US Embassy Pakistan: Local Employee Iqbal Baig Killed in Islamabad

Posted: 2:47 pm EDT

 

A local employee of the U.S. Embassy in Pakistan was reportedly killed by unidentified gunmen in the capital city of Islamabad.  The victim was identified as Iqbal Baig who worked for the US Drug Enforcement Agency (DEA) reportedly for about a dozen years. The AFP citing the victim’s brother reports that the victim had received threats in the recent past.

.

.

.

Related posts:

 

 

OPM to Charge Agencies for Credit Monitoring Offered to Federal Employees

Posted: 2:32 am EDT

 

The latest update from “M” on the OPM breach dated July 15, notes that “The State Department never transferred personnel records to the OPM facility. However, if you had other U.S. Government service prior to joining State, you may have had records that were involved.” On the background information breach, it says that “State Department employees’ SF-85 and SF-86 forms (depending on the appointment) were in the OPM system and thus were impacted. However, other background investigation material was not.”

If you have additional questions email DG DIRECT [DGDIRECT@STATE.GOV] or OPM’s new email: cybersecurity@opm.gov

AFSA’s latest update to its membership is dated July 10 and available to read here.

Some developments on the fallout from the data breach:

 

.

.

.

.

.

.

.

.

.

.

#

 

State Dept Authorization Bill Mandates Security Breach Reporting, NSA Consultations –Can PenTest Be Far Behind?

Posted: 12:27 am EDT
Updated: 11:23 am PDT

 

Update: A source on the Hill alerted us that the State Authorization bill was offered as an amendment when the NDAA was debated in the Senate last month but it was not voted on and the NDAA passed on June 18 (That would be H.R. 1735 which passed 215 (71-25)  We understand that both chambers are now starting the process to bring the bill to conference in order to resolve differences.  The State Authorization bill, we are told, will not be part of those discussions.  In order for this to move forward, it will either need to be brought to the floor as a stand alone vote or Corker/Cardin could try again to attach it to another piece of legislation. Given that this is the first authorization bill passed by the SFRC in 5 years, and made it through the committee with bi-partisan support, we suspect that the senators will not just easily forget about this. — DS

On June 9, 2015, U.S. Senators Bob Corker (R-Tenn.) and Ben Cardin (D-Md.), the chairman and ranking member of the Senate Foreign Relations Committee, applauded the unanimous committee passage of the Fiscal Year 2016 Department of State Operations Authorization and Embassy Security Act. The SFRC statement says that it has been five years since the Senate Foreign Relations Committee passed a State Department Authorization bill and 13 years since one was enacted into law.  This State Department Authorization bill has been offered as an amendment to the National Defense Authorization Act, which currently is on the Senate floor. It is quite lengthy so we’re doing this in installments.

Below is the section on information technology system security that mandates security breach reporting, as well as making State Dept systems and networks available to the Director of the National Security Agency (NSA) and any other such departments or agencies to carry out necessary tests and procedures.

The State Department’s Consular Consolidated Database (CCD) as of 2011 contains over 137 million American and foreign case records and over 130 million photographs and is growing at approximately 40,000 visa and passport cases every day. If the CCD is compromised, it would be a jackpot for hackers that would make the OPM hack severely pales in comparison.

If this bill passes, will the penetration test by NSA on one of the world’s largest data warehouses finally happen?

Via govtrack:

Section 206.Information technology system security

(a)In general

The Secretary shall regularly consult with the Director of the National Security Agency and any other departments or agencies the Secretary determines to be appropriate regarding the security of United States Government and nongovernment information technology systems and networks owned, operated, managed, or utilized by the Department, including any such systems or networks facilitating the use of sensitive or classified information.

(b)Consultation

In performing the consultations required under subsection (a), the Secretary shall make all such systems and networks available to the Director of the National Security Agency and any other such departments or agencies to carry out such tests and procedures as are necessary to ensure adequate policies and protections are in place to prevent penetrations or compromises of such systems and networks, including by malicious intrusions by any unauthorized individual or state actor or other entity.

(c)Security breach reporting

Not later than 180 days after the date of the enactment of this Act, and every 180 days thereafter, the Secretary, in consultation with the Director of the National Security Agency and any other departments or agencies the Secretary determines to be appropriate, shall submit a report to the appropriate congressional committees that describes in detail—

(1)all known or suspected penetrations or compromises of the systems or networks described in subsection (a) facilitating the use of classified information; and

(2)all known or suspected significant penetrations or compromises of any other such systems and networks that occurred since the submission of the prior report.

(d)Content

Each report submitted under subsection (c) shall include—

(1)a description of the relevant information technology system or network penetrated or compromised;

(2)an assessment of the date and time such penetration or compromise occurred;

(3)an assessment of the duration for which such system or network was penetrated or compromised, including whether such penetration or compromise is ongoing;

(4)an assessment of the amount and sensitivity of information accessed and available to have been accessed by such penetration or compromise, including any such information contained on systems and networks owned, operated, managed, or utilized by any other department or agency of the United States Government;

(5)an assessment of whether such system or network was penetrated by a malicious intrusion, including an assessment of—

(A)the known or suspected perpetrators, including state actors; and

(B)the methods used to conduct such penetration or compromise; and

(6)a description of the actions the Department has taken, or plans to take, to prevent future, similar penetrations or compromises of such systems and networks.

