$37.4 billion is the five-year ceiling for the Army’s new strategic sourcing contract for
C4ISR services
Warner wants updates on feds’ software patching
As the WannaCry ransomware attack wreaked havoc worldwide, one senator moved to make sure federal agencies are protected.
Sen. Mark Warner (D-Va.) said he is concerned that federal networks could be vulnerable to malware such as WannaCry, which has been linked to an exploit developed by the National Security Agency.
“Both within the federal govern- ment and across critical infrastruc- ture sectors, IT security has too often been either, at best, addressed as an afterthought in the product develop- ment cycle or, worse, simply neglect- ed,” Warner wrote in a May 15 letter to Homeland Security Secretary John Kelly and Office of Management and Budget Director Mick Mulvaney.
The malware spread from machine to machine without any assistance from
users. Unpatched Windows machines are highly vulnerable, and new variants of the contagion were reportedly creat- ed by hackers who obtained the exploit via the Shadow Brokers leak in April.
Warner expressed concern about unpatched endpoints on federal net- works. “Patch management is a com- plex undertaking, particularly for large organizations and enterprises,” he wrote. “Large organizations, including federal agencies, often do not know what insecure endpoints (and associ- ated software) may be operating on their networks.”
Warner’s letter requests informa- tion on the steps agencies are taking to implement relevant Microsoft secu- rity updates and details on how the gov- ernment ensures contractors’ systems that connect to federal networks are patched.
Warner is also seeking details on patches to federal IT systems that are using out-of-support software such as Windows XP and other retired systems.
According to a White House report released in March, 90 percent of agen- cies are hitting the federal CIO’s targets for vulnerability management. The num- bers have improved in 2016 compared to 2015 results, largely thanks to the cybersecurity sprint that followed the hack of Office of Personnel Manage- ment systems.
However, an agency-by-agency breakdown for the last quarter of fiscal 2016 shows that many large agencies — including the departments of State, Commerce, Energy, Transportation and Interior — were operating with vulner- ability management levels far below the federal target of 95 percent.
ONLINE REPORT SPONSORED BY:
Special Report: Digital Government
A NEW BLUEPRINT FOR DIGITAL GOVERNMENT
Snapshot_Blackberry_FCW_halfpageAd_v2.indd 1
— Adam Mazmanian
June 2017 FCW.COM 9 5/2/17 4:19 PM
TOPICS INCLUDE:
MOBILITY AND THE MOBILE-FIRST SECURE REAL-TIME COLLABORATION DIGITAL BY THE CLOUD MINDSET COMMUNICATIONS ACROSS SILOS DESIGN
TO LEARN MORE, VISIT: FCW.COM/2017DIGITALGOV