Cybersecurity is a severe and growing challenge for
Washington is responding to the cyber threats against federal contractors
by issuing laws, regulations, and standards that require contractors to take
broad security measures to safeguard data. In September, the DoD is scheduled
to issue a new rule that requires defense contractors to report cybersecurity
breaches and give the Pentagon access to their networks to investigate attacks.
Intelligence community contractors are bracing for a similar new rule in late
2014 or early 2015.
Information security spending to reach $71 billion in 2014
Worldwide spending on information security will reach $71.1 billion in
2014, an increase of nearly 8 percent over 2013, with the data loss prevention
segment showing the fastest growth at 19 percent, according to the latest
forecast from Gartner Inc. Total information security spending will grow a
further 8 percent in 2015 to reach $76.9 billion, helped by the increasing
adoption of mobile technology, cloud services, social media and information in
Retailers warned to act now to protect against Backoff
The Payment Card Industry Security Standards Council has issued a bulletin
urging retailers to immediately review their security controls to ensure
point-of-sale systems are protected against "Backoff," a malware tool
that was used in the massive data theft at retailer Target last year. The
bulletin instructed all covered entities to update their antivirus suites and
to change default and staff passwords controlling access to key payment systems
and applications. The council also urged merchants to inspect system logs for
strange or unexplained activity, especially those involving transfers of large
data sets to unknown locations.
FBI investigating reports of attacks on US banks
The FBI said Aug. 27 it's working with the Secret Service to determine the
scope of recently reported cyberattacks against several U.S. financial
institutions. News sources report the FBI is investigating an incident in which
Russian hackers attacked the U.S financial system this month in possible
retaliation against U.S. government-sponsored sanctions aimed at Russia, with
security experts saying that the attack appeared "far beyond the
capability of ordinary criminal hackers." The coordinated attacks, which
reportedly affected JPMorgan Chase and at least four other firms, are said to
have siphoned off huge amounts of data, including checking and savings account
Questions about Community Health Systems cyber attacks
Cyber attacks on Community Health Systems Inc. in April and June copied and
transferred the data of 4.5 million patients. Among the 206 hospitals the
company owns or leases in 29 states are several in Pennsylvania. The
Times Leader of Wilkes-Barr, Pa. asked a couple of computer experts to explain
how this could happen and ways to provide more security to personal data.
6 charts that show why utilities, businesses are concerned
The Ponemon Institute and Unisys have decided to figure out what the
operators of critical infrastructure actually think of their own cyber safety,
by surveying nearly 600 IT security executives of utility, energy and
manufacturing organizations. They found organizations are simply not
prepared to deal with advanced cyber threats, with only half of the companies
having deployed IT security programs, and the top threat actually stems
from negligent insiders.
Can your home be hacked? Possibly.
A Kaspersky Lab security researcher looked at the networked devices in his
home and found that hackers could actually break in, even though he doesn't
really have a lot of high-tech equipment. In fact, you don't need fancy
gadgets or high-tech equipment to have a networked home, as a typical home has
around five devices connected to the local network which aren't computers,
tablets or cellphones.
Major cyber attack hits Norwegian oil industry
The Register (UK)
More than 50 Norwegian oil and energy companies have been hacked by unknown
attackers, according to government security authorities. A further 250 firms
have been advised by the Norwegian government that they ought to check their
networks and systems for evidence of a breach.
Behind the huge cyberattack campaign against Latin American
For the past four years, a secret cyber-attack campaign, possibly
state-sponsored, has been directed at several Latin American intelligence
services, military, embassies and other government institutions. Kaspersky Lab,
which claims to have unearthed the campaign, has given it a name: El
Machete. According to Kaspersky, the attacks started in 2010, and its
Spanish-speaking roots are revealed in the source code of the attackers as well
as the nature of the attacked.
