Don't give hackers too much credit for being savvy exploiters.

A study by Craig Schmugar, a security researcher at McAfee Inc., discounts the theory that hackers release exploits right after regularly scheduled security updates from Microsoft to give their exploits the most amount of time to be disruptive. That theory has given rise to the notion of "Exploit Wednesday," the day after the second Tuesday of every month when Microsoft releases its patches.

But the statistics don't indicate that's happening, which begs the question: What's the motivation for when a hacker releases an exploit?

Hat tip: securityfocus.com

In light of the House hearing yesterday on the Homeland Security Department's sluggish development of a computer system to track foreign visitors entering and leaving the United States, it's helpful to remember history.

Congress called for the entry/exit system -- later dubbed the US VISIT program -- in the U.S. Patriot Act, which was passed a little more than a month after the 9/11 terrorist attacks in 2001. In the act, Congress stated, "In light of the terrorist attacks perpetrated against the United States on September 11, 2001, it is the sense of the Congress that ... the Attorney General, in consultation with the Secretary of State, should fully implement the integrated entry and exit data system for airports, seaports, and land border ports of entry ... with all deliberate speed and as expeditiously as practicable."

The message: Build the system fast, very fast. "Expeditiously as practicable" meant Congress gave developers an excruciatingly tight deadline for the system to be operational. In two years, by Dec. 31, 2003, Congress wanted the system to be operational in 115 airports and 14 major seaports, and by Dec. 31, 2004, it wanted the system to be deployed to the 50 busiest land border crossings.

For sure, in the fall of 2001, emotions ran high and fear gripped many lawmakers who wanted to show the public that they were doing something -- anything -- to protect the nation, but the deadlines were simply unrealistic for a system with that scope.

Still, DHS was able to meet the deadline for the entry portion of the system because it had legacy systems scattered throughout agencies -- such as systems in the Immigration and Naturalization Service, the FBI and the State Department -- that it could tie together to check visitors' identities and whether they were on a criminal watch list. But no system existed for checking identities when visitors left the country. DHS would have to build that part from scratch. That meant the exit portion would take much longer to build, be higher risk, and cost billions of dollars more than the $380 million price tag for the entry portion of the system, according to the Government Accountability Office.

We can only hope that Congress, including members of the House Homeland Security Subcommittee on Border, Maritime and Global Counterterrorism, will remember the sky-high expectations that were put on the developers of the US VISIT system, and, now in an atmosphere that is far less charged with emotion and fear, can provide more level-headed milestones, provide US VISIT developers with realistic deadlines and the necessary resources.

IBM unveiled the world's fastest computer this week, the BBC reports. Blue Gene/P is three times faster than what is thought to be the fastest known computer -- Blue Gene/L, another IBM computer.

Blue Gene/P, which will go online later this year at the Department of Energy's Argonne National Laboratory in Illinois, comes packed with 1 petaflop, or the capability of processing 1,000 trillion calculations per second (100,000 times faster than a PC). The lab will use the supercomputer to research particle physics and nanotechnology. Researchers use Blue Gene/L to run simulated nuclear tests at the Lawrence Livermore National Laboratory in California.

Blue Gene/P's reign as fastest supercomputer may be short-lived, however. Los Alamos National Laboratory in New Mexico is working on a computer with IBM codenamed Roadrunner, which will be able to run through 1.6 petaflops, according to the BBC report. And Sun Microsystems has unveiled Constellation, a 1.7 petaflop machine. Not to be outdone quite yet, however, Blue Gene/P can eventually be expanded to 3 petaflops, according to IBM.

Oh, and what makes all these computers so fast? It's the same processor technology found in the just-released PlayStation 3 game that your kids use.

Editor's note: Thanks to all of you who noted that this post incorrectly attempted to write the Federal Systems Integration and Management Center out of existence. It is in fact still assisting federal agencies in implementing IT projects and we apologize for the error.

The head of the General Services Administration's technology acquisition organization today named Steve Kempf as its deputy assistant commissioner for the Office of Integrated Technology Services.

Kempf, an attorney who had been serving in an acting role in the same position since summer 2006, will help lead the Federal Acquisition Service in planning and implementing its technology service programs, including IT Schedule 70, the governmentwide acquisition contracts, and Networx.

In an email Thursday, John Johnson, the assistant commissioner for integrated technology services, said Kempf "possesses a broad mix of experience and knowledge that make him especially well-suited to help lead the ITS portfolio toward a successful future."

Kempf previously was the director of operations for GSA’s Federal Systems Integration and Management Center, a legacy Federal Technology Service business unit that assists federal agencies in implementing large IT and professional services projects. While there, the organization produced more than $1.8 billion in annual sales.

Kempf also served as an IT manager in GSA’s Region 9 for a variety of clients in the Monterey, Calif., area.

Naval Amphibious Base, Little Creek, Va. – When the USS Harry S. Truman carrier strike group deploys this fall it will use communications that have a high-tech twist on one of the oldest forms of radio communications that the Navy used in the days of Morse Code, said officials of headquartered here.

Instead of the "dits" and "dahs" transmitted by Morse Code, the Truman, along with the nine other ships in the strike group, will communicate over high frequency (HF) by sending Internet Protocol-based traffic such as text messages, said Paul Dixon, allied coalition networks action officer for the Naval Network Warfare Command (NETWARCOM).

The highest levels of the Navy have endorsed the use of high frequency IP communications for intra-strike group communications for one simple reason, Dixon said: It’s much cheaper than satellite communications systems that the Navy embraced in the late 1980s, when the service all but abandoned high frequency as its standard means of communications.

Dixon also said its makes no sense to use expensive and often leased satellite communications systems that require a 44,400 mile trip – from a ship to a satellite and then back down to another ship five to ten miles away – when high frequency can easily bridge that gap over free spectrum in the 3 to 30 Megahertz frequency band, Dixon said.

Dixon said that high frequency has roughly the same speed as dial-up modems used in the 1980s compared with satellite bandwidth that is as much as 100 times greater. But it is fast enough to meet the command and control needs of today’s strike groups, which are run by text messages and over chat groups based on Internet Relay chat standards.

