nextgov

Survey: Abuse Of Network Access Privileges Is Rampant

Agencies are more concerned about insiders leaking citizens’ and partner organizations’ information than their own general business information, according to a new survey by the Ponemon Institute.

Meanwhile, the commercial sector cares more about inappropriate disclosures of business data than customer data. Ponemon surveyed 693 industry and government information technology personnel who had high-level access to internal networks.

Overall, 59 percent, the majority of whom worked in industry, said their business information is most at risk without the right protections. Only 49 percent said client information is most in jeopardy.

Among participants employed at state, local and federal agencies, 54 percent said customer information is the most vulnerable type of information they need to protect. Roughly 42 percent of those government personnel indicated their own business information is most susceptible to leaks.

Heartbleed Superbug Found In Utility Monitoring Systems

Software that monitors utility plants and other operations at several military installations has been found to be affected by the recently discovered superbug Heartbleed, when configured a certain way, according to the Homeland Security Department and the software’s manufacturer.

"The latest release of Schneider Electric Wonderware Intelligence Version 1.5 SP1 is not susceptible to the OpenSSL vulnerability. However, users have been known to reinstall Tableau Server, the vulnerable third-party component that is affected. Therefore, Schneider Electric Wonderware has issued a patch and a security bulletin addressing this vulnerability in all versions," states a bulletin from the DHS Cyber Emergency Response Team.

Exploits made by hackers "that target this vulnerability are known to be publicly available" on the Web, DHS said. Heartbleed is a defect in common Web encryption software that researchers discovered in early April.

Agencies Often Don’t Answer Questions They Get Via Social Media, Survey Finds

Agencies only answer 72 percent of the questions citizens ask via social media, according to a new survey. Information services firm JD Power determined that 30 percent of social media contacts with government are to ask a question or resolve a problem.

But agencies respond to only 72 percent of those queries, the survey found. “Obviously there’s a lot of opportunity or room for improvement,” said JD Power’s Greg Truex, who managed the study. “Because they are reaching out with a specific question -- and with social media being a growing channel for citizens to reach out -- 72 percent does seem a bit low.”

Lawmakers Say Favored Nsa Reform Bill Doesn’t Go Far Enough

A group of lawmakers concerned about weaknesses in the most popular surveillance reform bill circulating on Capitol Hill wants to insert an amendment that would bar the National Security Agency from weakening encryption standards or exploiting large-scale Internet security vulnerabilities.

According to a report in the Guardian newspaper, Rep Zoe Lofgren (D-CA), and other House members want to stop the NSA from “utilizing discovered zero-day flaws,” like the Heartbleed flaw made public in April that compromised countless online systems. The proposed amendment, the report claims, would also not allow the NSA “to create them, nor to prolong the threat to the Internet” by failing to warn against vulnerabilities.

NIST: Don’t Make Security an Afterthought

The National Institute of Standards and Technology (NIST), the government's standards-making body, announced guidelines for agency technologists and industry engineers on how to bake security into critical systems.

The steps, currently in draft form, are meant to consummate an approach the Office of Management and Budget has been advocating since 2010, under the first-ever federal Chief Information Officer Vivek Kundra. The 11-step process covers defining system requirements in cooperation with employee users, as well as design, testing, and maintenance and operations -- all the way to technology disposal.

"This is the process to do what Vivek talked about," said Ron Ross, a NIST fellow and co-author of the publication. “We've been talking about it forever," he said. "This provides a disciplined and structured process to show how that security actually does get baked into the process.”

Not Everyone Loves The DATA Act

If President Barack Obama puts his expected signature on the Digital Accountability and Transparency Act, agencies will begin actualizing what has been called everything from “transformative” to a 21st-century tool to “revolutionize federal spending.”

The DATA Act, which requires a standardized format for agency spending reports, has been hailed like a next killer app by lawmakers, transparency advocates and private-sector technology groups.

"Think of the DATA Act as sunshine goes digital,” wrote its chief author, House Oversight and Government Reform Committee Chairman Darrell Issa (R-CA).

"In the digital age, we should be able to search online to see how every grant, contract and disbursement is spent in a more connected and transparent way through the federal government,” said cosponsor Sen Mark Warner (D-VA) said.

“The federal government's antiquated document-based reporting apparatus will be transformed into an efficient flow of standardized, open data,” enthused the DATA Transparency Coalition. “Open spending data will become a public resource for citizens, watchdogs, and the tech industry.”

