Cyber complacency, the Pentagon-COTS conundrum, an SES survey and more

Army cyber official warns against complacency

There is a "lack of perceived individual responsibility for network and data security" in parts of the Army that could lead to cyber vulnerabilities, warned Col. Greg Conti, director of the Army Cyber Institute.

"At some level, I think there is this notion that 'if it works, it must be ok' that exists throughout the Army with regards to [Defense Department] computer use," Conti wrote in a blog post for the Army CIO's website. "For example, at work, if I want to charge my smartphone and I plug it in via USB cable and it begins to charge, I assume I have not violated any policy or placed the network and Army at risk. This is a dangerous mindset and one predicated by insufficient information security awareness…"

This mindset is exacerbated, according to Conti, by a lack of incident reports to users that drive home the need for Army personnel to take responsibility for computer security at work and at home.

The Army Cyber Institute is the service's research and educational arm for cyber personnel.

House panel examines Pentagon-COTS divide

In an Oct. 27 House Armed Services Committee hearing, Massachusetts Democrat Seth Moulton picked up on a recurring theme in acquisition policy discussions: the tension between cutting-edge commercial products and Defense Department security requirements.

"There seems to be a conflict between the desire to get more commercial off-the-shelf technology and the mil standard requirements that this technology then has to meet," said Mouton, a veteran of the Iraq War. " I think about how much more effective I would have been as an infantry officer on the battlefield if I could have used an iPhone."

Asked for ideas on getting more firms to do business with the Pentagon, Joe Pasqua, an IT executive and member of the nonprofit Business Executives for National Security, suggested outside firms could work with larger integrators to break into the DOD market.

Nonetheless, Pasqua said, when Silicon Valley innovators look at doing business with Pentagon, they still see a lot of red tape. "They look at what it would take to learn" defense acquisition rules, he said, "and unless they are making a technology that's specifically suited for that area, they're just not going to do it."

NTSB wants more data on tires

The National Transportation Safety Board wants a national computerized system to keep track of automobile tires to help prevent tens of thousands of crashes.

At an Oct. 27 public meeting, NTSB officials said the current tire registration method based on paperwork or outdated electronic systems at dealers is chaotic, ineffective and can't gather even basic data like tire purchaser's names accurately. It said 539 people died in tire-related crashes in passenger vehicles every year, in about 33,000 tire-related crashes.

The NTSB said a new computerized system at the point of sale to capture, store and upload tire registration information would speed up the tire registration process, reduce transcription errors and encourage more dealers to register tires.

The system, it said, would be based on voluntary standards, in consultation with tire industry leaders, for a computerized method of capturing, storing and uploading tire registration information at the point of sale.

Survey: Government faces challenges finding senior execs

It's becoming increasingly difficult to recruit the best and the brightest for senior executive government positions, according to a survey by the Senior Executives Association released Oct. 28.

Current career senior managers and professionals are concerned about their agencies' ability to fill these top government positions with qualified candidates. They say several factors are at play, including insufficient pay, workforce politicization, Congress's attitude towards senior government execs, concerns about work/family balance and an often-complicated application process.

Of the approximately 500 SES members and Senior Professionals surveyed in August who have recent experience in recruiting for these positions, over three quarters said they are concerned to a great or moderate extent about the ability of agencies to fill these jobs with the best possible candidates.

Most of those surveyed said it's somewhat difficult (43.6 percent) or very difficult (23.9 percent) to attract high quality candidates. This poses a problem, as 60 percent of the government executives surveyed said they plan to retire or resign with the next five years.

The SEA recommended the Office of Personnel Management highlight the positives of these roles and urged Congress to provide senior executives with the resources to do their jobs effectively. The group also recommended that OPM simplify the application process while maintaining safeguards against politicization.

Security researchers get a pass to crack auto operating systems

Researchers tinkering with automotive software in the name of research need not worry about breaking copyright law, according to a set of exemptions issued by the Library of Congress on Oct. 27.

The exemption was one of a few dozen outlined in an 81-page document handed down by the Copyright Office as part of its triennial review of the Digital Millennium Copyright Act's hotly debated 1201 provision. The provision protects corporate copyrighted material and bars people from circumventing digital rights management technologies. It was originally aimed to discourage the distribution of pirated content.

The ruling comes at a time when Congress is probing possible action about automotive software vulnerabilities. The exemptions will not go into effect for another year, and researchers are still bound by other laws that might apply, such as the Computer Fraud and Abuse Act and other federal regulations.