by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : May 2016
[BrieFing] A new course at Stanford University called “Hacking for Defense” teaches students to apply lean startup prin- ciples to solving actual national secu- rity problems. It’s part of an effort to bring private-sector advancements to the Defense Department. In wartime, the military attracts “some of the most innovative folks on the planet,” Steve Blank, an instructor at Stanford University, told GCN. “It’s just that when they get back to peace- time, they collapse back to one of the most bureaucratic organizations on the planet. In contrast, Silicon Valley... has been standing up innovation 24/7 for the last 50 years and not default- ing back to peacetime.” Students work in teams to address topics such as protecting soldiers from inexpensive commercial drones and countering social media use by groups such as the Islamic State. In addition to temporary positions with the U.S. Digital Service, “there’s AmeriCorps, there’s Peace Corps, but there really was no way to help tech- nical folks give back directly to DOD or [the intelligence community] with- out putting on a uniform,” Blank said, which is why he created the course. Retired Army colonel and course instructor Pete Newell asked, “When we have another war...where are we going to find the people” who can rapidly deploy new technology? “I’ll tell you where you’ll find them. We’ll find them on the other side of the battlefield where insurgents...have perfected the lean methodology.” Building an agile, responsive and resilient approach to national security “requires new ways to think about, or- ganize and build and deploy national security people, organizations and solutions,” Blank said. • New Stanford course teaches defense innovation BY MARK POMERLEAU 8 GCN MAY 2016 • GCN.COM ARCHIVES.GOV retro tech GCN has covered government IT since 1982, and the technology itself started earlier still. To wit: Development of the Electronic Numerical Integrator and Computer (ENIAC) began in 1943. The computer was used by the Army ’s Ballistic Research Laboratory until 1955. (U.S. Information Agency photo) The General Services Administration’s 18F is building an open-source platform for automating updates to system secu- rity plans (SSPs) so agencies can create and maintain compliance documenta- tion as rapidly as they deploy systems. Now in prototype form, the Compli- ance Masonry platform is a framework for documenting the complex and lengthy SSPs that describe systems’ ar- chitecture, security controls and overall security posture. The new tool creates machine-read- able SSPs that automatically update when a system changes, allowing agency executives and IT staff to gener- ate reports with searchable content. To build the Compliance Masonry platform, 18F stores SSP data in the YAML/JSON format using OpenControl schema, a machine-readable format for storing compliance documentation. The platform also offers automated processes, or pipelines, for generat- ing standardized certification documen- tation. Pipelines are already in place for converting YAML/JSON SSPs to GitBook (a GitHub tool) and Microsoft Word and for verifying complex tests such as whether a system is using static code analysis tools. 18F took a component-first approach with the platform, meaning the SSP documentation is based on components rather than security controls. That focus will allow agencies to quickly add, adjust and remove documentation for new or updated components. So far, 18F is using Compliance Masonry to organize SSP documenta- tion for Cloud.gov. The open-source platform is available for use and contri- bution by all agencies, developers and service providers. • 18F automates system security plans BY AMANDA ZIADEH 0516gcn_007-009.indd 8 4/27/16 3:10 PM
March and April 2016
June and July 2016