News and notes from around the federal IT community.
GAO: VA must do more on IT security weaknesses
The Department of Veterans Affairs has not done enough to resolve information security vulnerabilities on its systems, according to a the Government Accountability Office report released a day ahead of the House Veterans Affairs Committee hearing that will feature testimony from Stephen Warren, head of VA's Office of Information and Technology.
The report concludes that "shortcomings" in security programs, including untimely security patching, means that VA systems are prone to exploitation.
The agency's efforts to remediate security problems, identified in past GAO report and by the agency's inspector general, are lagging. The report also notes that VA does not have a finalized policy for subjecting its widely used web applications to source code scanning to detect vulnerabilities.
The VA agreed with the eight remedial actions proposed by the GAO.
HealthCare.gov opens for enrollment with few problems
The second open enrollment season under the 2010 health care law kicked off Nov. 15, and the HealthCare.gov website appears to be functioning well under the strain of the flood of visitors.
About 500,000 visitors logged into the site on the first day of open enrollment, with about 100,000 sending in applications for health insurance, according to Health and Human Services Secretary Sylvia Mathews Burwell.
It's going to be a busy season for the site – more than 7 million people are covered by private insurers under the law, and all of these plans will need to be renewed or changed during the open enrollment season.
There is an "auto-renew" feature for users who don't update or renew coverage during the open enrollment period. Officials, however, are encouraging users to try the site’s improved comparison-shopping feature rather than auto-renew, to avoid being taken by surprise by possible premium increases.
Scattered problems with the site were reported, including issues from users who forgot their usernames or passwords, and users receiving unexpected error messages. But the experience was a far cry from the HealthCare.gov launch in October 2013, when only six users were able to enroll on the first day because of massive problems with the design and infrastructure.
Senate could take up surveillance bill
The Senate is expected to vote Nov. 18 on a procedural motion that would set the stage for debate on a bill that would place new limits on the bulk collection of telephone metadata and other business records for use by intelligence and law enforcement agencies.
The legislation, sponsored by Sen. Patrick Leahy (D-Vt.), would require the FBI to specify targets using identifiers such as a name, phone number or email address. The bill also would change rules on the use of national security letters, requiring more clarity about investigative targets and providing some flexibility for disclosing the receipt of government requests.
A similar measure, by Rep. Jim Sensenbrenner (R-Wis.) has already passed the House.
A letter from the CEOs of leading tech firms -- including Google, Apple and Microsoft -- urged the Senate to pass the bill. Members of the President's Review Group on Intelligence and Communications Technology, which examined surveillance policy in the wake of the Edward Snowden leaks, noted in a letter that the Senate bill is "broadly consistent with the recommendations we made last year in our report on how to safeguard both liberty and security in a rapidly changing world."
A 60-vote threshold must be cleared to open debate. There is a bipartisan coalition for limiting the authority of the government to collect and scan bulk records on Americans, but it's not clear whether this particular bill has 60 votes. It's also unknown if the House would back the Senate measure in time to get a finished bill to President Barack Obama before the end of the current Congress.
There is at least some deadline pressure for Congress, however. The current authorities on records collection as spelled out in the 2001 anti-terrorism law known as the Patriot Act expire June 1, 2015.
Naval Air Systems Command computer contract goes to Northrop Grumman
Defense giant Northrop Grumman will provide the Naval Air Systems Command with computers as part of a program to upgrade the Marine Corps’ H-1 helicopter, the firm announced Nov. 17.
The FlightPro Gen III computer integrates advanced mission, weapons and video processing capabilities into an airborne computer, the firm said. The computers will be part of an avionics system in the helicopters’ cockpits. Northrop Grumman said it provides the flight program software that controls that avionic system.
Deliveries under the contract will be finished by October 2017, the firm said.
NEXT STORY: IRS looks to get a handle on email records