GovernmentExecutive.com

Government Executive's Robert Brodsky reported today about how the Environmental Protection Agency may have wasted millions of dollars in extra fees to contractors for meeting performance thresholds. "EPA regularly gave contractors ratings of 'exceeds expectations' or 'outstanding,' which facilitated the higher incentive fees, according to" an EPA inspector general report.

Brodsky cites one of the nine contracts the IG analyzed, in which a high rating "was justified only with the following comment: 'The project management was excellent with no problems encountered and costs were within scope of work.' A project that merely encountered no problems or stayed within budget should have earned a grade of satisfactory, the IG said."

Since government projects typically miss deadline and come in over budget, encountering no problems and keeping costs within scope may seem like quite an accomplishment. Others may view it it as simply doing your job.

Headlines from around the Web for Friday, Feb. 29, 2008
Compiled by Melanie Bender

ITIL Adoption Increases in U.S., Proficiency Still Lacking
NetworkWorld
A survey of CIOs across five contients showed the number of U.S. CIOs using ITIL and other best practice frameworks is gaining on the global adoption rate, but less than 10 percent of those polled in the U.S. consider themselves "true practictioners."

RFID May Track, Safeguard Global Blood Supply
ComputerWorld
Researchers at the University of Wisconsin-Madison are hoping to use radio-frequency identification technology to create a way to better track blood supplies around the world -- a practice that could lead to better handling and fewer instances of patients receiving the wrong blood.

Violating Internet, E-Mail Policy Will Get You Fired
ComputerWorld
A study found more than a quarter of companies have fired employees for violating company e-mail and Internet policies. While most employees terminated workers for accessing pornography or other inappropriate content, as many as 34 percent of managers in the study said they let go of workers for excessive personal use of the Internet.

Officials Split on Viability of Border-Fence Project
The New York Times
Federal officials can not seem to agree on the effectiveness and functionality of the Department of Homeland Security's virtual fence test on the border between Arizona and Mexico.

Google Sites Challenges CIO's Authority
CIO Insight
With the launch of Google Sites, Web-accessible collaborative software that promises to ease the sharing of data, CIOs will lose some of their control over what applications are being used in their companies.

FAR Council Issues Final Security Configuration Rule
Federal Computer Week
The Federal Acquisition Regulations Council issued its final rule, stating contracting officers must include the requirements to use the Federal Desktop Core Configuration for Microsoft Windows XP and Vista in all applicable procurements.

Malicious E-mails Spoof DOJ Address
Government Computer News
A trickle of phony e-mails purporting to be from the Justice Department and carrying apparently malicious attachments has been found by security researchers from MX Logic, an anti-spam company.

Lawmakers Criticize Security Clearance Practices
WashingtonTechnology
Lawmakers at a House Intelligence Committee hearing said many potentially good candidates may have their clearance applications rejected because of outdated policies. However, officials at OMB and and OPM said they've made improvements in the efficiency of the process.

High Voter Turnout Prompts Resource Concerns for Nov.
USA Today
Record turnout in this year's presidential primaries has election officials worried about possible shortages of machines, ballots and poll workers in November.

Florida Touch-Screen Voting Machines to be Recycled or Resold
St. Petersburg Times
A Tampa company will recycle or resell most of the 29,000 touch-screen voting machines in Florida after less than six years of use, the secretary of state said Thursday.

The Federal Bureau of Investigation reported today more than 400 seizures of counterfeit Cisco equipment and labels worth more than $76 million filtering into the United States from China.

The effort, which has been ongoing since 2005, is being driven by DHS and FBI. Immigration and Customs Enforcement, and the Customs and Border Protection conducted 28 investigations and managed six indictments and four felony convictions, with more than 74,000 fakes seized, while the FBI’s portion of the initiative, dubbed Operation Cisco Raider, resulted in 36 search warrants with approximately 3,500 counterfeit network components identified, and a total of 10 convictions.

So why is government focusing on Cisco? Because the counterfeiters do. They go where the money is, and in terms of networking gear, which many regard as commodity items that can be easily copied, no manufacturer rakes in more revenue than Cisco. It’s the same reason that hackers focus on Microsoft: Market saturation.

The government is among the most profitable markets for Cisco. That makes federal agencies as susceptible as any to getting duped. Check out what happened to the Navy in 2004 for example, when counterfeit Cisco switches landed in one of its secure facilities. (You can read the whole sordid story at GovernmentVAR.com). One contractor involved was recently found liable, and now the circumstances are being investigated by the Navy’s Acquisition Integrity Office.

The lesson learned? Check those serial numbers.

The Government Accountability Office released Feb. 14 a report on the state of information security in the federal government. On page 21 is a pie chart that shows the types of security incidents agencies reported to the U.S. Computer Emergency Response Team in 2007.

GAO notes that "the three most prevalent types of incidents reported to US-CERT in fiscal year 2007 were unauthorized access, improper usage, and investigation." The first two accounted for 44 percent of the incidents.

But the investigation category is the most telling, and not fully discussed by GAO. GAO defines investigations as "unconfirmed incidents that are potentially malicious or anomalous activity deemed by the reporting entity to warrant further review." That's another way of saying, "We have no idea what it is."

