by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : January 2015
IN THE IT PIPELINE WHAT: The Intelligence Advanced Research Projects Activity’s Proposers’ Day Confer- ence for cyber defense. WHY: IARPA said it wants to use its Jan. 21 Proposers’ Day for the Cyber-attack Automated Uncon- ventional Sensor Environment (CAUSE) Program to explore options beyond the typical “post- mortem analysis” approaches to cyber defense. As attacks have evolved and increased over the years, established approaches such as signature-based and anomaly detection have not adequately enabled cybersecurity practition- ers to get ahead of the threats. The result is an industry heavily invested in analyzing the effects of cyberattacks instead of analyz- ing and mitigating the cause of the attacks, IARPA officials said. They added that they hope the CAUSE Program can develop and validate unconventional sen- sor technology that can detect activities such as actor behavior models and black market sales to help forecast cyberattacks and complement existing capabilities. Under CAUSE, IARPA wants to develop innovative tech- nologies that could manage and extract huge amounts of streaming and batch data, apply existing features from other disciplines and introduce new ones to the cyber domain, and develop models to generate probabilistic warnings for future cyber events. FULL LISTING: Go to IARPA.gov and click on “Proposers’ Days” under the “Working with IARPA” dropdown menu. The Department of Veterans Affairs has disclosed a security flaw in a patient database that put information on more than 7,000 veterans in public view. The information — including names, Social Security numbers and birthdates — was contained in a document that could be accessed via a public-facing telehealth website run by a Veterans Health Administration contractor. The name of the contractor was not released. The flaw was first report- ed to the VA on Nov. 4 and publicly announced in a news release on Dec. 24. According to a VA incident report, the personal information was exposed for several years. The address was not linked within the site, and a user would have to have the address to access the document, according to the report. The VA was alerted to the security flaw via an anonymous email mes- sage believed to have been sent by an employee of the contractor. The mes- sage, which included personal informa- tion on five veterans, was sent to senior leaders at VA. The security flaw was quickly patched with the assistance of the VA’s Network and Security Operations Center (NSOC), and monitoring ser- vices were offered to the 7,054 veter- ans whose information was potentially compromised. A VA spokesperson did not clarify whether the anonymous source was acting as a whistleblower or had some other agenda. The incident report indi- cates that the vendor fired one employ- ee as the likely culprit, although that employee denied being the source of the email message. An NSOC review of the vendor’s user logs could not definitely conclude who had accessed the data or whether the entire contents of the database were compromised. The VA is a popular target for cyber criminals. Network defenses detected more than 15 million intrusion attempts in November alone and blocked more than 88 million suspicious inbound email messages. However, the VA flunked the fiscal 2014 audit required under the Federal Information Security Management Act. In a call with reporters last November, VA CIO Stephen Warren said the agen- cy still needs to fix some of the issues identified in the 2013 FISMA report and that the 2014 report, due out in March, will call for improved standardization in system configuration and tighter access controls. — Adam Mazmanian January 2015 FCW.COM 9 is requested for cybersecurity in the president’s fiscal 2015 budget, down from $1.44 billion in fiscal 2014 $1.41 billion Join the conversation FCW uses Twitter to break news, field questions and ask our own. Learn more at Twitter.com/FCWnow. 12:31 PM - 5 Jan 2015 Xerox Govt Services @ XeroxGovService Reply Retweet Favorite #STEM jobs are expected to grow 30% in the next decade. Ways to increase the # of woman in the industry from @FCWnow http://bit.ly/14dr4S Unsecured Web page put 7,000 vets’ info at risk for years 0115fcw_003-009.indd 9 1/7/15 1:31 PM
November and December 2014