News in Brief

FITARA good and bad, US-CERT warns of spear phishing and more

Shutterstock image: discussing a contract.

Good news, bad news in FITARA survey

In a survey released 12 days before the Aug. 15 deadline for agencies to report their Federal Information Technology Acquisition Reform Act self-assessments to the Office of Management and Budget, 84 percent of federal IT professionals polled by MeriTalk said the measure will improve efficiency. But most agencies don't expect to meet the deadline.

According to MeriTalk, 93 percent of the federal employees it polled said FITARA will be as or more successful than the Clinger-Cohen Act.

Eighty-four percent believed FITARA's new CIO contract-approval role will improve visibility and reduce redundancies, while only 6 percent believed FITARA will increase CIO turnover at agencies.

But only 18 percent of those polled said their agencies would definitely meet the Aug. 15 deadline to send their self-assessments to OMB, and only 19 percent said their agencies would definitely meet the Dec. 31 deadline to set a new common baseline for CIO authorities. Furthermore, only 22 percent said their agencies had sufficient resources to properly implement FITARA.

Getting the word out has also been a problem. Although 60 percent of respondents were happy with OMB's June 10 FITARA guidance, nearly one-third were not yet familiar with it.

The survey also found that 39 percent of those surveyed were aware that their agencies have a working group set up to manage FITARA implementation.

MeriTalk did not say how many people participated in the survey.

US-CERT notes three spear-phishing campaigns targeting feds

The Department of Homeland Security's U.S. Computer Emergency Readiness Team warned federal IT managers over the weekend that it was aware of three large, active and ongoing spear-phishing attacks directed at government networks.

According to US-CERT, campaigns are exploiting flaws in Microsoft Windows, Adobe Flash Player and Linux to gain entry to federal and private-sector networks and steal information or facilitate further breaches. At least two of the campaigns have been attributed to a Chinese hacker group.

US-CERT's warning joins an earlier caution from the FBI, and it widens the scope of the hazards. The FBI formally warned federal agencies in mid-July about a new spear-phishing campaign, potentially backed by the Chinese hacker group, that targets federal employees and seeks to shake out sensitive information through a flaw in Adobe Flash Player.

Contractor who stole classified material sentenced to 10 years

A federal district judge in Miami has sentenced a military contractor to 10 years in prison for stealing classified intelligence reports and military plans while he worked as a systems administrator at a major U.S. military command center in Honduras.

On July 31, Christopher Glenn was sentenced to 120 months in federal prison for stealing and retaining classified national defense information under the Espionage Act, computer intrusion under the Computer Fraud and Abuse Act and conspiracy to commit naturalization fraud.

The Justice Department said that, while working as a computer systems administrator at Soto Cano Air Base in Honduras, Glenn accessed a classified Defense Department network without authorization and removed classified information from DOD and U.S. Southern Command's Joint Task Force-Bravo, including intelligence reports and military plans. Glenn encrypted the files and put them on an Internet-accessible network storage device at his residence in Honduras, according to the Justice Department.

"The defendant exploited and violated the special trust placed in him as a computer network system administrator working at a United States military base, in order to penetrate the computer system and steal classified materials," U.S. Attorney Wifredo Ferrer said.

The Justice Department did not specify what kind of information Glenn took or for what reason. However, news reports said he hacked into the base commander's classified email account and copied thousands of messages and more than 350 attached documents, much of which dealt with U.S. military plans and information regarding the Middle East.

About the Author

Connect with the FCW staff on Twitter @FCWnow.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.