News and notes from around the federal IT community.
FCC chairman looks to expand agency role in cyber
Tom Wheeler, chairman of the Federal Communications Commission, announced the agency will step up its role in helping protect commercial networks from cybersecurity threats.
Wheeler is seeking a "new paradigm of proactive, accountable cyber risk management for the communications sector," to govern relations between regulated communications firms and the FCC in the cyber arena, he said in a June 12 speech at the American Enterprise Institute.
This paradigm needs to be more "dynamic" than a set of proscriptive rules, but more "demonstrably effective" than simply trusting market forces to shape events. "We need market accountability on cybersecurity that doesn’t exist today, so that appropriately predictive and proactive investment is made to improve cyber readiness," Wheeler said.
The FCC's Communications Security, Reliability and Interoperability Council is working on risk management processes designed to help private-sector communications firms implement the federal cybersecurity framework released earlier this year by the National Institute for Standards and Technology. The FCC is also looking at how it can facilitate information sharing of active threats and intrusions between commercial ISPs and other network owners.
"[F]or cyberattacks that cause degradations of service or outages, the FCC and communications providers must develop efficient methods to communicate and address these risks," Wheeler said.
NOAA awards IT support deal to SID
The National Oceanic and Atmospheric Administration awarded a five-year, $4.2 million IT support contract for the National Weather Service's Integrated Dissemination Program to Systems Integration & Development Inc., the company said.
The task order was competed via the agency’s NOAALink 10-year, $2.5 billion small business contracting vehicle for SID, which will provide systems engineering and IT expertise services to various IDP projects, including the GOES-R series of environmental satellites, the first of which NOAA has scheduled for geo-stationary orbit in 2016.
IBM taps EHR provider Epic for Defense health IT bid
The Department of Defense is inching closer to a request for proposals for its planned $11 billion electronic health records system and industry is getting ready to bid. IBM, which recently staffed up its federal health practice and launched health care analytics applications for its Watson supercomputer, is now teaming up with electronic heath records firm Epic to go after the contract.
Epic, which is used by the Cleveland Clinic, Johns Hopkins Medicine and other top providers, brings its interoperable EHR software to the deal.
IBM will lead the effort, and hopes to act as overall integrator on the DOD Healthcare Management Systems Modernization contract.
More such alignments between leading IT contractors and EHR specialists are expected to be announced before the final solicitation goes out sometime this summer.
Guilty plea in fed agency phishing scam
A Nigerian man admitted to federal authorities that he was part of a conspiracy to steal federal agency employees' electronic identification to misdirect, then resell, a million dollars' worth of office products. Abiodun Adejohn, 30, pleaded guilty June 10 in a federal courtroom in New Jersey to one count of wire fraud conspiracy in a scam that defrauded vendors of nearly $1 million of office products after phishing email login information from government employees.
According to the FBI, Adejohn was arrested in Arizona on Sept. 24, 2013, and has been detained since his arrest.
Prosecutors said Adejohn and a group of unnamed cohorts, operated a computer hacking and identity theft plot from 2012 through December 2013 targeting a number of U.S. government agencies, their employees, and ofﬁce product vendors that had been approved to do business with the agencies. The group leveraged targeted phishing attacks, mimicking legitimate federal agency email addresses and websites. Employees of the targeted agencies visited the fake web pages and provided their email account usernames and passwords.
According to the FBI, Adejohn and his conspirators used the stolen credentials to access the employees’ email accounts to place fraudulent orders for office products -- typically printer toner cartridges -- in the employees’ names, from vendors who were authorized to do business with government agencies. Adejohn and his conspirators told the vendors to ship the fraudulent orders to individuals in New Jersey and elsewhere to be repackaged and ultimately shipped to overseas locations controlled by the group. Once the orders were received in Nigeria, the group sold the toner cartridges to another individual on the black market.
Adejohn could face 20 years in prison and a $250,000 fine. Sentencing is scheduled for Sept. 9.