by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : October and November 2016
42 GCN OCTOBER/NOVEMBER 2016 • GCN.COM The new software assur- ance program has proved wildly popular, even beyond program developers’ expecta- tions. As part of its launch plan for the F3 service, DISA scheduled a series of market- ing presentations, handouts and webinars. “Since they had no idea what kind of response might be expected, DISA scheduled the call for one hour and had a limited number of spaces available,” Farrell said. “Unexpectedly, the webinar was a big success, and all the connections into the webinar were taken.... A second we- binar was held the following week with equally positive response.” With F3, DISA has made it easy for Forge.mil users to rapidly and affordably deliver dependable software, services and systems. — Karen Epper Hoffman Hacking the Pentagon for patriotism and profit The Defense Digital Service proves that bug-bounty programs can pay big dividends for government agencies The Defense Digital Ser- vice is charged with using private-sector talent and best practices to improve critical Defense Department systems — and hopefully modern- ize DOD’s IT mindset in the process. Hack the Pentagon, a bug-bounty program that was tested this past spring, did both. DOD partnered with HackerOne, a San Francisco- based bug-bounty manage- ment startup. More than 1,400 hackers signed up, and the first bug was reported just 13 minutes after the program began. In all, 138 bounties were paid for con- firmed vulnerabilities in the five sites that were tested. Individual bounties ranged from $100 to $15,000, depending on the severity of the bug discovered. The cost of the pilot was approximately $150,000, and Pentagon officials estimated that a traditional security audit to discover those same holes would have cost $1 million. Arguably more important than the money, however, was the policy and planning work to make a government bug-bounty program feasible. “We spent a tremendous amount of time with our legal team and all of the stakeholders across the departments to make sure An aggressive push for improved authentication has resulted in savings, standardization and safer data The Federal Emergency Manage- ment Agency is expected to jump into action during the nation’s worst crises and natural disasters — even those in its own online backyard. So when federal agencies were shaken by the massive breach of Office of Person- nel Management records, FEMA officials moved quickly to safeguard their informa- tion with much-improved authentication. “ The outcome we are creating is interop- erability across federal, state, local, territo- rial and tribal governments [to] transform the way the agency responds and recovers from natural and man-made disasters,” FEMA CIO Adrian Gardner told GCN. Last October, Gardner’s team began working with IBM Global Business Services to enable 76 of the agency ’s high-priority systems to use personal identity verifica- tion cards and single sign-on capabilities to authenticate those accessing informa- tion on its systems. Over the course of the six-month project, the group oversaw more than 70 development teams, multiple vendors, eight FEMA program offices, 10 regional offices, and a wide and far-flung variety of deployments at various FEMA and non-FEMA hosting facilities and cloud providers. Even for an agency primarily tasked with handling major catastrophes, the tight turnaround, widespread geograph- ic coverage and involvement of so many stakeholders made the project especially challenging. And there are restrictions on changing FEMA systems during active di- saster declarations, which added another degree of complexity. “One of the many surprises was the amount of internal and external coordina- tion required to successfully implement the program in just one year,” Gardner said. Indeed, reaching agreement on a set of requirements for a fixed-price contract, working through cultural differences and sustaining top-level support through- out the project were major obstacles, he added. The results, though, have been sub- stantial. High-value systems are now at Level of Assurance 4, and employees have a standardized solution across the agency. The deployment was a major step forward in protecting data for FEMA, its partners and the disaster survivors it helps. — Karen Epper Hoffman FEMA FINDS A BETTER APPROACH TO SYSTEMS SECURITY 1116gcn_032-055.indd 42 10/6/16 12:53 PM
August and September 2016
January and February 2017