us government
Latest
U.S. Department of Defense preps cyber rules of engagement, plans to work more closely with ISPs
The Pentagon left no room for argument last year when it declared cyber attacks a potential act of war. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," a military official reportedly remarked. Yikes. Before we start bombing chimneys, however, the Department of Defense plans to draft up some relevant guidelines, noting in a recent House Armed Services Committee hearing that it will be delivering a set of cyberspace-specific rules of engagement in the coming months. "We are working closely with the joint staff on the implementation of a transitional command and control model for cyberspace operations," said Madelyn Creedon, assistant secretary of defense for Global Strategic Affairs. In addition to setting ground rules for cyber-engagements, the DOD also plans to expand efforts to share classified information on possible threats with internet service providers and defense contractors.
US government wants schools to embrace digital textbooks
Although they haven't exactly explained how school systems or parents are going to pay for iPads or other tablets for every student, the US government is pushing a new initiative to move from standard printed textbooks to digital textbooks within the next five years. While it's good to see that a focus on digital textbooks is finally at hand, it's going to take more than a press release, five years and a "playbook" to make the transition happen. According to an AP news release, "Education Secretary Arne Duncan and Federal Communications Commission chairman Julius Genachowski on Wednesday challenged schools and companies to get digital textbooks in students' hands within five years." In an interview, Duncan asked, "Do we want kids walking around with 50-pound backpacks and every book in those backpacks costing 50, 60, 70 dollars and many of them being out of date? Or, do we want students walking around with a mobile device that has much more content than was even imaginable a couple years ago and can be constantly updated? I think it's a very simple choice." To school systems that are battling drastically decreased budgets and trying to replace or repair crumbling infrastructure, it might not be such a "simple choice." Likewise, there doesn't appear to have been much (if any) thought on how parents or schools systems are going to replace equipment that is broken or lost by students, or how to pay for digital devices to be refreshed every three to five years. Wednesday's announcement comes just two weeks after Apple's education event and the launch of iBooks textbooks. The company is perfectly placed, both in terms of the iPad hardware platform and iBooks Author creation tool, to benefit from a move to interactive and easily updated electronic textbooks. The government released a 67-page "playbook" promoting the use of digital textbooks and offering guidance to school systems who want to make the move. At the current time, about US$8 billion is spent each year on traditional textbooks for K-12 school kids. With an Apple educational discount, that could pay for more than 17 million iPads each year. If Apple, as rumored, brings down the price of entry into the iPad market by selling the iPad 2 alongside a future model, more devices could make it into the hands of students across the nation. On the other hand, switching to digital textbooks means more than just acquiring hardware and buying textbook apps. In many cases, the curriculum provided by a school district and even the methods used by instructors to teach students must change as well. The educational five-year plan is a noble goal; it's just not very realistic.
The SOPAbox: Defeating online piracy by destroying the internet
Disclaimer: The Soapbox column is entirely the opinion of this week's writer and does not necessarily reflect the views of Massively as a whole. If you're afraid of opinions other than your own, you might want to skip this column. Unless you've been living under a rock, chances are you've heard of SOPA and PIPA. The Stop Online Piracy Act and PROTECT IP Act are two radical pieces of copyright legislation currently being pushed through the US government. Although the stated intent of the new legislation is to provide companies with additional tools with which to combat piracy, the bill's loose wording has raised some serious alarm bells. Opponents to the proposed law say it would give corporations the ability to shut down any almost any website under the guise of protecting copyright infringement. Gamers will be affected worst of all, as the loose wording of the law makes any website with user-submitted content potentially vulnerable to a shut down order. That could include YouTube, Facebook, Twitter, any blog with a comment section, or even any online game with a chat system. Perhaps the scariest part is that you'll be affected even if you're not in the US, as one of the new law's enforcement mechanisms is to remove a site from the DNS records, a move that assumes the US has jurisdiction over the global Domain Name System. AOL is among many huge companies strongly opposing SOPA, and so naturally Massively opposes it too. In this week's massive two-page Soapbox, I make the case for why you should be worried about SOPA, and I suggest what can be done to tackle piracy in the games industry. Comments can be left on page two.
