Recommended reading

Wiser year-end spending
Source: Harvard and Stanford universities

It’s hard not to notice the rush of spending that occurs at the end of the government’s fiscal year, when managers try to use what’s left of their budgets so they don’t lose those funds. But is that money well spent?

Federal spending on IT projects in the last week of the fiscal year — the last week of September — is seven times higher than the weekly average for the rest of the year, according to a report by Jeffrey Liebman and Neale Mahoney, economists at Harvard and Stanford universities, respectively. That spike is a persistent feature across agencies and over time.

The researchers also saw a sharp drop-off in the quality of investments and the performance of projects that received lavish year-end spending. Significantly, neither trend was as prominent at the Justice Department, which has obtained special authority to roll unused funds into the next fiscal year’s budget.

Although the authors said it was difficult to draw firm policy conclusions from the research, they did offer some ideas, including switching to a two-year budget cycle and applying increased scrutiny to year-end spending.

Malware: It’s not just for techies anymore
Source: Network World

Bill Snyder at Network World notes that 25 years ago, two brothers from Lahore, Pakistan, introduced the first malware that could infect a DOS-based PC. They said they did it to protect their medical software from piracy.

Times certainly have changed. “No longer just a way to make a political point or demonstrate one's technical prowess, malware has become a useful tool in the bag of tricks bad guys use to steal from consumers and institutions alike,” Snyder writes.

And he points to a particularly disturbing trend: “the production and online sale of ‘kits’ that allow relatively unskilled hackers to create and launch malware attacks.”

Such kits usually contain prewritten malicious code and all the necessary tools for customizing and launching an attack, which means even unskilled hackers can launch damaging attacks by the thousands. Some of the higher-end kits “offer online support and subscription services, so customers can get updated versions of the malware,” Snyder writes.

But he does offer some sound advice:  “Be sure you're running reputable defense programs, and keep them updated. And since many of the kits rely on ‘poisoned’ Web sites, make certain that if your malware detector questions the authenticity of a site, you pay attention and get out of there without clicking on anything.”

The true nature of global cyber risks
Source: PCWorld

Why haven’t terrorists launched a cyberattack? Because the effort isn’t worth the rather limited, short-term disruption — a view confirmed by a new report titled “Reducing Systemic Cybersecurity Risk” by the Organization for Economic Cooperation and Development. The report’s authors say even the risk of cyber war among major players has been exaggerated.

But that doesn’t mean the Web infrastructure we’ve all come to rely on is safe from catastrophic failure. According to the report, “things could get a little sticky should a natural disaster happen at the same time as a cyber-related event,” writes Keir Thomas at PCWorld. “For example, coordinating ground troops after an earthquake might be made difficult if the satellite network is brought down via a virus.”

Furthermore, he notes that the report expresses concerns about the move toward cloud computing. “If the Internet is taken down, the cloud dies,” Thomas writes.

In short, “despite its calm reassurances, the report might cause a shiver down the spine of anybody who realizes how much we've come to rely on Web infrastructure,” Thomas writes.