The Navy also has provided the Truman strike group with the ability to send IP traffic over UHF channels, which provides better throughput than the high-frequency band, about 64 kpbs, or slightly more than the dial-up modems built-into most personal computers.

Eric Johnson, a professor at New Mexico State University whose specialty is high frequency and wireless networking, said the high frequency’s low throughput is due to the noise inherent on that spectrum band, which is apparent to anyone who has listened to a short wave broadcaster such as the BBC, and the narrow channels.

The high-frequency modems the Navy uses – which New Mexico State University helped develop – punches data through that noise with a stable signal thanks to sophisticated error checking protocols, Johnson said.

Dixon said that the Navy plans to outfit 25 ships with high-frequency IP systems through 2008 under a “fast track” project backed by the Chief of Naval Operations. Much of the work involves adding computer servers and firewalls to work with high-frequency radios already on the ships, Dixon said.

The high-frequency IP project will also make it easier to communicate with allied navies, which rely heavily on high frequency because they cannot afford satellite communications, Dixon said.

The Navy’s trip back to high frequency will require going back to offering high-frequency training to the service’s school curriculum, said Chuck Tabor with the NETWARCOM spectrum management division. It’s been so long time since the Navy has used high frequency “hardly anyone [in the Navy] even knows what it is anymore,” Tabor said.

Malicious email spammers have used another federal agency to launch cyberattacks. The Justice Department warned yesterday in a press release that spammers are using DOJ's name and logo to induce recipients of an email to click on an attachment that may cause "malicious software – e.g., viruses, keystroke loggers, or other Trojan horse programs – to be launched on their computers," according to the release.

"The messages are believed to assert that the recipients or their businesses have been the subject of complaints filed with DOJ and also forwarded to the Internal Revenue Service," the release states. "In addition, such email messages may provide a case number, and state that the complaint was “filled [sic] by Mr. Henry Stewart.”

The Federal Bureau of Investigation, the Federal Trade Commission and the Internal Revenue Service have been subjects of similar malicious emails.

Despite receiving rave reviews from major technology reviewers (here, here and here), Apple's cell phone/music player/video player/web browser device dubbed the iPhone will not likely make its way into federal markets anytime soon.

Federal information technology shops have provided mobile e-mail devices that double as cell phones to thousands of officials in the last few years, but the drawbacks of adopting Apple's new technology device will make agency chief information officers hesitant about rushing to the nearest Apple or AT&T store to purchase the much hyped device.

According to a MacWorld report, the analyst firm Gartner will tell IT decision-makers to avoid the iPhone and to keep it off their networks because it lacks support for services like Microsoft Exchange and does not have security functions like a firewall.

“We’re telling IT executives to not support it because Apple has no intentions of supporting (iPhone use in) the enterprise,” Gartner analyst Ken Dulaney says. “This is basically a cellular iPod with some other capabilities and it’s important that it be recognized as such.” …

“You’ll have e-mail in a place that’s unsecured. There are no firewalls on the device. There’s no ability to wipe (data from) the device if it’s lost,” Dulaney says.

Businesses have little, if any interest in the iPhone and Apple isn’t marketing it to the business sector anyway, says Randy Giusto, who leads IDC’s analysis of mobile devices, computing and computer markets.

“The iPhone is not positioned at all for the IT world,” he says. “It’s a very personal device. Most corporations are probably not going to support the iPhone on their networks.”

In addition to the technical challenge, an agency official looking to procure the device for government use will not likely be able to use the General Services Administration's schedules program.

A GSA spokeswoman said the agency doesn't initiate iPhone approval for sale on the multiple award schedule 70, a popular IT acquisition vehicle. The contractor, in this case Apple or AT&T, initiates the approval for sale on MAS 70, the spokeswoman said. As of a week ago, "no one has indicated customer demand but then again the phone isn't out yet."

As for Apple's plans, an Apple spokeswoman told Tech Insider last week that all the public information the company can provide on the iPhone can be found at www.apple.com/iphone or www.apple.com/pr. She did not say whether Apple would attempt to place the product on GSA's schedules.

The General Services Administration announced Tuesday that Casey Coleman, chief information officer of the new Federal Acquisition Service, will serve as the acting chief information officer until the position can be filled permanently.

Coleman replaces Mike Carleton, who is leaving GSA to fill the Health and Human Services Department's open CIO position.

Coleman has been serving as the first CIO of the Federal Acquisition Service since it was created in October 2006. Previously she served for two years as the CIO of the now defunct Federal Technology Service and also headed GSA's Office of Citizen Services from 2002 to 2004.

Search engine giant Google purchased a massive number of patents from the U.S. Patent and Trademark Office about six months ago. The company has placed them in a database that covers patents issued from the 1790s through the middle of 2006 -- about 7 million patents.

On the site, Google says that it does not currently include patent applications, international patents, or U.S. patents issued over the last few months, but Google says they are hoping to expand its coverage in the future.

A Google spokeswoman said that the company receives a DVD from PTO every week with new patents, and Google uploads the data on a regular basis.

Spokeswomen for both the patent office and Google declined to say how much Google pays for the patents database. A catalogue of PTO products that are for sale is available on the agency's Web site.

A PTO spokeswoman said that the agency is pleased that Google has set up the database because one of the agency's missions is to disseminate information.

Just when you were trying to get used to the latest information technology management theory, another comes along to take its place.

You've heard of IT alignment, in which chief information officers and other IT managers try to sync up IT projects and their management processes with the organization's budgets, strategies and goals. But IT alignment has proven elusive for most CIOs because tight budgets don't allow for significant investments in new applications and the speed in which agencies (and companies) must respond to changing technologies and what must be done on a daily basis have made it increasingly difficult to align IT investments with business realities, reports Forrester Research Inc.

Now, what's needed, Forrester said a report released last week, is something called Business Technology Synchronization. What's BT Synchronization?

First, all units in an organization will be responsible for developing IT to meet the organization's strategic goals. ("Successful BT Synchronization will, ironically, depend entirely on the people managing both technology and business initiatives — from inside and beyond the walls of the traditional IT organization," according to the report.)

Second, "today’s vertically integrated IT organization that manages all of the technology for every user in the business will be obsolete as business users adopt technology directly ...," according to the report. "BT organizations must continuously tune a network of suppliers — including some that are engaged independently of the BT organization — to meet BT’s networked matrix of demand."

