by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : July 30, 2015
The federal government’s 30-day cyber- security sprint wound down on July 12, but the work is far from over. U.S. CIO Tony Scott told reporters on July 9 that the initial news seemed good. The memo announcing the sprint called for agency CIOs to scan for “indi- cators of compromise” listed in the U.S. Computer Emergency Readiness Team’s Analysis Report and inform the Department of Homeland Securi- ty immediately about any evidence of malicious cyber activity; patch critical vulnerabilities; accelerate implementa- tion of multifactor authentication, with a priority on privileged users; and tight- en policy and practices for those users. Scott said agencies had dramatical- ly increased two-factor authentication for privileged users during the sprint, and “a number of agencies have hit 100 percent.” Governmentwide, two-factor authentication increased 20 percent, he added. Chris Edwards, chief technology officer at identity management firm Intercede, praised the sprint for push- ing two-factor authentication. “It is certainly needed as the first A successful cyber sprint, with a questionable finish line of federal IT contractors anticipate layoffs or other cuts at their firms in the next six months 21% Trending line of defense and does significantly raise the bar for hackers to clear,” he told FCW. “It should also be one of the simplest first steps to take. Even if you can only enforce smart card systems logon for 95 percent of the workforce, that still greatly reduces the number of people who actually have a pass- word that can be phished, intercepted or guessed.” However, agencies leave “username/ password ‘back doors’ to support cer- tain legacy systems,” Edwards said, and that approach undermines two- factor authentication. “Additionally, relying on incoming perimeter defenses alone does little to reduce the impact of Trojans and other [advanced persistent threat] software if that is able to acquire systems-level permissions and leak data over a long period of time,” he said. Ralph Kahn, vice president of fed- eral at security firm Tanium, told FCW that the “urgent but fairly broad” lan- guage of the sprint memo was a good approach. “You risk setting up agencies to fail” if you list specific demands, he said, adding that the open language hope- fully prompted fuller participation from agencies in desperate need of an honest look at their cybersecurity situations. He said the patch issue is one of the most crucial problems. “In many cases, agencies just don’t know” where they stand with software patches, he said, noting that many run legacy systems for which patches aren’t available or rely on “incomplete tools” that might report issues have been patched when they haven’t. “That whole patching thing is a lot more complicated than a 30-day sprint would indicate,” Kahn said. And although Scott said the sprint has “greatly enhanced the cybersecu- rity profile of the U.S. government as a whole,” many experts have cautioned that cybersecurity is a complex, long- haul proposition. “Cybersecurity...is not a sprint, it’s a marathon,” said Gregory Wilshusen, director of information security issues at the Government Accountability Office, during a congressional hear- ing on July 8. “It needs to be going on a continuous basis.” — Zach Noble FCW CALENDAR Acquisition Washington Technology’s Department of Health and Human Services IT Day will dig into specific fiscal 2016 acquisitions at the Food and Drug Administration, Centers for Medicare and Medicaid Services and other HHS components. Falls Church, Va. is.gd/WT_HHS_IT CDM The Department of Homeland Security’s Jim Quinn and the General Services Administration’s Chris Hamm are among the speakers at this FCW event on the next steps toward improving agencies’ security posture. Washington, D.C. fcw.com/cdm 9/2 8/19 Defense Brig. Gen. Mark Weatherington, the Joint Staff’s deputy director for C4/cyber, and Veterans Affairs Undersecretary for Benefits Allison Hickey are among the speakers at AFCEA NOVA’s Joint Warfighter IT Day. Vienna, Va. is.gd/AFCEA_defense 9/2 4 July 30, 2015 FCW.COM 0730fcw_004-011.indd 4 7/15/15 11:41 AM
July 15, 2015
August 15, 2015