China to debut its own OS amid cybersecurity concerns
China’s domestically developed operating system could be ready by October,
according to the government-run Xinhua news agency. Looking to compete
with Google, Apple and Microsoft, the OS will first debut on desktop devices
and eventually be implemented on mobile devices such as smartphones and
tablets. Chinese officials hope the software will be able to replace current
desktop systems in one to two years and mobile systems in three to five years.
Syrian cyber-attacks expose activists, firms to malware
Groups of attackers have targeted activists on both sides of the Syrian
civil war with a new malware campaign that, while not particularly
sophisticated, has grown to compromise more than 10,000 systems, according to
researchers from Kaspersky Labs, which analyzed more than 100 files used by
Breach of Homeland Security background checks raises red
Background check records of 25,000 undercover investigators and other
homeland security staff were exposed in the breach at US Investigations
Services (USIS) this month. What agency officials have said about the
incident--and what they haven't said about it--are raising questions about the
breach's ultimate impact and about inadequate measures for ensuring that
third-party government contractors properly secure classified data.
DHS Science and Technology seeks help to find its ‘North
Federal News Radio
The Homeland Security Department is crowdsourcing its next set of research
areas, launching a new effort on ideascale asking federal, state, local,
private sector, academia and anyone else interested in the homeland security
mission to offer ideas, suggestions or vote on what others have
suggested. The proposed visionary goals include "A Trusted Cyber
Future" to protect privacy, commerce, and community against cyber attacks.
DHS official: Create a governmentwide seal of approval for
Federal agency personnel are often expected to use commercial apps, along
with homegrown tools, to get their work done. But there's no way to make
popular apps available governmentwide because each agency has different
security requirements. Federal agencies should repurpose the certification
route for vetting commercial cloud computing services to also screen popular
mobile apps before employees download them, a top Department of Homeland
Security official says.
Defining 'reasonable' software security
C4ISR & Networks (blog)
With wearable computing, the Internet of Things and vehicles as a computing
platform the amount of software we interact with regularly is only going to
grow. Now an FTC settlement with a company that produces and sells a product
with software in it has implications that extend to every single devices/system
that uses software. For the defense industry and military that uses a
significant amount of COTS (commercial off the shelf software), this FTC
decision has to influence the acquisition practices for any product that
How cloud is changing the spy game
The Intelligence Community, whose agencies have earned a reputation for a
stovepiped, proprietary approach to information, is moving away from an
agency-centric IT model to a shared-services model based on cloud computing.
After years of foot-dragging, the IC is finally embracing the benefits of the
cloud’s on-demand network access to a pool of configurable computing resources
and common services.
NGA's map to put a world of geospatial intell in one place
By 2018, the National Geospatial-Intelligence Agency envisions a seamless,
dynamic Map of the World (MoW) that enables users across the Intelligence
Community to visualize and access integrated intelligence content fixed to
accurate and authoritative geographic features on Earth. The NGA
2018 Future State Vision calls for a MoW that displays “not only NGA-generated
data” but also data generated by the Defense Department, the IC and America’s
Beyond BYOD: Who oversees the apps?
As the government continues to embrace mobility, including
bring-your-own-device (BYOD), the workforce is already starting to demand more.
Now bring your own application, or BYOA, is making its way into the federal
government, and people are starting to think about how the applications they
rely on to be productive in their everyday lives could be applied to their
jobs. This, however, does present additional security concerns for the
RFP officially begins DoD effort to modernize electronic health
Federal News Radio
What may be one of the most highly watched and sought after procurements in
recent memory has begun with a Defense Department request for proposals to
modernize its electronic health record system, replacing the military's
existing AHLTA system. The potentially $11 billion effort is intended to
both modernize DoD's system and interoperate more easily with VA's Veterans
Health Information Systems and Technology Architecture (VistA) system.
DoD kicks off $11B health IT competition
The Pentagon is now taking bids on an estimated $11 billion program to
modernize the management of its health records. Industry responses are due Oct.
