Conservative Blogger
Friday, February 24, 2017
Obama revamp of federal bureaucracy created 'widespread' security policies violations, watchdog says
One of former President Barack Obama’s pet projects -- to drag federal bureaucracy into the digital age -- morphed into a rogue operation that disregarded information security policies, used unauthorized software and information systems on government networks, and exposed sensitive information to potential hackers, according to a watchdog report.
Many of the most egregious security violations took place long after the Obama administration’s 2014 admission of one of the worst cyber-security losses in history: the theft by China-based intruders of 4.2 million personnel files from its Office of Personnel Management -- a revelation that set off a wide-ranging review of all federal cybersecurity.
The report, issued Feb. 21 by the Inspector General’s office of the General Services Administration (GSA), puts the spotlight on a runaway digital services operation known as 18F.
The unit was established in 2014 as part of Obama’s Digital Government Strategy of 2012 -- and apparently made up its own information security rules as it went along, resulting, according to the report, in “widespread violations of fundamental GSA information technology security requirements.” Officials supervising the unit say those problems are now being fixed.
Subsequently, 18F became part of a broader high-tech initiative established the following year and known as the Technology Transformation Service within GSA, which is the services and facilities management pump at the center of the government’s vast and sprawling bureaucracy.
Both 18F and the Technology Transformation Service were supposed to bring the outside-the-box thinking and whiz-kid talent of Silicon Valley to stodgy Washington; both grew out of yet another Obama initiative, the Presidential Innovation Fellows program established in 2012.
Originally focused on website and software development for government agencies, 18F fast grew into an in-house information services contractor for the federal bureaucracy, using GSA funds which were supposed to be repaid through fees to the new unit.
In April 2016, the Technology Transformation Service, with 18F included, was given a broader mandate to “transform the way government builds, buys and shares technology.”
By July, according to an earlier Inspector General’s report, 18F was doing $31 million worth of business with 31 federal agencies, including the Department of Homeland Security.
However much money it made, however, 18F was losing more -- one of the original reasons the Inspector General’s watchdogs got involved.
In an initial report last October, the IG’s staffers warned that the hot-shot start-up had lost more than $31 million from its launch in 2014 through the third quarter of 2016 -- and had always been operating in the red, with revenue projections for its services running tens of millions of dollars ahead of actual revenues.
One major reason was ballooning staff rolls: 18F had grown from a 33-person start-up in April 2014 to more than 200 people by March 2016 -- a more than 500 percent increase.
That October IG report also quoted one 18F official as saying, “to be frank, there are some of us that don’t give a rip about the losses” involved in its growth spurt. GSA’s then-regional administrator for the West Coast, Andrew McMahon, is quoted in the October report as agreeing, “Sure, in the end, I could care less.” (According to his LinkedIn website, McMahon, who describes himself as a “co-founder of 18F,” left GSA in January 2017.)
CLICK HERE FOR THE OCTOBER REPORT
How 18F was running its fast-growing, money-losing business is a big part of the problem. According to the most recent IG report, one method was to ignore virtually all GSA information security safeguards for the wares it was encouraging agencies to buy. Those safeguards involve planning and testing unauthorized systems, then submitting a system security plan for review, and getting a signed authorization to operate that must be periodically reviewed.
According to the Inspector General’s office, 18F just ignored all that, and “disregarded GSA IT [information technology] security policies for operating and obtaining information technology, and for using non-official email.”
The unit “also created and used its own set of guidelines for assessing and authorizing information systems that circumvented GSA IT” -- and short-circuited the information security of the GSA network.
In all, the watchdogs found, 100 of 116 software items on 18F’s inventory of software were unauthorized, ranging from collaborative note-taking and data-sharing tools, to website monitoring tools and social media marketing dashboards. All were banned from GSA use by June 2016.
By that time, the watchdogs had already found out from 18F itself that unauthorized use of, among other things, another online messaging and collaboration app, Slack, had “potentially exposed sensitive information” over a five-month period ending in May. The breach involved “over 100 GSA Google Drives…reportedly accessible by users both inside and outside of GSA,” the watchdogs noted in an alert to GSA management.
The breach potential exposed such things as “personally identifiable information and contractor proprietary information,” the inspectors said. They issued a May 12 brief -- 2016 Management Alert Report -- as a warning flare about the data breach, with “recommendations” that GSA stop that practice.
CLICK HERE FOR THE MANAGEMENT ALERT REPORT
Even so, the alert noted, the 18F users waited five days to report the situation, which itself was another breach of info-security policy -- which says that one hour is the top limit for delay.