Agencies can't immediately identify nearly one-third of the cyberattacks they experience -- that's one-third. They believe something is going on, but they just can't put their finger on it. That nearly matches what CIO Magazine and PriceCoopersWaterhouse found when conducting its 2007 security survey of public and private sector organizations. About 32 percent of respondents said they couldn't identify the type of cyberattack that hit them.

The other question GAO could have asked agencies is: Do you know how many cyberattacks your systems experienced? If federal IT managers were honest, GAO would find that 40 percent of agencies had no clue. That’s the figure reported by the CIO/PWC survey.

The scary thing is that those are the cyberattacks that we know of. The real malicious attacks are the ones that occur under agencies' intrusion detection radar screens and are never detected.

The following item was posted by Anne Laurent, former executive editor of Government Executive magazine.

The folks over at Evolution of Security, the Transportation Security Administration's new blog, want you to know just how much nasty language and how many mean-spirited attacks they've suffered through. So, starting today, they've added a ticker showing how many posts to the blog its moderator has decided not to let see the light of day. The meter stood at 105 on opening day and will be updated weekly.

Just beneath it on the blog appears a link to the evil doing that will get you blocked, such things as personal attacks, profanity and threats, of course, but also, long embedded url strings, sensitive information and the ever pesky off-topic comment. Author "Glen" says that other than the proscribed topics, "all's fair in love and blogging."

In truth, Evolution of Security isn't bad for government work. One post details the story of the priest with razor blades in his Bible and others reveal the growing presence of security "zip lanes" that allow travelers with only carry-ons that will fit under the seat to "zip on through." What's more, TSA fearlessly links to Schneier on Security the blog of security guru and self-proclaimed curmudgeon, Bruce Schneier, as well as to Homeland Security Watch, neither of which are always complimentary.

The Billboard Liberation Front, a group of so-called "culture jammers" who, among other acts, alter the wording of billboard advertisements to make a political or anti-corporate message, have hit again. The group has claimed credit for altering an AT&T billboard in San Francisco to protest AT&T's collaboration with the National Security Agency's warrantless wiretapping of Americans' phones and Internet usage.





















The billboard was a bit too late to influence the telecoms, who've announced this past week to continue the surveillance program.

Hat tip: boingboing

Headlines from around the Web for Thursday, Feb. 28, 2008
Compiled by Melanie Bender

Security Skills of IT Workforce Lacking, Survey Finds
NetworkWorld
While nearly three-fourths of 3,500 technology professionals polled in a recent survey identified security, firewall and data privacy as the IT skills most important to their organization today, only 57 percent said they believed their IT employees were proficient in such skills.

Can IT Alleviate the Pain of Those Miserable Commutes?
ComputerWorld
Between trains that seem incapable of running on schedule and bumper-to-bumper traffic, there aren't many people who can claim to love to commute. But government and grassroots efforts are attempting to make the experience more tolerable. For example, The Massachusetts Bay Transportation Authority recently began a pilot Wi-Fi program on its Worcester line.

Researchers Transmit Optical Data At 16.4 Tbps
InformationWeek
Alcatel-Lucent researchers at the Bell Labs in Villarceaux, France, announced Wednesday their successful transmission of 16.4 Tbps of optical data over 2,550 km. New technologies they used in their test may pave the way for 100 Gbps transmissions.

For Sale: Passwords To Fortune 500's Servers
InformationWeek
More than 8,700 FTP login names and passwords are being sold online through a sort of eBay for stolen data, a security company revealed this week. Some of the FTP credentials grant access to Fortune 500 Company servers, another set to a state court Web site, according to Finjan, the computer security company in Israel that made the discovery.

Tech Problems Delay ‘Virtual Fence’ on Border
The Washington Post
Technical problems discovered in a 28-mile pilot project have led the Bush administration to scale back plans to quickly build a "virtual fence" along the U.S.-Mexico border. Authorities confirmed that Project 28, the initial deployment of the Secure Border Initiative network, did not work as planned or meet the needs of the U.S. Border Patrol.

Pass Card Contract Talks Stall
Government Computer News
The State Department and General Dynamics, the leading company in the vendor team the government originally chose to carry out critical aspects of the Pass Card program, have "reached an impasse" in talks about how to carry out the job. Pass Cards are intended to serve as cheaper alternatives to passports for use by citizens re-entering the country via land ports.

Concerns Rising About Requiring a Paper-Ballot Election in Colorado
The Denver Post
Despite sponsorship of party leaders in both chambers, a handful of legislators have reservations about Colorado moving to paper ballots for the upcoming election. One legislator wondered why counties can't be allowed wide use of their electronic voting terminals, all of which have now been recertified.

China Still Years From Competing Against U.S. IT
eWeek
China is closing the technology gap with the U.S. every year, but it will be many years before it challenges the U.S. for dominance of the technology market, according to Fred Hu, co-head of Investment Banking for China at Goldman Sachs.

Governor Promotes Connecticut's Long-Term Care Web Site
Government Technology
Recognizing a growing need to provide easier access to comprehensive information on long-term care for people of all ages, Connecticut has launched a Web site that, as Gov. M. Jodi Rell said, "aims to help improve the lives of people needing long-term care now and to help those who will need it in the future -- meaning most of us -- plan ahead."

Google Unveils Low-Cost Collaboration Platform
Government Computer News
Google Sites is intended to be a low-cost alternative to Microsoft SharePoint and other commercial collaboration packages. Unlike other collaboration packages, Google's offering should not require IT staffs to provide significant training and maintenance.

