FCW Insider: Nov. 6
Election Day is here. FCW will be tracking reports of cyber incidents at the polls. While you're waiting for election returns, dig in to the issues with reporter Derek B. Johnson's overview of election security theory and practice.
With its $8 billion Defense Enterprise Office Solutions procurement shifting to General Services Administration's Schedule 70, the Defense Information Systems Agency says it is focusing on scale. Lauren C. Williams reports.
As data breaches and identity theft become increasingly regular parts of the news cycle, there is growing support for government taking a lead role in identity proofing. If it does happen, expect to see the Better Identity Coalition's Jeremy Grant showing the way. Chase Gunter has the FCW interview.
The public-private Quantum Consortium allows participating companies to communicate with the National Institute of Standards and Technology about research needs without revealing proprietary secrets. Matt Leonard has more.
In comments to Federal CIO Suzette Kent on the administration's "Cloud Smart" policy, some big cloud providers said there are differences in models, but federal government should stick with NIST's cloud definition. Mark Rockwell explains.
*** IBM's Watson computer is helping the National Institute of Standards and Technology generate vulnerability risk scores.
"We started it just to get familiar with AI, so we could get our hands on it, learn about it, put it in a lab and experiment," Matthew Scholl, deputy division chief of NIST's Computer Security Division, told reporters after the Nov. 2 Information Security and Privacy Advisory Board meeting. "And as we were doing it with this dataset, we said, 'Hey, this seems to be putting out results the same as our analysts are putting out.'"
The Common Vulnerability Scoring System provides risk scores to common vulnerabilities and exposures, and the analysts follow a model for how to get to these scores. This model, combined with the wealth of historic data meant the project was a perfect fit for an AI pilot.
NIST researchers have been happy enough with the results that they have begun working with the CIO's office to put it into full production. They’d like to be fully up and running within fiscal year 2019, Scholl said. For the pilot phase, NIST bought an IBM license and has a contract to work with the company on the training to make sure the data isn't biased in a way that would affect results.
"Hiring humans to keep up with the pace of increasing CVEs is not a sustainable model for the future," Scholl said.
*** While the Nov. 6 election is top of mind for most lawmakers, when the House reconvenes, the Veterans Affairs Committee is planning a hard look at the troubled electronic health record modernization program at VA. On Nov. 14, the committee will hold a hearing on the agency's progress after 180 days of the EHRM program, paying special attention to a report on the Defense Department's new health record system, which is based on the same software VA is acquiring.
*** The Office of Personnel Management is following up on changes to federal pay structures and expansion of direct hiring authority to help agencies bring in cyber and IT talent with guidance for agencies’ human resources shops. In "interpretive guidance" issued to all agencies, OPM outlines how HR directors should identify cybersecurity positions, clarify their roles and duties and develop a cybersecurity workforce. The guidance details the competencies and tasks agencies should be looking to fill, criteria for classifying each into a general schedule position as well as how to determine pay and occupational series for cyber and IT positions.
Posted on Nov 06, 2018 at 1:00 AM