Third, the CIO's IT roles of overseeing existing operations and coming up with innovations to support strategic goals will be separated by "introducing a COO of technology to handle support to business units (as at FedEx), dividing work between process and information officers (as at GM), or using other delegation approaches that free up the BT executive to focus at the C-level," Forrester reports. All IT benefits and performance will be meticulously measured.

You heard it here first.

The Homeland Security Department came out yesterday defending its chief information officer against Democratic Party charges that he is not up to the job.

It all started at a House hearing June 20, at which Rep. Bennie Thompson, D-Miss., chairman of the Homeland Security Committee, asked DHS CIO Scott Charbo, a Bush Administration political appointee, why he should keep his job in light of recently uncovered security lapses found on DHS networks. At the hearing, Thompson said he is not convinced Charbo is serious about fixing vulnerabilities in the department's IT systems.

Two days later on June 22, Thompson repeated his remarks in an interview with Federal News Radio, stating that Charbo tried to downplay the seriousness of the problem and that the committee was disappointed in his testimony. "IT security is a very very sophisticated effort and you need the best talent possible," Thompson said. "I'm almost of the opinion that we have a Michael Brown developing in this department."

Michael Brown was DHS' s undersecretary of emergency preparedness and response, a position often referred to as the head of the Federal Emergency Management Agency. He resigned September 2005 following sharp criticism that FEMA didn't adequately respond to the devastation caused by Hurricane Katrina in New Orleans and surrounding areas. He has since become an outspoken critic of the Bush Administration.

During the Federal News Radio interview, Thompson questioned if Charbo's background was appropriate for a CIO position. "Based on the testimony and our examination of Mr. Charbo’s credentials, ... he has a bachelor’s degree and a master’s degree in plant science," Thompson said. "It does not show a strong background in IT security and so therefore many of those issues, had we had someone in that position with the background, they probably could have found it before outside investigators found those breaches."

Charbo actually holds a Bachelor of Science degree in biology from the University of Tampa and a Master of Science degree in plant science from the University of Nevada-Reno, according to his official biography. The Bush Administration seemed to think the credentials were appropriate to give Charbo the CIO position at the Agriculture Department, where Charbo served from 2002 to 2005, when Bush nominated Charbo as CIO of DHS.

In response to Thompson's comments, Charbo's boss, DHS Under Secretary for Management Paul Schneider, issued a statement Monday, June 25, saying:

The Department of Homeland Security completely supports the great work Scott Charbo is doing. Scott has been a linchpin in moving the department’s disparate information technology systems to a cohesive, secure, first-rate platform that serves this department and our stakeholders across the country.

Schneider was nominated for his position at DHS in November 2006 while Charbo was serving as the acting under secretary for management, a post Charbo held for almost 9 months.

All of which begs the question: What makes a good CIO? According to a survey conducted by CIO Magazine, 70 percent of all CIOs say that they held some kind of IT job prior to accepting the CIO role. Of the 30 percent who did not have a prior IT job, about a third had a consulting job, another third held a non-IT-related job and a quarter held a job in sales and marketing, and an administrative job. As for the top three skills a CIO should have, according to the magazine: ability to communicate effectively, strategic thinking and planning, and the ability to lead and motivate staff.

We're not sure where Charbo falls on these metrics, but nevertheless, expect the Democrats to turn up the heat.

This shouldn't come as too surprising:

Schools are not adequately protecting students either in cyberspace or in their buildings, and more money is needed to improve the situation, according to a report released by a leading government supplier of IT products and services.

In a survey of 381 school districts, CDW-G found that schools tend to rely too heavily on technology to protect students from cyberthreats. Out of a possible 110 points on the CDW-G cyber safety index, CDW-G gave districts an average score of 55.3. On the positive side, most districts monitor students' Internet activity, block Web sites and place computer monitors in view of adults. On the negative side, fewer than two out of five districts close their network to provide more control over communication and content access (although many students know how to circumvent the networks by using proxy sites), only about a third update their acceptable use policies once a year (an unacceptable trend now that social networking sites such as Facebook are available), and only 8 percent of districts provide cyber safety training to students, such as including awareness training on identity theft and "the potential impact that inappropriate content can have on a student's college and career plans," according to an accompanying press release.

As for physical security, districts scored an average of 44 out of a possible 160 points. While 63 percent of districts use security cameras to scan school property, "only 24 percent of districts report having real-time access to sex offender databases," according to the report.

CDW-G reports that half of all districts say that a tight security and IT budget is the primary barrier to improving security. CDW-G, not surprisingly, offers this advice: "The School Safety Index can help IT and security directors make the case for additional funding by helping district leaders understand the tools and resources that may prevent or mitigate security breaches, thereby lessening the long-term impact that a breach can have on a district. CDW-G also recommends that districts turn to peers and the vendor community to understand their options regarding new security technology and best practices."

More money may be the answer, but citing a vendor report may make school information security managers' argument for a bigger budget actually a tougher sell to the school board.

Remember the Star Trek episode in which characters are caught in a parallel, alternate universe?

The Defense Department (and possibly the Homeland Security Department) is developing something very much like that, but the alternate earthlings -- that's you and me -- are almost exactly like us.

Defense and DHS have been working with Purdue University professors to build an alternate cyberworld, in which billions of cyber-individuals based on real people live. The agencies can use the cyberworld to simulate what would happen if, say, food and water are cut off from a population, if utilities fail, a bomb goes off in a city, or whatever natural of man-made disaster (read asymmetric warfare) occurs.

The program, called Sentient World Simulation (SWS), will "'generate alternative futures with outcomes based on interactions between multiple sides,' said Purdue University professor Alok Chaturvedi, co-author of the SWS concept paper," according to an article posted by The Register. A commercial version is available through Simulex Inc., which Chaturvedi founded.

The Purdue creators use publicly available information -- census data, job titles, birth dates and even if you own a dog -- to create the world as closely to the real one as possible. The program applies the latest psychological theories on group and individual behaviors, as well as financial and economic theories, to mimic as closely as possible what would happen if certain events occurred. Other data could be culled from social networking sites such as MySpace and Face Book. Much of the work is based on the theory of Alternate Reality (which is closely related to Augmented Reality, as some call it).