9 for the single-award, indefinite-delivery indefinite-quantity (IDIQ)
contract. As part of the effort, DoD intends for the new EHR system to share
data with other systems in the private sector and at Veterans Affairs
Department facilities. The contract is to be awarded in the third quarter of FY
Pentagon satellite maker ignoring ‘thousands’ of major cyber
The Commerce Department inspector general is blasting a federal
climate-satellite program and its supporting contractor, Raytheon, for ignoring
tens of thousands of major cyber vulnerabilities. According to the IG, the
system’s critical vulnerabilities have spiked by more than 60 percent since
2012, increasing from 14,486 security holes to 23,868 holes.
DISA to undergo cyber-focused restructure
C4ISR & Networks
Defense Department officials are considering a reorganization at Fort Meade
that could restructure the Defense Information Systems Agency and other
cybersecurity-focused military offices in a bid to better defend DoD networks.
The goal is to create a more comprehensive defense strategy and to secure the
DoD information network (DoDIN). The move would give greater oversight,
visibility and authority to DISA, and would create a new joint force
headquarters dedicated to DoD network defenses.
DISA to restructure with eye toward more agility, Cyber
Federal News Radio
Defense Information Systems Agency leaders are preparing for a significant
restructuring that they hope will make the IT agency more agile and more able
to cope with its increasing responsibilities in a time of declining budgets,
and more connected to its Defense IT counterparts at U.S. Cyber Command.
DISA director Lt. Gen. Ronnie Hawkins said the restructuring would make DISA
more responsive to rapid changes in technology and to its mission
Mobility becomes central to DISA's strategy
C4ISR & Networks
As the Defense Information Systems Agency rolls out shared-service
offerings under its unified capabilities (UC) effort, officials say they want
to integrate mobility into applications rather than focus separately on smart
phones and devices. This strategy, along with DISA's mobile device management
(MDM) solution contract potentially coming up for re-bid in the coming months,
has officials looking closely at where mobility fits in with everything else in
DISA looks to intelligence community for cloud tips
C4ISR & Networks
DISA is in the midst of implementing cloud pilot programs that are helping agency
officials determine the best strategies and approaches, and is helping lead
DoD's transition to the Joint Information Environment (JIE). The DISA and DoD
activities are taking place as the intelligence community moves forward with
its own centralized IT effort in information-sharing known as the IC
Information Technology Environment, or ICITE, and officials on both sides are
consulting each other along the way.
Army turning Signal Center of Excellence into Cyber CoE
C4ISR & Networks
MG LaWarren Patterson is the Army’s Chief of Signal, and commanding general
of the Signal Center of Excellence and Fort Gordon in Georgia. Last December,
the Army chose Fort Gordon as the new headquarters for Army Cyber Command
(ARCYBER). In this interview, Patterson discusses the new cyber center of
excellence and other subjects like simplification of the tactical network.
New Navy shipboard net key to information dominance
The Navy’s $2.5 billion shipboard-network contract awarded Aug. 20 is
critical to the service’s push for information dominance in future wars,
according to Navy officials. The Consolidated Afloat Networks and
Enterprise Services (CANES) program will automate shipboard cyber systems and
could ultimately connect shipboard systems to information stored in the cloud.
DoD plans 5 cloud pilot projects
C4ISR & Networks
The Defense Department will soon move some of its data into the cloud as
part of a series of five pilot projects that defense officials hope will help
them improve on their use of cloud services in the military. Beyond reducing
costs and becoming more efficient, DoD leaders are looking to use the pilots as
means to reevaluate how they approve vendors providing secure cloud services to
the military. Officials also hope the pilot programs will clarify defense
operations in the cloud.
The geospatial approach to cybersecurity
Gov Loop (blog)
As our world has become more connected, the importance of tying location to
cybersecurity efforts has become even greater. With agencies creating more data
than ever, and moving more and more services to the web, taking a proactive
approach to cybersecurity is mission critical. With a geographic
information system (GIS), organizations can leverage location data in ways to better
anticipate, detect, respond and recover from cyberattacks.
