by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : March 15, 2013
Be part of the conversation: Follow @FCWNow on Twitter. SM performance measurement is a must-have in lean times! RT @FCWnow The larger message in social media metrics http://ow.ly/hYduU 2:25PM-22Feb13 Marney Burke @marney burke Reply Retweet Favorite A litany of IT shortcomings puts the Census Bureau at the mercy of hackers and other nefarious activ- ity, according to the Government Accountability Of ce. A GAO report released Feb. 20 con- cludes that although the bureau has taken steps to protect the information and systems that support its mission, it has not effectively adopted appro- priate information security controls to regulate the people and devices that can access those systems. Census of cials, for example, did not adequately restrict connectivity to key network devices and servers or identify and authenticate users. They also failed to limit user access rights and permissions, encrypt data, monitor systems and networks, or ensure that appropriate physical security controls were adopted. GAO auditors said the main reason for those aws is the bureau s lack of a sweeping information security program to ensure that controls are effectively established and main- tained, as required under the Fed- eral Information Security Manage- ment Act. The bureau also failed to keep certain security management poli- cies up-to-date and had not revised its IT security program and policies since April 2010, even though internal guidelines require of cials to update policies at least once a year. "Until the bureau implements a complete and comprehensive security program, it will have lim- ited assurance that its information and systems are being adequately protected against unauthorized access, use, disclosure, modifica- tion, disruption or loss," GAO audi- tors warned. --- Camille Tuutti A cyberattack on Energy Department networks that compromised con den- tial data apparently happened weeks after two reports from DOE s inspector general highlighted vulnerabilities at the agency. The data breach occurred in January but was disclosed to DOE employees on Feb. 1, according to Reuters. The breach did not compromise classified informa- tion, authorities said. Instead, unknown sources hacked into personally identifi- able information of employees and con- tractors. DOE has not said which of its components were targeted. While acknowl- edging progress, the IG reports iden- tify a number of areas of vulnerabil- ity, including at the National Nuclear Security Administration. Weaknesses in DOE s cybersecurity program include issues with access control, vulnerabil- ity management, integrity of Web appli- cations and planning for continuity of operations, according to the November 2012 report. In December 2012, the IG found "sev- eral issues that limited the ef ciency and effectiveness of the department s cybersecurity incident management pro- gram and adversely impacted the ability of law enforcement to investigate inci- dents." Among them were duplicative and disjointed incident management capabilities that cost the agency $30 million annually and inconsistencies in the timely identi - cation and reporting of incidents, which is required by law. It is unclear what the hackers behind the January attack were after, but accord- ing to one cybersecu- rity expert, malicious actors can do plenty of damage with per- sonally identifiable information. "They can try to gure out who works where to get creden- tials to impersonate them and access information," said Richard Bejtlich, chief security officer at Mandiant. "They can also target those people directly through phishing or imperson- ate them to contact their contacts and expand in uence." In response to the recent intrusion, DOE leaders told employees in the Feb. 1 letter that they are increasing network monitoring and deploying tools to pro- tect sensitive assets. --- Amber Corrin GAO nds Census Bureau vulnerable to cyberattack DOE data breach came after warnings 8 March 15, 2013 FCW.COM Trending users will be supported under DOD's plan for mobile access to unclassi ed and classi ed networks. 600,000 Incident reporting lags 223 reported incidents at 7 sites revealed that 41 percent of cybersecurity incidents had not been reported to DOE s Joint Cybersecurity Coordination Center within the established time frames. Although they are required to be reported within 45 minutes, auditors noted 10 incidents involving personally identi able information potentially affecting 109 individuals at 3 sites that, in some cases, had been reported up to 15 hours beyond the prescribed time frame. Source: December 2012 IG report
March 30, 2013