GovernmentExecutive.com

Sometimes it's hard to get a grasp on just how well the federal government is doing in securing the nation against possible terrorist attacks. After all, such information is generously stamped as not for public release because of national security reasons.

That means Americans frequently get a watered-down account of the government's performance when it comes to security. Sometimes very watered down. Consider this report that the inspector general at the Homeland Security Department posted this month. The report, if you can call it that, has to leave the public wondering why the department even bothered to waste resources to print it and store it on its Web site.

The report, with the title “A Review of Homeland Security Activities Along a Segment of the Michigan-Canadian Border (Unclassified Summary),” is a spine-straining three pages long. That includes the title page and the back page, on which is printed the boilerplate end-of-report information on how to request additional reports.

That leaves one page for the five-paragraph “Unclassified Summary," three paragraphs of which are devoted to the report's objective and how the IG conducted the review. The last two (short) paragraphs present the IG's findings and recommendations:

We identified several concerns regarding the integration and dissemination of intelligence, the protection of critical infrastructure/key resources, local targeting capabilities, the extent of local performance measures, and the need for additional technological resources.

We are recommending that DHS increase its local intelligence presence; better coordinate the funding of protective measures for critical infrastructure/key resources; introduce additional standard operating procedures at the ports of entry; and deploy additional technological resources along the border. DHS is already taking steps toward remedying some of these issues in response to concerns that were raised during the course of our review.

Ignorance is bliss, they say.

Headlines from around the Web for Wednesday, Oct. 31.
Compiled by Melanie Bender

HHS Unveils E-Health Records Incentive Program
ComputerWorld
The U.S. Department of Health and Human Services Tuesday announced a new five-year initiative that will provide higher Medicare reimbursement payments to physicians who use electronic health records. The demonstration program is intended to offset the costs of putting EHR software into place and paying for training and support.

Noise Sensors Back Police on Shooting of D.C. Teen
The Washington Post
Gunshot sensors indicate that the first shot fired in a police confrontation with a 14-year-old did not come from the off-duty D.C. officers at the scene but from a higher-caliber weapon close to where the slain youth fell, law enforcement sources said. The gunshot sensors are part of a network installed last year on rooftops in many neighborhoods in D.C.

Kentucky Launches Statewide High-Speed Education Network
Government Technology
Kentucky students now are on the leading edge of technology and education thanks to the newly created Kentucky Education Network. Public schools across the state now are connected to KEN, which addresses the need to improve the speed in which information comes into and leaves local school districts.

IT Salaries to Rise Twice as Fast as Inflation
CIO Insight
CIOs looking to hire skilled IT professionals will pay, on average, 5.3 percent more in 2008 than they did this year, according to a just-released report from Robert Half Technology, an IT staffing firm.

IG: GSA Contractors Get System Access Before Background Checks
Federal Computer Week
General Services Administration officials compromised confidential information when they failed to perform background checks on contractors before giving them access to the agency’s information systems, according to GSA’s inspector general.

Defense Leaders Push Interoperability Agenda
Government Computer News
While commanders increasingly are able to make tactical decisions from real-time air reconnaissance and ground intelligence, “The ability to do dynamic planning isn’t there,” said Air Force Lt. Gen. Michael Peterson at this week’s MILCOM conference.

IT Industry Wants Action on Cybercrime Bills
Government Computer News
The Business Software Alliance has come out in favor of H.R. 2290, the Cyber Security Enhancement Act of 2007, and S. 2213, the Cyber Crime Act of 2007, and is producing educational materials to help sway legislators.

Council Seeks Comments on Public Safety Network Specs
Washington Technology
Public safety officials and industry experts have until Friday to submit comments to an umbrella group of organizations developing specifications for the new public safety broadband network to be created by the Federal Communications Commission.

Is U.S. Stuck in Internet's Slow Lane?
The Associated Press
The United States is starting to look like a slowpoke on the Internet. Examples abound of countries that have faster and cheaper broadband connections, and more of their population connected to them. The Bush administration has tried to foster broadband adoption with a hands-off approach. If that's seen as a failure by the next administration, the policy may change.

The IT managers over at the Internal Revenue Service got some good news this week from an unexpected source: the Treasury Inspector General for Tax Administration. In a report released this week, the IG concluded that the IRS had successfully deployed the latest update to its new database and application engine, called the Customer Account Data Engine (CADE). Developing a working CADE has been a pretty big deal for the IRS; it’s at the heart of the agency’s multi-billion-dollar modernization effort, which has had its history of troubles. IRS agents eventually will use CADE to store and access the 200 million individual and business tax files Americans submit every year. The hope is that the files will be updated daily instead of weekly (improving service by allowing IRS employees to give more up to date informaiotn to taxpayers) and allow for tax returns to be sent out faster.

This milestone was a big one for the IRS because the new release, called Release 2.2, included the most commonly used tax forms, including returns for Single, Married Filing Jointly, Married Filing Separately, and Head of Household, as well as profit or loss from a business (Schedule C), capital gains and losses (Schedule D), supplemental income and loss (Schedule E), profit or loss from farming (Schedule F), and self-employment tax (Schedule SE).

