by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : May 15, 2014
The federal government is asking users of HealthCare.gov to change their passwords as a result of the Heartbleed vulnerability that allows hackers to get around encryption on networks protected by the open- source OpenSSL security code. Although officials say they do not have evidence that the Heartbleed vul- nerability has put user information at risk, HealthCare.gov operators reset more than 8 million site passwords and published a message on the home page advising users that they would need to create new passwords. It is the first time a federal website has taken that step since the disclo- sure of the cybersecurity threat, but the action is in keeping with federal website policy announced in an April 18 blog post by Phyllis Schneck, dep- uty undersecretary for cybersecurity at the Department of Homeland Secu- rity. The policy requires federal sites that might be vulnerable to the flaw to update OpenSSL, reissue security certificates and reset user passwords. The operators of HealthCare.gov appear to have taken all those steps. Feds warn HealthCare.gov users about Heartbleed of Americans say opening U.S. airspace to drones would be a change for the worse 63% Trending The site’s security certificate was reis- sued on April 14, and passwords were reset. Those steps suggest that the site is using new OpenSSL software. Nevertheless, officials are reassuring users that their information is most likely not at risk. “Since being made aware of the vul- nerability, the [Obama] administration took action to protect networks and websites,” a HealthCare.gov spokes- person told FCW in an emailed state- ment. “As with any vulnerability or threat in cyberspace, the federal gov- ernment — [and the Department of Health and Human Services] in this instance — has a standard process for addressing how it may impact the infrastructure, and [officials] are using that to mitigate this vulnerability and monitor for problems.” An advisory posted on HealthCare. gov on April 18 reads, “HealthCare. gov uses many layers of protections to secure your information. While there’s no indication that any per- sonal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consum- ers’ passwords out of an abundance of caution.” DHS, the Internal Revenue Service and other agencies have declared that their sites were not threatened by Heartbleed. The Defense Depart- ment joined that chorus on April 19, when Deputy CIO Richard Hale said the software bug has no effect on DOD’s classified networks and mini- mal effect on its unclassified sites. Upon learning of the OpenSSL flaw, Hale said, DOD immediately blocked “the exploitation of this vulnerability at the boundary between the depart- ment’s network and the Internet.” — Adam Mazmanian FCW CALENDAR Defense IT AFCEA and George Mason University host a symposium on critical issues in C4I, featuring a keynote by Maj. Gen. Robert Wheeler, DOD’s deputy CIO for command, control, communications and computers and information infrastructure capabilities. Fairfax, Va. http://is.gd/fcw_c4i Management of Change Speakers at this year’s edition of the ACT-IAC annual conference include NASA’s Beth Beck, GSA’s Sonny Hashmi and Keith Alexander, former NSA director and U.S . Cyber Command leader. Cambridge, Md. http://is.gd/fcw_moc 5/20-21 5/18-20 GWACs The National Institutes of Health’s IT Acquisition and Assessment Center offers training on governmentwide acquisition contracts in general and NITAAC’s offerings in particular. Rockville, Md. http://is.gd/fcw_nitaac 6/5 May 15, 2014 FCW.COM 3 8 million passwords were reset on HealthCare.gov “out of an abundance of caution.”
April 30, 2014
May 30, 2014