Army Recognizes Conventional Warfare a Thing of the Past
WashingtonTechnology
In a climate of insurgencies and unstable peace, the Army must be more nimble. The Army Capabilities Integration Center hopes to chart the course for creating forces capable of using technology to handle modern conflicts.

Healthcare Organizations See Cyberattacks as Growing Threat
InfoWorld
Healthcare organizations feel under increasing attack from the Internet, while security incidents involving insiders and disappearing laptops with sensitive data are piling up. On top of that, there's now the prospect of a surprise audit from the federal government agency in charge of overseeing the HIPAA security and privacy rules.

This may not seem like an unusual news story, but an Oklahoma City woman was accused this month for violating the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the federal law that requires companies to properly secure personal medical records of patients and employees, or face fines or criminal prosecution. What's unusual about this story is that in the nearly 12 years HIPAA has been around, the number of HIPAA violations and criminal cases has been extremely low -- almost non-existent.

Consider that a large portion of American corporations -- as much as 40 percent back in 2006 -- were not in compliance with the law, a lone violation seems even more incredulous. The reason for the non-compliance, privacy and security experts say, is because it pays not to comply. The risk of being caught is so low compared with the cost of compliance, which is high, that the business case argues for not complying. The return on investment for securing private health data just isn't there. Privacy experts may have a different point of view.

Headlines from around the Web for Tuesday, Feb. 26, 2008
Compiled by Melanie Bender

IT Services Fall Short of Greatness, CIOs Say
NetworkWorld
In a January survey conducted by Omniboss, nearly 80 percent of 125 CIOs and senior IT directors polled said a lack of senior representation at the board level had a direct impact on their ability to deliver great -- rather than just good -- IT services.

'Cold Boot' Encryption Hack Unlikely, Says Microsoft
ComputerWorld
In light of research conducted by Princeton University showing cooling down a computer's memory offers thieves a larger window of time in which to steal data, a Microsoft product manager said the vulnerability can be minimized by changing some settings in Windows.

Bush's Double-Edged Cyber-Security Plan
Forbes
To keep cyber-spies and hackers away from sensitive government information, the Bush administration may have to do some spying on the private sector, such as military contractors, according to former federal employees.

Healthcare CIOs Worry About Medicare Cuts Hurting IT Budgets ComputerWorld
Since President Bush proposed reductions in federal healthcare programs, healthcare IT executives worry hospitals will fear pressue to make cuts in programs creating electronic medical record systems and computerized orders that can reduce medical errors.

FBI Says To Ignore E-mail Death Threats
InformationWeek
The FBI says emails purportedly from a hired assassin requiring recipients to pay $20,000 or face death are a hoax. While jaded Internet veterans might scoff that anyone would take such a threat seriously, the scheme appears more credible than it might otherwise because of its use of personal information to make the message more intimidating.

D.C. Special-Ed Getting New Computer System, Staff
The Washington Post
D.C. State Superintendent of Education Deborah A. Gist announced the school system plans to purchase a computer system designed to keep track of special education students' academic life, replacing several systems plagued by bad data and an inability to communicate with one another.

Bill Shifts Votes to Paper Ballots in Colorado
The Denver Post
A bill filed on Tuesday sponsored by the majority and minority leaders in both chambers calls for a return to paper ballots in Colorado. While admitting it's low-tech, one state senator said, "But low-tech means it's less likely there will be computer problems." The bill also has Gov. Bill Ritter's backing.

Wireless Broadband Mesh Network Test Launched in San Carlos, Calif.
Government Technology
Convad Communications Inc. Wireless Unit will deploy a wireless broadband test network in San Carlos, Calif., as part of the 'Concept City' phase of Wireless Silicon Valley. Convad, which already serves business customers in the San Carlos area, will layer a new wireless broadband mesh capability onto its existing fixed wireless broadband service.

Los Angeles County to Count Flawed 'Double Bubble' Ballots
San Diego Union-Tribune
The Los Angeles County Registrar's office will try to count about 50,000 improperly marked nonpartisan ballots from this month's presidential primary election. The ballots of Independent voters who did fill in a bubble for both the party they were voting for and the candidate they were supporting could not be read by the scanning machines.

Tech Group: Increase US Gov't Research Funding
InfoWorld
The Technology CEO Council sent a letter to congressional leaders Monday, urging congress to keep the promises it made in the America Competes Act of 2007, legislation that focuses on improving U.S. science and technology programs. Three federal agencies combined fiscal 2008 budgets were $918 million short of targets promised in the legislation.

The San Francisco Chronicle posted a story late yesterday about a contract employee at the NASA Ames Research Center pleading guilty to storing child pornography on his government computer. The odd thing about this story, as the paper points out, is that it is the third time in a little more than two years that an Ames employee has been caught with child pornography on a government computer. The paper makes it a point to say that the latest infraction is "at least" the third time.

Headlines from around the Web for Tuesday, Feb. 26, 2008
Compiled by Melanie Bender

Microsoft's Drive for Interoperability Means More Bugs, for Now
ComputerWorld
Security researchers said Microsoft's decision last week to let everyone examine its software secrets means vulnerabilities and exploits will almost certainly climb in the short term. Those same researchers said this move should translate into better security for everyone in the long run.

