by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : September 15, 2016
Should feds be concerned about the NSA hack? of IT budgets are devoted to security, a recent IDC survey found 21% Trending FCW CALENDAR Shared services ACT-IAC, the Association of Government Accountants and the Shared Services Leadership Coalition are co-hosting this full-day summit on the opportunities and challenges in implementing shared services. Washington, D.C . is.gd/FCW_sharedsvcs Digital government Former GSA CIO Casey Coleman discusses the seven pillars of digital government at this FCW and GCN event, which also features new research on the state of agencies’ digital efforts. Washington, D.C . fcw.com/digitalgovernment 10/4 9/15 GCN dig IT Awards FCW’s sister publication showcases transformative public-sector IT projects in analytics, cloud, cybersecurity, mobile, unmanned systems and more. Plus: Meet FCW’s 2016 Rising Stars. Tysons Corner, Va. https://gcn.com/digit 10/13 The leak of a payload of zero-day exploits, allegedly lifted from a Nation- al Security Agency server, could pose problems for federal networks, but so far the government’s cybersecurity first responders have been quiet about the incident. The Department of Homeland Secu- rity’s U.S. Computer Emergency Readi- ness Team has not raised an alarm. A DHS official told FCW that because exploits related to the disclosures have not been released, any threat is hypo- thetical, and it’s hard for experts to rec- ommend specific defenses at this point. From a technical standpoint, the extent of vulnerability in government systems is unclear. Matthew Green, an assistant professor of computer science at Johns Hopkins University, said the good news is that most of the exploits are for out-of-date routers. He added that in theory, an upgrade path should have made the devices safe by now. “I would hope that federal agencies — if they have any sense — are sys- tematically updating the software on all of their routers right now,” Green said. “That could be a pretty daunting task, given how many of these devices there are.” Cisco issued a security update advis- ing customers about updates to help defend against the exploits. The Defense Department, which oversees NSA, could have an advan- tage when it comes to awareness of zero-day exploits. David Wennergren, a former deputy CIO at DOD, told FCW that “it would be naïve to think that the DOD CIO wasn’t aware of what NSA had access to and knowledge of.” Wennergren, who is now senior vice president for technology at the Professional Services Council, added that there is regular information shar- ing between NSA’s Tailored Access Operations and DOD. Outside the Pentagon, it’s another matter. He said it’s quite likely that other government agencies did not receive any warning about the vul- nerabilities. The DHS-run Einstein system could offer some protection for federal civil- ian networks. Einstein uses threat sig- natures to detect and deflect intrusion attempts. Although some of those sig- natures are shared among public- and private-sector cyber defenders, others are classified. Jason Healey, a senior fellow at the Atlantic Council and a former mili- tary cyber operative, told FCW that it is possible that threat signatures for vulnerabilities maintained by the U.S. intelligence community are included in Einstein. Even if NSA does not share such threat signatures with Einstein, those issued by Cisco could be added to the system, said Ann Barron-DiCamillo, former director of US-CERT and cur- rently CTO at Strategic Cyber Ventures. She said that behind the scenes, the National Security Council and others are working on responses for federal civilian agencies. A senior Obama administration official declined to comment on the release of the exploits but said DHS released a binding operational directive in May 2015 in the wake of the Office of Personnel Management hack requir- ing agencies to remediate or mitigate known critical vulnerabilities within a specified time frame. — Sean D. Carberry, Adam Mazmanian and Mark Rockwell September 15, 2016 FCW.COM 3 0915fcw_003-010.indd 3 8/24/16 12:40 PM
August 30, 2016
September 30, 2016