CentCom hacked, GSA dinged and big data's cyber power
News and notes from around the federal IT community.
The U.S. Cyber Command's Twitter account as it appeared before the Jan. 12 hack was rolled back.
Pro-Islamic State group hacks Central Command's Social Media
Pro-Islamic State hackers breached the Twitter and YouTube accounts of U.S. Central Command on Jan. 12, displaying messages threatening violence against U.S. soldiers and posting military documents. The Twitter account was suspended some 40 minutes after the first compromised tweets appeared around 12:30 pm.
“We can confirm that the U.S. Central Command’s Twitter and YouTube accounts were compromised earlier today,” a Pentagon official said in a statement. “We are taking appropriate measures to address the matter.”
FCW reported in September that outside experts and government officials judged the so-called Islamic State’s cybersecurity capabilities to be more aspirational than operational, but that the group was likely intent on bolstering its cyber capabilities.
GAO dings GSA e-security
The General Services Administration hasn't really thought through the electronic security of Internet-facing building control systems in the federal structures it owns, according to a report from the Government Accountability Office.
The GAO report said GSA hasn't "fully assessed" cybersecurity risks to building control systems under the Federal Information Security Management Act of 2002 (FISMA). Control systems operate a variety of functions, including elevators, electrical power, and heating, ventilation, and air conditioning. Internet-facing capabilities that allow remote operations and other conveniences are considered a potential point of entry for cyber intruders.
The report said that although GSA has assessed security controls, the assessment didn’t fully consider the threats, vulnerabilities and potential consequences. The report also said that GSA's information technology officials had assessed control systems that are in about 500 of its 1,500 FPS-protected facilities. The agency plans to complete the rest in fiscal 2015 or when systems are connected to the network or the Internet.
Additionally, GAO said its review of 20 of 110 security assessment reports GSA prepared between 2010 and 2014 showed that the reports were not comprehensive or fully consistent with FISMA implementation guidelines. GAO noted that five of the 20 reports showed that GSA assessed the building-control device to determine if a user's identity and password were required for login, but did not assess the system to determine if password complexity rules were enforced. Such practices, said the report, could lead to weak or insecure passwords being used to secure building control systems.
Ex-Israeli security chief: Big data key to anti-terrorist fight
The former head of the Israel Security Agency's IT unit says big data and data analytics -- something the U.S. military has been focusing on -- have been widely used by the Israeli military and intelligence agencies to track down enemies, including several senior Hamas leaders killed during the Israeli incursion into Gaza last summer, Defense Systems reports.
"I am telling you with certainty that quite a few [dead] terrorists are looking at us from the sky owing to big data capabilities," Ronen Horowitz told the Web site IsraelDefense.com in his first interview since leaving Shin Bet.