News in Brief

Appropriators consolidate cyber spending, IG dings HHS and more

abstract image of money

HHS gets low marks on security card implementation

The Department of Health and Human Services' efforts at implementing secure ID cards were rated "inadequate" by the HHS Office of Inspector General.

A new IG report said HHS's implementation of the 2004 Homeland Security Presidential Directive 12 is uneven and has some vulnerabilities that could put the agency's security at risk.

The report said the agency's HSPD-12 efforts lacked controls to ensure that all credentialing requirements were met, and noted that identification cards weren't deactivated in a timely manner. It also said controls to access and manage the system were not tight enough.

According to the study, the HHS data center's network firewall configuration also didn't comply with its security policies.

The OIG also found that security management controls, including patch management, antivirus management, and configuration management, were not implemented on HSPD-12 workstations at any of the division PIV Card Issuance Facilities that were audited. The study said HHS also allowed nongovernmental computers to connect to card management systems.

The OIG recommended that HHS implement security requirements for card enrollment and issuance, deactivate of cards, system access, security management, physical security, and Web portals associated with the identity card program.

Senate appropriators seek to consolidate cyber spending

Tim Starks at CQ Roll Call reports that the Energy Department cybersecurity budget for energy, science and environmental missions spreads funding over 11 different accounts, and the Senate Appropriations Committee wants all of that nearly $150 million consolidated into one place.

The fiscal 2015 Energy and Water spending bill includes $304 million in cybersecurity funding for the Department of Energy, with $155 million for the National Nuclear Security Administration and $149 million for energy/science/environmental missions.

But the NNSA money is all coordinated by one official, and the report on the Senate bill says DOE "should follow NNSA's example of consolidating cybersecurity activities and funding authority to one person under one funding account."

California firm boosts state-level transparency

Federal agencies have the IT Dashboard, but GCN reports that a growing number of state and local government are turning to a California startup for their financial transparency efforts., a Mountain View-based firm, "works as a subscription service. Agencies email their raw general ledger data. ... The company maps the data, accounting for each municipality's unique chart of accounts –and provides a link to a website for review, often within a week."

British hacker indicted on charges of breaching agency networks

Ten days after the Government Accountability Office revealed hackers had infiltrated satellite data by hijacking a contractor's personal computer, federal prosecutors unsealed a set of indictments against a British man for breaching several U.S. government agency networks in another case.

The FBI said on July 25 that 29-year-old Lauri Love of Stradishall, England, had been indicted by a U.S. federal grand jury on charges of conspiracy, causing damage to a protected computer, access device fraud and aggravated identity theft. British law enforcement dropped their charges against Love on July 25 so the U.S. could pursue its charges.

According to the federal indictment, in October 2012 Love and coconspirators broke into protected computers belonging to the Department of Energy, Department of Health and Human Services, the U.S. Sentencing Commission, the FBI's Regional Computer Forensics Laboratory, and computers at Deltek, Inc. and Forte Interactive Inc. by exploiting a known vulnerability in Adobe ColdFusion, a software program designed to build and administer websites and databases. The vulnerability, which has since been corrected, according to the FBI, allowed Love and the accomplices to access protected areas of the victims' computer servers without proper login credentials.

The indictment accused Love and his cohorts of obtaining administrator-level access to the networks using custom file managers, allowing them to upload and download files, edit, remove and search for data. It said Love and his group got more than 100,000 employee records with names, Social Security numbers, addresses, phone numbers, salary information and other financial records, including credit card numbers.

About the Author

Connect with the FCW staff on Twitter @FCWnow.

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group