Security clearances, contractor oversight, NATO cyber and more
News and notes from around the federal IT community.
DOD, DHS lack security clearance data
The departments of Defense and Homeland Security lack data on employees whose security clearances have been flagged for possible revocation, making the total number of employees affected by the revocation process unknown, according to a Government Accountability Office report published Sept. 8.
DOD's lack of accurate data on employees eligible to access classified information leaves Congress ill-informed on the subject. It also means the Pentagon will struggle to cut down on the total pool of clearance holders, which would reduce cost and risk, the GAO report states.
The report recommends that the Army, Coast Guard and Navy update their guidance to ensure that employees receive the benefits of two executive orders related to security clearances.
GAO tells agencies to tighten contractor oversight
Federal agencies do not oversee their contractor-operated systems as well as they might, leaving possible gaps in security, according to a recent Government Accountability Office report.
GAO assessed six agencies on how well they kept an eye on contractors that run computer systems and process information on agencies' behalf. Auditors pointed out that federal law requires agencies to adequately protect such systems.
GAO reviewed the Environmental Protection Agency, the Office of Personnel Management and the departments of Energy, Homeland Security, State and Transportation and concluded that they generally established security and privacy requirements and planned for assessments to determine the effectiveness of contractors' implementation of controls.
However, auditors said five of the six agencies were inconsistent in overseeing the execution and review of those assessments, resulting in security lapses. For example, at one agency, testing did not uncover the fact that background checks had not been conducted on contractor employees.
The problems are not new. GAO said that in fiscal 2012, inspectors general at nine of 24 major agencies found data reliability issues with agencies' categorization of contractor-operated systems.
In the latest report, GAO recommended that five of the six agencies develop procedures for overseeing contractors and that the Office of Management and Budget clarify reporting instructions for agencies.
NATO affirms common cyber defense
NATO affirmed cybersecurity as one of its core areas of collective defense and part of an enhanced cyber defense policy endorsed by the alliance at an annual summit last week in Wales.
The 28-nation bloc agreed that its collective self-defense clause, which says an attack on one is an attack on all, applies to cyberspace. The updated policy advised member nations to aid one another in the defense of national networks.
"Cyberattacks can reach a threshold that threatens national and Euro-Atlantic prosperity, security and stability," the alliance declared. "Their impact could be as harmful to modern societies as a conventional attack."
The summit itself was reportedly targeted by hackers. NATO and U.K. intelligence officials were on high alert for cyberattacks in advance of the meeting, the Financial Times reported.
CDC signs up more states for violent-death database
The Centers for Disease Control and Prevention expanded the number of states participating in its National Violent Death Reporting System from 18 to 32 with $7.5 million in funding.
The system provides state and local governments with a clearer understanding of violent deaths, which can help inform decisions about efforts to prevent violence and track trends over time. CDC said it is the only state-based reporting system that pools data on violent deaths from multiple sources into a usable, anonymous database.
Data sources feeding the system include records from state and local medical examiners, coroners, law enforcement agencies, crime labs and vital statistics agencies. All types of violent deaths -- including homicides and suicides -- in all settings and for all age groups are covered.
Trust in feds remains steady, though not high
Americans don't report overwhelming levels of confidence in the federal workforce, but their esteem for feds has improved since before the government shutdown in October 2013, according to a recent George Washington University Battleground Poll.
About a quarter of respondents reported having a lot of confidence in federal civilian employees, while half had some confidence and another quarter reported having very little confidence. The share of those with "very little" confidence in feds peaked at 35 percent in a 2013 poll taken before the shutdown. Republicans were more likely than Democrats to report the lowest levels of trust in feds.
Rank-and-file feds fare better with the public than do elected officials: President Barack Obama posted a 51 percent disapproval rating and Congress rated 79 percent disapproval in the same poll.
DHS gives $5 million to Louisiana cyber education center
The Department of Homeland Security gave a $5 million grant for cybersecurity education to the nonprofit Cyber Innovation Center in Bossier City, La. The center helps develop cyber-focused education and professional development programs through partnerships with universities and high schools.
"We expect to reach over 2 million students and 15,000 teachers by 2020 -- significantly expanding the pipeline of cyber professionals entering the U.S. workforce," CIC Vice President G.B. Cazes said in a statement.
Louisiana Democratic Sen. Mary Landrieu, who has called for federal support for cybersecurity professionals outside the Beltway, lauded the new DHS grant in her home state, where she is locked in a tight race for re-election.
"With the demand for cyber professionals growing both in the federal government and in the private sector, we must continue to invest in programs like the one based out of the CIC," she said in a statement.