Could run-ins with privacy advocates be in the not-so-distant future?

The specter of a cyberwar is not so bad. At least that's view of John Schwartz's article that appeared in the Sunday New York Times. Written with the backdrop of the computer attacks on Estonian government computers (which turned out to not be perpetuated by the Russian government but rather so-called "hactavists," political activists using cyberattacks to make a point), Schwartz's basic point is this: We find ways to make business processes work when computers are down. The economy doesn't (or seemingly, won't) come to a screeching halt if and when computer networks are brought down.

"People, after all, are not computers," Schwartz wrote. "When something goes wrong, we do not crash. Instead, we find another way: we improvise; we fix."

Besides, cyberwar is high risk if carried out to a level that threatens national security rather than just inconveniencing consumers, including escalating tensions to full-scale military actions, Schwartz points out.

Is the hype over a cyberwar, just that, or is it a real threat we need to take seriously? Let us know.

A disturbing, yet a mostly unnoticed, quote by Defense Secretary Robert Gates appeared at the bottom of an Associated Press article about 1,500 Pentagon PCs being taken offline because of cyberattacks. The AP reports, "When asked if his own e-mail account was affected, Gates revealed, 'I don't do e-mail. I'm a very low-tech person.'" (The comment didn't go unnoticed by my colleague, Tom Shoop, who wrote about the odd statement in FedBlog.)

This quote should disturb anyone, not to mention government executives, who are interested in government improving the way it operates. Information technology has progressed to the point that it is intimately intertwined in any organization's business processes and, therefore, strategic goals. It now can help drive an organization's strategy and, sometimes, even determine it, as it has done at Defense. For more than a decade, the Defense Department has spent hundreds of billions of dollars pursuing what it calls network-centric warfare, the idea that information, analyzed and supplied by an intricate set of integrated networks, will drive war strategy and help commanders formulate real-time tactics on the battlefield. That's why Gate's comment is so out of step with what the department that he oversees is doing day in and day out -- and on the battlefields in Iraq and Afghanistan. (Wired blogger Noah Scachtman found the comment screwy and not as serious.)

Is this a generational thing? Or is it a simple misunderstanding that IT is so much more than the email program residing on your PC?

It doesn't really matter, however. Any executive, especially one in charge of Defense, should understand that IT, properly aligned with an agency's business processes, can improve, and even help determine, how an agency will meet its mission. That means you need to understand IT and not be so boastful as to describe yourself as being "low-tech." Discussions of what IT can accomplish, what IT can contribute to an organization's strategic goals and business processes, deserve to be held in an agency's executive meetings. The unfortunate reality, however, is that many executives and leaders in government don't hold those discussions, and agencies' abilities to better manage IT suffer.

Virginia Beach, VA – Any IT system developer will tell you: When you integrate existing systems, there's a high probability that the system will have bugs and glitches, which if serious enough could make the bigger system inoperable.

But Rob Carey, the chief information officer for the Navy, says the department’s plan to integrate four huge communications systems into a single global network will work. Carey, who spoke here at the Transformation Warfare Conference sponsored by AFCEA International and the U.S. Naval Institute, said many global corporations already run all-encompassing networks effectively.

The Navy wants to combine four existing communications networks: the Navy Marine Corps Intranet, which serves installations in the United States; One-Net, which serves overseas installations; IT-21, which serves afloat users; and the Marine Corps Enterprise Network. The combined system would is called the Navy’s Next Generation Enterprise Network [http://www.govexec.com/story_page.cfm?articleid=35978&dcn=todaysnews]

NMCI, managed by EDS under a $9.3 billion contract which expires in 2010, is already the word’s largest Intranet, and combining the other three large networks would not create an unwieldy mass, Carey said.

Carey said the networks need to be integrated because communications are difficult for deployed units and personnel in Iraq. Carey, who is a Commander in the Naval Reserve and served last year in Fallujah, Iraq, with the Seabees, said accessing information in the United States from Iraq “was not impossible, but it was hard.”

Carey declined to provide a timeline for developing the next generation network acquisition strategy except to say it needed to be soon to have the network in place by 2010, when the NMCI contract expires.

The General Services Administration chief information officer has left the agency to take the top technology job at the Health and Human Services Department.

Michael Carleton, who has served as CIO at GSA for seven years, will become the department's chief information officer and deputy assistant secretary for information technology, HHS Secretary Mike Leavitt announced today. The position is not confirmed by the Senate.

GSA did not have an immediate comment.

Carleton replaces Charles Havekost, who announced in April that he was leaving the department to take a position with the International Atomic Energy Association in Vienna, Austria.

Carleton’s new assignment brings him back to the department where he began his federal career in 1979. Prior to joining GSA in 2000, he was the HHS deputy director of the office of information resources management and CIO for the Office of the Secretary.

"Mike’s experience from his years of federal service and previous tenure at HHS make him the ideal choice to lead this department’s information technology programs,” Leavitt said in a statement. “His career successes demonstrate his understanding of not only the importance of technology in delivering information to our citizens, but also the need to identify new and innovative ways to add value."

In his new role, Carleton will oversee the department's IT resources, program systems and infrastructure. He holds a master of science in information resources management from Syracuse University and a master of public administration from Northeastern University.

A White House spokeswoman said today that the Office of Special Counsel report finding General Services Administration chief Lurita Doan guilty of violating the Hatch Act is still being reviewed. The report was delivered to President Bush two weeks ago.

The spokeswoman also noted that there is no deadline for the White House to meet in completing its review of the OSC findings that Doan violated the law that limits political activity in federal agencies.

Last week, two senior House Democrats joined members of the Senate in calling for Doan to step down.

Virginia has learned the hard way the dual lessons of understanding what their systems support and why redundancy may be a good idea.

A hardware failure in a mainframe computer that supports numerous agencies caused the system to crash June 19, affecting, according to first reports, the state's employment commission and the departments of Motor Vehicles, Social Services, Taxation and Transportation.

