Photo: Stephen VanHorn

U.S. Citizenship and Immigration Services is contemplating how to include mobile devices in its system for providing customer service.

The Department of Homeland Security issued a request for information Wednesday on behalf of USCIS for “planning purposes.” DHS wants information on incorporating mobile applications into its customer service avenues. 

DHS said in its filing that USCIS wants mobile applications that allow users to:

• view case status updates
• update their mailing address
• file information
• creating an E-request

In its RFI, DHS asked companies to include their experience with mobile apps in responses.

National Archives image

The Department of Homeland Security announced last month it was looking into how it could use Twitter as an intelligence tool and how to monitor social media networks.

DHS is now creating accounts to monitor site activity and establish an archiving system for the information it gathers, ABC News reports.

“The NOC (National Operations Center) will gather, store, analyze and disseminate relevant and appropriate de-identified information to federal, state, local and foreign governments and private sector partners authorized to receive situational awareness and a common operating picture,” DHS said in a report explaining the program.

In the 23-page report, DHS said it monitors social media sites by using an extensive list of terms covering areas such as terrorism, cybersecurity, health and several federal agencies within and outside of DHS.

The NOC also looks at posts for North Korea and Mexico.

DHS said it does not post information nor attempts to establish connections with users.

NIST image

Companies that already provide cloud services to federal agencies will have their offerings vetted first under the new FedRAMP security assessment program.

Verizon Federal and General Dynamics‘ information technology business unit are among the companies who will have their cloud services reviewed under the new program according to Federal Times.

FedRAMP was launched earlier this month to give agencies and contractors a base set of security controls, allowing quick adoption of commercial cloud technology across agencies.  

“We can’t just open the doors wide open right from the start,” said Dave McClure, associate administrator of the General Services Administration‘s Office of Citizen Services and Innovative Technologies, according to Federal Times.

McClure added that companies on existing contracts for other cloud services, such as email, will also get priority vetting.

A three-member board composed of chief information officers from the GSA and the departments of Defense and Homeland Security will review the companies. FedRAMP also requires independent assessors to determine if the cloud technology being offered meets federal security standards, which Federal Times reports are scheduled to be released in January.

Photo: Daniel McGarrity

The Department of Homeland Security‘s National Cyber Security Division and the Idaho National Laboratory have won the 2011 U.S. National Cybersecurity Innovation Award for creating a series of training programs on defending the power grid and other utility systems, according to a SANS Institute announcement.

The programs were created by the DHS Controls Systems Security Program and the INL. 

They are targeted toward managerial and technical people in industries using control systems that contain information on cyber threats and fixes for vulnerabilities.

The hands-on training programs work to coordinate activities to reduce the likelihood of cyber attacks on critical infrastructure systems, and are conducted within an actual control systems environment according to the SANS Institute.

The Energy Department has partnered with DHS to deliver this training program to the energy sector.

The Industrial Control Systems Cyber Emergency Response Team released a report outlining the steps taken in assessing the situation. The group said “analysis of what caused the pump to fail is ongoing. ICS-CERT will continue to coordinate with the FBI, Water ISAC, MS-ISAC and other organizations as appropriate.”

Ongoing or not, the report makes it clear that the original claim was based on unconfirmed data and that no information was compromised. 

“In addition, DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported,” said DHS spokesman Chris Ortman, according to Computerworld. 

Joe Weiss, a cybersecurity expert who illustrated the incident in his blog, seemed wholly unconvinced by the fusion center’s report, saying that a cyberattack was not entirely out of the question, according to a FierceHomelandSecurity report. 

In disclosing the supposed cyberattack, Computerworld says Weiss brought attention to issues regarding the vulnerability of U.S. infrastructure.

That which is left vulnerable includes older equipment without security features used in both the “water and energy industries,” according to a statement made by Patrick Miller, president of the Energy Sector Security Consortium, to Computerworld. 

Photo: itnews.sk

A water pump at a Springfield, Ill. utility failed Nov. 8. Usually this would be considered a technical difficulty, but this failure has raised eyebrows of the federal government.

Joe Weiss, a cybersecurity expert, disclosed the incident on his blog Thursday and pointed the finger at foreign cyber attackers. Now the U.S. Department of Homeland Security and the FBI are investigating the pump failure as a possible attack, according to a Reuters report.

“DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield, Illinois,” according to a statement from DHS spokesman Peter Boogaard. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”

The breach was discovered when a water district employee noticed that the system kept turning on and off, resulting in the water pump burning out, according to Wired.

The hackers stole credentials from a company that makes software used to control industrial systems, Weiss said. They also stole usernames and passwords from the company to gain remote access to the utility.

In fact, the hackers may have had access to the utility in September, according to the “Public Water District Cyber Intrusion” report, released by the Illinois Statewide Terrorism and Intelligence Center on Nov. 10.

The report does not describe what the glitches were, Weiss told Wired, but could reference problems legitimate users experienced when trying to access the system remotely.

“They just figured it’s part of the normal instability of the system,” Weiss said to Wired. “But it wasn’t until the SCADA system actually turned on and off that they realized something was wrong.”

Of three software capability areas including application infrastructure, backup and storage, and security, DHS chose immixGroup’s offering to supply McAfee software in the security area. The agreement with immixGroup is a GSA schedule-based Blanket Purchase Agreement for a term of up to seven years.

This agreement is mandatory for use vehicle at DHS headquarters and all DHS components looking to buy McAfee products for enterprise virus and malware protection; identity and access management; firewall; and database, application, Web server, and mobile security; among others.

The technology is being developed for the Department of Homeland Security’s Science and Technology Directorate.

“Our partnership with Genia Photonics will build on the company’s success in the commercial market,” says Simon Davidson, partner in In-Q-Tel’s investments team. “Genia Photonics’ fiber-based technology will lead to unique possibilities for our customers in the U.S. intelligence community.”

CGI will deliver a public cloud solution for the department’s public websites, including DHS.gov, FEMA.gov, and USCIS.gov.

CGI will provide three integrated environments that encompass the full application development and deployment lifecycle, from enterprise development and integration to testing, training, staging, troubleshooting and production.

“DHS’ move to the cloud is being watched closely as it’s one of the largest agencies to put the ‘cloud-first’ policy into practice,” said Eric Wolking, senior vice president at CGI. “CGI’s cloud environment contains all of the required enterprise-wide security, service delivery, and hosting capabilities needed to reduce costs while delivering improved citizen services.”

Federal agencies will begin reporting security data to an online compliance tool, CyberScope, as part of fiscal year 2011 requirements for the

Agencies will submit monthly data feeds through CyberScope to the Department of Homeland Security as defined in a recently released memo outlining the new requirements so that cybersecurity is may be better monitored. 

Additionally, agencies will need to submit security information through CyberStat where they will also engage in accountability review sessions and interviews to better the overall security structure.