by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : October and November 2016
GCN OCTOBER/NOVEMBER 2016 • GCN.COM 43 that we defined our rules and restrictions down to a T,” said Lisa Wiswell, the Defense Digital Service’s digital secu- rity lead. “You have to make sure that you tell folks what they can do and, almost even more importantly, what they cannot do.” DOD is now working on a permanent bug-bounty pro- gram and issued a request for proposals in August. Other agencies, meanwhile, are looking to the Defense Digital Service for advice on develop- ing programs of their own. — Troy K. Schneider How LA corralled its security data Los Angeles’ Integrated Security Operations Center consolidates all departmental cybersecurity into one central system The IT staff for the city of Los Angeles manages systems and network traffic for more than 37 departments, which have 35,000 full-time employees and more than 120,000 networked devices. Collecting and correlating security data from all the city’s depart- ments was a challenging and labor-intensive activity — and one that often delivered inac- curate results. “If an inconsistency or potential security breach was found, the protocol in place required pulling security logs from each individual depart- ment, reviewing and analyz- ing the disparate reports and then correlating the data manually with multiple secu- rity tools,” said Timothy Lee, the city’s chief information security officer. “This was a time-consuming process that resulted in slow resolution and errors.” This past spring, the city realized how dire the situ- ation was after it recorded more than 135 million attacks in April and a 200 percent increase in cyberattacks over the previous year. “This is when we realized the enormity of the threat, its growing nature and how this project was direly needed,” Lee said. The resulting project — the Integrated Security Opera- tions Center — is a central- ized system that is monitored round-the-clock. It provides real-time cybersecurity situ- ational awareness across all city departments and enables information sharing with the FBI and other states through the Multi-State Information Sharing and Analysis Center (MS-ISAC). The system has three pri- mary elements: • A Cybersecurity Posture Dashboard that provides stakeholders with a graphic representation of the city’s cybersecurity status. • A Cyber Alert Indicator that displays malicious activity on the city’s network in real time. • A Threat Intelligence Portal HHS’ open-source authentication solution protects users who connect to GrantSolutions.gov — and is poised to do even more In the cybersecurity sprint that followed the Office of Personnel Management data breaches last year, civilian agencies across the government increased their use of personal identity verification cards to 83 percent. However, that ini- tiative did not address how authorized users who did not have a PIV card could securely access government data. At the Department of Health and Human Services, tens of thousands of grantees worldwide were checking the status of their government grants by signing into the GrantSolutions. gov website with just a username and password. Determined to come up with a more secure yet cost-effective solu- tion, Director of Application Develop- ment Paul Hasz and his team built an open-source two-factor authentication solution that protects public- and private-sector grantees and the numer- ous financial systems that connect to GrantSolutions.gov. The solution works by first asking for the user’s registered username and password. It then generates a one-time, unique code that it delivers to the user via a smartphone authentication app, text message or voice message — a definite improvement over the previous login process, according to Hasz. What he said is most innovative about the solution, however, is the way existing components and code developed in-house were combined to create a solution. And it’s one that other government websites can use as well. By providing design documents, code and help files, the team can assist other agencies in deploying a two-factor authentication solution in as little as two weeks without incurring significant cost. In fact, the entire package has al- ready been provided to three additional government partners, two of which are already in production. — Suzette Lohmeyer TWO-FACTOR AUTHENTICATION IN 2 WEEKS 1116gcn_032-055.indd 43 10/6/16 10:25 AM
August and September 2016
January and February 2017