Prioritizing authentication, GitHub attacked, Carter back to Silicon Valley and more
News and notes from around the federal IT community.
Symantec: Feds prioritizing authentication after OPM hack
Since the Office of Personnel Management data breach, Symantec's Rob Potter said his federal customers are seeking authentication that meets a higher baseline security standard.
"I'm not seeing a panic," said Potter, Symantec's vice president of public sector and health care. Instead, he said clients are expressing greater interest in authentication that meets the National Institute of Standards and Technology's Level 3 for identity assurance, which provides multifactor remote network authentication.
On the pressure generally facing federal CIOs: "I think security's a tough sell with any agency [because] a wrong configuration or investment could cost someone their job."
GitHub hit by DDoS attack
GitHub, the Web-based hosting service that many federal agencies use as a platform for code collaboration, was targeted in a massive electronic assault in the early hours of Aug. 25.
What began as a connectivity problem at about 5 a.m. turned into a full-blown distributed denial-of-service attack just after 6:30 a.m., according to the site that provides updates on GitHub's status.
GitHub managers said they were seeking to mitigate the attack, and by 9:49 EDT, operations were returning to normal.
Carter heads back to Silicon Valley
Defense Secretary Ashton Carter will travel to Silicon Valley on Aug. 28 "to continue his effort to build bridges between the Defense Department and the tech community," Pentagon press secretary Peter Cook said.
Carter will host a roundtable discussion at the Defense Innovation Unit Experimental, the Pentagon's outreach office in Mountain View, Calif. He announced the office's creation during a visit to the area in April.
In his upcoming visit, Carter, who was a visiting scholar at Stanford University before becoming Defense secretary, will "announce DOD's participation in a major new economic initiative in the area," Cook said during an Aug. 25 press briefing.
Carter's visit comes on the heels of a trip to DIUX by Deputy Defense Secretary Robert Work and Frank Kendall, the Pentagon's top acquisition official.
DISA issues best practices guide for cloud owners
Earlier this month, the Defense Information Systems Agency issued a best practices guide for Defense Department "mission owners" planning a move to the cloud.
The document comprises lessons learned from cloud pilot projects run by the DOD CIO's office. Although not official DOD policy, the guide offers advice intended to help Pentagon components avoid mishaps as they adopt cloud-based services. For example, "estimating bandwidth usage-based billing can be difficult," the document states, and it recommends that officials multiply their initial estimates by four.
Government officials and companies interested in submitting the lessons they've learned from cloud implementations should contact: disa.meade.re.mbx.disa-commercial-cloud@mail.mil.
Study: Power outages longer but not more frequent
Researchers at Lawrence Berkeley National Laboratory and Stanford University crunched outage data from power companies nationwide in the largest outage data pool ever and found that although the frequency of outages has not changed dramatically, the total number of minutes that customers are without electricity has been steadily increasing.
The data was gathered from a cross-section of utilities representing nearly 70 percent of U.S. electricity customers and spanning 13 years, from 2000 to 2012.
Navy announces innovation awards program
The Navy will recognize innovation in its ranks in 2015 through a new awards program unveiled by Secretary Ray Mabus.
The program will recognize innovation in robotics and autonomous systems, data analytics and 3-D printing, among other fields.
DOD tightens cyber incident reporting for contractors
The Defense Department is issuing an interim rule that amends the Defense Federal Acquisition Regulation Supplement to require contractors to report cyber intrusions into unclassified information systems, The Hill reported.
"DOD is working to establish a single reporting mechanism for DOD contractor reporting of cyber incidents on unclassified information systems," the notice states. "This rule is intended to streamline the reporting process for DOD contractors and minimize duplicative reporting processes."
The interim rule is set to appear in the Federal Register on Aug. 26.