PortfolioStat savings slip, SCADA attacks soar, Army mulls civilian cyber and more

PortfolioStat estimates off target

In 2014, federal agencies decreased their planned PortfolioStat savings by over half from what they reported in 2013, with the Defense Department missing by billions, according to a new Government Accountability Office study released April 16.

GAO said at least 68 percent of agencies backed off their savings estimates.

While agencies initially planned to save at least $5.8 billion between fiscal years 2013 and 2015, the GAO said, estimates were reduced to about $2 billion. The DoD and the Department of Homeland Security accounted for most of the difference. DoD reported it planned $3.2 billion in savings in 2013, but only $560.5 million in revised savings in 2014, a gap of $2.6 billion.

Despite the downward revisions, GAO said savings from federally mandated data center consolidations could improve the picture a little.

Even though the Office of Management and Budget made its data center consolidation initiative part of PortfolioStat in 2013, GAO said agencies have not consistently included planned savings from the initiative in their PortfolioStat reporting. As a result, the total amount agencies expect to save through fiscal year 2015 is understated, according to GAO.

Deyo confirmed as undersecretary for management at DHS

The Senate confirmed Russell Deyo as undersecretary for management at the Department of Homeland Security on April 16, by a vote of 95-2.

The Senate Homeland Security and Governmental Affairs Committee had approved Deyo’s nomination in November, during the 113th Congress, but the nomination did not get a vote on the Senate floor. The committee approved his nomination again March 4, 2015.

“Given the challenges associated with fusing 22 separate agencies into one cohesive department, the undersecretary for management at the Department of Homeland Security is an enormously important position,” the panel’s ranking Democrat, Tom Carper of Delaware, said in a statement.

Army mulls a cyber career field for civilians

As part of its attempt to attract cyber operators and keep them around long enough to become appropriately skilled, the Army is considering whether to create a cyber career field for civilians similar to the cyber branch it created last year for uniformed personnel, Defense Systems reports.

Lt. Gen. Edward Cardon, commander of the Army Cyber Command, told a Senate subcommittee that, while efforts to increase the size of the uniformed cyber force were going well, recruiting and retaining civilians remains "challenging." He blamed government pay scales and feds' "comparatively slow hiring process."

SCADA attacks soar, says Dell

Attacks on Internet-facing industrial control systems in the U.S. and Europe doubled between 2013 and 2014, according to a new security report released by Dell.

Attacks on supervisory control and data acquisition (SCADA) systems tend to be centered on infrastructure companies in the United States, the United Kingdom and Finland, said the study. In 2014, there were 202,322 SCADA attacks in Finland, 69,656 in the UK, and 51,258 in the United States.

SCADA systems are more common in those countries and more likely to be connected to the Internet.

The company said from the 91,676 worldwide SCADA attacks reported in January 2012, the number jumped to 163,228 in January 2013, and 675,186 in January 2014.

Attacks against SCADA systems tend to be political in nature, said Dell, targeting operational capabilities within power plants, factories and refineries. The study noted that a nagging lack of information-sharing among infrastructure SCADA-using companies is contributing to the increase.

IBM to share cyber data via cloud

IBM is making its library of cyber-threat data available to other firms and security researchers via a cloud-enabled platform, the computing giant announced April 16.

The platform, which has about 700 terabytes of raw data and counting, will share IBM and third-party threat data, including on live cyberattacks, the firm said.

The "IBM X-Force Exchange" platform "will foster collaboration on a scale necessary to counter the rapidly rising and sophisticated threats that companies are facing from cybercriminals," Brendan Hannigan, general manager for IBM Security, said in a statement.