By
Robert Brodsky
//
October 29, 2010
For the past two years, the House Oversight and Government Reform Committee has receded into the background of American politics, garnering no national headlines for hosting the types of blockbuster hearings the panel became known for during the George W. Bush and Clinton administrations. The committee's diminished visibility is far from surprising -- it's a condition common when the panel is chaired by a member from the president's party.
But that all could change on Tuesday. If the GOP wins back control of the House, as most pollsters predict, many expect the Oversight Committee to become one of Congress' most critical bodies -- ground zero for an inevitable battle between Republicans and the Obama administration.
Assuming Republicans win the necessary 39 House seats, the committee will be chaired by Rep. Darrell Issa, a California Republican who has taken delight in tormenting the White House with investigations large and small. Nicknamed the "Annoyer in Chief" by The New York Times -- a title Issa wears as a badge of honor -- the five-term congressman has vowed to bring a "renewed spirit of action and reform" to the committee and to hold the administration accountable.
"How confrontational things become really depends on how ...
By
Dawn Lim
//
October 29, 2010
When hackers convene at their annual conferences, they play a game called Spot the Fed. The rules are simple. If you think you see a federal employee walking the halls, point the person out to your colleagues around you. This might, or might not, trigger a storm of controversy or some nervous laughter. If your fed radar proves keen enough, you win a free shirt that reads, "I spotted the fed!" The person identified gets an "I am the fed!" shirt.
The tradition started in the 1990s, when the purpose was to duck from snooping law enforcement officials and avoid being detained. Today, hackers play the game mostly as a gag, a parody of their cat-and-mouse relationship with the buttoned-down establishment that used to haunt them at get-togethers like Black Hat, a weeklong gathering of phone phreaks, ham operators and hackers before it became professionalized, and DEF CON, a computer underground confab that is the more radical and freewheeling cousin of Black Hat.
And how has it changed for the feds? They aren't crashing the parties to infiltrate the hacker population anymore, at least most aren't. They're at these meetings to do some, pardon the pun, networking ...
By
Chris Strohm
//
October 27, 2010
Republican congressional aides and a top ACLU lawyer agreed Tuesday that the Obama administration needs to send Congress its views on pending cybersecurity legislation and whether it needs new authorities to monitor and defend Internet networks.
The White House has largely sat on the sidelines as lawmakers and key congressional committees wrangle over competing cybersecurity bills.
"The timing now is important for the administration to offer a proposal," Louis Tucker, minority staff director for the Senate Intelligence Committee, said during a forum hosted by the Heritage Foundation. "We need that to happen. It would help our bosses and everybody in Congress to come together."
Michelle Richardson, legislative counsel for the ACLU's Washington office, agreed. She said Congress should not grant the administration any new authorities to monitor and defend critical networks until the administration explains its current cybersecurity authorities and what it wants from Congress.
Richardson added that the administration should also explain how privacy rights and civil liberties of U.S. citizens would be protected under any new authorities.
Although the administration has not weighed in on the competing legislation in Congress, it has asked for authority to expand its ability to conduct electronic surveillance on new communications ...
By
Emily Long
//
October 21, 2010
A strong cybersecurity workforce is critical to protecting government computer networks from attack, according to cyber experts.
During a Thursday panel discussion hosted by the consultancy Deloitte, federal officials and security analysts said building a multidisciplinary, highly skilled workforce is at least as important as developing information technology tools to combat cybersecurity threats. The federal government needs employees trained in multiple career fields to address technology and policy concerns, they said.
"If you have the right people, technology processes and other things don't matter that much," said Philip Reitinger, deputy undersecretary of the National Protection and Programs Directorate at the Homeland Security Department. "If you don't, technology processes and other things don't matter that much. It's really about the people."
Panelists agreed cybersecurity is not simply an IT concern. Cyber threats present legal, policy, strategic and technical questions, along with challenges in education, standards, intellectual property and law enforcement, said Jacob Olcott, counsel for the Senate Commerce, Science and Transportation Committee. It is an important initiative for both right brains and left brains, he added.
"We need to build that end-to-end ecosystem ... that gets people excited about being a geek, that leads them to mathematical and ...
By
Aliya Sternstein
//
October 20, 2010
Insufficient collaboration among federal agencies and differing domestic and foreign cyberspace policies are stymieing U.S. efforts to cut off financial support for terrorist groups, says one computer forensics expert who started his career at the World Trade Center in New York.
Tracking terrorist money involves analyzing credit card transactions, online payments, e-mails and other digital communications to understand a target's day-to-day spending habits, according to FBI officials. The data can reveal travel patterns and financial accounts of other associates that could confirm a suspect's affiliation with an al Qaeda cell, for example.
