MeriTalk News Briefs: $675K Spent Without Security Clearances, DIY BYOD, Air Force CISO Lands a New Gig

Welcome to MeriTalk News Briefs, where we bring you all the day’s action that didn’t quite make the headlines. No need to shout about ‘em, but we do feel that they merit talk.

Federal Contracts Billed $675K Worth of Work Without Security Clearances

At least 15 Federal contractors working on the Enterprise Infrastructure Solutions’ (EIS) Transition Ordering Assistance (TOA) program billed more than $675,000 worth of work without having the proper security clearances and background checks. The General Services Administration’s (GSA) Inspector General (IG) released a memo on June 29 highlighting the breach. The EIS TOA is the Federal government’s new $50 billion telecommunications contract and the workers in question were helping agencies transition onto the new contract. GSA awarded the contract to Redhorse Corporation, based in Arlington, Va., in September 2016. The memo to Federal Acquisition Service (FAS) Commissioner Alan Thomas explains that 15 Redhorse employees had access to sensitive government information and systems before receiving their interim security clearance. The IG recommended the FAS strengthen its management practices over the TOA program and stressed the need for stronger access controls.

Feds Using BYOD Without Agency Approval

According to a survey from the Government Business Council, Federal workers who use personal devices for government work aren’t getting agency approval. The survey of 165 government employees found that roughly half of Federal employees–43 percent for active duty and Department of Defense (DoD) employees and 59 percent for civilian agency employees–use agency devices for government work. However, roughly one third of both groups use personal devices for agency work. Of that one third, 94 percent of DoD employees are doing so without agency approval. On the civilian side, 64 percent are using personal devices that haven’t been cleared by their agency. Agencies have varied Bring-Your-Own-Device (BYOD) policies, which are designed to mitigate security risks associated with an unapproved device. While personal devices aren’t inherently less secure that government-provided devices, Federal IT staff has no way of knowing what security programs are on the device and what potential vulnerabilities exist. However, roughly half of respondents (51 percent) said that their agency’s BYOD policy creates more security risk than is necessary.

Raytheon Hires Former Air Force CISO

Former Air Force CISO Peter Kim is joining the public sector. Raytheon subsidiary Raytheon Missile Systems hired Kim as its director of IT security and governance. Kim join’s the private sector after a decade long stint at the Pentagon, serving in various cybersecurity roles. Kim’s Deputy CISO Wanda Jones-Heath replaced him as CISO following his departure in June. However, Kim isn’t leaving the Federal sector behind entirely, Raytheon Missile Systems develops and manufactures missile systems for the U.S. military.

DHS Seeks Comment on Prelims for Cyber Review

The Department of Homeland Security (DHS) said in a Federal Register notice that it is seeking comment through September 4 on an information collection request (ICR) it will submit to the Office of Management and Budget as a preliminary step to collecting information for DHS’s biennial Nationwide Cyber Security Review. DHS is seeking comment on the proposed method of its information collection, rather than the actual collection of information for the biennial review, which will come at a later date.

Recent