Cyberattacks, DeSalvo staying, elegant ID and more

News and notes from around the federal IT community.

threat

Deadly cyberattacks by 2025?

According to the experts surveyed by the Pew Research Center, by 2025 cyberattacks will have progressed from identity theft and financial fraud to causing "significant loss of life" or property damage and theft "at the levels of tens of billions of dollars."

Sixty-one percent of the more than 1,600 technology builders, government officials, researchers and other experts canvassed by Pew's Internet and American Life Project said such widespread harm was likely. Thirty-nine percent disagreed, arguing that cybersecurity capabilities are improving, cyber threats are often over-hyped and deterrence can keep many bad actors in check.

The full report, which includes analysis and excerpts of the experts' predictions and comments, is available on Pew's website.

New FireEye report suggests Russian government behind cyber espionage

Cybersecurity firm FireEye published a report on Oct. 28 linking a well-known hacking group with the Russian government.

Since at least 2007, the APT28 hacking group "has been targeting insider information related to governments, militaries and security organizations that would likely benefit the Russian government," the company's news release states.

The governments allegedly targeted by the group include Georgia and likely the Baltic states, the report concludes. U.S. defense contractors could also be at risk. FireEye alleges that APT28 tried to infiltrate the computers used by an unnamed U.S. contractor working with Georgia's Ministry of Defense.

U.S. assembles 'information coalition' to counter Islamic State online

The U.S. government is seeking to counter the Islamic State online through an "information coalition" of some of the same allies that are hitting the militant group with airstrikes.

Undersecretary of State for Public Diplomacy and Public Affairs Richard Stengel led a U.S. delegation to Kuwait on Oct. 27 to discuss the subject with representatives from Gulf Cooperation Council countries, the United Kingdom, Turkey and several other countries. A joint statement from the summit said participating governments were encouraging "important religious and social leaders, opinion makers, and the millions of young people who oppose violent extremism to raise their voices through traditional and social media."

Experts have deemed the current cyber capabilities of the Islamic State as more aspirational than operational.

DeSalvo staying on at ONC

Karen DeSalvo's promotion to acting assistant secretary of health at the Department of Health and Human Services, where she will play a key role in the agency's response to Ebola, apparently does not mean she is abandoning her leadership of the Office of the National Coordinator for Health IT, GovInfoSecurity reported.

DeSalvo's apparent exit from ONC followed the recent departures of several other top officials and called into question the future of the agency as spending on health IT subsidies winds down.

GSA's Harada endorses 'elegant' ID solutions

The General Services Administration is taking a cue from industry's innovative, straightforward approach to identity solutions in developing its own tools, said the recently appointed associate administrator of the agency's Office of Governmentwide Policy.

Christine Harada, who replaced Anne Rung in the position last summer, called Apple's use of fingerprint scanners on iPhones a simple, effective, user-friendly measure that could be taken to heart in a world where computer users are "ID fatigued."

The government's network managers should seek to emulate such "elegant" and effective private-sector solutions, she said at a Smart Card Alliance conference in Washington on Oct. 29. "Now is the time for government to make sure its own services are as easy to use," she added.

The Federal Cloud Credential Exchange -- jointly developed by the U.S. Postal Service, GSA and other agencies -- is an example of how government can make secure credentialing more effective, Harada said. FCCX lets people use credentials they already have, including social media logins and federal personal identity verification cards, to access federal sites.

She added that FCCX will soon be getting a new name -- Connect.gov.

DISA clarifies role in cloud procurement

The Defense Information Systems Agency clarified its role as a cloud broker in light of a recent decision by acting Defense Department CIO Terry Halvorsen to delegate procurement authority to the military services.

The policy change, to be outlined in a forthcoming memo, had been somewhat ambiguous on the exact procurement authority DISA would retain. In a conference call with reporters, DISA officials emphasized that the agency would still handle all the security requirements for the cloud while empowering the military services to accelerate their procurements.

"We're still going to be maintaining the security requirements," said Mark Orndorff, DISA's chief information assurance executive, in the conference call. "We'll still be doing the provisional authorizations, and we're developing the architecture for the cloud access point."