NASA's next CIO, mobile payment problems and a unified VA website
News and notes from around the federal IT community.
NASA Deputy CIO Renee Wynn
NASA engineers a smooth CIO swap
Larry Sweet, NASA's CIO of more than two years, is stepping down, and he has his replacement already lined up.
Deputy CIO Renee Wynn will take the reins when Sweet retires effective Nov. 30, NASA announced.
Wynn had served at the Environmental Protection Agency for 25 years, including as acting CIO for a two-year stint, before joining NASA in July 2015.
"Succession planning was a key factor during the recent competition" for the deputy CIO role, NASA's official announcement noted, enabling the agency to streamline to turnover.
After spending the next couple of months helping Wynn acclimate to her new role, Sweet plans to officially end his 28-year federal career and retire to his home state of Texas.
Secret Service sounds the alarm on mobile payment weaknesses
The Secret Service distributed an advisory Sept. 8 warning of a "steady increase" in near field communication (NFC) payment fraud over the past few months.
Hackers are both stealing existing credentials and using stolen tax records and other personal information to set up falsified credentials on NFC devices, the advisory noted. Compromised Card Verification Values can easily be combined with hacked data from "popular music sites" (available online for $8 a pop) to facilitate fraud.
Existing security tools include knowledge-based authentication (providing one's mother's maiden name, for instance), a tool proven incredibly weak by the IRS' Get Transcript debacle earlier this year.
The Secret Service advisory urged banks and retailers alike to amp up the vetting process for mobile payments, suggesting the use of such tools as:
- Geolocation (GPS, cellular triangulation, IP)
- Device fingerprinting
- Biometrics
- Usage patterns
- Sharing of registration data across financial institutions to identify duplicate registration attempts
Vets.gov to unify VA websites
On Veterans Day, the Department of Veterans Affairs is planning to roll out a new web portal, to encompass the dozens of benefits and information sites currently hosted by the agency.
The new Vets.gov site will offer access to existing VA sites, Chief Veterans Experience Officer Tom Allin said at a recent industry event. Ultimately, Vets.gov will be a secure hub where vets can sign in to utilize various VA healthcare and benefits services, but that functionality won't exist until 2016.
NEXT STORY: Three Cybersecurity Alternatives if CISA Fails