Gartner: Global RFID Market to Top $1.2B This Year
ComputerWorld
Gartner Inc. has released a report predicting worldwide revenue for radio frequency identification technology will eclipse $1.2 billion this year, marking an almost 31 percent increase over last year.

New York City to Help Doctors Track Patients’ Records Electronically
The New York Times
In what New York Mayor Michael Bloomberg said is just the beginning of an effort to provide better care to people before they get sick, New York City is ready to equip doctors with computer software that can track patients’ medical records. Among other features, the new system will share data with other doctors and provide information about the current best practices for treating illnesses.

Demand for Hybrid Driver's Licenses High in Washington State
Federal Computer Week
The Enhanced Drivers License program, started by Washington state in conjunction with the Homeland Security Department, has issued more than 2,000 new hybrid drivers license-passport cards since it began issuing them Jan. 22. The identification cards enable Washington State residents to travel freely across the U.S. land border with Canada. They are being marketed as a low-cost alternative to passports.

E-Vote: Judge Strikes Down Union County, Ohio, Voting Machine Directive Challenge
Government Technology
Franklin County Common Pleas Court Judge Eric Brown, in a 25-page decision, struck down a county's challenge to Ohio Secretary of State Jennifer Brunner's Jan. 2, 2008 directive requiring backup paper ballots by boards of elections using touch-screen voting machines in the March 4 presidential primary election.

At NIH Center, Software Manages Pneumatic Delivery
Government Computer News
Unable to mail or allot the manpower to move thousands of blood products, biological samples, medications and medical devices every day between patient care units and the pharmacy, laboratories and other departments at its Clinical Research Center, NIH employs a system of pneumatic tubes with proprietary software that schedules and routes the carriers.

Service-Oriented Architecture Spending Up Despite Unclear Benefits
InfoWorld
A new research report from analyst firm AMR Research cites The number of companies investing in service-oriented architecture has doubled over the past year in every part of the world, with a typical annual spend of nearly $1.4 million. However, the AMR survey found that most companies don’t really know why they are investing in SOA, which Findley said makes long-term commitment iffy.

Intelligence Sharing Still Lacking
The Wall Street Journal
The Department of Homeland Security is stumbling in its efforts to coordinate the gathering and sharing of domestic intelligence with state and local officials, one of its core responsibilities, according to an internal report.

Anne Laurent, former executive editor at Government Executive magazine, writes in her blog, The Agile Mind, about the recent unclassified report released by the Office of the Director of National Intelligence on report unveiling the Reynard project, conducted by the ODNI's Intelligence Advanced Research Projects Activity to spy on players in virtual worlds to see if they can, as Laurent quotes, "identify the emerging social, behavioral and cultural norms in virtual worlds and gaming environments" and then "apply the lessons learned to determine the feasibility of automatically detecting suspicious behavior and actions in the virtual world." Her post highlights just how quickly technology is moving as compared with Congress' ability to understand it. Her point:

DNI archly informs lawmakers that they won't be getting much real information about intelligence community data mining because they asked for the wrong thing. The law [the 2007 Data Mining Reporting Act] defines data mining as "a program involving pattern-based queries, searches or other analyses of 1 or more electronic databases" to "discover or locate a predictive pattern or anomoly indicative of terrorist activities." But that's not the kind of data mining DNI uses most, the report says.

"Analysis performed within the ODNI and its constituent elements for counterterrorism and similar purposes is often performed using various types of link analysis tools [which] start with a known or suspected terrorist or other subject of foreign intelligence interest and use various methods to uncover links between that known subject and potential associates or other persons with whom that subject is or has been in contact," the report says. But "the Data Mining Reporting Act does not include such analyses within its definition of 'data mining' because such analyses are not 'pattern-based." Note to Congress: Catch up. Fix your definitions.

Headlines from around the Web for Monday, Feb. 25, 2008
Compiled by Melanie Bender

The Road To Making Business Intelligence Available To Everyone
InformationWeek
For BI to be used by more employees and by employees in a wider range of job types within a company, several roads must converge, and IT professionals must work with businesses more closely to make that happen.

The Challenges of Retrofitting PCs with a Standard Configuration
Government Computer News
While some agencies have made significant progress complying with the Federal Desktop Core Configuration, others -- like the Agriculture Department, where field employees are given administrative rights to their laptops -- are experiencing considerable challenges to quickly complying with the new security rules.

Electronic Recyclers International CEO Explains 'All Things eWaste'
Government Technology
VideoJug, an online video encyclopedia of life that features professionally made 'how-to' and expert advice clips, is featuring chairman and CEO Of Electronic Recyclers International John S. Shegerian in a series of clips on electronic waste, why it is an environmental hazard and how to properly dispose of it.

New Funding to Protect Cyberassets Catches Industry Attention
WashingtonTechnology
Given the current attention the public is paying to cyber espionage and attacks, cybersecurity contractors are expecting a fresh wave of federal business opportunities. However, exact details on opportunities are hard to pin down.

USPTO Reveals Plans for 2008 IT Procurements
Federal Computer Week
The U.S. Patent and Trademark Office plans to issue four requests for proposals for five competitive IT procurements, covering systems and network engineering, database management and help desk support. The potential contracts would replace existing contracts.

The Common Cold of IT Security
Government Computer News
Like the common cold, IT experts find they can treat buffer overflows, but can't cure them. A stack buffer overflow is one of the oldest tricks used by hackers to take control of a computer. When a malicious program writes excess data to an address on the call stack of an application with a fixed length buffer, the corrupted stack can make the application run improperly.