But following the money trail and finding links among conspirators requires a great deal of concern for balancing national security and individual online privacy.
More than a year after President Obama initiated an overhaul of the government's cyber policy framework, cooperation in that area is still lacking domestically and internationally, said Darren Hayes, computer information systems program chairman at Pace University. He began working in computer forensics in 1990 with financial services firm Cantor Fitzgerald, whose offices at the World Trade Center were destroyed in the Sept. 11, 2001, terrorist attacks.
Hayes pointed to an Oct. 13 agreement between the Defense and Homeland Security ...
By
Chris Strohm
//
October 20, 2010
A senior Pentagon official Wednesday downplayed the need to define clear lines of authority for federal agencies involved in combating cybersecurity threats, saying the emphasis has shifted toward having agencies work more closely together.
The Obama administration has ramped up efforts aimed at getting agencies to better coordinate their cybersecurity activities, even though questions persist over each agency's role and responsibilities and what authority they should have to defend computer and other information technology networks.
"People get focused on the authorities. In spite of the authorities, we've got problems," said Robert Butler, who left Computer Sciences Corp. last year to become the deputy assistant Defense secretary in charge of cyber policy.
During a breakfast with reporters, Butler said the administration has been shifting its focus toward determining what it wants agencies to accomplish, rather than first defining the lines of authority.
Just last week, for example, the Defense and Homeland Security departments announced an agreement under which they will share resources and colocate personnel at the secretive National Security Agency.
The agreement "was another step on our journey to a partnership with DHS," Butler said, adding that it "sets up an opportunity for DHS to take advantage of ...
Today, we're pleased to debut a new feature on Nextgov: Expert Dialogues.
Expert Dialogues is your chance to engage in conversations with leading practitioners and observers on key issues surrounding the government's use and implementation of information technology. In each dialogue, we take your questions for a week, forward them to an expert, then publish the responses. All the while, you can continue the conversation in our discussion forums.
For our first dialogue, we've selected the burning issue of cybersecurity in the federal sphere. Staying ahead of the rapidly evolving threats to information systems is a critical imperative not only for managers of those systems, but for all federal employees. Everyone has a role to play in ensuring the security of data.
Our expert is Adam Ross, managing editor at the SANS Institute, an information security training and research firm. He covers a wide range of cybersecurity issues for Nextgov's Cybersecurity Report.
This is your chance to ask Adam about everything from emerging developments in cybersecurity to tips on keeping your data secure. Enter your questions during the week of Oct. 18-22, then come back on Nov. 1 to see his responses.
Join the Dialogue: The ...
By
Brian Kalish
//
October 15, 2010
The government, individual users and the private sector all play critical roles in protecting the nation against cyber threats, a senior White House official said Friday.
Speaking to a group of high school students at a cybsersecurity education workshop sponsored by Northrop Grumman Corp. in Arlington, Va., Howard Schmidt, special assistant to the president for cybersecurity, said while government plays a vital role in securing networks, it tends to thwart innovation and "the last thing we want to do is slow that down," he said.
The private sector and users must take responsibility for their actions, according to Schmidt. For example, individuals who use social networking have an obligation to think through the ramifications of putting information online. "We as users have to make sure we're doing what we can to protect each other," he said.
October is Cybersecurity Awareness Month, which signifies "more than just making people [know] there's worms, viruses [and] Trojans out there," said Schmidt, referring to malware that allows unauthorized users access to infected computers. "It also gives us an opportunity to remind all of us that we have a shared responsibility."
The motto of Cybersecurity Awareness Month, "Stop. Think. Connect.", is more than ...
By
Tom Davis
and
JR Reagan
//
October 14, 2010
With the passage of economic stimulus legislation, health care reform and financial regulatory reform, the 111th Congress likely will be remembered as one of the most legislatively active periods in our nation's history. As we enter the endgame of this legislative session, there are still a number of proposals that stand the possibility of becoming law before adjournment. One such effort is the potential expansion of the federal role in cybersecurity. Given the importance of information technology to our economy, it is vital important to see this effort through.
A critical component of the cyber debate focuses on the procedures that federal agencies use to keep information safe -- a task that since 2002 has been governed by the Federal Information Security Management Act. Among various proposals introduced during this Congress, FISMA reform has been a recurring theme. The main criticism of FISMA is that over the years it has evolved into a paperwork drill, emphasizing compliance over an agency's real security. There is little doubt that the implementation of FISMA, in some cases, could have been off the mark. But the intent was not to have FISMA compliance and information security become two separate exercises. As Congress debates ...
NATO faces serious new cybersecurity threats, according to the U.S. Secretary of Defense Robert Gates, and the alliance should invest in new programs to "remedy these weaknesses."
Read more.
