News in Brief

More fed security woes, more DHS bills and a wait-and-see approach to EAGLE II

Shutterstock image (by Sergey Nivens): Security concept, lock on a digital screen.

Report: 47 agencies face possible login credential exposure

The OPM breach isn’t the only recent example of cybersecurity vulnerabilities in government. Employees at 47 agencies may have had their login credentials exposed, according to a report by Recorded Future.

As of early 2015, 12 of these agencies, including the Department of Homeland Security, allowed some users access to their computer networks with no form of two-factor authentication (ie, requiring both a password and a biometric identifier. The report found the Department of Energy most vulnerable to exposure on the web, with email/password combinations for nine different domains findable on the Internet. The Department of Commerce had exposures in seven domains, according to the report.

Recorded Future said all of the exposed government employee email/password combinations were found on sites like Pastebin. These websites let users share bits of code and they’ve become a “dumping ground” for stolen passwords.

Around half of Americans use the same passwords for various sites, including work. So if a third-party website’s database is hacked and a government employee uses the same password at work, those credentials could allow a hacker access to an agency system.

The report suggests agencies should increase the security of login credentials with VPNs and/or two-factor authentication.

Senate panel waits on Einstein

The Senate Homeland Security and Governmental Affairs Committee approved a handful of DHS-related measures June 24, but postponed action on a bill that would authorize the department’s Einstein cybersecurity program.

Chairman Ron Johnson (R-Wis.) and ranking Democrat Tom Carper of Delaware said the committee was working to come to consensus on legislation that would allow Congress to weigh in on the deployment of Einstein, which has taken on greater urgency in the wake of the breach at the Office of Personnel Management that exposed millions of current and former federal employees’ personal information.

“It is a critically important program given the seemingly never-ending cyberattacks on our federal government,” Carper said.

Among the bills the panel approved by voice vote was the Duplication Reduction Act, which would require the DHS CIO to conduct an internal census of IT systems, report on whether systems are duplicative, and come up with a strategy for reducing the number of such systems. The House passed its version of the bill by voice vote on June 23.

The committee also approved the nomination of Carol Ochoa to be inspector general at the General Services Administration.

GAO withholds judgment on DHS’s Eagle II

The Government Accountability Office said it's too early to tell whether DHS's efforts to open up its $22 billion Enterprise Acquisition Gateway for Leading-Edge Solutions II (EAGLE II) suite of strategically sourced information technology services contracts to small businesses have been successful.

A GAO report released June 24 said DHS had set up programs to create small business tracks within each of EAGLE II's three lines of business; to establish a process to maintain a steady pool of eligible small businesses by reopening the EAGLE II solicitation after requiring businesses that outgrow their small business status to leave the program; and to require small business track prime contractors to team only with other small businesses.

GAO said that, as of March 2015, DHS had issued 74 EAGLE II task orders worth an estimated $591 million, almost all of which went to small businesses. However, the study said, it is too soon to evaluate the full impact of these steps because only about 3 percent of the anticipated $22 billion in task orders have been issued.

GAO said it began the study because the small business community raised questions about strategic sourcing reducing contracting opportunities.

About the Author

Connect with the FCW staff on Twitter @FCWnow.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.