But the IRS pulled it off, according to the IG. Success meant the IRS accurately posted the returns for those commonly used tax forms. The only drawback, the IG reported, was that the IRS processed 11 million returns using CADE instead of the 33 million returns it had set as a goal. The IRS said it missed its goal because it had to postpone launching the new release by two months so it could complete upgrades. The laucnh had one other hiccup that the IG downplayed. The IG caught caught one incident in which the IRS would have sent out $400,000 in undeserved refunds to taxpayers for overpaid taxes, but the error was caught before the payment was sent.

Headlines from around the Web for Monday, Oct. 29.

Congress Looks for Price Fix
Federal Computer Week
Regulators left a gap in a final rule on time-and-materials contracts that lawmakers say exceeds the authority that Congress granted. Now, members of the Senate Armed Services Committee want to close that gap and curtail the use of such contracts.

New Jersey AG’s Effort to Combat Phishing May Lead to More Phishing
ComputerWorld
This week, State Attorney General Anne Milgram called on four banks to provide her with details on how they respond to phishing incidents. Milgram also asked the banks to send e-mail to their online customers, warning them that the bank has been a recent target for phishing scams and offering advice on how to tell fake e-mails form the real thing.

Cerf Steps Down After 7 Years Heading ICANN
USA Today
After fending off an international rebellion and planting the seeds for streamlining operations, Cerf is stepping down this week as chairman of the Internet Corporation of Assigned Names and Numbers.

Report: U.S. Tops List of Spam-Offending Countries
CNet News
The U.S. remains the world's biggest spammer, according to security firm Sophos, which on Friday released its quarterly report on the world's top spam-offending countries – dubbed the “Dirty Dozen.” Responsible for 28.4 percent of all spam, the U.S. came in well ahead of its rivals.

Cisco Says India Investment on Track, Company Plans to Hire More
Reuters
Network equipment maker Cisco Systems Inc. is on target to invest the $1.1 billion it earlier committed to spend in India, and plans to scale up its headcount, the firm's chief executive said on Monday. Cisco's expansion plans for India underscore the country's growing importance as a global hub for technology outsourcing and research for multinationals.

Penn. Congressman Renews Push for Better Law on Open Records
Pittsburgh Post-Gazette
A freshman isn't happy that Pennsylvania's open records law has been ranked 48th worst in the nation. Rep. Tim Mahoney of South Union has come up with a proposed “Right To Know Law” he hopes will begin to restore the public’s faith in government.

How Google Maps Helped Turn Tide on Wildfires
CIO Insight
Through the cooperation of local volunteers, geographers and government agencies, technologists created highly accurate maps and satellite overlays pinpointing the exact location of fires in near real-time for the benefit of first responders and evacuees concerned about their homes.

Alarm Rises Over European Bid to Woo Educated U.S. Workers
The New York Sun
American companies are becoming increasingly alarmed at a European initiative – the blue card – designed to attract the world's best-educated workers with a speedy and relaxed work permit system.

Privacy, Personal Information At Risk on Campuses
InformationWeek
CDW Government Inc. released the results of its third annual Higher Education IT Security Report Card on Monday. It reveals that, despite increased attention to better IT security in higher education, there has been little progress. The report concludes less than half of campus networks are safe from attack, with 58 percent reporting at least one security breach in the last year.

-- Compiled by Melanie Bender

You just knew there had to be an IT angle to the special inspector general reports on procurement abuses associated with the Iraq War. You were right. There is. Seems that the United States spent $38 million to develop a financial management system for Iraq's government. When it stopped working for a month, no one noticed, according to an Associated Press article. From the article:

"According to U.S. Embassy officials, the Ministry of Finance continues to use its legacy system for overall budget and accounting, 'nobody noticed' when IFMIS was down for a month and no one relies on IFMIS to produce reports," [special inspector general for Iraq reconstruction Stuart W. Bowen Jr.] said.

Other ministries, such as interior and defense, have developed their own financial management information systems, and they are not compatible with the new one and cannot transfer financial data from one system to another.

Sound familiar?

Following is a sampling of information technology articles that news outlets recently posted.

Pandemic Test Paints Dire Scenario
ComputerWorld
If a pandemic strikes the United States, it would kill about 1.7 million people, hospitalize 9 million, exhaust antiviral medications and reduce basic food supplies, according to a planning scenario developed by financial service firms preparing for such a catastrophe.

Cities Themselves May be Muni Wi-Fi's Savior
CNET News
Blanketing cities with Wi-Fi signals is not inherently a bad idea. Even though some projects have stalled or failed outright, there have also been several success stories.

Intel Funds Scholarly Exploration of Tech Frontier
On university campuses in three states, teams funded by Intel Corp. are exploring the future of computing, seeking ways to further integrate computers into daily life.

SoCal Fire Victims Relying on Web 2.0
Newsfactor
The conflagration that is Southern California is overwhelming wireless phone networks, and residents are turning to text messaging, blogs, and Web 2.0 sites such as YouTube, Flickr, and Twitter to keep each other abreast of the latest developments.

