U.S. Federal Enterprise Architecture Data Reference Model (DRM) Version 2.0
The U.S. Office of Management and Budget (OMB) has released the Federal Enterprise Architecture (FEA) Data Reference Model (DRM) Final Version 2.0. The FEA DRM framework is designed to enable information sharing and reuse across the federal government via standard description and discovery of common data, and the promotion of uniform data management practices. An updated draft DRM XML Schema and sample XML instance document have been posted for inspection.
Homeland Security to detail IT attacks
(InfoWorld) - Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions.
In a hearing labeled "Hacking the Homeland: Investigating Cyber-security Vulnerabilities at the Department of Homeland Security," officials including DHS chief information officer Scott Charbo and Gregory Wilshusen, director of information security issues at the Government Accountability Office (GAO) are scheduled to detail their findings in response to requests from Congress to test the agency's IT security defenses.
In a letter sent to Charbo on April 30, members of Congress led by Rep. Bennie G. Thompson (D-Miss.), chairman of the House Committee on Homeland Security, asked DHS to conduct a review of its information system security in the wake of news that the departments of commerce and state were successfully hacked during 2006.
Details of those systems intrusions were first revealed at a hearing coordinated by the House Subcommittee on Emerging Threats, Cyber-security, Science, and Technology on April 19.
"These incidents jeopardize the integrity of our government's information. We are concerned that similar incidents may be occurring within the networks of the Department of Homeland Security," read the letter, which was also signed by ranking members of the House Subcommittee on Management, Investigations, and Oversight.
Among the issues expected to be addressed by Charbo and other witnesses -- including Keith A. Rhodes, director for the Center for Technology and Engineering in the GAO -- at next week's hearing will be a review of cybersecurity incidents reported to the DHS Security Operations Center (SOC), such as instances of rootkits, classified leaks, compromised Web sites, bot infections, unauthorized use of networks by contractors, and virus attacks.
According to a Congressional press release distributed ahead of the hearing, the GAO witnesses will also describe an investigation they conducted on a specific DHS network that is "riddled with significant information security control weaknesses that place sensitive and personally identifiable information at increased risk of unauthorized disclosure."
The subcommittee also plans to air some of its concerns with the DHS OneNet project, which is aimed at consolidating all of the agency's information networks under one roof, and to question a perceived lack of IT security funding by Charbo.
The Congressional committee has said it will call for further investigation of security issues existing within DHS at the hearing.
Among the specific questions posed to DHS leaders by Thompson and other members of the House Committee on Homeland Security are what responsibility Charbo has over management of the agency's networks, and his relationship with the department's chief information security officers (CISOs) and chief information officers.
Charbo was also asked to provide details of the agency's information security policies and incident response plans, along with data on how many and what types of security events it has reported to the U.S. Computer Emergency Readiness Team (US-CERT), which was established in 2003 and operates as a partnership between DHS and the public and private sectors.
Among the incidents that Congress has specifically asked for more information about are the most severe threats encountered by the agency between 2004 and 2007.
The committee has also asked DHS officials to reveal whether or not they have taken an inventory of each access point on the agency's network, and how it has approached the practice of penetration testing for its internal and external systems.
In addition to questioning the department's security testing policies, the committee has asked DHS to turn over details of any secure software coding initiatives it has launched in the name of eliminating vulnerabilities in its applications, as well as statistics on how much of its coding is being performed by outside contractors.
The committee has also asked for information on whether or not DHS is requiring two-factor IT systems authentication for all privileged personnel and systems administrators.
A good deal of discussion at the hearing is likely to be given over to the process that DHS has employed to meet the terms of the Federal Information Security Management Act (FISMA), which was enacted by Congress in 2002 and is aimed at improving IT security in the federal space via a system of mandated annual audits.
The hearing may be seen as a bellwether moment in the continued development of government IT security policies and enforcement, as the DHS has been charged with helping to oversee the performance of other agencies, including via its work with US-CERT.
If the DHS is found to have failed to protect its own systems adequately, some observers believe that the agency will be put under significant pressure to completely retrench its IT operations in the name of improving security, a process that may then be pushed out to other federal agencies.
Some experts believe that adopting such an approach will soon become a fact of life for all government agencies, as many legacy computer systems and policies are not suited to respond to today's fierce security climate.