Cards emerge as key player in authentication
C4ISR & Networks
Central to the debate over how to better secure federal networks is the use
of passwords, often cited as the weakest link in the chain. Most experts agree
it is time to move to tighter security, but questions surround what the best
option is and how to implement changes at the enterprise level. Much of the
latest focus is on further development of personal identity verification, or
PIV, cards. PIV cards aren’t new to federal agencies, but their emergence as a
prime candidate in implementing multifactor authentication is heightening
emphasis on greater use.
Biometric authentication moves beyond science fiction
Security Info Watch
Computer systems typically use knowledge-based identification systems
requiring a password or personal identification number (PIN). However, human
nature being what it is, passwords and PINs can sometimes be guessed, stolen
or, with the proper software tools, easily determined. Biometric identification
methods involve analyzing physiological and/or behavioral characteristics of
the body, both classes of which would be presumably unique to an individual
Official says hackers hit up to 25,000 Homeland Security employees
Nuke regulator hacked by suspected foreign powers
The Washington Post
The internal records of as many as 25,000 Homeland Security Department employees were exposed during a recent computer break-in at a federal contractor that handles security clearances, an agency official said August 22. The official, who spoke on the condition of anonymity to discuss details of an incident that is under active federal criminal investigation, said the number of victims could be greater. The department was informing employees whose files were exposed in the hacking against contractor USIS and warning them to monitor their financial accounts.
IT security contributes to record volume of tech M&A deals
Technology mergers and acquisitions (M&A) soared by 57% year-over-year in the second quarter of 2014 and IT security has played an important role in this trend, according to Ernst & Young. The April-June 2014 issue of the company's global technology M&A update shows that cloud/SaaS, financial services, security and big data analytics deals have all contributed to a record-setting volume of global technology M&A transactions.
U.S. finds ‘Backoff’ hacker tool is widespread
The New York Times
More than 1,000 American businesses have been affected by the cyberattack that hit the in-store cash register systems at Target, Supervalu and most recently UPS Stores, the Department of Homeland Security said in an advisory released Aug. 22. The attacks were much more pervasive than previously reported, the advisory said, and hackers were pilfering the data of millions of payment cards from American consumers without companies knowing about it. The breadth of the breaches, once considered limited to a handful of businesses, underscored the vulnerability of payment systems widely used by retail stores across the country.
Heartbleed not only reason for Health Systems breach
A security researcher has announced that the notorious OpenSSL bug, Heartbleed, was the initial point of entry for the attack on Community Health Systems (CHS) that netted 4.5 million identity records. But other researchers point out that Heartbleed is only the beginning of the problem, saying Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation.
Secret Service estimates type of malware that led to Target breach is affecting over 1,000 U.S. businesses
The Washington Post
The type of point of sale (PoS) malware that resulted in massive credit card breaches from Target and other retailers over the past year is more widespread than previously reported, an advisory from the Department of Homeland Security and the Secret Service revealed Aug. 22. Moreover, the malware, the agencies reported, has "likely infected many victims who are unaware that they have been compromised." The Secret Service estimated that more than 1,000 businesses in the United States have been affected by one type of PoS malware, dubbed "Backoff."
Universities fail to get to grips with cyber security
New research by security ratings company BitSight shows that Ivy League schools, for example, see a 48 percent increase in the number of malware infections during the academic year from September to May.In order to assess the security performance of American higher education institutions the research focuses on major collegiate athletic conferences and finds that the security ratings for these conferences are considerably below those of retail and healthcare organizations.
