News in Brief

Appropriators consolidate cyber spending, IG dings HHS and more

abstract image of money

HHS gets low marks on security card implementation

The Department of Health and Human Services' efforts at implementing secure ID cards were rated "inadequate" by the HHS Office of Inspector General.

A new IG report said HHS's implementation of the 2004 Homeland Security Presidential Directive 12 is uneven and has some vulnerabilities that could put the agency's security at risk.

The report said the agency's HSPD-12 efforts lacked controls to ensure that all credentialing requirements were met, and noted that identification cards weren't deactivated in a timely manner. It also said controls to access and manage the system were not tight enough.

According to the study, the HHS data center's network firewall configuration also didn't comply with its security policies.

The OIG also found that security management controls, including patch management, antivirus management, and configuration management, were not implemented on HSPD-12 workstations at any of the division PIV Card Issuance Facilities that were audited. The study said HHS also allowed nongovernmental computers to connect to card management systems.

The OIG recommended that HHS implement security requirements for card enrollment and issuance, deactivate of cards, system access, security management, physical security, and Web portals associated with the identity card program.

Senate appropriators seek to consolidate cyber spending

Tim Starks at CQ Roll Call reports that the Energy Department cybersecurity budget for energy, science and environmental missions spreads funding over 11 different accounts, and the Senate Appropriations Committee wants all of that nearly $150 million consolidated into one place.

The fiscal 2015 Energy and Water spending bill includes $304 million in cybersecurity funding for the Department of Energy, with $155 million for the National Nuclear Security Administration and $149 million for energy/science/environmental missions.

But the NNSA money is all coordinated by one official, and the report on the Senate bill says DOE "should follow NNSA's example of consolidating cybersecurity activities and funding authority to one person under one funding account."

California firm boosts state-level transparency

Federal agencies have the IT Dashboard, but GCN reports that a growing number of state and local government are turning to a California startup for their financial transparency efforts., a Mountain View-based firm, "works as a subscription service. Agencies email their raw general ledger data. ... The company maps the data, accounting for each municipality's unique chart of accounts –and provides a link to a website for review, often within a week."

British hacker indicted on charges of breaching agency networks

Ten days after the Government Accountability Office revealed hackers had infiltrated satellite data by hijacking a contractor's personal computer, federal prosecutors unsealed a set of indictments against a British man for breaching several U.S. government agency networks in another case.

The FBI said on July 25 that 29-year-old Lauri Love of Stradishall, England, had been indicted by a U.S. federal grand jury on charges of conspiracy, causing damage to a protected computer, access device fraud and aggravated identity theft. British law enforcement dropped their charges against Love on July 25 so the U.S. could pursue its charges.

According to the federal indictment, in October 2012 Love and coconspirators broke into protected computers belonging to the Department of Energy, Department of Health and Human Services, the U.S. Sentencing Commission, the FBI's Regional Computer Forensics Laboratory, and computers at Deltek, Inc. and Forte Interactive Inc. by exploiting a known vulnerability in Adobe ColdFusion, a software program designed to build and administer websites and databases. The vulnerability, which has since been corrected, according to the FBI, allowed Love and the accomplices to access protected areas of the victims' computer servers without proper login credentials.

The indictment accused Love and his cohorts of obtaining administrator-level access to the networks using custom file managers, allowing them to upload and download files, edit, remove and search for data. It said Love and his group got more than 100,000 employee records with names, Social Security numbers, addresses, phone numbers, salary information and other financial records, including credit card numbers.

About the Author

Connect with the FCW staff on Twitter @FCWnow.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group