expected to be released imminently.
Bureau of Labor Statistics zero trust leader says cataloging datasets key to architecture implementation
Identifying key sensitive datasets that make up the “crown jewels” of each agency is key to federal agencies’ successful implementation of zero-trust architecture, according to a senior technology official at the Bureau of Labor Statistics.
Speaking Thursday at the Zero Trust Summit, hosted by CyberScoop, Zero Trust Architect Robert Holstein said the ability to discriminate between assets is crucial to allow the efficient use of resources.
“It’s being able to inventory and have the visibility and analytics to identify your datasets. What is really the crown jewels?” he said
Holdstein added: “Without the visibility and ability to sort through that [data] and categorize it in a meaningful way, you’re going to spend a lot of money and a lot of time on whether to protect it or not.”
Under the final version of the White House’s zero-trust architecture strategy, which was issued last year, federal agency chief data officers were required within 120 days to develop a set of initial categorizations for sensitive electronic documents within their departments that could be used to automatically monitor and restrict the sharing of sensitive documents.
Managing large sets of data can prove challenging for agencies because of the competing priorities to make government-collected statistics available for researchers and the public, while also protecting information that may have implications for national security.
The Department of Energy, for example, has worked to increase the availability of data to scientists for cutting-edge research while also protecting some of the most sensitive U.S. government information, including that related to nuclear programs.
DOJ official: Data analytics resulting in more efficient health care fraud detection
Data analytics and machine learning tools are driving health care fraud prosecutions led by law enforcement and federal health agencies, according to a senior Department of Justice official.
Jake Foster, acting principal assistant chief within the fraud section of the DOJ’s criminal division, said Wednesday at a Federal CIO Council event that analysis of aggregated data was providing previously unobtainable crucial insights.
While a legal case cannot rely on data alone, Foster said the ability to spot patterns in large datasets is resulting in the more efficient use of prosecutors’ resources by facilitating more targeted initial inquiries.
“These are the type of things that have been going on for years … that the old type of policing would not have caught,” he said. “The way that we do it [now] is through data analysis.”
The DOJ official cited an example of a case prosecuted last March, in which 16 Michigan and Ohio-area defendants, including 12 doctors, were sentenced to prison for a $250 million health care fraud scheme. According to Foster, the DOJ’s investigation progressed after data analysis produced an initial list of physicians who were among the most prolific prescribers of opioids, and a preliminary investigation identified connections between certain subjects.
In that case, patients submitted to expensive, unnecessary and sometimes painful back injections to receive opioid prescriptions. The doctors were compensated for the expensive injections and agreed to work only a few hours a week to “stay under the radar” of the Drug Enforcement Agency, according to the DOJ.
Foster added that the use of data analytics is key to ensuring that federal agencies working to combat health care fraud return the most amount of money to taxpayers.
VA official warns electronic health record research functionality issue may affect other medical centers
A Department of Veterans Affairs official said on Tuesday that it’s possible there will be additional delays in the rollout of its Oracle Cerner electronic health record platform due to concerns over how it interacts with medical research systems.
The VA last week announced a further delay of the EHR rollout within the Ann Arbor Healthcare System until late 2023 or early 2024 due to concerns about how well the health record system would interact with the Ann Arbor hospital’s vital medical research mission.
During a media roundtable, VA Under Secretary for Health Dr. Shereef Elnahal told FedScoop that if the medical research issues with the EHR are not fixed, similar concerns could arise at other other VA hospitals.
“So there are many VA medical centers that are heavy with clinical research because of their academic affiliations,” Dr. Elnahal said. “And so those centers will need this research functionality. It’s not just an issue with the Ann Arbor Hospital.” Dr. Shereef Elnahal, VA Under Secretary for Health
He added the full EHR deployment schedule was still being deliberated within the VA.
When asked about the current state of cybersecurity and veteran health data security within the VA, Dr. Elnahal told FedScoop that the VA’s Office of Information Technology has a special team focused on such issues led by Chief Information Officer Kurt Delbene.
“He has a team focused on this and our agency is regularly engaged with interagency discussions after major cybersecurity incidents. And we are always trying to be proactive in limiting that risk,” said Dr. Elnahal.
He highlighted that the VA’s use of two different EHR systems has created additional difficulties and complexities to security within the agency. Most VA hospitals currently still run on the Veterans Health Information Systems and Technology Architecture (VistA) while the VA has rolled out the new Oracle Cerner EHR to five VA hospitals in the past two years with more rollouts expected later this year.
“Right now, as you know, we’re dealing with two different EHRs currently in place in our system. And so we have to contend with those risks, instance by instance, and make sure that the entire network is secure,” Dr. Elnahal said.