CDM enters stage two: Critical applications
The federal government is transitioning to a phase of continuous diagnostics and mitigation that tackles a layer of vulnerabilities inherent in software code and other add-ons to networks. That was the forward-looking message of an Aug. 20 speech by John Streufert, the Department of Homeland Security's director of federal network resilience. DHS is trying to usher in a new era of CDM through a program called Critical Application Resilience, which Streufert described recently as taking "the controls that are protected in the dot-gov networks and [applying] them to the custom software of civilian government."
US agencies to release cyberthreat info faster to healthcare industry
U.S government agencies will work to release cyberthreat information faster to the healthcare industry after a massive breach at hospital operator Community Health Systems, representatives of two agencies said.
FBI warns healthcare firms they are targeted by hackers
The FBI has warned that healthcare industry companies are being targeted by hackers, publicizing the issue following an attack on U.S. hospital group Community Health Systems Inc that resulted in the theft of millions of patient records. The FBI has been concerned about healthcare providers for several months. In April, it warned the industry that its systems were lax compared with other sectors, making it vulnerable to hackers looking to access bank accounts or obtain prescriptions.
Healthcare industry, feds talk information sharing
When Community Health Systems admitted it had been breached in April and June in a filing with the Securities Exchange Commission (SEC), it shined a spotlight on cybersecurity in the healthcare industry.Inside the industry the focus has been on getting information about the incident that could be used to prevent any similar attacks. Both the FBI and DHS, while noting they have a difficult time sharing classified information about cyber attacks, say they are constantly looking for ways to refine the procedures for interacting with the private sector.
DHS cybersecurity program finds few takers
Last year, President Obama directed the U.S. Department of Homeland Security to open a program for sharing classified and unclassified cybersecurity information to 16 “critical infrastructure” sectors, including state and local governments. But word of the information-sharing initiative doesn't seem to be reaching state security officials. Three state chief information security officers (CISOs) were contacted by Government Technology and none of them were familiar with the DHS Enhanced Cybersecurity Services program.
DoD revisiting security guidelines for commercial cloud
Federal News Radio
DISA is undertaking a top-to-bottom review of the cybersecurity rules that guide its decisions about whether individual commercial cloud computing systems are safe enough for Defense data. DISA officials have concluded that the current process perhaps is too stringent and definitely is too slow. The "scrub" is a reexamination of a set of cloud security review criteria the agency first put in place last December as part of its role as DoD's exclusive broker for buying commercial cloud solutions. The review system uses the controls within the Federal Risk Authorization Management Program (FedRAMP) as a baseline, but then layers on a host of DoD-specific constraints.
Is DOD’s bar too high for cloud security?
Breaking into the federal cloud computing market can be tough, especially for companies looking to do business with the Department of Defense. That’s in part because DOD’s security standards for industry exceed the government’s own Federal Risk and Authorization Management Program (FedRAMP) baseline requirements. In light of this, DISA is examining whether the Pentagon’s security standards are too cumbersome for industry and should be revised.
DISA launches 5 cloud tests, warns on industry consolidation
DISA, which this fiscal year will buy over $8 billion in cyber and IT products and services for the rest of the Defense Department, is looking for every opportunity to save in 2015 and beyond. That includes relentlessly competing contracts wherever possible, rather than using single-source contracts that are currently all too common. It also includes systematically consolidating contracts where multiple firms are currently providing a similar product or service, where multiple military organizations are independently buying similar things, or where individual bases and commands have one-off arrangements that could be consolidated into a wider regional contract. DISA is also consolidating internally.
DISA's Bennett preaches COTS and consolidation
David Bennett, CIO of the Defense Information Systems Agency, has the job of moving DoD customers to enterprise wide services, including the dot-mil email system that currently supports 1.6 million users on an unclassified network and DISA is also leading the effort to supply cloud services. Bennett is on a mission to "shut down all these local mom and pop solutions that are popping up everywhere." Moving to enterprise solutions not only saves money on software, but allows individual business units to allocate IT support staff to other functions.