Just a couple of days later, the state learned just how many state operations and Virginia residents were affected by the crash, according to an article by the Richmond Times-Dispatch. The newspaper reported that:

-- at least a fifth of Virginia government agencies, including some of the largest, lost computer services;

-- state and local police couldn't check driver's licenses and vehicle registrations;

-- more than 14,000 child-support payments could be delayed;

-- consumers couldn't examine corporate records;

-- some agencies were temporarily unable to pay end-of-fiscal-year bills.

The extent of the fallout from the cash is an example of the limited scope governments have of just how integrated their systems are with other government operations. Because of that, the crash also showed Virginia's IT managers just how important redundancy is for major systems. Marcella Williamson, who works in the Virginia Information Technologies Agency, told the Times-Dispatch: "We're going to install some redundant hardware to prevent this from happening again."

But the system was supposed to have redundancy built in. Obviously, it didn't work.

Could there be some lessons here for federal agencies now facing the recently issued Homeland Security Policy Directive 20, which requires agencies to develop a continuity of operations plan?

Computer science and engineering professors at Purdue University used a 3-D simulation program to confirm that the impact of the jets flown by terrorist into the World Trade Center in New York City stripped away fireproofing that eventually brought the buildings down, according to an Associated Press article.

The findings support a National Institute of Standards and Technology report released in 2005. That report "recommended that cities raise fire standards for skyscrapers and develop new materials that can better protect tall buildings from fire," according to the AP. "That analysis did not blame the collapse on the steel or design of the towers, but instead focused on the damage to the fireproofing."

The professors say the simulation, funded by a grant by the National Science Foundation, indicates steel structures should be fireproofed. The towers were built before building codes required such fireproofing.

French government defense officials are advising government workers to give up using their Blackberrys during work for fear that U.S. intelligence agencies and allies may be monitoring emails for state secrets, according to an Associated Press report. The French are also worried that the Le Blackberrys, as the French call them, may be used to steal corproate secrets.

French lawmaker Pierre Lasbordes explained the advisement this way: "It's not a question of trust. We are friends with the Americans, the Anglo-Saxons, but it's economic war." Emails sent via Blackberrys go through servers in the United States and Britain.

Research In Motion, maker of the Blackberrys, says the encryption used for sending email over Blackberrys is stronger than what banks use for online banking.

It's been six months and the Bush Administration has yet to fill the Office of Management and Budget's branch chief for information policy and technology. Speaking on background, an OMB spokeswoman said that "the goal is to find the right candidate for this critical position."

Glenn Schlarman, a long-time career federal employee, retired from the position in December 2006. He is the author of the 2002 Federal Information Security Management Act, the law that governs federal agencies information security policies. Schlarman said in May 2006 that it was too soon to judge the computer security law.

Alan Paller, director of research at the SANS Institute, a nonprofit cybersecurity research organization, said that whoever fills this position could be critical in changing FISMA from being implemented as a reporting exercise to forcing agencies to make genuine security improvements. "The key is to find a person with actual hands-on technical skills who also has great management and political capabilities. I can understand why it is taking a while to find the right person," Paller said.

The Federal Trade Commission issued a press release this week warning consumers and businesses that hackers have used the agency's name and images in emails to trick users to install spyware that can steal sensitive and financial, proprietary or personal information from corporate networks or personal PCs. According to the release:

Consumers, including corporate and banking executives, appear to be targets of a bogus e-mail supposedly sent by the Federal Trade Commission but actually sent by third parties hoping to install spyware on computers. The bogus e-mail poses as an acknowledgment of a complaint filed by the recipient, and includes an attachment. Consumers who open the attachment to this e-mail unleash malicious spyware onto their computer. The agency warns consumers who get this e-mail that purports to be from the FTC:

* Don’t open the attachment.
* Delete the e-mail.
* Empty the deleted items folder.

The hoax e-mail is personalized, and contains the name of the recipient and their business.

This type of attack is known as "spear phishing," in which emails are addressed to specific person, making the message seem legitimate. Spear phishing, as opposed to simple phishing in which the same email is sent out to random email addresses with no personal touch, has increased to the point that it is considered one of the highest risks in information security. Spear phishing is harder to defend against because, unlike other threats that can be stopped by a firewall or a patch to a system, users must be educated to understand what to look for in an email that seems as it came from a legitimate source and has a personal feel to it.

Hat tip: fraudwar blog

Though the Air Force has used a wide range of manned and unmanned aircraft to try to locate improvised explosive devices -- the single largest cause of casualties to U.S. forces in Iraq -- a top Air Force commander bluntly sums up that approach as a waste of effort and resources.

Gen. Ronald Keys, speaking in Virginia Beach, Va., at the Transformation Warfare Conference sponsored by AFCEA International and the U.S. Naval Institute, said that the Air Force had deployed assets ranging from large surveillance aircraft to unmanned aerial vehicles, based on a “hazy feeling” from commanders that such aviation assets would help counter IEDs.

But Keys said he viewed this approach as a “waste of assets.” Keys said flying F-16 fighters or Predator drones over roads in Iraq would not help located IEDs, because “there’s just too much junk” buried all over the country, and they can’t sort it out from actual bombs.

Keys said the Air Force and top military commanders ought to focus their attention on the network that produces the deadly devices.

Air Force Lt. Gen. Donald Hoffman, military deputy in the Office of the Assistant Secretary of Air Force for Acquisition, told the conference that the way to counter IEDs is to “find out where the explosives come from and who the bomb makers are.”

Mark Lamer, a top Army contracting official who has served in Iraq, said that counter-IED efforts also must keep pace with the evolving nature of the threat, pointing out that once U.S. forces in Iraq started equipping troops with jamming gear to knock out radio-controlled IEDs, then adversaries developed motion-sensor activated devices.

User satisfaction with government Web sites bumped up a notch, according to the second quarter report from the University of Michigan’s E-Government Satisfaction Index, which is modeled after the American Customer Satisfaction Index. But the government still trails the private sector in customer satisfaction, the survey showed.

The index moved up 0.4 points to 73.7 on a 100-point scale, mostly because of improved government e-commerce and transactions sites, according to the survey.

The three highest scoring government e-commerce and transactional sites were the sites run by the Social Security Administration, including the Internet Social Security Benefits Application site (which scored an 88), Help with Medicare Prescription Drug Plan Costs site (87) and Social Security Business Services Online (83).

