Chasing Ghost Viruses
After detecting malicious software in system components at Commerce Department headquarters, federal officials in 2012 disconnected the Economic Development Administration’s computer infrastructure, annihilated $170,000 worth of equipment and cut off staff email and website access nationwide, according to an inspector general audit released in late June.
The response was overkill. It turns out there was no widespread malware infection—something officials learned more than a year later, after the IG informed them.
The chain of destruction began in late 2011, when the Homeland Security Department notified Commerce about possible worms in the department’s systems. Commerce traced the problem to parts on the headquarters’ network that support the Economic Development Administration. Believing the issue was widespread, EDA in January 2012 asked Commerce to disconnect its systems from the network, which cut access to email for all agency employees and prevented field office personnel from accessing other vital applications as well.
Officials then began demolishing computers, printers, TVs, cameras, computer mice, keyboards and other IT parts. In April 2012, the agency brought the workforce back online using alternative services, but the demolition continued for four more months—until the agency ran out of funds. In total, EDA spent more than $2.7 million—over half of its fiscal 2012 IT budget—on recovery efforts, the IG found.
One cause for the confusion: The Computer Incident Response Team member assigned to the job was unqualified. Rather than hand the agency a list of possibly infected components, the employee mistakenly provided a roster of 146 components within the network, only six of which were actually contaminated.
- Aliya Sternstein
The Eyes Have It
New federal guidelines on iris recognition allow the Homeland Security Department to proceed with a $100 million plan for modernizing employee badges.
Following the Sept. 11, 2001, terrorist attacks, Congress passed legislation requiring that government personnel have smart card credentials to access all government buildings and networks. In May, DHS began searching for a contractor to replace the department’s fingerprint identification system with more cutting-edge technology, such as iris matching capabilities. But there was no consistent way to exchange eye images between cameras and card readers.
That changed in July after the National Institute of Standards and Technology finalized guidelines for incorporating iris scans into employee IDs.
As of July 3, DHS expected to spend up to $102.8 million to provide staff with upgraded biometric smart cards during the next decade, according to contract filings.
- Aliya Sternstein
Lagging IT Reform
Rep. Gerry Connolly, D-Va., lashed out at federal technology leaders for being slow to adopt cost-saving reforms laid out early in the Obama administration—such as consolidating data centers and shifting data to computer clouds—and for inadequately reporting on progress.
“My hope is that as we move forward all of us can try to find ways to encourage and exhort and pressure the federal government to come into the 21st century with management changes and allocation and investment changes that will better serve the country,” he said.
- Joseph Marks
China Loves the Navy’s GPS Landing System
I did a Google search for some background information on the precision GPS landing system the Navy used to help guide its unmanned X-47B to a carrier landing, and one of the first hits to pop up was a paper by three authors from China’s Naval University of Engineering.
The paper, presented in May at a conference in Wuhan, China, goes into great detail about the landing system. I wondered where China obtained so much information about a U.S. Navy program, until I stumbled across a 2010 Naval Air Systems Command presentation, which included many of the details used in the 2013 China report.
The authors even included the same graphic used by the U.S. Navy in 2010 to illustrate how the precision guidance system works.
Too bad NAVAIR can’t copyright its slide decks.
- Bob Brewin