Compounding the issue, the report says that 18F’s executive director and its director of infrastructure co-authored a blog post saying that they had done a “full investigation” of the breach issue, and declared that “to the best of our knowledge no sensitive information was shared inappropriately.”
By August, the Inspector General’s investigators had found otherwise.
But, as the inspectors noted, “as of February 2, 2017, [presumably, the date when their report was finalized internally], the 18F blog post had not been updated” to reflect any of that.
A GSA spokesperson did not answer an email question from Fox News about whether the blog post had been removed or recanted. Instead, the spokesman declared that “GSA considers IT security a top priority and takes the GSA Inspector General’s report seriously.
The spokesman added that the agency “notes that there were gaps in compliance with our CIO [Chief Information Officer] security requirements” but wanted to emphasize “that the issues raised” in the most recent report “were promptly addressed.”
It appears 18F was long used to working without much reference to GSA’s Chief Information Security Officer (CISO), who was, among other things, supposed to sign off on all information systems’ adherence to federal security policies.
According to the most recent report, no fewer than 18 information systems operated by 18F for more than a year ending in July 2016 lacked proper CISO authorizations for their use, and eleven of them had never been authorized. One system 18F was operating without required sign-off was “a recruitment and applicant tracking information system containing applicants’ resumes and contact information.”
Rather than get security clearances from the CISO, 18F apparently had a better idea: make up its own information security assessment and authorization system.
In February 2015, the latest report says, 18F’s then-Deputy Executive Director Aaron Snow -- who became executive director in May of that year -- proposed a new set of procedures titled, “Guidelines for Granting Authority to Operate 18F-Hosted Open Data Systems.” If approved, they would have allowed the unit to authorize the use of essentially public information systems without full security vetting.
The guidelines were not approved by GSA’s information security brass. But in February 2015 18F began using them anyway, the report says.
How that came to be is apparently still something of a mystery.
According to the report, 18F’s director of infrastructure told the watchdogs that “he received approval of the guidelines from Phaedra Chrousos, who at the time had oversight of 18F in her position as head of GSA’s Office of Citizen Services and Innovative Technologies (OCSIT).”
(OCSIT and 18F were both subsequently rolled into the new Technology Transfer Service, which Chrousos also headed, until she stepped down in July 2016.)
According to the report, “Chrousos told us that she remembered the director’s request for her signed approval of the guidelines shortly after she became head of OCSIT in early 2015. She said she did not recall signing them, but probably would have done so.”
When the Inspector General’s staffers asked the Technology Transfer Service to search “for any record of the guidelines,” the officials “told us that they could not verify the existence of the signed document.”
Using its own rules apparently still did not make things happen fast enough for 18F, so, according to the watchdog report, it also implemented a “pre-authorization” policy that allowed information systems it decided were “low-risk” to operate without any security assessment or subsequent OK.
To make things happen even quicker than that, 18F’s director of infrastructure appointed himself as the 18F Information Systems Security Officer -- the person responsible for implementing the GSA rules that 18F was apparently already ignoring. The appointment was never revealed to the overall agency’s CISO, who is responsible for appointing such officials.
Review of its business contracts was something else that 18F apparently felt was dispensable. According to the latest watchdog report, the renegade unit “entered into contracts and other agreements” for information technology purchases worth $24.8 million, and never got approval from GSA’s Chief Information Officer, as required under a formal Memorandum of Agreement with the unit.
How did it all happen? Many of 18F’s top brass and external supervisors claimed not to know.
According to the report, GSA regional administrator McMahon, who was also a GSA “Senior Technology Adviser,” told the watchdogs that “18F was not permitted any flexibility regarding compliance with GSA information technology policies.”
When the Inspector General’s investigators asked 18F Executive Director Snow why there was a “breakdown” in 18F’s info-tech security policy compliance, his reply was, “I honestly don’t know.”
Former OCSIT head Chrousos told the Inspector General’s staffers that “18F was not sufficiently integrated into the GSA IT environment,” but when asked how, as 18F’s overseer, she had allowed the unit to operate without higher information security clearance, she “said that she is not an IT engineer and therefore left technical matters to the director of infrastructure.”
The Inspector General’s staffers put much of the blame for the 18F debacle down to “management failures,” and they specifically pointed the finger at Chrousos and Snow in particular for failing “to provide adequate oversight and guidance to subordinates.”