Those sites scored well even when compared with private sector sites, with private-sector e-commerce sites scoring on average an 80 and e-business industries scoring a 76.5, according to the survey.

A U.S. federal court ruled yesterday that law enforcement agents must obtain a warrant to seize private e-mails, much like warrants must be obtained to listen in on private telephone conversations, according to an Associated Press report.

From the article:

The ruling stems from a fraud investigation against Steven Warshak, owner and president of Berkeley Premium Nutraceuticals, an herbal supplement company known for its "Smiling Bob" ads.

Warshak, whose company markets supplements that include a "natural male enhancement" product called Enzyte, argued that his Fourth Amendment protections against unreasonable searches and seizures were violated when the government went after his e-mail records.

The appeals court said the lower court correctly reasoned that e-mails stored at a service provider "were roughly analogous to sealed letters, in which the sender maintains an expectation of privacy. This privacy interest requires that law enforcement officials obtain a warrant, based on a showing of probable cause."

National Public Radio's Morning Edition reported on the ruling, calling it a "very significant case."

If adopting electronic health records does not improve the quality of health care Americans receive, as well as cut the soaring costs of health care, the digital records will become just one more large cost burden on the American health system, said Robert Kolodner, National Coordinator for Health Information Technology at the Department of Health and Human Services.

Kolodner, speaking at a conference in Washington, D.C., last week sponsored by Government Health IT magazine, said healthcare information technology can whittle down the nation’s health care bill, which accounted for about $2 trillion (15 percent) of the $13.2 trillion U.S. gross domestic product. But to do that, Kolodner said healthcare IT must drive “transformational changes” that improve both quality and efficiency.

Transformational changes should improve the quality and efficiency of health care, Kolodner said. He cited the Veterans Health Administration, where Kolodner served as chief health informatics officer at VHA before joining HHS, as an example. VHA, he said, used its electronic health record system to help identify patients at risk of contracting flu or pneumonia. The VHA sent electronic reminders to clinicians caring for the patients identified as being at risk to ask the clinicians to immunize annually the patients with flu and pneumonia shots. Kolodner says the program avoided 6,000 deaths in the 1990s.

Kolodner envisions future healthcare IT systems that combine electronic health records with genetic records that will allow clinicians to pinpoint care in a way never done before in a process he called “mass customization” of medical records. This will lead to the practice of patient-centric based medicine, replacing today’s provider-centric system, which provides care based on symptoms, he said.

The Bush administration has set a goal of providing at least half the U.S. population with electronic records by 2014. The Office of the National Coordinator for Health Information Technology is in the process of developing a patient privacy framework, which takes into account multiple state and federal laws covering medical privacy. The framework allows states and localities to decide on whether patients can either opt in or opt out to electronic health records systems.

The challenges of building a system of electronic health records and the high risks that such a system imposes has been questioned by IT experts, such as a column last year in CIO Magazine.

The General Services Administration Monday awarded 10 companies contracts for encryption software under a blanket purchase agreement worth at least $79 million over five years.

GSA, the Office of Management and Budget and the Defense Department announced the contracts, which will be used to help governments from county governments to the largest federal agency to guard sensitive, unclassified data that reside on laptops, mobile computing gadgets and thumb drives. OMB's Karen Evans previewed the announcement earlier this month.

The awardees are:

• MTM Technologies Inc.
• Rocky Mountain Ram LLC
• Carahsoft Technology Corp.
• Spectrum Systems Inc.
• SafeNet Inc.
• Hi Tech Services Inc.
• Autonomic Resources LLC
• GovBuys Inc.
• Intelligent Decisions Inc.
• Merlin International.

Dave Wennegren, deputy chief information officer for Defense, said 30 proposals were submitted for the award.

The BPA was competed using the Pentagon's Enterprise Software Initiative and GSA’s governmentwide SmartBUY program.

The military's Enterprise Software Initiative and the Air Force’s 754th Electronic Systems Group at Maxwell-Gunter Air Force Base in Alabama will provide acquisition and contract support for the awards and GSA’s SmartBUY program will provide acquisition support for civilian agencies, including state and local governments.

"By working with the federal government to protect this important information we have the ability to add another layer of protection, to New York's cybersecurity program, in an extremely cost-effective way," said New York Governor Eliot Spitzer in a statement.

The software licenses are transferable within a federal agency. All prices are as low as or lower than prices each vendor has available on GSA schedules with the government expecting to avoid costs up to $73 million over the life of the contracts. Additionally discounts on volume pricing range up to 85 percent. Volume pricing is based on tiers for 10,000, 33,000, and 100,000 users.

The products the companies will sell are:

• Mobile Armor LLC’s Data Armor
• Safeboot NV’s Safeboot Device Encryption
• Information Security Corp.’s Secret Agent
• SafeNet Inc.’s SafeNet ProtectDrive
• Encryption Solutions Inc.’s SkyLOCK At-Rest
• SPYRUS Inc.’s Talisman/DS Data Security Suite
• WinMagic Inc.’s SecureDoc
• CREDANT Technologies Inc.’s CREDANTMobile Guardian
• GuardianEdge Technologies’ GuardianEdge

The steady stream of stories about computer projects gone bad continues.

The latest story of a computer system not meeting expectations comes from New York. Social service case workers there are "fed up" with a state network that was supposed to make filing regular case-work reports easier and give case workers more time to spend in the field, according to an article in the Times Herald-Record, a newspaper covering the Orange County New York area north of New York City.

The system, launched in 1996 under then-Gov. George Pataki by the state's Office of Children and Family Services, is still being worked on and case workers' complain that the amount of time they spend at their desks filing reports has more than tripled compared with the "pen-and-paper days," according to the newspaper. An excerpt from the article:

The pent-up frustration is almost palpable as a group of case workers and supervisors at the Orange County Department of Social Services let loose on the computer network that has confounded them for so long. They say it's slow, confusing, difficult to learn, difficult to edit and unable to perform functions most computer users take for granted, like copying and pasting blocks of text.

The cost of the system has increased from $113.6 million to $389.3 million -- with more work scheduled to be completed by next year, the paper reports.

Eighteen agencies have been asked by the Office of Special Counsel to preserve electronic information dating back to January 2001 as part of its governmentwide investigation into alleged violations of the law that limits political activity in federal agencies.