Airlines Shift to E-Ticket Only Starting June 1
The Washington Post
The International Air Transport Association, a trade group representing 240 airlines and accounts for 94 percent of air traffic, announced its members will use only electronic tickets beginning June 1. Emphasizing the bottom line, the IATA spokesman noted how much cheaper e-tickets are to produce than paper tickets. The switch will save the industry $3 billion a year.

Idaho Lawmakers Consider 'Digital Repository' for Documents
The Idaho Statesman
Idaho officials seeks to replace an ineffective, costly and often ignored law requiring 20 copies of each state document be sent to libraries around the state. As so many state documents exist only in digital format, under the new system, one electronic copy of every state publication would go to the state Commission of Libraries to be preserved in the new digital library.

Colorado Airline Passengers Eye Fast Lane
The Daily Camera
The Clear security fast pass has been in use at the Denver International Airport since January. Cardholders bypass the unpredictable waits at airport security stations by registering personal information with the Transportation Security Administration. Thus far, travelers using the service have been pleased with the guaranteed no more than four minutes of waiting at airport security.

Google engineering manager Alan Newberger blogged yesterday about the software giant’s pilot program with Cleveland Clinic, which integrates patients’ electronic health records with their Google accounts. The initiative seems the first step in a long-term goal to provide citizens with universal access to their medical histories, and the ability to quickly exchange information with insurance plans, medical groups, pharmacies and hospitals.

Patients don’t have to participate in the program. Those that opt in will give authorization via Google’s “AuthSub” interface. Still, the initiative is sounding the alarm bells for privacy rights groups – the same groups that have spoken out against a national health network and other government-sponsored electronic health efforts.

Maybe a watchful eye on how Google handles the situation, including the very real privacy and confidentiality concerns, will provide the federal government a clue on how to get their own initiatives moving. It certainly wouldn’t be the first time industry paved the road.

Headlines from around the Web for Friday, Feb. 22, 2008
Compiled by Melanie Bender

A Problem IT Can't Fix: Getting Students, Faculty to Sign Up for Campus Alerts
ComputerWorld
In a random check of five schools in the United States, participation rates range from about 31 percent at the University of California, Los Angeles (UCLA), to about 50 percent at New York University and the University of Tennessee at Knoxville. Boston College and Florida State University logged in with much higher participation rates -- about 68 percent and 85 percent, respectively.

Study: More U.S. Broadband has $134 Billion Economic Impact
NetworkWorld
A 7 percent increase in broadband adoption would create 2.4 million U.S. jobs, would save $662 million in health-care costs and $6.4 billion in vehicle mileage, among other savings.

Researchers Find Hard Drive Encryption's Achilles heel
ComputerWorld
Researchers at Princeton University have discovered a way to steal the hard drive encryption key used by products such as Windows Vista's BitLocker or Apple's FileVault. With that key, hackers could get access to all of the data stored on an encrypted hard drive.

Server Shipments Up Despite Fears of Economic Slowdown
InformationWeek
Worldwide server shipments climbed 11 percent in the fourth quarter of last year and revenue was up nearly 3 percent, despite fears of an economic slowdown, a market research firm said Thursday. There was no change in the rankings of the top vendors.

Colorado: Flap Over Electronic Voting Heats Up
Rocky Mountain News
The cloud over Colorado's electronic voting and tallying machines grew darker Thursday, as voting activists accused Secretary of State Mike Coffman of violating state law during his review of the equipment.

Army to Lift Ban on Public Access to Online Library
Federal Computer Week
Shortly after sealing off public access to the Web-based Reimer Digital Library, the Army has reversed its decision, according to the Federation of American Scientists.

FAA Sets Cybersecurity Center Buildup
Government Computer News
The Transportation Department's Federal Aviation Administration is preparing to recompete Northop Grumman's existing contract to operate the agency's IT security management center, which helps safeguard systems across the department. FAA plans to expand and improve the center so it will be able to provide IT security services to agencies outside the department.

State Workers in Ohio Back to 8-to-5
The Columbus Dispatch
Reversing a 1990 downtown traffic-congestion relief plan, Ohio's new personnel policy requires most state employees to work 8 a.m. to 5 p.m., Monday through Friday, with an hour for lunch, unless there is a job-related reason for a different schedule.

Politcal Opposites in PA Join to Fight Real ID
The Morning Call
One of the General Assembly's most conservative members and one of its most liberal have teamed up in a bid to block a federal program they say would put the personal privacy of millions of Americans at risk by creating a national identity card.

First, it was the scare that electro-magnetic radiation emitted by computer monitors may cause skin rashes and abnormal pregnancies. Now you have to worry about catching a virus or staph infection from your computer keyboard or mouse (the pointing device).

But have no fear, a newsletter -- Washable Keyboard News -- just announced that it will "keep industry stakeholders abreast of current information that will help them to equip their home or work environments with appropriate technology for mitigating the transmission of these germs."

Unotron's Washable Corded Standard Keyboard

The newsletter is published by Unotron, "an emerging company that designs and manufactures high quality, washable data input and security devices that can be easily cleaned and disinfected to maximize user safety and minimize risk in nearly any environment," according to its Web site. Unotron tells us this unsettling factoid: "PC keyboards harbor more than 3,000 microbes per square inch - as compared to toilet seats' 49."