Dave Nelson, a retired deputy CIO for IT security at NASA, who also worked in the White House Office of Scientific Research, said that the government, much like enterprise businesses, has been put in the uncomfortable position of coping with security threats in a cat-and-mouse game, based on long-standing flaws in the technologies and processes it employs.
"Until the Internet and the computers that are on it are fundamentally reengineered to be inherently secure, we will always be in coping mode," Nelson said. "The government and IT industry may not know how to make these types of technologies yet, but if they don't get cracking, things will only get worse; as the economic and political payoff of attacks continues to rise, that's our only choice."
While Nelson said he has not been made privy to information on attacks on government IT infrastructure for several years, he estimates that there are still many breaches, and that the sophistication of the attacks is ramping up quickly.
One of the specific areas that Nelson said needs to be investigated more closely is to what extent foreign governments or politically motivated groups such as terrorists may be involved in cyberthreats.
"We don't have any public information that would conclusively prove that some of these attacks are being launched by other nations, but there seem to be significant resources behind them in terms of people and financing," Nelson said. "That's the scariest part, and extrapolating that idea into the future, I don't see a lot of encouraging signs for improvement. If you look at the zero day attacks, they only seem to be getting worse, and I don't see evidence that the systems vulnerabilities they target are going away anytime soon."
SEO Chat Forums - If you had to choose between...
Date: August 26th, 2007 08:26 AM - channel5 - Untitled Post: (b) changing the urls of most of your pages without 301 redirecting the old urls There is no reason that you should not be able to do 301's as these can be done independently of the CMS. The webserver not the CMS can do the 301's,...
Yes people will listen
TechCrunch asks If a conference is held in second life, will anyone listen? While the Scifoo Live On sessions are not exactly whatthe TechCrunch article talks about, I believe they do answer the question, as do the Nature weekly talks like the one on New polymerases for old DNA. Given a worthy topic, [...] (Read on Source)
Fast Times at Web 2.0 High
Spotplex CEO Doyon Kim writes that the Internet in-crowd is taking people back to high school, where the "cool kids" drown out the silent majority.
Poll: What is the most important feature in a Web/HTML editor?
Vote Now I've got HTML editors on the brain right now. I spent the weekend evaluating 124 different Web editors, and I found myself actually dreaming about them last night (which...
SEC Suspends Trading of Firms Susceptible to Stock Spam
U.S. SEC has temporarily suspended the trading of three companies that it deems vulnerable to spam stock promotions.
Video ads broker says best part of open source is the cost: zero
flvorful.com brokers online video ad space and creates commercials for clients to embed in existing content, similar to television advertising. flvorful.com CEO Jake Varghese calls his company "AdSense for videos. It's a way for video publishers to monetize their work." Publishers can create their own commercial content, or hire flvorful.com to create it for them, and then insert it before or in the middle of the videos. Varghese is a big proponent of open source; he says he wouldn't use anything else to build his business.
Lawyers Say McNamee Has Evidence
Brian McNamee has given federal investigators bloody gauze pads and syringes he said he used to inject Roger Clemens with steroids and human-growth hormone in 2000 and 2001, a lawyer familiar with the matter said Wednesday. (Read on Source)
Yahoo Gets Into Semantics And Likes it
As part of its open search strategy, the company intends to add context to search results.
Are You Number One in Google in Your Own Mind?
Is checking your Google positions your favorite time killer? Come on be honest, doncha love just typing in "Your City" real estate and reveling in your ultra high position? Well, if that is true then make sure you sign out...
Can you 'report freely' on Olympics with Net restrictions?
Featured links from the CNET Blog Network
Can you 'report freely' on Olympics with Net restrictions?--International Olympic Committee admits it acceded to Chinese government demands to some Internet censorship during the games. How much of a problem will it really be?
Surviving a week without micro-communicating--Can a tech-obsessed business guy enjoy vacation without incessant electronic communications? The answer is a resounding yes.
Sony laptop among first to combine Intel and Nvidia graphics--An upcoming Sony notebook will be one of the first to switch between Intel and Nvidia graphics.
Modular Special Forces weapon one step closer to deployment--FN Special Forces combat assault rifle undergoes field assessment before final production.
Seinfeld to star in Windows Vista ad campaign
... campaign said an immediate goal of the commercials is to counter public perceptions that Windows Vista, Microsoft's latest PC operating system, is clunky and hard to use compared with rival ...