“Ultimately,” their report says, “Chrousos’ and Snow’s indifference to GSA IT policies contributed to the compliance breakdown.”
Both Chrousos and Snow declined to respond to emailed Fox News questions about the report; in Snow’s case, he said, due to urgent family matters. He had already told the Washington Post, however, that “this report is not about security. It’s about compliance. And that’s why government falls so far behind the rest of the world when it comes to technology.”
The Inspector General’s report also blamed GSA’s current Chief Information Officer, David Shrive -- who told them he was “not in a position” to see what 18F was doing before the May 2016 Management Alert Report -- for “failing to fulfill” his responsibilities for the agency’s information technology security program.
CLICK HERE FOR THE MAY REPORT
Shive had not answered emailed questions from Fox News about the report by the time this story was published.
Both Chrousos and Snow have left their roles. Chrousos announced her departure as head of the Technology Transformation Service in June 2016, after just two months on the job, while Snow left 18F four months later.
The new head of the Technology Transformation Service, Rob Cook, told Fox News that the he had already made substantial changes in the way his organization was operating.
In the past, he said, “there was less care taken about complying with the rules than in getting the work done. If we are going to transform government, we have to play by the rules while changing the rules.”
The organization that was supposed to bring dramatic change to the federal world of high-tech is now treating its role as “more of a partnership” -- especially with the bureaucracy’s own legal and technology staff.
Among other things, Cook said, that means painstakingly seeking security OKs for all the high-tech tools it uses -- and not using them until the approvals are granted.
Democrats reportedly plan total war on Trump
 |
| Kucinich reacts to Democrats' early Trump impeachment talk |
The New York Times reported Thursday that there was a time when Democrats were divided on their Trump approach. Trump did win former blue states in his November victory and Democrats in those states witnessed a new vulnerability.
The report, however, said that protests and angry emails have prompted Democrats to "cast aside any notion of conciliation with the White House.”
“My belief is, we have to resist every way and everywhere, every time we can,” Gov. Jay Inslee of Washington told the paper. Inslee said there was a “tornado of support” for a wall-to-wall resistance.
TRUMP GETS READY TO TAKE CENTER STAGE AT CPAC
Douglas E. Schoen, a former pollster for President Clinton and Fox News contributor, wrote in an opinion piece that “Trump's ascendance is rooted in America’s preference for center-right policy."
"As the Democratic Party shifted ever leftwards under Obama, it suffered net losses of 11 Senate seats, 62 House seats, and 10 governorships since 2010, as well as nearly 1000 state legislative seats.”
He went on to say, “The groups driving the Democratic Party to the left believe their only path to victory is mobilization. These forces are pushing the party away from the American public, which fundamentally is center-right, and channeling the concerns and priorities of the core Democratic coastal base.”
Sen. Thomas R. Carper, D-Del., is considered a “middle-of-the-road.” He told The Times that loathing Trump is not a governing strategy.
“There is this vitriol and dislike for our new president,” he said. “The challenge for us is to harness it in a productive way and a constructive way, and I think we will.”
CPAC: Pence says 'America's ObamaCare nightmare is about to end'
Vice President Mike Pence sought to rally conservatives for the fight to repeal and replace ObamaCare Thursday, telling a fired-up CPAC audience that the health care law "has failed" and "must go."
"Let me assure you," Pence told the cheering crowd. "America’s ObamaCare nightmare is about to end."
"This failed law is crippling the American economy and crushing the American people," added Pence, who called promises made by liberals about former president Obama's health reform "fake news."
"Now we all know the truth," the vice president said. "Higher costs, fewer choices, worse care. That's ObamaCare."
CPAC LEADER BLASTS 'ALT-RIGHT' AS CONSERVATIVES DEFINE AGENDA UNDER TRUMP
Pence vowed that ObamaCare would be replaced with "something that actually works, something that's built on freedom and individual responsibility." He promised "an orderly transition to a better health care system" and repeated Trump's campaign vow that any new healthcare law would allow the purchase of insurance across state lines and ensure that customers with pre-existing conditions would be covered.
Pence did not offer a timetable for any new legislation. Another CPAC speaker, former South Carolina Sen. Jim DeMint, called earlier Thursday for the immediate dismantling of the 2010 health care law, saying the argument that a replacement plan must also be in place is “ludicrous.”
Pence's speech capped the first day of the annual conference, during which President Donald Trump's top aides warned activists not to waste GOP control of the White House and both houses of Congress.