But deep inside the agencies that form what the coalition calls “the largest, most complex organization in human history,” a sub rosa current of resistance over the past few years has occasionally crept into the open. The Office of Management and Budget, which was slow to embrace the legislation, ended by backing a compromise that preserved some of its authority to work with the Treasury Department to set the data format standards. The agency’s post-passage comments still suggest a concern over new demands on agencies.

IT Reform Should Focus More On Outcomes Than Tactics, Vanroekel Says

With information technology evolving faster than laws governing federal contracting, legislation to reform how government buys and builds IT should focus more on results than on specific methods of achieving them, the federal chief information officer told lawmakers.

We should be thinking about "what kinds of outcomes we’re trying to drive versus what are the tactical ways we’re going to get these,” federal CIO Steven VanRoekel said at a hearing of the Senate Committee on Homeland Security and Governmental Affairs, where panelists discussed the most successful approaches to IT contracting.

“Many of the best practices you see here are really about comprehensive management, and that’s probably the hardest thing to legislate,” he said. VanRoekel issued 2014 guidance for PortfolioStat, an initiative launched in 2012 to help agencies assess how they’re managing their IT portfolios.

The latest memo asks agencies to build on previous efforts to gauge and report key performance indicators, with a new focus on “high impact” investments -- guidance VanRoekel cited as an example of what he’s done to encourage agencies to develop IT projects incrementally.

Latinos Aren't Interested In STEM Fields And That's A Problem For Everyone

While there has been some positive progress in improving interest and aptitude among students in science, technology, engineering and math careers, the number of available jobs in such fields continues to significantly outpace the number of available people qualified for those jobs, according to a new analysis.

The new US News/Raytheon STEM Index, released in April, found that STEM employment in the US has increased by more than 30 percent, from 12.8 million jobs in 2000 to 16.8 million in 2013. And while the number of undergraduate and graduate STEM degrees granted increased during that time, the proportion of STEM in terms of total degrees granted has remained relatively flat, the study found.

“Just using the government’s data, which is quite a conservative estimate, it’s clear that STEM is an important and growing part of the economy,” said Brian Kelly, editor and chief content officer of US News & World Report. “Beyond that, we know that STEM skills may be required in as many as 50 percent of future jobs.”

The research also suggests that there’s little evidence to show that government actions -- including President Obama’s 2009 Educate to Innovate initiative -- have had any significant impact. While certain areas, like the number of STEM degrees granted, STEM employment and the number of STEM-related AP tests have gone up since 2009, areas like SAT scores have remained flat while other key areas have declined, US News and Raytheon found.

How A Small Group Of Entrepreneurs Transformed Government Services

[Commentary] Presidential administrations since Roosevelt have faced varied and vexing challenges, domestic and abroad, that forced them to recognize the need to venture outside their comfortable circles of party loyalists, campaign volunteers and policy advisers to tap into the expertise of those not already working in government.

President Barack Obama started with his own White House, recruiting Internet-savvy entrepreneurs to serve as chief technology officer (me), chief performance officer (Jeff Zients), chief information officer (Vivek Kundra) and director for social innovation (Sonal Shah), among other senior positions. And he directed his Cabinet to do the same.

More than 50 other entrepreneurs would fill senior roles, reporting directly to department and agency heads, and tasked with applying technology and innovation to advance that agency’s mission. The participants brought a wide range of experience.

The entrepreneurs who joined the government brought more than their respective skill sets. Many also brought a different way of working, one with its roots in Silicon Valley and its fertile field of technology startup companies. Eric Ries, an entrepreneur, adviser and author who had moved to that area in 2001, called that philosophy and methodology “lean startup.”

[Chopra served as chief technology officer of the United States and is now founder of Hunch Analytics]

State Needs Smartphones for The World Cup, The Pan Am Games And The 2016 Olympics

The State Department wants Samsung Galaxy S4 smartphones to use at the 2014 Brazil World Cup, the 2015 Pan American Games in Toronto, and the 2016 Rio de Janeiro Summer Olympics, according to contracting documents.

The phones need to have 3G and 4G mobile capabilities. They also need a good map app (to get around foreign cities, presumably) and videoconferencing (to capture and relay the action back home).

“Extensive research was done to find a phone that is compatible with both applications and can be used in both Brazil and Canada,” the solicitation said.

The Galaxy S4 was chosen partly for its antennae, which are compatible with 3G networks in both nations. But anything that’s exactly the same as the Galaxy S4 will do, according to the solicitation, which requests this model “or equal.”