The OSC task force investigating the claims has asked agencies, including the General Services Administration, to preserve all e-mail records, calendar information, phone logs and hard drives going back to the beginning of the Bush administration. The task force is headed by deputy OSC special counsel James Byrne.

OSC recently ruled that GSA Administrator Lurita Doan violated the Hatch Act when she attended a Jan. 26 meeting at the agency's headquarters. At that meeting, attended by Doan and more than 30 political appointees, Scott Jennings, a deputy to Karl Rove, the leading political strategist at the White House, presented a PowerPoint presentation that listed Republican and Democratic political races viewed by the White House as most vulnerable in 2008. Doan asked Jennings how GSA could help Republicans, according to the OSC.

The White House revealed a month ago that about 20 other similar briefings were held in federal agencies in 2006 and 2007. Officials at OSC last month formed a task force to investigate if these other presentations may have violated the Hatch Act. The investigation is in the preliminary stages.

Could the causes of an air-traffic-control computer system crash last week, which delayed flights for hours, be a harbinger for what other government agencies with antiquated systems (which is almost every agency) could be facing in the future?

The computer in question is a 1988 mainframe called the National Aerospace Data Interchange Network. Air traffic controllers use the internal system to obtain thousands of flight plans a day from pilots. The controllers use the plans to manage the nation's air traffic. When part of the system based in Atlanta started malfunctioning, the FAA rerouted much of the data to another system in Salt Lake City, which overloaded that system.

David Spero, a regional vice president for Professional Airways Systems Specialists, the union that represents FAA technical workers, told the Associated Press that the system went down for two reasons: The FAA has been slow to replace the nearly 20-year-old system, and few computer specialists have the training needed to know how to repair the outdated technology.

That sounds like an explanation that can be applied to just about any government agency. Stories abound about the Cobol-based systems that the government still relies on every day. The computer programmers who know the computer language are retiring and not many are left in government with that skill set if anything goes wrong. How many more events like the one the FAA went through last week will occur at other agencies in the years ahead?

First there was President Clinton's defense during the Monica Lewinsky scandal, in which he raised the issue of the meaning of "is." Now we have the "hortatory subjunctive" defense.

General Services Administration chief Lurita Doan appeared Wednesday before the House Oversight and Government Reform Committee to testify about comments she made to federal investigators, who ruled last month that she violated a law that limits political activity in government. One contentious issue had to do with a comment she made to investigators regarding GSA employees, who had testified that Doan asked at a meeting of GSA political appointees how the agency could help Republican candidates. Investigators included in their report last month that Doan claimed the GSA employees who testified she asked that did so because they were biased and poor performers who needed "extensive rehabilitation."

In trying to explain those comments, Doan testified Wednesday that she struggles with verb tense as well as personal pronouns. She also said she was using a "hortatory subjunctive" when she made those comments and that she was in the area of conjecture and supposition.

Doan, who has an English degree from Vassar College (with honors) and a masters in Renaissance literature from the University of Tennessee at Knoxville, told the House Oversight and Government Reform Committee, "Actually, you may notice -- I noticed as I went through the transcript that I have probably some problems sometimes with tense, as well as with personal pronouns. You have to look at what came before. And yes, we were talking about what goes on in a process and how does a performance review process happen."

Rep. John Yarmuth, D-Ky., responded later in the hearing that there are only three tenses (past, present and future). Doan responded that wasn't true. There are in fact other tenses to consider such as present perfective, present progressive and past progressive and in this particular case, the hortatory subjunctive.

The chairman of the panel, Rep. Henry Waxman, D-Calif., responded by saying the following:

Waxman: You've already told us that that future tense sentence didn't mean it because you didn't know future tense or, you know, something about a hortatory something or other. God, I feel like Tony Soprano.

The point is, you neither know or you don't know, about the authority you have. And it looked like, according to a strict reading of those words, that you, in the future, will make your -- use your authority to make sure they don't get the reward, they don't get the bonuses, they don't get whatever benefits they might otherwise get.

Doan: That's incorrect.

Waxman: OK, those words don't mean what they said.

Rep. John Sarbanes, D-Md., whose mother is a Latin teacher, disagreed. He said that her statements about employees not getting promoted were made in the basic "future" tense.

Sarbanes said that the best example of the use of a hortatory subjunctive was when she allegedly said, "How can we help our candidates?" at the conclusion of a presentation given by a deputy of Karl Rove. Doan promptly disagreed.

"The hortatory subjunctive is used when you are exhorting people to do something, which is exactly what that statement was. That was an exhortation in the subjunctive tense," Sarbanes said.

Alexandra Marks, a reporter with the Christian Science Monitor, provides readers this week with a tongue-in-cheek look at the secretive National Counter Terrorism Center and how effective the center is in combating terrorism. (The CIA, FBI, Defense Department and 15 other agencies send to the center's 30 separate computer networks mounds of intelligence, including government briefings, satellite photos, classified cables, phone conversations, gossip and routine threats to flag any "signals" that may indicate terrorist activity.)

The straight-to-the-point quote from the article:

... all the various departments have to work together in responding – something that hasn't always happened in the past.

In fact, that's one thing that worries some intelligence experts. The center doesn't have [direct] operational authority. "They don't have a roomful of buttons where they push things to make things happen," says John McLaughlin, former deputy director of the CIA. Instead, they have an office of strategic planning – a sort of "halfway house" that was the result of compromise, he says, so there would be no conflict with the CIA, FBI, and the Pentagon. So when the NCTC detects a serious threat, it draws up a plan and "recommends" actions for the other agencies.

On the lighter side, Marks pokes fun at the center's supposed secrecy. The center is "a tourist attraction of sorts – at least for reporters, lawmakers, law enforcement, and counterintelligence officials from around the world," according to the article. "Indeed, the NCTC comes complete with tour guides, photographers, and a gift shop full of the latest counterterrorism memorabilia – mugs, T-shirts, jackets, and even NCTC memorial coins."

There's also a sign warning employees: "Foreigners Present."

