by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : June 15, 2016
18F breach puts spotlight on commercial apps BY NICK WAKEMAN Recent security lapses have raised questions about the proper use of popular online collaboration tools When the General Services Administra- tion’s inspector general dinged 18F for creating a potential security breach via a collaboration app, it raised issues that go beyond this particular situation. 18F was the subject of a management alert in late May because its employ- ees’ use of the collaboration tool Slack opened more than 100 Google Drives to potentially anyone. The drives con- tained a variety of data, including per- sonally identifiable information and pro- prietary information from contractors. The group was criticized for poorly configuring Slack, for how it handled the breach’s discovery and for its slow- ness in reporting the problem. But there is no evidence that anyone accessed the information improperly. For a cybersecurity incident, this is a small one, but it is adding fuel to the debate over whether commercial applications are secure enough for the government market, as opposed to apps built specifically for federal agencies. The Washington Post reported that Rep. Jason Chaffetz (R-Utah) plans to launch an investigation. And as chair- man of the House Oversight and Gov- ernment Reform Committee, Chaffetz and his concerns demand a certain degree of attention. “It is alarming that the very IT geeks charged with helping to modernize fed- eral IT are so casual about safeguarding important data,” he said. “It appears these ‘experts’ need to learn a thing or two about protecting sensitive information.” Although it sounds like the commit- tee will target 18F, there is potential fall- out that could affect the use of Slack and other commercial apps like it. Slack has made inroads with govern- ment users at NASA’s Jet Propulsion Laboratory, State Department and, of course, GSA. In a statement to FCW, a Slack spokesperson said the issue reported by the IG was not a breach of Slack, which integrates with Google Drive but does not override permissions that users set within Drive. “Customers should continue to feel confident about the privacy and security of the data they entrust to Slack,” the spokesperson said. 18F, meanwhile, described the steps it took once it discovered the issue and acknowledged in a blog posting that mistakes were made. It’s not clear if 18F team members have stopped using Slack as the IG recommended. The bigger issue the incident illumi- nates, however, is a common one when it comes to security breaches: the role of culture and human error. In other words, the fault doesn’t lie with the product. And plenty of other commercial products have made their way into the government market. Digi- talGov.gov has a long list of commercial apps — mostly free — that have signed terms-of-service agreements with vari- ous agencies. The list includes Blip.tv for video sharing, Asana for collabora- tion, several Google products, Screen- door for online forms, Snapchat for messaging and TubeMogul for video analytics and distribution. The genie is too far out of the bottle to ban agency use of commercial apps, and that’s as it should be. Yet whether you are at 18F or any other government office, the focus must be on security. n WTInsider Washington Technology, a sister publication to FCW, covers all the ins and outs of the IT contracting community. Learn more at WashingtonTechnology.com. 32 June 15, 2016 FCW.COM FLICKR.COM/REPUBLICANCONFERENCE “It is alarming that the very IT geeks charged with helping to modernize federal IT are so casual about safeguarding important data.” REP. JASON CHAFFETZ (R-UTAH) 0615fcw_032.indd 32 5/23/16 2:56 PM
May 30, 2016
June 30, 2016