"We as conservatives have an opportunity that only comes around every few generations, or maybe just once in a lifetime," Pence said. "My friends, this is our time."
HALFTIME REPORT: WHAT TRUMP SHOULD SAY ON TUESDAY
Referencing the turbulent town halls that have greeted Republican lawmakers during the congressional recess, Pence urged CPAC attendees to "rise to the challenge before us."
"The other side is not sitting idle," the vice president warned before telling his audience to "mobilize" and "march foward" to defend Trump's agenda.
"Our fight didn’t end on [Election Day]," Pence said. "We won the day, but make no mistake about it. The harder work, the most important work, now lies ahead."
Trump set to take center stage at CPAC as theme appears to be now or never
 |
| Ted Cruz on how conservatives are viewing President Trump |
When President Trump takes the stage at CPAC on Friday at 10 a.m. ET, there will likely be as many optimistic conservatives inside the Maryland convention center as there are suspicious.
But no matter how you define Trump's conservative bonafides, it appears to be the first time in decades for a Republican president-- whose party controls both chambers of Congress-- can implement a largely conservative agenda.
"We conservatives have an opportunity that only comes around every few generations,” Vice President Pence told CPAC on Thursday. “My friends, this is our time.”
VIDEO: BANNON ATTACKS 'OPPOSITION PARTY' MEDIA AT CPAC
There are some conservatives who will never embrace the former Democrat who, according to the Associated Press, once elicited boos at the conference held annually at the Gaylord National Resort and Convention Center in suburban Maryland.
Trump addressed CPAC in 2011 and was booed when he said crowd-favorite Sen. Ron Paul “can not get elected.” Paul and his son Sen. Rand Paul usually dominate the conference’s straw poll. Sen. Ted Cruz won last year’s poll and Trump came in a modest third.
VIDEO: KRAUTHAMMER: BANNON SHOWS HE WAS THE BRAINS OF OPERATION
Trump skipped last year’s event during the presidential primary and the group, in response, said the decision “sends a clear message to conservatives.”
The Guardian newspaper wrote, “As the real estate developer said of Ron Paul in 2011, “I think he’s a good guy but honestly he has zero chance of being elected. You have to win an election.” Trump won that election, and this will be first time that the conservative movement under Trump will be on full display.”
Kellyanne Conway, a senior advisor to Trump told CPAC that “tomorrow it will be TPAC when he’s here."
One of Trump's top issues is how he will approach his call to repeal and replace ObamaCare. Trump has recently said that his administration will release a plan in the upcoming weeks, but the issue has been a hot topic for conservatives who want to see the law repealed.
VIDEO: TED CRUZ ON HOW CONSERVATIVES VIEW TRUMP
Despite some differences, Trump appears to be gaining support from top conservative leaders.
Matt Schlapp, the head of the American Conservative Union, which holds the event, said Trump has been “pitch-perfect with conservatives as he starts his administration.” He complemented Trump’s Cabinet selections and his choice to replace Justice Scalia on the Supreme Court.
Schlapp told NBC News that Trump managed to marry “conservative instincts” to a populist tone.
Grover Norquist, another CPAC faithful, mentioned Trump’s tax plan and said, “Damn near the entire conservative wish list on tax policy is in his tax reforms.”
White House Chief Strategist Steve Bannon told the CPAC crowd on Thursday that “appreciation” will largely be the theme for Trump during his speech.
LIST OF CPAC SPEAKERS
Bannon appeared on stage with White House Chief of Staff Reince Priebus to, according to some reports, show a united front after speculation that Trump’s inner circle is divided.
“Trump may either accomplish more than Republican presidents did in terms of a conservative agenda, despite all the chaos and drama…or he will redefine conservatism,” Rick Tyler, a GOP strategist and former spokesman for Cruz’s presidential campaign, told NPR. “The movement is at a crossroads, and it remains a known unknown where it is going.”
Ben Howe, a contributing editor at Red State and critic of Trump, told NBC that the conservative wing of the party was divided last year, but this year it is “going to be the ‘Make America Great Again’ CPAC, which is going to be a very different makeup then what I’m accustomed to.”
Subscribe to:
Posts (Atom)
-
Tit for Tat ? ROCHESTER, N.Y. (AP) — A statue of abolitionist Frederick Douglass was ripped from its base in Rochester on the an...
-
NEW YORK (AP) — As New York City faced one of its darkest days with the death toll from the coronavirus surging past 4,000 — more th...
-
What's the role of government? To one award-winning academic, it's discrimination according to race. On February 9th, Mic...