High-Tech Chiefs Establish Fund to Buoy Public Education
The Boston Globe
A group of Massachusetts high-tech chief executives, concerned the United States is falling behind global competitors in producing scientists and engineers, has begun an effort to boost the state's K-12 public education system by raising corporate money to support pilot schools and advanced placement programs.

Arkansas State Medicaid Chief: Streamline Data System
Arkansas Democrat-Gazette
The health-care system in Arkansas and the nation is “not making good use of our resources,” said John Selig, director of the Department of Human Services, which runs the state’s Medicaid program.

Vermont’s New Driver’s Licenses Carry Security Flaw
St. Alban’s Messenger
Radio frequency tags slated for use in Vermont’s $1.5 million Enhanced Driver’s License/Identification program pose a security risk, according to industry experts. Critics of the card program say the cards can be read from a distance of 30 feet, are easily cloned and the radio receivers used to read them are vulnerable to attack.

Hourly Tech Pay Hit Near All-Time High Last Quarter
InformationWeek
Pay increased an average of more than 5.5 percent for the quarter ended Sept. 30, compared to the same period last year.

Missouri CIO Testifies Before Congress on the States and Cybersecurity
Government Technology
The CIO’s testimony emphasized information technology security as a vital component in securing our nation's Internet infrastructure and described the important role that the CIOs and their IT security personnel play in responding to Internet and critical IT system disruptions, when they occur.

-- Compiled by Melanie Bender

The World Radio Conference -- the quadrennial international meeting of 190 nations to slice and dice increasingly valuable and scarce radio spectrum -- kicked off Oct. 22.

And the Defense Department is interested.

How interested? Both John Grimes, assistant secretary of Defense for Networks and Information Integration, and Air Force Lt. Gen. Chares Croom, director of the Defense Information Systems Agency, showed up for the first week of the confab, which runs through Nov. 16.

Grimes, in a press briefing teleconference today from Geneva, said he is concerned about two key items on the conference’s agenda: protection of HF spectrum (4 to 10 megahertz), which has found a new life as a long-range data transmission medium, and a re-allocation of C-band frequencies (3.4 to 4.2 gigahertz), used by military radars and satellite communications systems such as the Navy.

Richard Russell, U.S. ambassador to the conference, said European nations at the conference represented by the 48-member European Conference of Postal and Telecommunications Administrators advocate allocating portions of the HF band to digital shortwave broadcasting by stations such as the BBC in the UK and Westdeutscher Rundfunk in Germany. (That’s conference agenda item 1.13)

Grimes said the United States is “standing hard” on any incursions by broadcasters into the HF bands used by Defense and military forces in other countries, including some in Europe.

Russell said European countries are also pushing to use C-band frequencies for commercial, next-generation broadband mobile services. (That’s conference agenda item 1.4). Grimes said this was a critical issue for Defense, which cannot afford interference with military radars in the C-band.

Russell said the U.S. delegation, including Grimes and Croom, had lunch with the Mideast Gulf states today, and they are in line with the U.S. position to not use C-band for broadband mobile. Russell added that he did not expect the HF or C-band issues to be resolved until the last week of the conference.

A Defense spokesman told me Grimes and Croom will return home this Friday. Probably a smart fiscal move, as the price of hotel rooms in Geneva might require Congress to pass a Defense supplemental to pay the bill.

Following is a sampling of information technology articles that news outlets recently posted.

San Diego Wildfires: Business and Government Systems Keep Running Despite the Disaster
CIO.com
Business continuity plans helped Qualcomm and San Diego County keep going despite system overload, employee evacuations and other consequences of the fires.

Storm Worm Strikes Back at Security Pros
NetworkWorld.com
The Storm worm fights back against security researchers that seek to destroy it. Those discovered trying to defeat the worm suffer DDoS attacks.

Attacks Aimed at Personal Data Soar
eWeek
During the first half of 2007, Microsoft's Malicious Software Removal Tool detected 31.6 million phishing scams -- an increase of more than 150 percent over the previous six months -- and tracked a 500 percent increase in Trojan downloaders and droppers, according to the company's latest Security Intelligence Report.

CIO Council Turns Focus on Privacy
FCW.com
The CIO Council is formally addressing privacy issues, much the same way it looks at enterprise architecture, best practices and workforce challenges.

Duke Employees Face Snafus from Proposed Verification System
Duke News
Duke officials warn if Congress moves ahead with proposed legislation requiring private universities to verify the status of employees with a national electronic system, some Duke employees could lose their jobs or even be deported.

Ahead of the Bell: Border Security
Business Week
Lawmakers on Wednesday will press Boeing Co. and senior government officials on the status of the first high-tech "virtual fence" at the nation's borders, after nearly a five-month delay caused by a computer glitch.

House Panel Chief Demands Details of Cybersecurity Plan
Baltimore Sun
The chairman of the House Homeland Security Committee called on the Bush administration yesterday to delay the planned launch of a multi- billion-dollar cybersecurity initiative so that Congress could have time to evaluate it.

Scanning Students' Fingers Hits a Nerve
Statesman Journal
With the federal government lagging behind on its plans to implement the use of electronic passports, identification cards and driver's licenses, biometric vendors are targeting a new market: schools.