DISA looks to new era in network services
C4ISR & Networks
The Defense Information Systems Agency is on the verge of transforming the ways it offers a range of network services to its national security customers, especially when it comes to communications. Whether it’s voice, video, messaging or the networks those capabilities ride on, DISA is working to provide information superiority to the Department of Defense, the White House, federal agencies and other users scattered across the globe.
CANES experiments with cloud computing at sea
U.S. Navy officials have revealed that the Consolidated Afloat Networks and Enterprise Services (CANES) program office and the Office of Naval Research are experimenting with cloud computing to help reduce hardware on ships.
DISA weighs contract consolidation as sequester solution
The Defense Information Systems Agency is considering consolidating contracts as means to increase efficiencies and save money, particularly with the possibility of another round of sequestration bearing down on them for fiscal 2016. The agency is also preparing to reorganize under broader DoD cybersecurity plans.
CANES contract opens new phase for the program
C4ISR & Networks
With the award of a $2.5 billion contract to build and deliver the Navy’s Consolidated Afloat Networks and Enterprise Services (CANES)—its next-generation tactical afloat network—the program moves onto an eight-year path to full operational capability. CANES is a critical element in the Navy's overall IT modernization strategy, and is scheduled to be deployed to 180 ships, submarines and Maritime Operations Centers by 2022.
Identity and access management (IAM) will greatly impact future connected car sales
It will be important in the future to solve problems related to the connected car industry, such as the slow pace of automotive development, the lack of Internet availability on many stretches of roadways and ensuring the security of connected car applications. Identity management is another key issue when it comes to connected cars, both for connected car manufacturers and for owners. There are many facets to identity management, and there are no universal standards or agreed upon best practices among car manufacturers or the connected car industry for collecting, storing and managing connected car owner data, or for managing a connected car owner's "Identity."
Nuclear Regulatory Commission computers within the past three years were successfully hacked by foreigners twice and also by an unidentifiable individual, according to an internal investigation. One incident involved emails sent to about 215 NRC employees in "a logon-credential harvesting attempt," according to an inspector general report. A dozen NRC personnel took the bait and clicked the link.
Nuclear Regulatory Commission hacked three times in three years
Network World (opinion)
NRC was hacked three times in three years, with at least two of those attacks traced back to foreigners who used Google Spreadsheet to harvest credentials and malware hosted in Microsoft's One Drive.
Chinese national indicted over Boeing, Lockheed Martin hack
A Chinese national is facing prison time after a federal grand jury indicted him on five felony charges related to a computer hacking ruse that targeted defense contractors Boeing and Lockheed Martin.The accused operated an aviation tech firm Lode-Tech with offices in Canada. He allegedly worked with two unnamed Chinese to hack into the U.S. companies and steal trade secrets.
Why would Chinese hackers want US hospital patient data?
The theft of personal data on 4.5 million patients of Community Health Systems by hackers in China highlights the increasing degree to which hospitals are becoming lucrative targets for information theft. Already this year, around 150 incidents of lost or stolen personal data -- either due to hacking or ineptitude -- have been reported by medical establishments to the U.S. Department of Health and Human Services. In the case of Community Health Systems, hackers stole patient information but not medical data, which can be the real prize in such breaches.
Identifying and mitigating healthcare IT security risks
Health IT Security
Being proactive in healthcare IT security means picking out risks before incidents occur, not after the fact. But the challenge is that potential risks are spread across a variety of areas within a healthcare organization. Blair Smith, Ph.D. Dean, Informatics-Management-Technology (IMT) at American Sentinel University, discusses security considerations for healthcare organizations.
Healthcare organizations still too lax on security
The data breach at Community Health Systems that exposed the names, Social Security numbers and other personal details on more than 4.5 million people is a symptom of the chronic lack of attention to patient data security and privacy within the healthcare industry. For more than 10 years, the Health Information Portability and Accountability Act (HIPAA) has required all entities handling healthcare data to implement controls for protecting the data, yet many organizations pay little more than glancing attention to the rules because of the relatively lax enforcement of the standards.