The site also has individual sections for health care, education, commercial and government. Seems as if viruses are sector specific, although the copy for each section is identical. Although we learn that the company will soon introduce smart card readers and fingerprint readers will soon use the company's SpillSeal® technology. Just in time for HSPD-12.

Spending on information technology to support federal health care is expected to increase 40 percent to $4.5 billion in the next five years, according to a report released today by the federal market research firm Input. The 7 percent compounded annual rate increase may be even larger once standards for the electronic health records are adopted and as more medical records are digitized, Input analysts report.

But the path to electronic health records won't be -- and hasn't been -- easy. As William Hammond, professor emeritus of community and family medicine at Duke University, was quoted in IEEE Spectrum magazine:

We’ve been talking about medical standards harmonization and cooperation for 20 years. Yet no one has defined all the standards needed to support a national health information network, and no one has identified what’s missing.

However, the departments of Defense and Veterans Affairs have been one of the leaders in electronic health care. On Feb. 27, Bob Brewin, Government Executive's editor at large, will conduct a webinar with Lt. Col. Edward Clayson to look at how the Army has brought electronic health care to the front lines in Iraq. The Battlefield Health IT webinar will start at 2 pm.

Headlines from around the Web for Thursday, Feb. 21, 2008
Compiled by Melanie Bender

Privacy Group Sounds Alarms Over Personal Health Records Systems
ComputerWorld
In some cases, people whose health care information is stored in online personal health records (PHR) systems may be exposed to serious data privacy risks, according to a warning issued by a privacy advocacy group. That's because not all PHR systems are covered by the federal Health Insurance Portability and Accountability Act, the World Privacy Forum said in a 16-page report released Wednesday.

Malware's New Mantra: Think Globally, Steal Locally
InformationWeek
The era of global malware, characterized by threats like Blaster and MyDoom, is drawing to a close. Malware authors have taken to designing malicious code for local markets. A report that McAfee plans to release on Thursday describes how malware creation over the past few years has transformed from a mass market endeavor into a regional one.

March Rollout for FBI’s Data Sharing System
Government Computer News
The FBI's Criminal Justice Information Service (CJIS) plans to launch the first increment of its National Data Exchange (N-Dex) law enforcement information sharing system March 19, according to program manager Kevin Reid.

Responders, Managers Team to Control IT Incidents
Federal Times
They may be government information technology managers, but they talk like members of a SWAT team. Information security incident response teams — quick responders who stomp information technology emergencies in their tracks, dissect the attacks and blockade future badness — are in high demand these days.

Candidates Not Tuned in to Cyberthreats to Campaigns
Government Computer News
Using the Internet in an election campaign is not a new idea, but would-be presidential candidates have embraced the concept in this election cycle like never before. But along with the newfound power of the Internet comes equally significant threats, said Oliver Friedrichs, director of emerging technology at Symantec Security Response.

D.C. Cameras Have Cut Violence, Study Says
The Washington Post
The use of surveillance cameras by D.C. police has lowered violence in some areas of the city and helped to identify suspects and solve crimes, police say in a report released this week. But some remain skeptical, and a council member is questioning whether the $4 million supply of cameras merely shifts crime away from the lenses.

DOD to Test System to Improve Intergovernmental Transactions
Federal Computer Week
The Defense Department’s Business Transformation Agency (BTA) will test a better way to transfer funds with other agencies in the next seven months. BTA Director David Fisher said Feb. 19 that after a successful internal DOD pilot program last year, officials want to expand the intergovernmental transfers trial with nonmilitary agencies.

Education Needed on Importance of Broadband to Rural Areas
Arkansas News Bureau
Enticing private companies to invest in extending expensive broadband Internet infrastructure into rural areas of the state may not require government incentives, but instead the education of Arkansans, industry officials said Wednesday. "The reason people don't have a demand for broadband primarily is because they don't understand what broadband can do for them," Arkansas Broadband Advisory Council Chairman James Winningham told members of a legislative committee on advanced communications and information technology.

Security Issue Tied to Chinese Investor Remains Unresolved
The Boston Globe
Bain Capital Partners' $2.2 billion deal for 3Com Corp. is on the ropes after Bain and 3Com failed to satisfy a federal agency that the transaction wouldn't harm national security. The deal, proposed in September, would take 3Com private and give a 16 percent stake in the company to Huawei Technologies, a company with close ties to the Chinese military.

Federal Government Falling Short on Cybercrime
SearchSecurity
The federal government is falling farther and farther behind its fight against cybercrime and, despite an increase in the amount of resources being allocated to address the problem, it will continue to struggle without a lot of help from law enforcement agencies at the state, local and international levels, current and former government security officials say.

In the last month, SRA International has lost two top executives with deep government information technology experience. Dan Chenok, formerly branch chief for Information Policy and Technology at the Office of Management and Budget, considered one of the top IT management posts in the White House, announced he was leaving his senior vice president position at SRA to join Pragmatics Inc., which works with federal agencies to provide integration and information security solutions. Chenok was instrumental in creating OMB's IT and e-government policy and budget.

In January, Mary Ellen Condon, a former director of information management and security for the Justice Department working on information security, left her post at SRA to join federal consulting firm Booz Allen Hamilton as a principal in the Assurance and Resilience Service. At SRA, Condon was vice president and director of strategic services. Condon also held senior-level IT positions at the Agriculture Department, the Immigration and Naturalization Service (now part of the Citizenship and Immigration Services in the Homeland Security Department), and the Energy Department. She also is a founding member of the federal Chief Information Officers Council.

