DOD and climate, Anonymous threats, cyber NATO and more
News and notes from around the federal IT community.
GAO: DOD could do more with climate data
The Defense Department could do a better job of using data to respond to the challenge of climate change, the Government Accountability Office said in a report it publicized this week.
DOD could collect as many as 580,000 pieces of data in its survey of facilities vulnerable to climate change, according to the report.
"Service officials generally agree that they could use these data to correlate the historical frequency of a certain impact-- such as flooding -- to a certain level of vulnerability," the report states. "However, they have not established a methodology to conduct their suggested analysis and do not have milestones to guide any such efforts through completion."
Hacker group Anonymous threatens lawmakers
The hacktivist group Anonymous used a YouTube video to threaten congressional supporters of the proposed Cybersecurity Information Sharing Act. The video called the bill, a draft of which has been released by Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.), "a direct attack against the Fourth Amendment of the Bill of Rights" and threatened lawmakers and others supportive of the legislation with undefined retaliation.
The House has a companion bill in the works, and House Intelligence Committee Chairman Mike Rogers (R-Mich.) has said he is optimistic about the legislation passing this year.
This is not new behavior by Anonymous. The group allegedly threatened Rep. Dutch Ruppersberger (D-Md.) for his support of cybersecurity legislation last year.
Collective defense now includes cyber
NATO has updated its collective defense policy to include cybersecurity, IT news outlet ZDNet reported. Article 5 of the NATO charter can be interpreted to mean that a cyberattack on any member is an attack on the entire alliance, according to a NATO official quoted by ZDNet. It is unclear how big an attack would need to be to trigger a response.
Cyberattacks are becoming a staple of modern warfare and have hit NATO members and aspiring members in recent years. Estonia, a NATO member, accused Russia of carrying out distributed denial-of-service attacks in 2007. The Russians allegedly struck again in the cyber realm during fighting with Georgia in 2008.
Census testing tech in national capital region
Although the decennial census is six years away, the Census Bureau is doing its first significant test of the technologies and methods it is planning for the 2020 count.
This summer, the bureau will conduct the 2014 Census Test in parts of Washington, D.C., and Montgomery County, Md., from the end of June through September. The test will use Internet, telephone and traditional paper questionnaires to collect data.
The bureau is exploring alternative ways of conducting the census after several reports from the Government Accountability Office highlighted the inefficiencies of past counts, according to GAO's "WatchBlog."
Auditors have recommended prioritizing IT research and testing, such as using smartphones and online surveys. GAO reported in April that the bureau hadn't created sufficient plans and schedules for developing testing projects and IT-related research for the 2020 census.
Flappy Bird infested with malware
Beware of Flappy Bird. That's one of the messages in McAfee's June threat report.
Mobile malware creators have found ways to tap into the growing popularity of the game to attack mobile devices used by consumers, government and industry. The malware gets users to unknowingly open up permissions on smartphones and tablet computers to attackers.
The Flappy Bird mobile game enjoyed a meteoric rise in popularity between last year and this past February, when its owner shut it down.
Despite Flappy Bird's mercurial rise and fall, McAfee said enterprising cybercriminals developed hundreds of clones containing malware based on the hugely popular game. Officials at McAfee Labs said they sampled 300 of the clones and found that almost 80 percent carried malware. Some of the activities included making calls without the user's permission; sending, recording and receiving SMS messages; extracting contact data; and tracking geolocation.
In the worst cases, the malware gained root access, allowing uninhibited control of anything on the mobile device, including confidential information, McAfee officials said.