Researchers say 2018 wearables market will be 14x 2013′s
Wearable Tech Insider
CCS Insight reports the wearables market in 2018 will be 135 million units, up from 9.7 million units last year. The industry, they say, will be dominated by wristware: 87 percent of the devices shipped that year will be worn on the wrist.
Even rivals are waiting for Apple to get into wearables
In a research report issued to his clients, Jan Dawson, chief analyst at Jackdaw Research, argued that the market for smartwatches as they now exist is tiny and demand is weak. But he said two major things could catalyze demand in this market: a player overcoming the significant technological challenges associated with the current smartwatch model, or a player which breaks the model and reinvents the category.Dawson named Apple as one company, but not the only one, that could do either, or both.
The ISIS cyber threat-a great unknown
C4ISR & Networks
ISIS has clearly demonstrated their ability to achieve their objectives in the physical world, but what about cyber? The cyber capabilities of ISIS are not really well understood due to lack of actual attacks that have been traced back to ISIS, but there is at least one interesting indicator of their cyber interest and or capabilities.
Chinese hackers targeted MH 370 investigation and appear to have stolen classified documents
Chinese hackers targeted the computers of high-ranking officials from the Malaysian government and Malaysia Airlines and stole classified information during the early stages of the investigation into missing flight MH 370. The officials who were targeted reportedly were from the country’s Department of Civil Aviation, the National Security Council, and Malaysia Airlines. The country’s cyber security agency recognized the breach hours later, when it then blocked all transmissions and shut down the compromised machines.
Israel faced a huge wave of cyber attacks during its war with Hamas — And Iran could be the reason why
In the war between Israel and Hamas, Israeli websites faced a larger, more coordinated, and more skilled series of cyber attacks than during similar conflicts. Indeed, at the same time Hamas was trading fire with the Israel Defense Forces, hackers from all over the world launched a string of attacks on electronic targets in Israel.
Pakistan the latest cyberspying nation
A recently unearthed targeted attack campaign suggests that Pakistan is evolving from hacktivism to cyber espionage. Operation Arachnophobia, which appears to have begun in early 2013, has all the earmarks of classic advanced persistent threat/cyber espionage activity but with a few twists, including the possible involvement of a Pakistani security firm, and it may well be Pakistan's answer to cyber espionage campaigns against its nation that appear to have come from India.
Wearable electronic devices augur change for NGA operations, show ‘immersive’ potential
National Geospatial-Intelligence Agency
Developers at the National Geospatial-Intelligence Agency are creating applications for wearable electronic devices that place analysts and customers in virtual and augmented-reality environments to help them do their jobs better. The prototype applications created for Google Glass and Oculus Rift could serve as gateways to the immersive intelligence experience being advanced by NGA leadership.
US digital strike team chief acknowledges ‘tall order’
Last week, the White House announced the formation of a new tech strike team — dubbed the “U.S. Digital Service” — to help government agencies improve their tech operations. The team will be led by Mickey Dickerson, a former Google engineer and the person the White House brought in last year to fix HealthCare.gov, the site created to implement the Affordable Care Act. Dickerson acknowledges that shifting government tech projects away from old methods and incumbent tech companies is no easy task.
DoD procurement chief sees overuse of firm fixed price level of effort contracts (second article in this column)
Federal News Radio
The Defense acquisition community can expect to see new guidance soon on when it is and isn't OK for contracting officers to make awards under firm fixed price level of effort (FPLOE) contracts.That contract type, which pays contractors for a pre-arranged amount of work and not necessarily an outcome, has become overused in recent years and for situations that are inappropriate, according to Dick Ginman, the director of defense procurement and acquisition policy.
