FCW Insider

Blog archive

Quick Hits for Nov. 6

*** IBM's Watson computer is helping the National Institute of Standards and Technology generate vulnerability risk scores.

"We started it just to get familiar with AI, so we could get our hands on it, learn about it, put it in a lab and experiment," Matthew Scholl, deputy division chief of NIST's Computer Security Division, told reporters after the Nov. 2 Information Security and Privacy Advisory Board meeting. "And as we were doing it with this dataset, we said, 'Hey, this seems to be putting out results the same as our analysts are putting out.'"

The Common Vulnerability Scoring System provides risk scores to common vulnerabilities and exposures, and the analysts follow a model for how to get to these scores. This model, combined with the wealth of historic data meant the project was a perfect fit for an AI pilot.

NIST researchers have been happy enough with the results that they have begun working with the CIO's office to put it into full production. They’d like to be fully up and running within fiscal year 2019, Scholl said. For the pilot phase, NIST bought an IBM license and has a contract to work with the company on the training to make sure the data isn't biased in a way that would affect results.

"Hiring humans to keep up with the pace of increasing CVEs is not a sustainable model for the future," Scholl said.

*** While the Nov. 6 election is top of mind for most lawmakers, when the House reconvenes, the Veterans Affairs Committee is planning a hard look at the troubled electronic health record modernization program at VA. On Nov. 14, the committee will hold a hearing on the agency's progress after 180 days of the EHRM program, paying special attention to a report on the Defense Department's new health record system, which is based on the same software VA is acquiring.

*** The Office of Personnel Management is following up on changes to federal pay structures and expansion of direct hiring authority to help agencies bring in cyber and IT talent with guidance for agencies’ human resources shops.  In "interpretive guidance" issued to all agencies, OPM outlines how HR directors should identify cybersecurity positions, clarify their roles and duties and develop a cybersecurity workforce. The guidance details the competencies and tasks agencies should be looking to fill, criteria for classifying each into a general schedule position as well as how to determine pay and occupational series for cyber and IT positions.

Posted on Nov 06, 2018 at 1:00 AM


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected