Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Oversight Committee Announces FITARA Scorecard

“Members of the House Oversight and Government Reform Committee released a scorecard assigning letter grades to federal agencies on their implementation of the bipartisan Federal Information Technology Acquisition Reform Act (FITARA), enacted in December 2014. Full Committee Chairman Jason Chaffetz (R-UT), IT Subcommittee Chairman Will Hurd (R-TX) and Ranking Member Robin Kelly (D-IL), and Government Operations Subcommittee Chairman Mark Meadows (R-NC) and Ranking Member Gerry Connolly (D-VA), who co-authored FITARA, released the following statement on the scorecard: “For decades the federal government has operated with poorly managed and outdated IT infrastructure. The Federal Government continues to spend billions of dollars on failed and poorly performing IT investments while ineffective management and oversight of IT portfolios has resulted in duplication and waste.  Federal agencies must act now. FITARA empowers agency CIO’s with specific authorities that enhance their role and responsibility for the management of IT. FITARA provides a set of tools and guidelines, that when implemented properly, allows agencies to better manage and secure IT systems and acquisitions. Legislation is only as good as its implementation. Congress will continue to oversee this process until quality IT management structures and processes are in place and wasteful spending is put to an end.”

How it works:
To oversee and measure the implementation of FITARA, letter grades were assigned to each agency based on self-reported data. The Committee is grading agency implementation of four key areas of FITARA:

• Data Center Consolidation
• IT Portfolio Review Savings
• Incremental Development
• Risk Assessment Transparency

A comprehensive list of the letter grades can be viewed here.

For more information on the scorecard process, click here.

Dept. of Interior OIG Memo Cites Recurring Network Cyberattacks

Inspector General’s Statement Summarizing the Major Management and Performance Challenges Facing the U.S. Department of the Interior Report No. 2015-ER-068. November 9, 2015. “External threats to Federal information systems are persistent and increasing, and the risk for real damage is high. Because of the large size of its networks, and because those networks contain sensitiveContinue Reading

Stakeholders in Reform of Global System for Mutual Legal Assistance

Swire, Peter and Hemmings, Justin, Stakeholders in Reform of the Global System for Mutual Legal Assistance (November 8, 2015). Georgia Tech Scheller College of Business Research Paper No. 32. Available for download at SSRN: “This essay contributes to the Privacy Project’s volume on Systematic Government Access to Private Sector Data, and also is partContinue Reading

Founders did not predict ubiquity and dangers of current internet

A flaw in the design – The Internet’s founders saw its promise but didn’t foresee users attacking one another “..Decades later, after hundreds of billions of dollars spent on computer security, the threat posed by the Internet seems to grow worse each year. Where hackers once attacked only computers, the penchant for destruction has nowContinue Reading

OMB – Federal Information Security Modernization Act Audit FY 2015

“In FY 2015 OPM was the victim of a massive data breach that involved the theft of sensitive personal information of millions of individuals. For many years we have reported critical weaknesses in OPM’s ability to manage its information technology (IT) environment, and warned that the agency was as an increased risk of a dataContinue Reading

GAO Reports – Medicare Part B, Government Cybersecurity, Federal Real Property, Climate Change, Bulk Fuel Pricing

Medicare Part B: Expenditures for New Drugs Concentrated among a Few Drugs, and Most Were Costly for Beneficiaries, GAO-16-12: Published: Oct 23, 2015. Publicly Released: Nov 20, 2015. Critical Infrastructure Protection: Sector-Specific Agencies Need to Better Measure Cybersecurity Progress, GAO-16-79: Published: Nov 19, 2015. Publicly Released: Nov 19, 2015. Federal Real Property: Additional Authorities andContinue Reading

GAO Reports – Critical Infrastructure Protection, Federal Real Property, Climate Change, Fuel Pricing

Critical Infrastructure Protection: Sector-Specific Agencies Need to Better Measure Cybersecurity Progress, GAO-16-79: Published: Nov 19, 2015. Publicly Released: Nov 19, 2015. Federal Real Property: Additional Authorities and Accountability Would Enhance the Implementation of the Federal Buildings Personnel Training Act of 2010, GAO-16-39: Published: Oct 20, 2015. Publicly Released: Nov 19, 2015. Highlights of a Forum:Continue Reading

GAO Report on IRS Financial Audit

Financial Audit: IRS’s Fiscal Years 2015 and 2014 Financial Statements, GAO-16-146: Published: Nov 12, 2015. Publicly Released: Nov 12, 2015. “In GAO’s opinion, the Internal Revenue Service’s (IRS) fiscal years 2015 and 2014 financial statements are fairly presented in all material respects. However, in GAO’s opinion, IRS did not maintain effective internal control over financialContinue Reading

OPM IG Memo – Fiscal Year 2015 Top Challenges

Fiscal Year 2015 Top Management Challenges – “The Reports Consolidation Act of 2000 requires the Inspector General to identify and report annually the top management challenges facing the agency. In meeting this requirement, we have classified the challenges in to two key types of issues facing the U.S. Office of Personnel Management (OPM) – environmentalContinue Reading

Emerging Cyber Threats Report 2016 – Impact of The Internet of Things

Georgia Institute of Technology Cybersecurity Summit 2015– “The intersection of the physical and digital world continued to deepen in 2015. The adoption of network- connected devices and sensors — the Internet of Things — accelerated and was expected to reach nearly 5 billion devices by the end of the year. The collection and analysis ofContinue Reading

Pew – Apps Permissions in Google Play Store

“Analysis of over 1 million apps in Google’s Android operating system in 2014 shows apps can seek 235 different kinds of permissions from smartphone users. The average app asks for five permissions.” “The findings in this study pertain specifically to apps running on the Android operating system. Pew Research Center examined the Android platform becauseContinue Reading

FFIEC Releases Statement on Cyber Attacks Involving Extortion

“The Federal Financial Institutions Examination Council (FFIEC) members today issued a statement alerting financial institutions to the increasing frequency and severity of cyber attacks involving extortion. The statement describes steps financial institutions should take to respond to these attacks and highlights resources institutions can use to mitigate the risks posed by such attacks. Cyber attacksContinue Reading