U.S. Government Considers Mandating Internet Service Providers to Forward Customers' E-mails
Technology Review
The U.S. post office forwards letters when a person moves, and telephone companies do likewise with calls. Should Internet companies be required to forward e-mails to customers who switch providers?

Chicago to Do Clean Sweep of Parking Violators
GCN.com
City officials last week issued a request for qualifications for a project that would put high-resolution digital cameras on the city's street sweepers. The surveillance cameras would take photos of illegally parked vehicles and the vehicles' license plates.

-- Compiled by Melanie Bender.

Biometric vendors have always had the “Big Brother” image problem to do deal with when trying to sell their wares to organizations that are considering using fingerprints, hand geometry or iris scans to identify individuals. The public worries that their biometric identification could be stolen or used by the government in a way they wouldn't approve of. It looks like they still do, especially when children are involved, as Oregon’s Stayton Middle School officials found out.

A senior research fellow with the Mercatus Center at George Mason University has characterized federal agencies’ efforts to post data and documents online as a perfunctory exercise and calls for legislation to force agencies to make more information available and searchable online. That way, public policy can be improved because more people can access and manipulate government information.

Jerry Brito, in his working paper “Hack, Mash & Peer: Crowdsourcing Government Transparency,” writes:

Unfortunately, many of the statutory requirements for disclosure do not take Internet technology into account. For example, the 1978 Ethics in Government Act requires the disclosure of financial information -- including the source, type, and amount of income -- by many federal employees, elected officials, and candidates for office, including the president and vice president, and members of Congress. The act further requires that all filings be available to the public. One might imagine, then, that every representative or senator’s information would be just a Web search away, but one would be wrong.

He adds that, “Even when public information is available online, it is often not available in an easily accessible form. If data is difficult to search for and find, the effect might be the same as if it were not online.”

Brito attributes the lack of online, searchable information to “bureaucratic inertia” and to “no incentive, and often a disincentive, to make public information easily accessible.”

Brito calls for agencies to make information “meaningfully publicly available and in today’s day and age this means it should be made available online” and to put “data online in structured, open, and searchable formats.”

To do this, Brito calls for legislation. “The most obvious route to this goal is legislation that mandates online disclosure. Any such legislation, however, must take care to ensure that it lays all parts of the foundation.” He also argues for why it is government’s role to do this, and not the private sector:

First, government holds the digital originals of the data and can ensure the integrity and quality of the data made available online. ... Second, while exact figures are difficult to estimate, the marginal cost to the government of presenting its data in a useful format is certainly less than the cost incurred by third parties to devise and maintain clever hacks [defined by Brito as “a modification of a program or device to give the user access to features that were otherwise unavailable to them”] to siphon otherwise difficult-to-access government data. Finally, not all desirable government data can be hacked and made available by third parties. The major obstacle is that the government has not made some data available online. Online availability is a foundational piece that can only be addressed by government, and to the extent it makes new information available online, as we have just seen, it makes most sense for it to do so in useful formats.

In an item posted today in his blog, “The Risk Factor,” risk management expert Bob Charette calls into question OMB's announcement yesterday that the number of IT projects on its Management Watch List had dropped 61 percent – in seven months. “This is truly amazing,” Charette writes. “Sixty-one percent of government IT projects on the OMB watch list, which indicates whether they are well-positioned to execute, all got better at the same time. One can only conclude that the government has found a new, secret way to manage IT project risk.”

The skepticism doesn’t stop there. In an article posted today on Government Executive’s Web site, government project management expert J. Donaldson Frame says, “When I see miracle improvements occur very quickly, I wonder whether the improvements are genuine or reflect statistical artifacts."

And Ray Bjorkland, chief knowledge officer at federal marketing research firm FedSources, wonders how IT projects get on (and presumably then come off) the Management and High Risk lists in the first place.

For the 212 IT projects that came off the Management Watch List, OMB officials said those “agencies were able to adequately address deficiencies and weaknesses identified in these 212 investments by mitigating planning deficiencies, or in some cases, providing and completing additional documentation supporting their management activities.” No word on how well the projects are meeting budget, deadlines or performance measures, which Bjorkland says are the best indications of success in oversight of technology investments.

And the reason given for more IT programs going on the High Risk List? Again, better reporting from agencies, OMB said.

Interesting, better reporting was the reason OMB gave yesterday for the doubling of the number of reported security breaches exposing personally identifiable information. “An increase in reporting isn't necessarily a bad thing,” said Karen Evans, who holds the Bush administration’s top IT executive position at OMB.

This reason given when on the same day, Microsoft reports that phishing scams had increased more than 150 percent in the first six months of 2007 and the number of malware incidents increased 500 percent. Not to mention the 90 percent increase (over nine months) in the number of cyberattacks directed at electric utilities.

It still hurts my head to try to follow this logic. The message seems to be: It's good to know how bad things are. That could be helpful, if you then used that information to develop a plan to fix the bad things. No word on that, yet.

The following item was posted by Government Executive's Jill Aitoro.