Chinese hackers target U.S. Chamber of Commerce, sensitive data stolen
According to sources close to The Wall Street Journal, Chinese hackers are at it again, this time hitting the U.S. Chamber of Commerce and capturing information from three million members. Those familiar with the matter told the WSJ that hackers stole around six weeks worth of emails regarding Asian policy, but may have had access to sensitive correspondences for as long as a year. The Chamber only learned it was under attack when the FBI sent an alert that servers in China were stealing information, although the exact amount of data stolen is unknown. After confirming the breach, the Chamber shut down and destroyed parts of its computer network, proceeding to revamp its security system over a 36-hour period. Unfortunately, this isn't the first time the U.S. of A has fallen victim to Chinese hackers, as both Google and NASA have experienced breaches over the past few years. The Chamber is currently investigating the attack, hoping to find some digital clues that might reveal the details of who done it and why.
Federal domain seizure raises new concerns over online censorship
It's been a little more than a year since the US government began seizing domains of music blogs, torrent meta-trackers and sports streaming sites. The copyright infringement investigation, led by US Immigrations and Customs Enforcement (ICE) authorities, quickly raised eyebrows among many free speech and civil rights advocates, fueling a handful of legal challenges. Few are more compelling, or frightening than a case involving Dajaz1.com. As TechDirt reports, the popular hip-hop blog has been at the epicenter of a sinuous and seemingly dystopian dispute with the feds -- one that underscores the heightening controversy surrounding federal web regulation, and blurs the constitutional divide between free speech and intellectual property protection. Dajaz1 was initially seized under the 2008 Pro IP Act, on the strength of an affidavit that cited several published songs as evidence of copyright infringement. As it turns out, ,any of these songs were actually provided by their copyright holders themselves, but that didn't stop the government from seizing the URL anyway, and plastering a warning all over its homepage. Typically, this kind of action would be the first phase of a two-step process. Once a property is seized, US law dictates that the government has 60 days to notify its owner, who can then choose to file a request for its return. If the suspect chooses to file this request within a 35-day window, the feds must then undertake a so-called forfeiture process within 90 days. Failure to do so would require the government to return the property to its rightful owner. But that's not exactly how things played out in the case of Dajaz1. For more details on the saga, head past the break.
White House releases early test code for Data.gov platform, moves closer to open source reality
The White House's Open Government Partnership inched closer to maturity last week, with the release of a new open data platform, designed to help other governments set up their own Data.gov portals. On Wednesday, Data.gov developer Chris Musialek posted the first pieces of early test code for the unfortunately named "Data.gov-in-a-box" -- an open source version of the US and Indian governments' respective data portals. Both countries, in fact, have been working on the platform since August, with the Obama administration pledging some $1 million to the effort. The idea, according to federal CIO Steve VanRoekel and federal CTO Aneesh Chopra, is to encourage "governments around the word to stand up open data sites that promote transparency, improve citizen engagement, and engage application developers," using Data.gov (and its 400,000 datasets) as a blueprint. Wednesday's release is just the first step in that plan, with the finalized Open Government Platform (OGPL) slated for launch by early next year.
US Cyber Command completes major cyber attack simulation, seems pleased with the results
The US Cyber Command is barely out of its infancy, but it's already crossed one milestone off its to-do list, with the successful completion of its first major test run. The exercise, known as Cyber Flag, was carried out over the course of a single week at Nellis Air Force Base in Nevada, where some 300 experts put their defense skills to the test. According to Col. Rivers J. Johnson, the participants were divided into two teams: "good guys," and "bad guys." The latter were delegated with the task of infiltrating the Cyber Command's networks, while the former were charged with defending the mock cyberattack and keeping the government's VPN free of malware. The idea, according to the agency, was to simulate a real-world attack on the Department of Defense, in order to better evaluate the Command's acumen. "There were a variety of scenarios based on what we think an adversary would do in real world events and real world time," Johnson explained. "It was a great exercise." The Colonel acknowledged that the good guys weren't able to defend against all of the attacks, but pointed out that the vast majority were recognized and mitigated "in a timely manner." All told, Cyber Flag was deemed a success, with NSA Director and Cyber Command chief Gen. Keith Alexander adding that it "exceeded" his own expectations.