#

Related Post:
S.1635: DOS Operations Authorization and Embassy Security Act, Fiscal Year 2016 – Security Clearance

21.5 Million Americans Compromised, OPM’s Ms. Archuleta Still Not Going Anywhere

Posted: 1:36 am  PDT

Excerpt via opm.gov:

OPM announced the results of the interagency forensic investigation into the second incident.  As previously announced, in late-May 2015, as a result of ongoing efforts to secure its systems, OPM discovered an incident affecting background investigation records of current, former, and prospective Federal employees and contractors.  Following the conclusion of the forensics investigation, OPM has determined that the types of information in these records include identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details.  Some records also include findings from interviews conducted by background investigators and fingerprints.  Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.

While background investigation records do contain some information regarding mental health and financial history provided by those that have applied for a security clearance and by individuals contacted during the background investigation, there is no evidence that separate systems that store information regarding the health, financial, payroll and retirement records of Federal personnel were impacted by this incident (for example, annuity rolls, retirement records, USA JOBS, Employee Express).

This incident is separate but related to a previous incident, discovered in April 2015, affecting personnel data for current and former Federal employees.  OPM and its interagency partners concluded with a high degree of confidence that personnel data for 4.2 million individuals had been stolen.  This number has not changed since it was announced by OPM in early June, and OPM has worked to notify all of these individuals and ensure that they are provided with the appropriate support and tools to protect their personal information.

Analysis of background investigation incident.  Since learning of the incident affecting background investigation records, OPM and the interagency incident response team have moved swiftly and thoroughly to assess the breach, analyze what data may have been stolen, and identify those individuals who may be affected.  The team has now concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases.  This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, predominantly spouses or co-habitants of applicants.  As noted above, some records also include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints.  There is no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM’s systems.

If an individual underwent a background investigation through OPM in 2000 or afterwards (which occurs through the submission of forms SF 86, SF 85, or SF 85P for a new investigation or periodic reinvestigation), it is highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely.

So, are we supposed to wait for another credit monitoring offer from OPM’s partners for this BI hack, after already being offered credit monitoring for the personnel data compromised in an earlier breach?

Yes. Wonderful.

Ms. Archuleta should do the right thing and resign.

Part of OPM’s public response to these breaches has been to protect the director’s record at the agency.  While she remains in charge, I suspect that the fixes at OPM will also include shielding the director from further damage. News reports already talk about OPM’s push back. Next thing you know we’ll have “setting the record straight” newsbots all over the place.

While it is true that Ms. Archuleta arrived at OPM with legacy systems still in operation, these breaches happened under her watch. Despite her protestation that no one is personally responsible (except the hackers), she is the highest accountable official at OPM.  Part and parcel of being in a leadership position is to own up to the disasters under your wings.  Ms. Archuleta should resign and give somebody else a chance to lead the fixes at OPM.

via reactiongifs.com

via reactiongifs.com

.

.

.

.

.

.

.

We Meant Well, Afghanistan Edition: Ghost Students, Ghost Teachers, Ghost Schools, Ugh!

Posted: 1:16 am  PDT

 

.

Excerpt:

Over and over, the United States has touted education — for which it has spent more than $1 billion — as one of its premier successes in Afghanistan, a signature achievement that helped win over ordinary Afghans and dissuade a future generation of Taliban recruits. As the American mission faltered, U.S. officials repeatedly trumpeted impressive statistics — the number of schools built, girls enrolled, textbooks distributed, teachers trained, and dollars spent — to help justify the 13 years and more than 2,000 Americans killed since the United States invaded.

But a BuzzFeed News investigation — the first comprehensive journalistic reckoning, based on visits to schools across the country, internal U.S. and Afghan databases and documents, and more than 150 interviews — has found those claims to be massively exaggerated, riddled with ghost schools, teachers, and students that exist only on paper. The American effort to educate Afghanistan’s children was hollowed out by corruption and by short-term political and military goals that, time and again, took precedence over building a viable school system. And the U.S. government has known for years that it has been peddling hype.
[…]
USAID program reports obtained by BuzzFeed News indicate the agency knew as far back as 2006 that enrollment figures were inflated, but American officials continued to cite them to Congress and the American public.

As for schools it actually constructed, USAID claimed for years that it had built or refurbished more than 680, a figure Hillary Clinton cited to Congress in 2010 when she was secretary of state. By 2014, that number had dropped to “more than 605.” After months of pressing for an exact figure, the agency told BuzzFeed News the number was 563, a drop of at least 117 schools from what it had long claimed.
.

Last week, we were looking for clinics.

What’s next … ghost soldiers? Oops, that’s already an old story?

#

The Phantom Memo: DNI-OPM Approved Interim Procedures During e-QIP System Suspension

Posted: 5:50 pm  PDT

 

The blog post title is not original but cribbed from @empiricalerror:

Click on the image below (Thanks C!) to read the memo signed by DNI’s James R. Clapper and OPM Katherine Archuleta (pdf).

