New Controls Needed to Improve Privacy

WASHINGTON, D.C.– As the speed of technological innovation has continued to increase in recent years, it has completely outpaced the ability of companies, consumers and regulators to keep up with the ways in which those changes affect online privacy, experts say, and in order to make real improvements in the way that sensitive data is handled, all of the concerned parties will need to change the way they think about privacy.

NSA Director Says U.S. Has a Duty to Secure the Internet

WASHINGTON, D.C.–The United States has a responsibility to take a leadership role in securing the Internet against both internal and external attackers, a duty that the federal government takes very seriously, the country’s top military cybersecurity official said Tuesday. However, Gen. Keith Alexander, director of the National Security Agency and commander of the U.S. Cyber Command, provided virtually nothing in the way of details of how the government intends to accomplish this rather daunting task.

Mariposa Operators Did Not Use Cookie Stuffing

According to the researcher who helped take down
Mariposa, the operators who purchased the bot software from the
man known as “Iserdo” and then built Mariposa, for some
reason didn’t opt for the feature, which he offered for 200 euros, even
though it would have increased their potential profits. Read the full article. [Dark Reading]

The new bill requires that
the company include the type of personal information exposed in the
breach; the date or estimated date of the breach; a general description
of the incident itself; and toll-free numbers and addresses for credit
reporting agencies if the breach included social security numbers,
driver’s licenses, or California ID cards. Read the full article. [Dark Reading]

Three years after the United Nations’ website
was defaced by activist hackers using a SQL injection attack, the site
still contains multiple instances of these vulnerabilities. Read the full article. [Dark Reading]

HED: Security and data integration projects top list of top .GOV IT projectsDEK: Stovepipe busting and data sharing are common themes as Uncle Sam details the top IT projects. The White House’s Office of Management and Budget (OMB) on Monday released its list of the top 26 government IT projects, as part of an Obama Administration effort to reform the way the Federal Government manages IT projects, with a focus on bursting silos that prevent agencies and personnel from sharing valuable data. The top projects, totalling $29.3 billion, stretch across almost all the major government departments, many seeking to tie together disparate government agencies or stovepiped stores of government information. IT and Homeland security projects figure prominently on the list, as well, including efforts to revive now notorious boondoggles like the FBI’s Sentinel data project, and a $473 million request for a Homeland Security Information Network (HSIN) project. The announcement on Monday was part of a larger Obama Administration effort to improve the efficacy of government-funded IT projects, with a goal of faster implementations and fewer cost overruns for a federal bureaucracy that is infamous for allowing IT projects run amok. In a memo dated July 28, Federal CIO Vivek Kundra said that each agency would be asked to identify high-risk IT projects, create a risk profile for them and develop improvement plans for the projects. The projects and improvement plans will ultimately be reviewed by Kundra in so-called “TechStat Accountability Sessions” in the fourth quarter, 2010. The outcome of those sessions will determine budget requests for FY 2012 and on further allocations in FY 2011, according to an OMB memo. Physical and IT security related projects are top priorities, ranging from the Department of Interior’s $122.8 million request for IMARS – the Incident Management Analysis and Reporting System to allow data sharing and analysis, to the FBI’s $3.4 billion frequest for a Next Generation Identification (NGI), an effort to improve the FBI’s automated fingerprint identification system to reduce print match times from hours to minutes for criminal checks. But the list also breathes new life into some moribund government IT projects, notably: the FBI’s Sentinel Web based case management project – now estimated to cost Uncle Sam more than $550 million. Sentinel, originally awarded to Defense giant Lockheed Martin, is described as a “Web-based case management system” for the FBI to manage both case information and other, non-case related data using elements of both document management and search to improve disjointed and outdated investigation tools at the FBI. The project has already consumed some $375 million since its inception in 2004 and is projected to cost more than $550 million by the time it is completed in 2016. In recent months, the FBI announced that it would delay the Sentinel Project and try to shift work on the project to internal IT staff rather than Lockheed Martin contractors. A  critical report from the Justice Department’s Inspector General noted that the project was apparently without a clear focus or completion date, despite four years and more than $300 million in taxpayer dollars spent. Estimates at that time put the total cost of the project at $450 million and the completion date in 2011, but the latest report from OMB ups the pricetag  by another $100 million, while pushing the completion date out a full five years. That doesn’t bode well for the Obama Administration’s efforts to reign in the cost of IT projects, said David Williams of the non-profit group Citizens Against Government Waste. “What happens is that contracting companies look at government contracts as cash cows, and there’s no history of putting contractors feet to the fire,” he said. Williams said that having a list of priorities is a fine idea – but won’t bring about much change without more accountability. “Its important to prioritize, but its also important to have links to results,” Williams said. Williams said that the U.S. government would do well to harness the energies of the private sector to get important IT projects completed – following the model of NASA with its X prize. “Instead of doing it in house, just say ‘here’s what we want to accomplish. Come up with the design, and we’ll award you the contract.'” The private sector has already proven much more adept at designing inexpensive and user friendly equivalents of many of the most notorious IT boondoggles on the federal government’s roster, said Williams. That could include the Sentinel case management system, or the Department of Transportation’s En Route Automation Modernization (ERAM) program to replace aged air traffic control systems used by the FAA — a 10 year old project that has already cost $2 billion and is now estimated to require another 10 years and $1 billion to complete. “The frustruation is that we live in such a fast paced, technological world,” said Williams “We need to bring technology into this and unleash the private sector.”The White House’s Office of Management and Budget (OMB) on Monday released its list of the top 26 government IT projects, as part of an Obama Administration effort to reform the way the Federal Government manages IT projects, with a focus on bursting silos that prevent agencies and personnel from sharing valuable data. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.