Google drops cloud computing lawsuit against US Department of the Interior
Last year, Google filed a lawsuit against the US Department of the Interior, on allegations that the government unfairly awarded a $59 million cloud computing contract to Microsoft without conducting a sufficiently competitive auction. Big G won an injunction against the department in January, effectively putting the contract on hold, and it looked as if the company would prevail, with Judge Susan Braden recently declaring that there was a "justifiable basis" for dispute. Last week, however, Google decided to drop the suit altogether, after filing a motion in the US Court of Federal Claims. "Based on the defendant's agreement to update its market research and then conduct a procurement in a manner that will not preclude plaintiffs from fairly competing, plaintiffs respectfully move for dismissal of this action without prejudice," the company's attorney wrote in the motion, filed on Thursday. Federal lawyers, however, responded by claiming that the two sides have not reached an agreement, while confirming that it had no problem with Google's decision to cease litigation. It remains to be seen whether the two sides have truly reached an agreement, or whether the litigation may wear on, but we'll keep you abreast of any future developments.
US government to beat back botnets with a cybersecurity code of conduct
Old Uncle Sam seems determined to crack down on botnets, but he still needs a little help figuring out how to do so. On Wednesday, the Department of Homeland Security and National Institute of Standards and Technology (NIST) published a request for information, inviting companies from internet and IT companies to contribute their ideas to a voluntary "code of conduct" for ISPs to follow when facing a botnet infestation. The move comes as an apparent response to a June "Green Paper" on cybersecurity, in which the Department of Commerce's Internet Policy Task Force called for a unified code of best practices to help ISPs navigate through particularly treacherous waters. At this point, the NIST is still open to suggestions from the public, though Ars Technica reports that it's giving special consideration to two models adopted overseas. Australia's iCode program, for example, calls for providers to reroute requests from shady-looking systems to a site devoted to malware removal. The agency is also taking a hard look at an initiative (diagrammed above) from Japan's Cyber Clean Center, which has installed so-called "honeypot" devices at various ISPs, allowing them to easily detect and source any attacks, while automatically notifying their customers via e-mail. There are, however, some lingering concerns, as the NIST would need to find funding for its forthcoming initiative, whether it comes from the public sector, corporations or some sort of public-private partnership. Plus, some are worried that anti-botnet programs may inadvertently reveal consumers' personal information, while others are openly wondering whether OS-makers should be involved, as well. The code's public comment period will end on November 4th, but you can find more information at the source link, below.
Amazon Web Services' GovCloud puts federal data behind remote lock and key
Uncle Sam's been making his way into the cloud, spurred on in part by the inherent billion dollar cost efficiencies, and Amazon's looking to help with the move. The Seattle-based company recently announced the launch of its new AWS GovCloud, a federal government-only region that offers a remote server solution for organizations bound by high-level data constraints. The service makes use of FISMA, FIPS 140-2 compliant end points, SAS-70, ISO 27001, and PCI DSS Level 1 security controls, providing a secure host environment that adheres to stringent "regulatory and compliance requirements," and restricts physical access to the US-only. NASA's JPL and the US Recovery and Accountability Transparency Board are just two of the 100-plus government agencies already employing AWS' remote servers, with more destined to join Washington's velvet-roped cloud. Jump past the break for Amazon's official PR spiel.
ASUS Eee Pad SL101 slides through the FCC, still misses promised May release
Sure, it's not unusual for gadgets to miss their shipping targets, suffering months-long delays as they jump through the varies hoops necessary before a release. Fortunately, ASUS can now check FCC approval off the Eee Pad Slider's to do list, with the Honeycomb QWERTY tablet receiving a green light from the feds late last week. ASUS has already confirmed August availability in the UK (after previously promising a May ship date), so we can only hope that the same timeframe applies stateside as well. We're also curious to see whether or not ASUS was able to use this unexpected delay to beef up supplies, so the Slide doesn't suffer a hangup similar to that of its Transformer cousin. The company has yet to confirm Slider pricing in the U.S., though we imagine those details will be revealed along with a shipping date within the next few weeks.