Army begins search for DCGS-A Increment 2
C4ISR & Networks
The U.S. Army has begun the search for the second increment of the Distributed Common Ground System-Army (DCGS-A) with a request for industry feedback on the planned requirements and acquisition strategy. DCGS-A Increment 2 will take advantage of information technology developed by U.S. intelligence agencies. Increment 2 capabilities will focus on aligning DCGS-A to the Intelligence Community Information Technology Enterprise (IC ITE).
Making WIN-T Increment 2 invisible to the user
C4ISR & Networks
Since 2004, the Army’s Warfighter Information Network-Tactical system has given soldiers in the field the ability to stay in contact when line of sight is unavailable, bouncing signal onto a satellite network as needed, even when on the move. With the rollout of WIN-T Increment 2, systems designers are taking major strides forward, adding greater ease of use and streamlining functionality. With the latest round of upgrades, the system has become "almost invisible to the user," said the program's product manager.
New acquisition techniques coming to DISA
C4ISR & Networks
The chief of acquisitions for the Defense Information Systems Agency has a big vision for how the agency will revamp its complex acquisitions process in the coming years. Dr. Jennifer Carter says her office is seeking ways to foster competition. She plans to pursue the rising trend toward joint, interagency purchasing, and she’s looking for ways to put in place a more thoughtful, more strategic process for acquisitions.
Rogers: Cybercom defending networks, nation
U.S. Cyber Command continues to expand its capabilities and capacity, Navy Adm. Mike Rogers said in an interview Aug. 14.Rogers, who is Commander of Cybercom and director of the National Security Agency, described how he is focusing on five priorities for Cybercom.
Software could be a solution for DoD's saturated networks
C4ISR & Networks
The Defense Department’s move to software defined networks will bring with it a set of code-writing guidelines for contractors, acting chief information officer Terry Halvorsen said Aug. 13. Halvrosen said that the department was working on standards that includes an emphasis on keeping bandwidth requirements low, especially for operating in environments where it might be scarce.
Cybersecurity: How involved should boards of directors be?
IT security audit organization ISACA and the Institute of Internal Auditors (IIA) are weighing in on what role the board of directors should play in an enterprise's cybersecurity strategies with a new report.
Supervalu breach shows why move to smartcards is long overdue
The U.S. remains one of the last developed nations to use magnetic stripe cards, and the data breach disclosed by Supervalu shows yet again why the ongoing migration of the U.S. payment system to smartcard technology can't happen soon enough.
Law enforcement biometrics market in North America expected to grow at 18.2% CAGR: report
TechNavio has published its latest research report, “Law Enforcement Biometrics Market in North America 2014-2018” and expects the market to grow at a CAGR of 18.2 percent during the forecast period. This latest report also highlights the integration of biometrics in smart cards as one of the top emerging market trends, such as those relating to the upgrading of driver’s licenses and passports.
TSA moves toward e-check of IDs
The Transportation Security Administration has awarded an $85 million contract to Morphotrust for technology that will let it electronically check passengers' identification cards and other documents against multiple databases.The aim is to speed up passenger security lines at airports by allowing electronic checks of drivers' licenses and other documents that are now checked visually by TSA agents against passengers' boarding passes. The Electronic Credential Authentication Technology (E-CAT) contract could last as long as seven years.
Oak Ridge National Labs deploys combination PIV, CIV smart card ecosystem
Secure ID News
The U.S. Energy Department's Oak Ridge National Labs is deploying a mix of PIV and CIV credentials throughout its Tennessee facilities. The new smart card credentials will be used for physical and logical access. The lab went with the PIV smart cards for those employees who travel and need to use the credentials for access to other facilities, while CIV credentials will be for those who are just using the cards on site.
NYC to roll out municipal ID
In January, New York City will launch a new municipal identity card program targeted to those who do not have a driver’s license or other official identification. The program would allow New Yorkers, regardless of their citizenship status, to access basic city services, open bank accounts and lease apartments.In April the mayor issued a solicitation for project management and quality assurance services systems; integration services; and card printing services for the ID card.