FITARA good and bad, US-CERT warns of spear phishing and more

Good news, bad news in FITARA survey

In a survey released 12 days before the Aug. 15 deadline for agencies to report their Federal Information Technology Acquisition Reform Act self-assessments to the Office of Management and Budget, 84 percent of federal IT professionals polled by MeriTalk said the measure will improve efficiency. But most agencies don't expect to meet the deadline.

According to MeriTalk, 93 percent of the federal employees it polled said FITARA will be as or more successful than the Clinger-Cohen Act.

Eighty-four percent believed FITARA's new CIO contract-approval role will improve visibility and reduce redundancies, while only 6 percent believed FITARA will increase CIO turnover at agencies.

But only 18 percent of those polled said their agencies would definitely meet the Aug. 15 deadline to send their self-assessments to OMB, and only 19 percent said their agencies would definitely meet the Dec. 31 deadline to set a new common baseline for CIO authorities. Furthermore, only 22 percent said their agencies had sufficient resources to properly implement FITARA.

Getting the word out has also been a problem. Although 60 percent of respondents were happy with OMB's June 10 FITARA guidance, nearly one-third were not yet familiar with it.

The survey also found that 39 percent of those surveyed were aware that their agencies have a working group set up to manage FITARA implementation.

MeriTalk did not say how many people participated in the survey.

US-CERT notes three spear-phishing campaigns targeting feds

The Department of Homeland Security's U.S. Computer Emergency Readiness Team warned federal IT managers over the weekend that it was aware of three large, active and ongoing spear-phishing attacks directed at government networks.

According to US-CERT, campaigns are exploiting flaws in Microsoft Windows, Adobe Flash Player and Linux to gain entry to federal and private-sector networks and steal information or facilitate further breaches. At least two of the campaigns have been attributed to a Chinese hacker group.

US-CERT's warning joins an earlier caution from the FBI, and it widens the scope of the hazards. The FBI formally warned federal agencies in mid-July about a new spear-phishing campaign, potentially backed by the Chinese hacker group, that targets federal employees and seeks to shake out sensitive information through a flaw in Adobe Flash Player.

Contractor who stole classified material sentenced to 10 years

A federal district judge in Miami has sentenced a military contractor to 10 years in prison for stealing classified intelligence reports and military plans while he worked as a systems administrator at a major U.S. military command center in Honduras.

On July 31, Christopher Glenn was sentenced to 120 months in federal prison for stealing and retaining classified national defense information under the Espionage Act, computer intrusion under the Computer Fraud and Abuse Act and conspiracy to commit naturalization fraud.

The Justice Department said that, while working as a computer systems administrator at Soto Cano Air Base in Honduras, Glenn accessed a classified Defense Department network without authorization and removed classified information from DOD and U.S. Southern Command's Joint Task Force-Bravo, including intelligence reports and military plans. Glenn encrypted the files and put them on an Internet-accessible network storage device at his residence in Honduras, according to the Justice Department.

"The defendant exploited and violated the special trust placed in him as a computer network system administrator working at a United States military base, in order to penetrate the computer system and steal classified materials," U.S. Attorney Wifredo Ferrer said.

The Justice Department did not specify what kind of information Glenn took or for what reason. However, news reports said he hacked into the base commander's classified email account and copied thousands of messages and more than 350 attached documents, much of which dealt with U.S. military plans and information regarding the Middle East.