A lesson in how the law has yet to catch up to the Internet era is playing out in San Francisco. A federal judge there has ordered the domain registrar for a Web site that allows users to post leaked confidential information in the hopes of "discouraging 'unethical behavior' by corporations and governments, according to a New York Times article. The case involves a former employee for a Cayman Islands bank who provided the Web site (Wikileaks.org) with documents that violated a confidentiality agreement and banking laws. The documents show the bank allegedly involved in money laundering and tax evasion.

While the order has been portrayed as a test of First Amendment rights in the Internet Age (and for the Web site, called ), it's also an example of how unsuitable judicial authority is when it comes to the Internet. As the Times points out:

Judge White ordered [domain registrar] Dynadot to disable the Wikileaks.org address and “lock” it to prevent the organization from transferring the name to another registrar.

The feebleness of the action suggests that the bank, and the judge, did not understand how the domain system works, or how quickly Web communities will move to counter actions they see as hostile to free speech online.

The site itself could still be accessed at its Internet Protocol address (http://88.80.13.160/) — the unique number that specifies a Web site’s location on the Internet. Wikileaks also maintained “mirror sites,” or copies usually produced to ensure against failures and this kind of legal action. Some sites were registered in Belgium (http://wikileaks.be/), Germany (http://wikileaks.de) and the Christmas Islands (http://wikileaks.cx) through domain registrars other than Dynadot, and so were not affected by the injunction.

Fans of the site and its mission rushed to publicize those alternate addresses this week. They have also distributed copies of the bank information on their own sites and via peer-to-peer file sharing networks.

Headlines from around the Web for Wednesday, Feb. 20, 2008
Compiled by Melanie Bender

Most Federal Workers Can Work From Home, But Don't
InformationWeek
If all federal employees eligible for full-time telework did work from home, the employees could save a total of $13.9 billion on commuting costs and stop 21.5 billion pounds of pollutants from entering the environment each year, according to a recent study. However, many employees are unaware of their federal agencies' telework policies, and even fewer know if they are eligible to work from home.

Panel: Securing Cyberspace Among Top Technological Challenges of 21st Century
NetworkWorld
A National Academy of Engineering panel of big thinkers, including Google co-founder Larry Page, has identified 14 top technological challenges for this century and securing cyberspace is among them.

Firm Gets U.S. Nod for Quick Passenger Data Checks
C-Net News
A company owned by international airlines on Wednesday said it has won approval from the United States for a system providing passenger details to U.S. border authorities almost instantaneously.

IT Career Paths You Never Dreamed Of
ComputerWorld
Software developers eager to advance should consider looking for product architect roles. Network and security administrators may want to start looking for positions as electronic privacy specialists. If business analytics is your area of expertise, your next promotion might be to the job of information architect. Just don't expect to be part of an IT department.

Sabotage Eyed As Possible Cause Of Undersea Cable Cuts
InformationWeek
Officials refuse to rule out sabotage but believe that fishing nets or ship anchors are the likely cause of the damage to the five undersea telecommunications cables.

New Computers Delaying Food-Stamp Applications
Austin American-Statesman
New state data show that only 48 percent of Texas food stamp applications processed using the updated computer system, known as TIERS, are completed within the 30 days the federal government requires. State officials say one of the problems is there aren't enough workers trained in the new system.

NIST Releases Results of Latest Fingerprint-Matching Tests
Government Computer News
Only one of five biometric smart-card vendors participating in a federal test of on-card fingerprint matching managed to meet the accuracy standards set for the federal Personal Identity Verification card, according to the National Institute of Standards and Technology.

DARPA Procurement Plan Shows Pentagon's IT Research Priorities
Government Computer News
The Pentagon seeks to fund information technology research projects in technology arenas that reflect the military's emerging warfare challenges, especially those flowing from combat in South Asia and conflict in cyberspace, as outlined in a recent procurement plan.

Survey: IT Spending Set for Slowdown in Q2
InfoWorld
Twenty-three percent of respondents to a ChangeWave Research study said their companies will reduce or halt IT spending in the second quarter of this year, results that underscore recent concerns about a U.S. recession. Only 15 percent of respondents said spending would increase in the second quarter, a nine-point drop from the company's previous survey in November.

Most States Give Green Light to Tamper-Proof IDs
USA Today
Forty-four states are moving ahead to comply with a law requiring more secure driver's licenses, according to the Department of Homeland Security — despite privacy concerns and worry that the new documents will be too expensive.

Barack Obama’s presidential campaign is out a chief technology officer. Just before Super Tuesday, Kevin Malover reportedly joined private equity firm GTCR Golder Rauner in Chicago as chief information officer, according to Investment Dealers Digest.

Prior to joining the campaign trail, Malover helped with travel site Orbitz.com and an online real estate company he cofounded. He can be credited for helping to craft Obama’s strategic use of text messaging and social networking sites such as MySpace.com and Facebook.com, and developing an interactive web site that allows Obama followers to find events and volunteer opportunities, register to vote, and call citizens in contested states to drum up support. The Web site's ability to reach out to voters via mass emails has been mentioned as one of the reasons for Obama's success this campaign season. At the time this blog was written, the call function was not available due to “overwhelmed” servers. Perhaps the campaign is already feeling the effects of Malover’s departure?