AmeriCorps, a network of local, state, and national service programs, is considering jumping into social networking. According to Matt Harmon, Webmaster for the Corporation for National and Community Service, social networking sites such as MySpace and Facebook are perfect venues for recruitment and awareness, with social networking members typically ranging in their late teens to mid-20s. While still only in the idea stage, Harmon hopes to develop a Web page or pages that would bring service alums together to talk about their experiences and provide first-hand knowledge to those interested in getting involved in AmeriCorps. At the risk of shameless self promotion, recruits could download from the page necessary forms, link to the agency’s Web site, write blogs, and so on.

McQ Inc. said Boeing has selected it to provide a family of unattended sensors for the Homeland Security Department’s electronic border fence project, called the Secure Border Initiative Network (SBInet). McQ has a basic ordering agreement to provide unattended acoustic, magnetic and infrared sensors, according to contract information posted on Boeing’s online SBInet Toolbox contract page.

This summer, the Army Research Lab selected McQ’s unattended ground sensors as one of 10 “greatest inventions” of 2006.

In a related development, the House Homeland Security Committee plans to hold a hearing on the troubled SBInet project Oct. 24. DHS Secretary Michael Chertoff threatened last month to withhold payments on SBInet until Boeing fixes problems on a 28-mile pilot project in Arizona. “I'm not going to buy something with U.S. government money unless I'm satisfied it works in the real world,” Chertoff said last month at a congressional hearing.

Northrop Grumman recently won a National Security Agency information management and data services contract, which will allow the agency to ingest data at a speed faster than any other entity that the company knows on the planet.

Kevin Henderson, chief systems engineer for the information management and data services project, declined to provide any speed benchmarks for me but said the system would outperform those used for high-energy physics computations, which does provide a good baseline to work from.

In 2005 a team from the Energy Department's Fermi National Accelerator Laboratory and Stanford Linear Accelerator Center transferred physics data at the rate of 150 gigabits per second, or the equivalent of downloading 130 DVD movies in one minute. The NSA system supposedly can work faster than that.

Such blistering data transfer rates of electronics signals intelligence will require storage measured in the petabyte (a quadrillion bytes) range, Henderson said. Northrop Grumman will provide that through disk- and tape-based storage systems, with an eye to nanotechnology-based systems when and if that becomes available.

Loren Ryder, Northrop Grumman’s program manager for the NSA job, said agency analysts will not have to sift through petabytes of data to do their job. The company, he said, has developed an information management system to send the right data, to the right analyst, at the right time.

I understand that Lockheed Martin and EDO also bid on the NSAQ contract.

The Defense Information Systems Agency periodically releases security guides for networks and devices connected to its networks, but the latest version of its Desktop Application Security Checklist would boggle the average end-user’s mind with its complexity.

Take for example, the guide’s instructions on how to check for file and directory permissions:

There are multiple ways to check file and directory permissions:

On Windows NT systems, the DumpSec utility can be used. Details on the usage of DumpSec can be found in the section Using DumpSec in the Windows Security Checklist document.

On Windows 2000 systems, the Microsoft Management Console (MMC) can be used with the Security Configuration and Analysis snap-in. Details on the usage of this tool set can be found in the sections Using the Microsoft Management Console and File and Directory Permissions in the Windows Security Checklist document.

The Windows NT Explorer application on Windows NT or the Windows Explorer
application on Windows 2000, XP and 2003 can be used. Details on this approach follow.

On Windows NT, the Windows NT Explorer application can be used to manually check the permissions on a Windows file or directory. Navigate to the object and right click on it. Select the Properties item, the Security tab, and then the Permissions button.

On Windows 2000, XP, and 2003, the Windows Explorer application can be used to manually check the permissions on a Windows file or directory. Navigate to the object and right click on it. Select the Properties item, the Security tab, and then the Advanced button.

I’m better than an average reader but have little idea what any of the above means. So, I assume this security guide must be designed for advanced techno-geeks – as the entire Defense Department would otherwise grind to a halt while end users plowed through similar verbiage on the other 143 pages of the guide.

U.S. and coalition forces are the single largest source of jamming of Global Positioning System (GPS) receivers in Iraq, according to a co-inventor of the system.

As much as 85 percent of the jamming of GPS receivers in Iraq was caused by U.S. and coalition forces, according to GPS co-inventor Bradford Parkinson with Stanford University, and Martin Faga, former president and CEO of MITRE Corp. and a former director of the National Reconnaissance Office. Parkinson and Faga reported their findings in a briefing given this month to the multi-agency National Space Based Positioning, Timing and Navigation Meeting.

The origins of the GPS jamming was made by personnel from the 14th Air Force, which provides space support to operational missions, but the 14th Air Force did not identify which U.S. or coalition systems had inadvertently jammed GPS receivers. The14th Air Force did not know how many GPS receivers were in use in Iraq, according to the briefing, reporting only that a “significant number” of receivers were in use.

The 14th Air Force team also determined that 15 percent of jamming incidents in Iraq were of unknown origin, raising the possibility that opposing forces or groups in Iraq have access to GPS jamming gear.

In March 2003, prior to the invasion of Iraq, President Bush called Russian President Vladimir Putin to voice his concern that Russian companies were supplying the Iraqi military with GPS jamming equipment.

The following item was posted by Jill Aitoro.

A glimpse at enrollment in the Homeland Security Department’s Transportation Worker Identification Credential (TWIC) program provided one very interesting truth: While sexy in concept, the process of credentialing is pretty mundane.