Preemption Judgment Denied; Seroquel Plaintiff's Claims Include Extra-Label Promotion
ORLANDO, Fla. - The Seroquel multidistrict litigation court on Nov. 6 denied, at least for now, defendant AstraZeneca's motion for preemption on 11 plaintiffs' failure-to-warn claims, saying they include not just drug labels but also promotional activities of sales representatives with doctors (In Re: Seroquel Products Liability Litigation, MDL Docket No. 1769, No. 06-md-1769, M.D. Fla., Orlando Div.). Full story on lexis.com
Adobe Expands Horizons for Students and Educators with...
... curricula, including Visual Design: Foundations of Design and Print Production; Digital Design: Foundations of Web Design; and Digital Video: Foundations of Video Design and Production. The standards-aligned, project-based curricula enable ...
Google, Microsoft, & Yahoo All Up....In the Stock Market
As you probably heard yesterday the Dow Jones Industrial had its largest rise in history within an increase of over 930 points. The Dow Jones industrial average shot upward a stunning 936 points -- a record one-day point gain -- to close at 9,387.61. By day's end, investors had regained $1.2 trillion of the estimated $2.4 trillion in shareholder ... (Read on Source)
MacBook sensors reveal coffee spils
... Product of the Year. Over 30 languages available. 1&1 Internet is the world's largest web hosting provider and leading domain name registrar. 1&1 offers a comprehensive range of solutions; from ...
N.C. State vs. Maryland online
... well. SYSTEM REQUIREMENTS: ESPN recommends 1.5 Ghz for processor speed, 512 MB of memory, Windows XP or MacIntosh OSX, Internet Explorer 6+, Mozilla Firefox 2.0+ or Safari 2.0 as a browser, Adobe Flash Player 8+ ...
AP IMPACT: Flood of wounded GIs swamps care units
AP - In a rush to correct reports of substandard care for wounded soldiers, the Army flung open the doors of new specialized treatment centers so wide that up to half the soldiers currently enrolled do not have injuries serious enough to justify being there, The Associated Press has learned. (Read on Source)
IBM Lotus preps small biz software appliance
... it and integrate the components that are used in the appliance, which includes a virtual private network, a firewall, a MySQL database server, a Web server (which one, IBM is not ...
MacBooks slow down with battery removed
Apple's newer MacBook range continues to exhibit an unusual design behavior that slows the system down when the battery isn't attached, testing by Gearlog confirms. Although only publicized in a support article from August that predates the late 2008 refresh, the unibody systems deliberately throttle back the processor when relying only on AC power. The company argues that the move is necessary ...
Tiger-GM deal on empty
Woods, a global icon in sports with his 14 major championships, has been carrying the Buick logo on his golf bag for the past nine years and still had one year left on his contract. (Read on Source)
New York Gov Wants a Few Pennies for a Song
New York Gov. David Paterson has proposed a 4 percent tax on digital music downloads and other "digitally delivered entertainment services." The "iPod Tax," as it's become known, is just one of many new taxes the governor has proposed in an effort to close the state's multibillion-dollar budget gap.
Debian secretary quits over Lenny relea...
... Long-time developer Manoj Srivastava has resigned as the secretary of the Debian GNU/Linux Project and is thinking of leaving the project altogether In a message posted ...
Greedy Executives Double Salaries, Cut Customer Service, May Ask for a Bailout
No, it's not the latest Wall Street failure. It's D.C.'s Metro public transportation system . The D.C. Examiner reports that the system is anticipating major reductions in service, a hiring freeze, and possibly layoffs. Yet salaries at all levels of Metro have increased at several times the rate of inflation. Metro’s Approved Fiscal 2009 ... (Read on Source)
More Hires for Foreign Policy Mag
Earlier on FishbowlDC: " Ricks Takes To The Blog " We hear that Foreign Policy has hired Christian Brose (formerly Condi Rice's chief speechwriter and policy adviser for the past four years) and Laura Rozen (formerly a national security correspondent for Mother Jones). Brose has a whip-smart reputation and has written most of what Condi has said ... (Read on Source)
Now Boarding: A Better Way to Load a Plane
With that announcement, one lines up, walks past the ticket-taker, down the ramp, and eventually enters the plane to witness a few people valiantly crunching their ungainly carry-on bags into the overhead compartments and most others impatiently waiting in the aisles to do the same. Those already in the aisle seats are casting a wary eye on the ... (Read on Source)
name: MAGPIE