Lockheed Martin

Avoid The Attack Attribution Distraction

Plenty has been written this month about attack attribution, but, really, if your network is under siege, how often does the “who” matter as much as the “how,” “what,” and “where”? It seems that knowing who the actor is behind a network intrusion matters little to a bank, restaurant or retail chain. You just want them off your gear, and you want your stuff put back where it belongs.

Threats From Third Party Vendors Demand Vigilance

by B.K. DeLongWikileaks’ decision this week to post the first of five million emails from Texas-based strategic intelligence firm Stratfor shone a spotlight on what experts say is a serious and growing problem: lax data, network and physical security at third party vendors and service providers.  But organizations that think they can wash their hands of the security mess caused by business partners and contractors may be in for a rude awakening.

Adobe said a previously undisclosed vulnerability in its Reader and Acrobat applications was passed along by defense contractor Lockheed Martin, raising the specter of a targeted attack on the important military supplier.

RSA acknowledged on Monday that a hack at Lockheed Martin was tied to the theft of information on its SecurID tokens. The company offered to replace the tokens for customers, but experts wonder whether RSA should go further and recall SecurID tokens from the market.

Executives at U.S. defense contractor L-3 Communications warned employees in April about an attempt by unknown assailants to compromise the company’s network using forged SECURID tokens from RSA. The report, if accurate would be the second attack on a leading defense contractor with links back to a high-profile hack at RSA Security, the security division of EMC Corp. in March.

A new report suggests that lawmakers, policy wonks and
corporations are sensationalizing the risk of cyber attacks far beyond the
actual threat. The inflation of cyber security threat, like the inflation of the threat of Communism during the Cold War, or terrorist acts in the wake of the 9/11 attacks, could lead to laws
that curtail individual freedoms and regulate the Internet in
unnecessary ways, the report concludes.

HED: Security and data integration projects top list of top .GOV IT projectsDEK: Stovepipe busting and data sharing are common themes as Uncle Sam details the top IT projects. The White House’s Office of Management and Budget (OMB) on Monday released its list of the top 26 government IT projects, as part of an Obama Administration effort to reform the way the Federal Government manages IT projects, with a focus on bursting silos that prevent agencies and personnel from sharing valuable data. The top projects, totalling $29.3 billion, stretch across almost all the major government departments, many seeking to tie together disparate government agencies or stovepiped stores of government information. IT and Homeland security projects figure prominently on the list, as well, including efforts to revive now notorious boondoggles like the FBI’s Sentinel data project, and a $473 million request for a Homeland Security Information Network (HSIN) project. The announcement on Monday was part of a larger Obama Administration effort to improve the efficacy of government-funded IT projects, with a goal of faster implementations and fewer cost overruns for a federal bureaucracy that is infamous for allowing IT projects run amok. In a memo dated July 28, Federal CIO Vivek Kundra said that each agency would be asked to identify high-risk IT projects, create a risk profile for them and develop improvement plans for the projects. The projects and improvement plans will ultimately be reviewed by Kundra in so-called “TechStat Accountability Sessions” in the fourth quarter, 2010. The outcome of those sessions will determine budget requests for FY 2012 and on further allocations in FY 2011, according to an OMB memo. Physical and IT security related projects are top priorities, ranging from the Department of Interior’s $122.8 million request for IMARS – the Incident Management Analysis and Reporting System to allow data sharing and analysis, to the FBI’s $3.4 billion frequest for a Next Generation Identification (NGI), an effort to improve the FBI’s automated fingerprint identification system to reduce print match times from hours to minutes for criminal checks. But the list also breathes new life into some moribund government IT projects, notably: the FBI’s Sentinel Web based case management project – now estimated to cost Uncle Sam more than $550 million. Sentinel, originally awarded to Defense giant Lockheed Martin, is described as a “Web-based case management system” for the FBI to manage both case information and other, non-case related data using elements of both document management and search to improve disjointed and outdated investigation tools at the FBI. The project has already consumed some $375 million since its inception in 2004 and is projected to cost more than $550 million by the time it is completed in 2016. In recent months, the FBI announced that it would delay the Sentinel Project and try to shift work on the project to internal IT staff rather than Lockheed Martin contractors. A  critical report from the Justice Department’s Inspector General noted that the project was apparently without a clear focus or completion date, despite four years and more than $300 million in taxpayer dollars spent. Estimates at that time put the total cost of the project at $450 million and the completion date in 2011, but the latest report from OMB ups the pricetag  by another $100 million, while pushing the completion date out a full five years. That doesn’t bode well for the Obama Administration’s efforts to reign in the cost of IT projects, said David Williams of the non-profit group Citizens Against Government Waste. “What happens is that contracting companies look at government contracts as cash cows, and there’s no history of putting contractors feet to the fire,” he said. Williams said that having a list of priorities is a fine idea – but won’t bring about much change without more accountability. “Its important to prioritize, but its also important to have links to results,” Williams said. Williams said that the U.S. government would do well to harness the energies of the private sector to get important IT projects completed – following the model of NASA with its X prize. “Instead of doing it in house, just say ‘here’s what we want to accomplish. Come up with the design, and we’ll award you the contract.'” The private sector has already proven much more adept at designing inexpensive and user friendly equivalents of many of the most notorious IT boondoggles on the federal government’s roster, said Williams. That could include the Sentinel case management system, or the Department of Transportation’s En Route Automation Modernization (ERAM) program to replace aged air traffic control systems used by the FAA — a 10 year old project that has already cost $2 billion and is now estimated to require another 10 years and $1 billion to complete. “The frustruation is that we live in such a fast paced, technological world,” said Williams “We need to bring technology into this and unleash the private sector.”The White House’s Office of Management and Budget (OMB) on Monday released its list of the top 26 government IT projects, as part of an Obama Administration effort to reform the way the Federal Government manages IT projects, with a focus on bursting silos that prevent agencies and personnel from sharing valuable data. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.