The Transportation Security Administration held a media event yesterday in Wilmington, Del., to show what workers will go through when enrolling for TWIC. (Video of the enrollment process is available for download at the Coast Guard web site. For those who care to take a look, you’ll see people seated, documents being filled out and photocopied, some movement of a computer mouse, and – easily most exciting of all – fingerprints being scanned. Take away the latter, and it could just as easily be a trip to the Department of Motor Vehicles.

Maybe more telling than the actual enrollment preview was the drive into the port in Wilmington. Not surprising, security gates guarded the entry, with cars lined up at all but one of the gates – the gate that was reserved for TWIC card holders. That lane moved quickly. Sexy or not, it got the point across.

Some consumer groups in the United Kingdom are concerned that Wi-Fi signals may be harmful to young children and have convinced the a U.K. public health advisor to take on a $600,000 study to determine if the signals can harm health, according to an article posted by telegraph.co.uk. The groups are concerned that Wi-Fi signals, which "are very low power, typically 0.1 watt in both the computer and the router," according to the article, could affect children in classrooms where the Wi-Fi signals are emitted to experience "fatigue, memory and concentration problems, irritability and bad behaviour." And that would be different from . . . ?

This news item certainly will heap more suspicion on the Bush administration’s tactics for fighting terrorism.

A law firm in Vermont, which represents a client in Afghanistan and a prisoner at Guantanamo Bay, is accusing the federal government of tapping its phones and hacking into a computer used by one of the firm's partners, according to an article posted by the Burlington Free Press. Three partners in the law firm Gensburg, Atwell & Broderick recently sent a letter to clients telling them the firm "can't guarantee their communications were confidential," according to the article. The firm said it had found its phone lines crossed and that a computer forensic examination of the computer used by Robert Gensburg "found an application that disabled all security software and would have given someone access to all information on the computer," according to the article.

Gensberg said there may be an innocent explanation for the problems -- such as he may have accidentally downloaded some malware from the Internet -- but "we are quite confident that it is the United States government that has been doing the phone tapping and computer hacking," the lawyers wrote in their Oct. 2 letter to clients.

According to the article, there's no comment from U.S. officials or Verizon, which operates the phone lines for the law firm and is one of the telecommunication firms named in the Bush administration’s wiretapping program after 9/11:

U.S. Attorney Thomas D. Anderson, the federal government's top law enforcement official in Vermont, said Thursday that he couldn't comment. Verizon has consistently refused to comment on whether it is involved with national security issues, spokeswoman Beth Fastiggi said Thursday.

The Homeland Security Department has been working for years with the private sector to develop an operational plan it can follow in case a cyberattack takes down computers maintaining the critical infrastructure that supports the U.S. economy, such as networks operating the transportation, energy and financial systems. Or the electrical grid. They may want to hurry; cyberattacks on networks operated by electric utilities have jumped 90 percent in the past nine months, according to a security consultant that serves utilities. DHS has been criticized for the slow pace of creating a plan.

Hat tip: SANS Institute.

An article on a Web site operated by the Detroit Free Press about a driver's license fraud scheme in Michigan's Secretary of State's office raises an interesting question.

This month, a pair of Michigan state employees was caught selling fake driver's licenses, license plates and vehicle registration tags. The employees would identify a customer interested in obtaining the fake licenses and registration, would take the person's photo and then "use the name and personal information of an unwitting person already in the Secretary of State computer system" to produce the fake documents, according to the article.

This is the unnerving part: "The case broke after a sheriff's deputy noticed a fraudulent temporary license plate during a routine traffic stop," according to the article. The two employees' illegal activity on the state computer system was never flagged by the network. With the knowledge that most computer crimes come from within an organization, not from outside hackers, why wasn't the state system programmed to flag this unusual activity?

In addition, the article quotes Wayne County Sheriff Warren Evans musing about how "it is incredible in a post-Sept. 11 world that a government employee would provide anyone with picture identification under a false name." Maybe it's not that incredible, as illustrated by this Washington Post article. (As was the situation in the Michigan fraud case, this case was not broken by the state Department of Motor Vehicles but by the U.S. State Department's Bureau of Diplomatic Security.)

In the end, this Michigan case is what the Homeland Security Department can point to in its ongoing effort to enforce Real ID.

That’s just one of the messages delivered yesterday by Hugo Teufel III, chief privacy officer of the Department of Homeland Security, at a Radio Frequency Identification (RFID) conference in Washington.

Teufel said the privacy Web site, shows the agency is as serious about protecting privacy as it is about protecting borders. But Teufel wishes more people would visit the site; he said it may be one of the least visited federal Web sites out there.

Tuefel, who has the only privacy gig in any federal agency or department mandated by law, turns out to be a passionate advocate for privacy. DHS, Tuefel said, needs to ensure it protects privacy and civil liberties so it can succeed in its mission in combating terrorism. Teufel says this includes transparency, data minimization and accountability to make sure projects such as those that would use RFID for personal identification (like the planned Western Hemisphere Travel Initiative), don’t erode civil liberties through technology assessments such as last year’s paper on the use of RFID for human technology verification.