BlackBerry PlayBook receives certification for US government use
The BlackBerry PlayBook may not have exactly won over consumers en masse, but it looks like RIM can now at least put a feather in its cap when it comes to one of its key customer bases: government agencies. The company announced today that the PlayBook is the first tablet to receive the so-called FIPS 140-2 certification which, according to RIM, means that the US federal government can "buy with confidence knowing that the PlayBook meets their computing policy requirements for protecting sensitive information." Of course, those agencies will still need to make sure to supply a BlackBerry smartphone as well so folks can access some of that information -- although this may be one instance where that's considered to be more of a feature than an omission.
Pentagon says cyber attacks are acts of war: send us a worm, get a missile in return?
Well, the Pentagon is finally fed up with hackers picking on its buddies and foreign intelligence taking shots at its computer systems, and has decided that such cyber attacks can constitute an act of war. Of course, the powers that be won't be bombing you for simply sending them some spyware, but attempts to sabotage US infrastructure (power grids, public transit, and the like) may be met with heavy artillery. It's unclear how our government will identify the origin of an attack or decide when it's serious enough to start shooting, but Uncle Sam is looking to its allies to help create a consensus answer for those questions. The retaliatory revelation is a part of the Pentagon's new cyber strategy that'll be made public in June -- so saboteurs beware, your next internet incursion might get you an ICBM in your backyard.
Obama says federal fleet to run on alternative fuels starting in 2015
Chances are the Secret Service won't be ditching its signature black SUVs for these things anytime soon, but if all goes according to President Obama's new energy plan, even the Commander in Chief's armed guards will be rolling more eco-friendly in the next three years. In a speech given at Georgetown University Wednesday, the President said he expects all government agencies "to purchase 100 percent alternative fuel, hybrid, or electric vehicles by 2015." Now, that doesn't mean they'll have to get rid of pre-existing gas guzzlers, but any new purchases made after the cutoff date will be expected to comply -- the government's current fleet consists of 660,000 vehicles, 400,000 of which run on gasoline. Among other things, the President also called for increased infrastructure for the production of biofuels made from things like wood chips and switchgrass. So no, Cadillac One probably won't be replaced by a rechargeable egg car, but if Uncle Sam's taking suggestions, we'd be happy to make a recommendation -- Wheego Whip LiFe One does have a nice ring to it. Doesn't it?
IBM settles with SEC, pays $10 million for accusations of bribery
Hey, look, it's a major international corporation getting in trouble for bribery, and it isn't Samsung! This time it's home grown Big Blue, choosing to settle with SEC over allegations that its employees have spent the last 15 years or so illegally bribing and wooing foreign officials to score themselves bigger contracts. This includes $207,000 in cash bribes paid to South Korean representatives between 1998 and 2003 plus more in the form of gifts and trips to those willing and able to sign over big contracts, even paying for the personal vacations of Chinese officials. Ultimately $10 million is little more than a slap on the wrist for a company the size of IBM, which has not admitted fault and now will never have to, but we were glad to see that Watson has not been implicated in any of these nefarious misdeeds. His record remains squeaky clean.
US Justice Department and FTC looking into Apple's new subscription policy
Apple unveiled its new app store subscriptions earlier this week with a decent amount of controversy and even an official statement from Rhapsody saying it would not comply with the new regulations. The new policy requires any company offering subscription services to offer the same service, at the same price (or less) through Apple, with Apple skimming 30 percent off the top. It also no longer allows apps to have links to external sites where purchases can be made. Now, reports the Wall Street Journal, antitrust enforcers in the US are having a preliminary look into the new arrangement. So, what does that mean? Well, these kinds of pre-investigations are pretty common, so it could mean nothing at all. Or, it could lead to a more formal investigation into if the policy violates antitrust laws. When asked for comment on the story, unsurprisingly, no one at Apple, the FTC, or the Justice Department would comment. We'll keep our eyes on this one and let you know if anything more exciting happens.