No word about a replacement CTO has come from Obama's camp.

We always knew computer specialists have a mischievous side, and the recent disclosure of documents about the Homeland Security Department's Cyber Storm exercise only gives more weight to that view. DHS -- along with the departments of State, Defense, Justice, and the CIA and National Security Agency -- conducted the Cyber Storm war game in February 2006 to test the United States' response to hackers infiltrating federal and corporate computer networks, as well as other scenarios. The Associated Press recently obtained 328 pages of censored documents about the exercise and among its findings: some of the computer specialists participating in the game responded to the mock attacks by attacking the network that operated the game, according to Bruce Schneier, who writes an information security blog called Schneier on Security. DHS offered this explanation for the shenanigans:

"Any time you get a group of (information technology) experts together, there's always a desire, 'Let's show them what we can do,'" said George Foresman, a former senior Homeland Security official who oversaw Cyber Storm. "Whether its intent was embarrassment or a prank, we had to temper the enthusiasm of the players."

Hat tip: boingboing

Headlines from around the Web for Tuesday, Feb. 19, 2008
Compiled by Melanie Bender

Court Orders Whistle-Blower Site Offline in U.S.
ComputerWorld
A California district court has shut down a controversial Web site in the United States that allows whistle blowers to post corporate and government documents online anonymously.

Study Finds Outsourcing Delivers ROI, But Not Innovation
InformationWeek
Too many businesses take a short-sighted view of their outsourcing contracts, concludes Deloitte. The consulting firm found that while most business executives it surveyed are satisfied with the cost savings they get from outsourcing, most said outsourcing relationships had not led to important innovations or transformations.

Tempe, Ariz., CIO Faces Wi-Fi Reality Check
ComputerWorld
Dave Heck, CIO for Tempe, Ariz., remembers when municipal Wi-Fi advocates talked four years ago about wireless networks as shining beacons that would bring the Internet to the masses. Today, in Tempe, that optimism is nearly gone. Tempe's city-wide Wi-Fi system went live in 2006, offering some 900 access points installed on city-owned poles; now, it's basically dead.

Washington State Reps. Pass Ban On RFID Skimming
InformationWeek
The Washington State House of Representatives on Friday passed a bill that would make it a felony to steal information from RFID cards. The bill would make it a class C felony to intentionally skim information from RFID-enabled identity cards for fraud or identity theft. The legislation, introduced by State Rep. Jeff Morris, provides exemptions for health care givers and emergency responders.

States Bolster FBI Gun Database
USA Today
More states are turning over records to a federal database of mentally ill people barred from owning guns, nearly tripling the number in the system since the massacre at Virginia Tech last spring, the FBI says.

D.C. Testing Gizmo to Ferret Out Meter Feeders
The Washington Post
Beware, all you parking meter feeders and restricted zone overtimers. The swift and unblinking eye of the mobile parking camera might be coming your way. The District's Department of Public Works is evaluating several systems that would enable parking officers to swing quickly through a neighborhood with a license plate reader or similar technology to catch violators.

Stolen Hardware Held DWP Employees' Personal Information
Los Angeles Times
Computer equipment containing the private financial data of every employee of the Los Angeles Department of Water and Power was stolen earlier this week, prompting the utility to pay for a credit monitoring service for each of its 8,275 workers.

NOAA’s Sensor-Laden, Web-Accessible System Makes Ports into Safer Havens
Government Computer News
PORTS, the Physical Oceanographic Real-Time System program, provides real-time oceanographic and meteorological data that can make the difference between smooth sailing and running aground or crashing into a bridge. With the addition in December of the Port of Mobile, Ala., PORTS is operating at 14 locations nationwide with more additions planned.

SB81 Requires E-Verify Checking for Workers
Desert Morning News
Utah's senators today are scheduled consider a key question: should the federal Internet-based E-Verify system be required for public employers and those they contract with. While supporters of that system say it does weed out most phony work documents, critics say the system isn't perfect and workers who are incorrectly marked as no-matches have the burden of proving their work eligibility.

It's no secret that terrorists use the Internet to communicate, but the use is becoming more sophisticated, according to Jeff Bardin, a blogger for CSO online. Bardin, who worked for the National Security Agency and served as a chief security information officer for several private corporations, recently downloaded the Mujahedeen Secrets 2 Program (بـرنـامـج // أســرار المجاهـديـن) and wrote in his blog:

This toolset provides groups like Al-Qaw-eda methods to securely transmit and wipe their files. Not that they haven’t had such tools in the past, but a second edition toolset demonstrates a software development lifecycle with some level of sophistication and planning.

Bardin said a look at the tool set -- which contains automatic (instantaneous-instant) message/messaging encryption/authentication and file encryption, as well as code signing and checking (digital signature creation/checking) and file shredding -- "reinforced [his] decision that the cyber jihad is ongoing and continuous."

Bardin wrote that Secrets 2 was easy to find, and that this comment from ‘alHambra’ was posted on the download site:

Mujahedeen Secrets #2 (Encryption Program) has been released today, and i just took a short look at it, but it is really a vast improvement compared to the first version, and seems like a really nice encryption program now. here's post and downloadinfo...

Headlines from around the Web for Friday, Feb. 15, 2008
Compiled by Melanie Bender