FCW Insider: Feb. 19

The Army is touting the deployment of new augmented reality goggles based on Microsoft's HoloLens to combat troops as an example of the practical outcome of a relentless focus on modernization and zero-based budgeting. Lauren C. Williams has more on tech in the Army's $178 billion budget request for fiscal year 2021.

In a blow to federal unions, the Federal Labor Relations Authority ruled on Feb. 14 that federal workers could stop paying union dues at any time, instead of observing the current practice of letting employees make an annual election on dues withholding. Lia Russell reports.

Acting Homeland Security Secretary Chad Wolf announced plans to use special authority to build sections of the planned border wall without the use of competitive bidding. The move was denounced by Democratic lawmakers in Congress. Mark Rockwell has the story.

In a FCW commentary, Martha Dorris offers 10 predictions for how federal agencies will improve CX in 2020.

The IRS wants $300 million for IT modernization in 2021, and is planning to more than 100 new special agents focused on cybercrime and virtual currencies. Derek B. Johnson has more on the tax agency's plans for tech.

Quick Hits

*** Paul Brubaker, currently a deputy assistant secretary in the Cybersecurity, Energy, Security and Emergency Response (CESER) office at the Department of Energy will be moving to the Department of Veterans Affairs in early March to become the deputy CIO for account management. He is replacing Alan Constantian, who recently retired. Brubaker has worked for many years in and around government— as a Senate staffer, a senior executive in the Defense Department and the Department of Transportation and in a number of executive roles in the private sector.

*** A federal district court judge dismissed a lawsuit from Chinese telecommunications firm Huawei challenging a provision in the fiscal year 2019 National Defense Authorization Act that prohibits federal agencies from acquiring Huawei gear as well as video and communications products from certain other Chinese-owned firms.

*** The Cybersecurity and Infrastructure Agency revealed that an unnamed natural gas facility in the United States has been hit by a ransomware attack. In a U.S. Computer Emergency Readiness Team alert, the agency said the attackers spearphished its way to initial access of the organization's IT network and pivoted to the operational technology network before deploying commodity ransomware. According to the notice, the attack did not impact programmable logic controllers and the organization never lost operational control, but it did shut down operations for two days as a result. The CISA alert did not specify the name of the organization or when the attack took place.

*** New legislation sponsored by Sen. Chuck Grassley (R-Iowa) and backed by Sen. Mark Warner (D-Va.) would standardize the role of the chief financial officer across government and give Congress and the public a clearer view of how agencies are hitting cost and performance targets. The bill also vests deputy CFOs with new authority in the case of a CFO vacancy.

*** The FBI is warning industrial control system that a Trojan targeting the software supply chain, energy, financial and healthcare sectors bears similarities to the notorious Shamoon wiper malware that was used against Saudi Arabian oil companies in 2012. An FBI alert to industry published by a Louisiana information sharing group warns recipients about the connection, though it notes the Remote Access Trojan virus, dubbed "Kwampirs," does not appear to have a wiper component. The bureau also passed along a number of rules that can be used with websites like VirusTotal and GitHub to identify the malware.

*** New research from cybersecurity firm Eclypsium finds that unsigned firmware is a major security problem for many WiFi adapters, USB hubs, trackpads and cameras. Most enterprise devices do not verify that the code governing these components is authentic, leaving an opening for hackers to insert malware "which the component would blindly trust and run." That in turn would give attackers a foothold to launch further intrusions, facilitating man-in-the-middle attacks, packet sniffing, data loss and even ransomware attacks.