Senate approves Pedestrian Safety Enhancement Act, ensures a future for noise pollution
If you've been lucky enough to occupy the driver's seat of a hybrid or electric vehicle you've surely enjoyed the bliss that comes from smoothly and silently pulling away from a stoplight. You've also, surely, run over at least a couple of pedestrians while doing it. (We hit at least eight of the poor souls during our latest Volt test drive.) Sadly, here comes John Kerry and the rest of the US Senate to ruin our Carmageddon-esque fun. The Senate has unanimously approved the Pedestrian Safety Enhancement Act, which requires: ...minimum level of sound emitted from a motor vehicle that is necessary to provide blind and other pedestrians with the information needed to reasonably detect a nearby electric or hybrid vehicle operating at or below the cross-over speed How much sound? Well, they haven't figured that out yet, nor have they figured out up to what speed it must be required, nor what sort of noise is required, but by golly there will be noise. Those answers will in theory be found through the course of a study that will take no more than 48 months to complete, leaving us wonder if current noisemaker options on the Volt, Leaf, and Prius will meet the need. Regardless, if you want a quiet car you'd better start your financing.
Sprint axes Huawei, ZTE telecom bids due to security fears in Washington?
Huawei might be making inroads into the US consumer smartphone market, but the Chinese telecom supplier's attempts to break into big business have been stonewalled. Now, the Wall Street Journal reports that Sprint is excluding both Huawei and competitor ZTE from a multi-billion dollar contract -- where they would have been the lowest bidders -- primarily because of national security concerns. The US Secretary of Commerce reportedly called Sprint CEO Dan Hesse to voice concerns about letting firms with possible ties to the Chinese government supply local communications infrastructure, a perspective also penned by eight US senators back in August. "DoD is very concerned about China's emerging cyber capabilities and any potential vulnerability within or threat to DoD networks," the Department of Defense told the publication, without naming Huawei or ZTE directly. We're not doctors, but it sounds like someone's got a serious case of supercomputer envy.
HP agrees to pay $55 million to settle investigation into illegal kickbacks
The company that kicked Mark Hurd to the curb for financial impropriety has today reported it'll pay $55 million in a settlement with the US Department of Justice relating to some fiscal delinquency of its own. HP was accused of greasing up the wheels of business, as it were, by throwing cash around to companies who would recommend its services to state procurement agencies. This particular set of allegations related to a federal contract obtained by HP in 2002, and the settlement also extinguishes investigation into whether or not the computer vendor had provided incomplete information to the US government. That's all well and good, but we have to question the size of these levies. Today's also the day that HP's announced a new $800 million supply contract with the US Air Force -- would a fine that's less than a tenth of the contract's value really deter HP's entrepreneurial spirit?
Perfect Citizen: secret NSA surveillance program revealed by WSJ
Do you trust your government? Do you just support it like an obedient Britney Spears, steadfast to your faith that it will do the right thing? Your answer to those questions will almost certainly predict your response to a Wall Street Journal exposé of a classified US government program provocatively dubbed, "Perfect Citizen." Why not just call it "Big Brother," for crissake! Oh wait, according to an internal Raytheon email seen by the WSJ, "Perfect Citizen is Big Brother," adding, "The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security." Histrionics aside, according to the WSJ, the "expansive" program is meant to detect assaults on private companies and government agencies deemed critical to the national infrastructure. In other words, utilities like the electricity grid, air-traffic control networks, subway systems, nuclear power plants, and presumably MTV. A set of sensors deployed in computer networks will alert the NSA of a possible cyber attack, with Raytheon winning a classified, $100 million early stage contract for the surveillance effort. Now, before you start getting overly political, keep in mind that the program is being expanded under Obama with funding from the Bush-era Comprehensive National Cybersecurity Initiative. The WSJ also notes that companies won't be forced to install the sensors. Instead, companies might choose to opt-in because they find the additional monitoring helpful in the event of cyber attack -- think of Google's recent run-in with Chinese hackers as a potent example. Like most citizens, we have mixed emotions about this. On one hand, we cherish our civil liberties and prefer to keep the government out of our personal affairs. On the other, we can barely function when Twitter goes down, let alone the national power grid.