Teufel says he is well aware that the United States was founded by “people with a profound distrust of the government” and strives to insure that DHS policies and practices do not cause distrust today.

I admire his strong stance and position, but have to contrast it with DHS efforts to ram through the Real ID Act, which requires high-tech driver's licenses meet federal standards and which is opposed by an increasing number of states. This summer DHS Secretary Michael Chertoff told the National Conference of State Legislatures that residents of states who do not comply with the REAL ID Act by May 2008 will need to show their passports for all "federal purposes,” including, presumably, entering any federal building including local post offices.

Somehow, the thought of having to produce a passport to buy a stamp at the post office in my hometown of Las Vegas, N.M., (if New Mexico does not adopt Real ID driver's licenses) does not make me feel more secure, or that DHS really cares about privacy or that top DHS management understands citizens still have a deep distrust of government.

The online spoof news mag The Onion likes to routinely poke fun at NASA, and today brings another installment. The Onion staff makes fun of NASA's technological aptitude, writing that NASA has "an ambitious plan" to make the Johnson Space Center in Houston wireless. Within a decade. For only $655 million. "While the building that houses the public affairs office can currently pick up a weak Wi-Fi signal from a Starbucks across the street," The Onion cracks, "the Johnson Space Center as a whole is far from being the 'giant Wi-Fi hotspot' [NASA Administrator Michael] Griffin envisions." More yucks from the article:

Griffin said that the agency has also recruited seven information technology specialists from some of the nation's top white-collar regional workplaces. The seven mission specialists in the newly dubbed "Internet Explorer" program are being rigorously trained to install the theoretical wireless devices in an Earth-gravity environment in which they could encounter potentially arduous conditions such as poor air ventilation and lifeless workscapes.

My colleague Tom Shoop has chronicled other Onion parodies, one on the Department of Evil and another on NASA's plan to launch $700 million into space.

In August, the federal IT market research firm INPUT released a report showing agencies spending a greater portion of their IT budgets in the government’s fiscal fourth quarter. That’s up from 28 percent from the four year time period of fiscal 1997 to fiscal 2000.

Tech Insider blog item wondered if such an increase in IT spending over such a short period of time increased the chance that agencies may not be aligning spending with strategic goals and wasting money.

The answer may very well be yes, according to the Treasury Inspector General for Tax Administration. In a recent report, the IG found that the value of purchases by the Internal Revenue Service made in the month of September increased 671 percent from 2002 to 2006. Reviewing purchases made in August and September 2006, the IG “identified deficiencies with 14 (15 percent) of 92 procurement actions …,” according to the report. “We believe appropriations regulations may have been violated for four of the actions, while all required acquisition steps were not completed for the remaining 10 actions.”

The IG also wrote:

Inefficient and ineffective procurement actions can occur when there is a rush to use funds before they expire at fiscal yearend. This rush increases the risk that items purchased may not meet the requester’s need, thus requiring a second procurement action; were not obtained at the best possible price; or did not use the best vendor or type of contract because Office of Procurement personnel do not have the time necessary to perform a full contractor competition process. Therefore, funds may be spent inefficiently and ineffectively.

Attention, State Department: If you insist on naming your new blog "Dipnote," you've got to expect that something like this is going to happen. (Note the graphic at the top of the page.)

Microsoft has promoted three executives from within to lead its government business. Teresa Carlson was named general manager of U.S. Government Civilian Agencies and International Global Organizations, and Brian Roach general manager of the Federal Department of Defense group. Each will define the strategy and oversee sales, customer satisfaction and performance for their business units. Previously, Carlson served as U.S. director for strategy and operations, and Roach served as manager of Microsoft’s Federal Healthcare organization. Suzanne Behrens, former director of public sector marketing, was named general manager of the company's Business Marketing Organization, handling public sector communications. -- Jill Aitoro

Here's the full press release from Microsoft:

FOR RELEASE

October 3, 2007

Microsoft Advances Three Leaders in its U.S. Public Sector Division

Behrens, Carlson, Roach Each Promoted to General Manager Positions

WASHINGTON, D.C. — October 3, 2007 — Microsoft Corporation has promoted three leaders of its U.S. Public Sector organization. The company named Suzanne Behrens , General Manager of its Business Marketing Organization; Teresa Carlson, General Manager of U.S. Government Civilian Agencies and International Global Organizations; and Brian Roach, General Manager for the Federal Department of Defense group.

Behrens served as director of the government division and most recently public sector marketing. As General Manager she will oversee Microsoft’s public sector marketing and communications efforts, breadth sales, as well as the organization’s citizenship efforts. She leads a team of professionals responsible for developing programs designed to identify business opportunities and facilitate Microsoft’s thought leadership across the public sector, including government and education. She joined Microsoft in 1996.

Carlson, who had served as U.S. director for strategy and operations, now leads the U.S. Government Civilian Agencies and International Global Organizations within the federal division and is responsible for defining the strategy and overseeing the execution of sales, customer satisfaction and performance of these business units. Carlson joined Microsoft in 2002.