The Oracle Cerner EHR has faced grave performance issues since it was rolled out to five locations in October 2020, with repeated outages that, according to agency’s watchdog, have resulted in serious harm to veterans.
The implementation of VA’s new EHR system is expected to be delayed from its original estimates by at least one to two years while the cost has ballooned to be tens of billions more than originally estimated.
GSA failed to monitor PIV access card data effectively says watchdog
The General Services Administration could do a better job of monitoring data from personal identity verification access card reader systems at the facilities it manages on behalf of the federal government, the agency’s inspector general found in an audit.
Over the course of a two-year period that ended in February 2022, there were 32,179 failed attempts to access GSA-managed facilities through physical access control systems, the IG found in its audit, the results of which were published Tuesday. But based on its investigation, the inspector general found GSA was lax about using that data to inform how it identified, assessed and managed physical risks to those buildings, as recommended by federal guidance.
It’s not uncommon for PIV cardholders to be denied entry to a physical building, particularly if their card is expired or disabled. Cardholders are often also denied entry after attempting to access an area they don’t have permission to visit or when trying to visit outside of permitted hours.
But upon extrapolating the data, some startling trends appeared: One building had 4,164 failed access attempts over the two years whereas the average during that time was 244; and one cardholder had 1,963 failed access attempts compared to an average of two for nearly all others.
“These failed access attempts may have potential security implications,” the IG wrote in its report. Eight of the top 10 buildings with the most failed access attempts contain child-care facilities or security-sensitive agencies, such as the Federal Bureau of Investigation, U.S. Social Security Administration, and U.S. Department of Homeland Security. The safety and security of the tenants and children in these buildings are a major concern.”
Based on that, the IG reached out to GSA leadership — which admitted to not reviewing the data — and a sample of federal facilities managers to investigate how often they received data or trends about those failed access attempts. According to the watchdog, of the 15 managers contacted, eight did not receive data regularly, and the rest were only sent data about the previous day.
“The building managers do not receive any kind of trend analysis of the access card data, which could be used to identify suspicious access attempts,” the report explains. “Access card data can be filtered to show records by building, door, region, date, individual, or event type. With this capability, it is possible to highlight higher-risk scenarios and show trends, such as an unauthorized cardholder repeatedly attempting to gain access to secured areas or an unauthorized cardholder who is repeatedly attempting to gain access to a facility outside of regular operating hours.”
GSA agreed to all of the IG’s recommendations to take action to improve its use of physical access control system data. It did, however, note that the rejection rate was expected to be higher during this period because of the COVID-19 pandemic when many PIV cards expired and credentialing stations were closed. But, in the case of individuals or buildings with a high number of failed attempts, GSA said it agreed with the IG to better monitor access card data to identify trends that may need follow-up.
Tuesday’s report comes after the GSA IG in November 2020 issued similarly critical results of an audit that found the agency was unable to account for about 15,000 PIV cards issued to contract employees and failed to recover 445 such cards from those who failed background checks.
Booz Allen invests in drone detection company working with Federal Aviation Administration
The corporate venture capital arm of federal contracting giant Booz Allen Hamilton has made a strategic investment in drone sensing company Hidden Level.
According to Booz Allen, the capital infusion will help accelerate the adoption of emerging unmanned aerial system (UAS) detection technologies and operational concepts among its global defense clients.
Hidden Level uses next-generation radio frequency sensing technology to help detect potential threats from drones and to support counter-UAS missions. The company has worked with the Federal Aviation Administration as part of its Airport Unmanned Aircraft Systems Detection and Mitigation Research Program, which was launched in the summer of 2020.
It is the first investment to be made during the 2023 calendar year by Booz Allen’s $100 million venture capital arm, which was launched in July to support the company’s velocity, leadership and technology growth strategy. Booz Allen Corporate Ventures has previously invested in companies including Latent AI, Synthetic and Reveal Technology.
“The investment from Booz Allen Ventures is a natural extension of our deep technology work, paired with Booz Allen’s mission expertise,” Hidden Level CEO and Co-Founder Jeff Cole said. “Booz Allen understands the technology needed to support warfighters, and Hidden Level will play an important role in both tactically and strategically supporting DOD through dual-use technology to achieve decision superiority.”
Booz Allen Ventures operates as a standalone unit and invests funds on behalf of the federal contracting giant in startups innovating across the areas of defense, artificial intelligence/machine learning, cybersecurity and deep technology.
Details of the size and terms of the investment were not immediately available.
