Cyber attack written newspaper

The Tech Loop: What The FREAK?

The Tech Loop is a weekly compilation of the latest happenings in government technology gathered from around the web. This week’s topics include cloud, GIS, gov IT market, and cybersecurity.

Cloud

I can see China from my cloud. Last week, the House Armed Services committee held a hearing on the DoD’s IT investments, worried that security protocol wasn’t up to snuff. Rep. Jim Cooper was particularly anxious. The gentleman from Tennessee wanted to ensure that “cloud”didn’t really stand for “Chinese Love Our Uploaded Data.” Very creative, sir, but it’s OK to trust the cloud. After all, the CIA’s private cloud with Amazon Web Services is nearing completion – and I doubt they intend to cc: China on their top secret docs. If there are any more cloud questions, Congress can take a field trip to the University of Texas at San Antonio, where they just launched the Open Cloud Institute.

GIS

Stop looking at your phone! Or maybe don’t. As I’ve written before, GIS and the technology within your smart phone can make you a citizen sensor and help improve your community. Esri is all about this engagement, and puts spatial analytics at your command. Beyond community engagement, the power of GIS is facilitating resilient and smart communities.

Gov IT Market

Enter Gordon Tech-o. There has been a lot of moving and shaking in the IT market. Hewlett-Packard acquired Aruba Network Inc., a maker of wireless-network infrastructure to bolster its networking business. This is largest acquisition in several years for HP. Arrow Electronics made a big play to expand its reach in the public IT market by acquiring immixGroup Inc. At the same time, Computer Sciences Corp. (CSC), recently rumored to split, acquired Autonomic Resources – small financially, but valuable in that they were the first to complete FedRAMP more than two years ago. And Chinese online shopping giant, Alibaba is competing on Amazon’s home turf with its new cloud-computing arm, Aliyun, recently opening a data center in Silicon Valley.

Cybersecurity

What the FREAK? Researchers recently discovered a major vulnerability that they’ve dubbed “FREAK,” for “Factoring attack on RSA-EXPORT Keys” (I’m not sold on the acronym). “Technology companies are scrambling to fix a major security flaw that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of supposedly secure Web sites, including Whitehouse.gov, NSA.gov and FBI.gov,” reported the Washington Post, who first broke the story. This flaw apparently resulted form a former U.S. government policy in the 1990s that “prohibited the export of strong encryption, instead requiring companies to provide only weaker ‘export-grade’ encryption in foreign countries,” wrote the Daily Dot. The restrictions were eventually lifted but the weaker encryption is now widely used in international software environments, and as has compromised American consumers as that software has migrated back to the U.S. In the immortal words of J.T., “What goes around comes back around.”

Such a performance definitely wouldn’t bode well on a report card. The White House released its yearly assessment of agency compliance with the gov-wide cyber law known as Federal Information Security Management Act (FISMA), and the results were equally mediocre. It was found that many departments don’t encrypt sensitive data or use two-step verification for accessing gov networks.

But H. Rod definitely takes the cake for biggest “security fail” this week, as Wired deemed it. When the New York Times revealed that Hillary Clinton was using a personal email account for her official State Dept. duties, much of the criticism surrounded violation of record-keeping and transparency laws. But the security community was worried about something quite different: “the possibility that an unofficial, unprotected server held the communications of America’s top foreign affairs official for four years, leaving all of it potentially vulnerable to state-sponsored hackers.”

These simple mistakes can present massive security risks, reiterating the need for more tech-savvy cyber professionals in government. The White House is looking, as is OMB – heck, there’s now an entire database that lists all the govie cyber jobs. Plus, the Pentagon reminds us it’s never too early to start recruiting.

Quick Hits

We know this, but it’s always nice to hear, anyway: “Government is not the enemy,” writes the New York Times.

Last week, at the Summit on Government Performance and Innovation in Louisville, municipal governments described innovation in 140 characters or less.

Hooray for teleworking! But goodbye to the (non-working) snow day, writes FCW.

Whether you’re looking for the city budget, streets where vending is prohibited, or a list of current happy hour specials, Philadelphia’s newly upgraded open data portal has you covered.

Leave a Comment

Leave a comment

Leave a Reply