Roach, who had served as the Manager of Microsoft’s Federal Healthcare organization, now leads the U.S. Federal Department of Defense business unit and is responsible for defining the strategy and overseeing the execution of sales within the services, combatant commands, and Defense Agencies. Roach joined Microsoft in 1999.

Ever feel that those thick, heavy volumes on how to better manage information technology in your IT shop are just a bit dense and hard to comprehend, much less put into practice? Well, you’re not alone. According to a recent survey, reports Network World, while 51 percent of IT managers use the Information Technology Infrastructure Library – known as ITIL, a set of volumes that present best practices in delivering IT services to an organization – more IT managers (55 percent) use practices that they themselves developed.

IT consulting firm BT INS conducted the survey. The firm also reported that those who think ITIL is critical to delivering IT services to their organization declined sharply to 32 percent this year from 45 percent in 2004 and 43 percent in 2006.

What may explain that is at the bottom of the article: “Also fewer survey respondents said they feel that they understand ITIL at both a conceptual and detail level.”

If you don’t get it, you won’t do it.

ITIL’s seven volume set, which was condensed from 30 books a few years ago, is supposed to be condensed even further – to five volumes – and released sometime this year. Not sure if that will help.

For years, most information technology publications have reported on how computer hacking has increasingly turned away from the teenage hackers who play adolescent tricks by defacing Web sites to the more serious hacking involving malware and stealing corporate trade secrets and government data. Here’s an example of both: Recently hackers embedded pornography and serious virus and malware in California government Web sites, reports the Sacramento Bee. The General Services Administration even got involved, according to the article.

When officials at the General Services Administration, which oversees all .gov addresses, discovered the porn links this week, they began yanking Internet access to all ca.gov Web sites, [California Chief Information Officer Clark] Kelso said.

Among those briefly losing access were the California Parks and Recreation site and some e-mail to Gov. Arnold Schwarzenegger's office, Kelso said.

State officials scrambled to contact the GSA, which reversed its decision and restored service.

If you had a hard time believing that most system administrators don't change vendors' default passwords on equipment (making it extremely easy for hackers to break into networks), then here's some more evidence: The Edmonton [Canada] Sun reports that Alberta government offices and educational institutions experienced breaches into computer systems because system administrators hadn't followed proper security procedures "as simple as not having proper password policies in place."

The State Department's official group blog for diplomats worldwide took it on the chin today. Washington Post columnist Al Kamen, in his "In the Loop" column, wrote, tongue in cheek, that the Dipnote blog's goal -- to offer an alternative to mainstream media reports on U.S. foreign policy -- "is what we've all been waiting for! ... Unbiased news directly from the federal government, a news source long noted for truthful, unbiased reporting."

However, Kamen acknowledges that "the blog appears to be getting a tremendous response worldwide and -- with the exception of people complaining that the type is too small and that the white print on a black background makes it hard to read -- readers have been overwhelmingly positive."

Dipnote didn't receive any tip of the hat from Wonkette, the Washington, D.C., political blog. Wonkette posted an item today calling Dipnote "an almost comical failure" and that the blog is a "fine new diplomatic propaganda effort."

Typically, in the interactive world of blogs, you'd expect a response. None from Dipnote, yet.

The following item was posted by Judi Hasson, a freelance journalist who writes about technology and lives in Washington, D.C.

It’s hard to know how safe we really are or if the federal government knows what it is doing when it comes to managing our security. Just last week, I had an example of a big snafu that turned up in my own mailbox.

My 18-year-old daughter applied for a passport, and it came without delay. (The State Department says it worked through its passport backlog during the summer.)

The passport looked good at first. All the information was correct, I thought. But the picture, well, um, the picture was not my daughter. It was a picture of a young woman with long, curly hair who looked nothing like my daughter. Well, my daughter does have long, curly hair, but that was about the only similarity.

A State Department official said that it is likely the correct picture of my daughter was scanned into the department's database, and it was human error that caused the wrong image to be printed on the passport. But if that's not the case, and given that many government databases are now linked to check identities, is it possible that more government databases have the wrong picture of my daughter? And who’s got my daughter’s picture on her passport?

It took several hours of phone calls to get to the right people at the local U.S. Post Office to help me. When I did, they told me I had to start the passport process over. I had to send them the official pink form for corrections and two new pictures. Later, I was told to forget the pink form and just bring in the document with the wrong picture to the passport office on 19th Street in Washington, D.C. Oh, and of course, the $97 passport fee would be waived, but not the cost of the new pictures.

The State Department official said the agency issued 18 million passports in fiscal 2006, and errors are very rare. “Frankly, we are human,” the official said. “The error rate is very low. The important thing in issuing a passport is that it has great security information.”

It was only a month ago that the State Department got some bad press when it was disclosed that the department printed the wrong birth date on a passport. Instead of 1972, the date was printed as 1872, according to the official.

As for my daughter's passport, the official said the State Department cannot tell if there has been a one-to-one swap. In other words, my daughter’s picture may be floating around on someone else’s passport, and there may be a domino effect of passports having wrong pictures. “The errors happen. We minimize them. We have a series of quality control measures. The thing we can do is fix them as fast as we can,” the official said.

But where is my daughter’s picture? And who is that friendly young woman staring out from my daughter’s new passport?