One govie told us “there is no process for TS which is all I hire!”  Note that the memo says there are “no interim procedures authorized at this time for access to Top Secret, Top Secret SCI, or “Q” level information.”

There’s a sigh for you, too.

DNI-OPM e-QIP Memo

Click image to read the memo in pdf format (memo originally posted at govexec)

And when the e-QIP is restored, the wait will continue some more while the process runs its course. Will new hires even get to work  by late fall?

One bureau reportedly sent out a note saying, “we are requesting that all tentative job offer notices be temporarily postponed until further guidance is published.”  Apparently, “HR and DS are working together to iron out the details of an interim paper-based SF-86 process.”

Meanwhile, fedscoop reports that OPM wants to hire four IT senior project managers that will cost up to $675,000 to oversee a systems modernization.

#

OPM Director Writes Investigation “Update” on Data Breach on July 4th, 8 p.m. Yawn. Rumble Burble CYA

Posted: 3:14 am  EDT

 

Katherine Archuleta who remains OPM director following the drip, drip, drip reports on the OPM data breach wrote a blog post at 8 pm on Saturday, July 4th, updating the “hardworking Federal workforce” on the “Cyberintrustion Investigation.”

The update does not provide any real update on the investigation, except to say they hope to have something this week. Two sentences on the investigation from an eight para message. Oy!

The purpose of the message appears to be — to show that the director is working on a Federal holiday. At 8 pm, too. While you all are celebrating the Fourth of July, the OPM director who is “as concerned about these incidents as you are,” is writing a blog post, and talking about the “tireless efforts” of her team. She wants folks to know that she “shares your anger,” and that she remains “committed to improving the IT issues that have plagued OPM for decades.” She also writes that she is “committed to finishing the important work outlined” in her Strategic IT Plan.

Hey, no one is personally responsible for this breach except the hackers, and it looks like Ms. Archuleta is committed enough that she won’t be going anywhere. No, not even to go back in time.

Here’s the part of her message that gave me a nasty headache. She writes, “I encourage you to take some time to learn about the ways you can help protect your own personal information.” 

Ay, holy molly guacamole!

May I also encourage OPM to take some time to learn about the ways it can help protect the personal information of Federal employees, job applicants, retirees and contractors, and their family members, because why not? See this timeline:
.

.

Cybersecurity is already a priority in our lives and work. We’re all in this great mess because it wasn’t a priority for OPM.  I certainly welcome more substantive details of this breach but these updates that are nothing more than rumble burble CYA are mighty useless, and they don’t do  anything to improve my perception of OPM or its leadership.

Dear White House. Please.Make.Her.Stop.

*

Via opm.gov

As our hardworking Federal workforce enjoys a much-deserved holiday weekend, I want to share a quick update on the ongoing investigation into the recent theft of information from OPM’s networks.

For those individuals whose data may have been compromised in the intrusion affecting personnel records, we are providing credit monitoring and identity protection services. My team has worked with our identity protection contractor to increase staff to handle the large volume of calls, and to dramatically reduce wait times for people seeking services. As of Friday, our average wait time was about 2 minutes with the longest wait time being about 15 minutes.

Thanks to the tireless efforts of my team at OPM and our inter-agency partners, we also have made progress in the investigation into the attacks on OPM’s background information systems. We hope to be able to share more on the scope of that intrusion next week, and in the coming weeks, we will be working hard to issue notifications to those affected.

I want you to know that I am as concerned about these incidents as you are. I share your anger that adversaries targeted OPM data. And I remain committed to improving the IT issues that have plagued OPM for decades.

One of my first priorities upon being honored with the responsibility of leading OPM was the development of a comprehensive IT strategic plan, which identified security vulnerabilities in OPM’s aging legacy systems, and, beginning in February 2014, embarked our agency on an aggressive modernization and security overhaul of our network and its systems. It was only because of OPM’s aggressive efforts to update our cybersecurity posture, adding numerous tools and capabilities to our networks, that the recent cybersecurity incidents were discovered.

I am committed to finishing the important work outlined in my Strategic IT Plan and together with our inter-agency partners, OPM will continue to evaluate and improve our security systems to make sure our sensitive data is protected to the greatest extent possible, across all of our networks.

We are living in an era where cybersecurity must be a priority in our lives at work and at home. I encourage you to take some time to learn about the ways you can help protect your own personal information. There are many helpful resources available on our website.

I’m wishing you a safe and relaxing 4th of July weekend.

#

#OPMBreach: Back to Paper SF-86s, No More Social Media at OPM, Scary Movie Chinese Edition

Posted: 2:15 pm EDT

.

.

.

.

.

.

 

Related Posts:

 

@StateDept Ranks #3 in Happiest Senior Executives, Mind the Happiness Gap

Posted: 12:50 am  EDT

 

.

#

This report is based on the Federal Employee Viewpoint Survey (FEVS), a tool that “measures employees’ perceptions of whether, and to what extent, conditions characterizing successful organizations are present in their agencies.” The full report is available here.