Federal Trade Commission launches an Office of Technology
The Federal Trade Commission has launched a new Office of Technology, which the agency says will help it keep pace with technological challenges in the digital marketplace.
The department said in a statement the new office will have a team of dedicated staff, which will double the number of technologists working at the agency, and will be led by FTC Chief Technology Officer Stephanie Nguyen.
Its core mission will focus on three key areas: strengthening and supporting law enforcement investigations, advising commission staff on policy and research initiatives, and highlighting market trends.
The office’s new mandate will include helping the FTC to develop new investigative techniques and engaging external stakeholders.
“For more than a century, the FTC has worked to keep pace with new markets and ever-changing technologies by building internal expertise,” FTC Chair Lina Khan said. “Our office of technology is a natural next step in ensuring we have the in-house skills needed to fully grasp evolving technologies and market trends as we continue to tackle unlawful business practices and protect Americans.”
Details of the new office come as the FTC pursues a range of high-profile enforcement initiatives including those against major technology companies and entities that force workers to sign broad non-compete contracts.
They also follow a letter published in the Wall Street Journal last week by the FTC’s remaining Republican Commissioner Christine Wilson, in which she announced her intention to resign because of concerns that the agency is exceeding its legal authority.
Stephanie Nguyen was formally appointed as chief technology officer of the FTC in October, a role she had performed for one year on an acting basis. Previously she worked at the U.S. Digital Service and was a research scientist at the Massachusetts Institute of Technology.
The FTC Commission voted 4-0 to approve the creation of the Office of Technology.
FBI says cyber incident at New York Field Office ‘contained’
The Federal Bureau of Investigation says it has contained a cyber incident at the agency’s New York Field Office that reportedly affected a computer network used in child sexual exploitation investigations.
In a statement to FedScoop the agency said it is aware of the incident and is working to gain additional information.
The agency added: “This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time.”
CNN first reported details of the cyber incident, which is understood to have primarily affected the agency’s New York Field Office.
Two sources briefed on the matter told the news organization that the incident involved an FBI computer system used in investigations of images of child sexual exploitation.
The FBI has been compromised in by other cyber incidents in the past couple of years, including a November 2021 cyberattack on its Law Enforcement Enterprise Portal which resulted in fake cyber alert emails being sent on the agency’s behalf.
The FBI said at the time that it took action to remediate the software vulnerability, warned partners to disregard the fake emails and confirmed the integrity of its networks. However, the bureau has yet to publicly name a suspect for that attack.
Speaking with FedScoop, Global Head of Professional Services at BlueVoyant and former FBI Crimes Against Children Coordinator in New York Austin Berglas said it was unlikely the incident would result in the disclosure of classified information.
He said: “The most likely scenario is dirty evidence with a virus from a child pornographer evaded the FBI’s malware detection tools and was uploaded to the forensic network of the FBI in New York.”
Berglas added: “But most importantly, if protocol was being followed then no classified or top secret info was effected by this apparent attack because there’s a strict procedures in place. The classified and top secret information is not connected to the forensic computer network that was affected by the incident.”
Editor’s note, 2/17/22: This story was updated to include comment from Austin Berglas.
$41M in TMF funding awarded to three federal cybersecurity projects
The Technology Modernization Fund has awarded a total of $41 million to support cybersecurity projects at three federal agencies.
The General Services Administration, which houses the TMF program office, announced Friday it awarded $23.3 million to the Social Security Administration to accelerate the implementation of multi-factor authentication.
The TMF team also awarded the Treasury $11.1 million to improve the reliability and security of its Treasury Foreign Intelligence Network system — a critical U.S. government system used to share classified information with other agencies and bureaus — as well as $6.2 million to the U.S. Agency for Global Media to speed the adoption of a zero-trust architecture.
It is the latest funding round to come from the GSA-managed fund since it announced a pair of investments focused on improving customer experience at U.S. Agency for International Development and the Railroad Retirement Board.
Prior investments include $1.8 million provided to the U.S. AbilityOne Commission to update a procurement management system, and a combined $20.8 million awarded in October to the Office of Personnel Management, the Department of Housing and Urban Development and the Army.
“Cybersecurity is the great enabler of IT modernization,” TMF Board Chair and Federal CIO Clare Martorana said in a statement. “When we help agencies launch technology that is secure by design, they’re able to drive transformation across products and services to improve the digital experience and maximize investments.”
TMF Executive Director Raylene Yung said: “With these new cybersecurity investments, TMF funding will increase the security of some of the nation’s most critical systems and sensitive data.”
Correction, 2/21/22: This article was updated to clarify details of the TMF’s latest investment projects.