This week, we've posted two items (this one and this one) on how the "green movement" is picking up steam in the IT markets. Seems there's more momentum building:

Earlier this week, some large IT corporations (such as Intel, Google, Dell, HP, IBM, EDS and Microsoft) and at least one government agency (the Environmental Protection Agency) announced this week that they have jointly formed the Climate Savers Computing Initiative. The initiative's goal is to " to save energy and reduce greenhouse gas emissions by setting aggressive new targets for energy-efficient computers and components," according to the press release.

The initiative has set a 90 percent efficiency target for power supplies for digital equipment, which, if attained, would reduce greenhouse gas emissions by 54 million tons per year, and save more than $5.5 billion, according to Urs Hölzle, senior vice president of operations and a Google fellow. The average desktop "wastes nearly half of its power, and the average server wastes one-third of its power," Hölzle said.

The initiative expands on the Word Wildlife Fund's Climate Savers program, "which has mobilized over a dozen companies since 1999 to cut carbon dioxide emissions," according to the Climate Savers Computing Initiative's Web site.

After a mother of two in a Chicago suburb put her children to bed, she flipped on her baby monitor. What she saw was a black-and-white video of the inside of NASA's Space Shuttle Atlantis, according to the Associated Press. "Whoever has a baby monitor knows what you'll usually see," said the elementary school science teacher. "No one would ever expect this."

The monitor has been picking up the signal since Sunday. "The explanation from the Johnson Space Center is that the same kind of baby monitor resides in a house nearby where the NASA TV channel is available," according to an article on Yahoo!. "Another theory is that a neighbor has a wireless device with the same frequency as the monitor and connected to a TV which gets the NASA channel."

If only all government system integrations would work this well.

You've heard your fair share of scary stories about how the lack of proper security processes and equipment can make personal information an easy target for criminals, rogue hackers or just the plain curious. We've got another one for you; this one having to do with voice over Internet Protocol (VoIP), which an increasing number of government agencies (federal, state and local) have installed or are considering installing to reduce telecommunications costs.

Law.com posted an article today by Todd Nugent, a chief technology officer for a law firm in Chicago, who related his experiences with the firm's VoIP system. Here's one of the more scary discoveries he made:

In the process of installing the conference room system, our programmers found that not only could they place conference room calls, they could also arrange to place the call silently, by muting the speaker on the calling phone. This could effectively turn any speakerphone in the firm into a clandestine monitoring device. In other words, running this program would cause any selected speakerphone in the firm to call the conference room, monitoring what was being said in the other room.

Nugent offers this advice: "As with any network connected computer, it is important to change default passwords, apply security updates in a timely way and install security firewalls, intrusion detection and prevention."

As a side note, Nugent cites the National Institute of Standards and Technology's Special Publication 800-50, which specifies "security guidelines for the installation of IP phones" and "is the basis for many government IP phone procurements." The NIST publication advises agencies to separate data and voice networks for IP phones. But Nugent writes that, "of course, one of the attractions for IP phones is the cost savings associated with eliminating dedicated phone wiring, so this is not a welcome recommendation."

This week seems to be "Green Week" for government. First, the United Kingdom announced this week that it was forming a task force to look into how it can reduce the energy consumption (and therefore the production of greenhouse gases) of PCs, data centers and other computer-related processes that eat up energy.

Now the Environmental Protection Agency plans to announce soon that it is extending its Energy Star program for desktop PCs to servers, reports the EETimes. According to the article:

The EPA may announce the effort as part of a report on the problem of rising power consumption in large data centers. The report, due out in about two weeks, will also recommend metrics for measuring power efficiency in data centers and suggest government and commercial data centers begin using them.

... The EPA report will ask government data centers to start measuring and reporting their power efficiency. It will also ask the government data centers to develop a road map for improving their efficiency over time to act as examples for commercial data centers.

EPA launched the Energy Star program in 1992 to recognize computers and monitors that were energy efficient. EPA has expanded the program to include major appliances, office equipment, home electronics, and new homes and office buildings.

A professor at the University of Georgia has developed a computer model that, she claims, accurately predicts the outcome of wars 80 percent of the time. “If you know some key variables – like the major objective, the nature of the target, whether there’s going to be another strong state that will intervene on the side of the target and whether you’ll have an ally – you can get a sense of your probability of victory,” said Patricia Sullivan, an assistant professor in the School of Public and International Affairs, in a press release issued this week by the University of Georgia.

Sullivan, whose article appears in the June issue of the Journal of Conflict Resolution (access to the article requires payment), studied 122 post-World War II conflicts to build the model. When applied to past wars, the model predicts a 93 percent chance of success for the first Gulf War, but only a 26 percent chance of success for the current Iraq War if the war is waged over a 10 year period.

The reason, according to the press release:

Driving Saddam Hussein’s army out of Kuwait in the 1991 Gulf War and overthrowing his government in 2003 was a brute force objective that was accomplished relatively quickly, for example, but quelling sectarian violence and building support for the current government has been much more difficult because it requires target compliance.

“We can try to use brute force to kill insurgents and terrorists, but what we really need is for the population to be supportive of the government and to stop supporting the insurgents,” Sullivan said. “Otherwise, every time we kill an insurgent or a terrorist, they’re going to be replaced by others.”

Hat tip: Slashdot

Did you know that the computer industry contributes as much to the emissions linked to global warming as the airline industry, generating 35 million tons of carbon dioxide a year? That's why the United Kingdom has formed a task force, led by the Manchester City Council, to look into how it can replace PCs with devices that use 98 percent less energy, according to an article posted by Computeractive.

The task force will focus on the production, operation and disposal of computers, all of which contribute to greenhouse emissions. For example, IT operations can depend more on thin clients. "People will be able to access core applications such as office packages, email, and Internet surfing housed in data centres around the country using what are known as thin client devices," according to the article.

How IT managers can reduce greenhouse emissions was the subject of a recent CIO Magazine cover story, which presented ways chief information officers can become green and reduce costs.

The list of states rebelling against the Real ID Act continues to increase. The Tennessee legislature last night voted to not comply with the Real ID Act of 2005 unless it is fully funded, according to a press release issued today by the American Civil Liberties Union of Tennessee.

Tennessee becomes the 16th state to pass a resolution saying it will not comply with the law because the act requires each state to spend millions of dollars on upgrading computer systems to meet the law's requirements, which include adding security features to driver's licenses such as bar codes and digital photographs to make it harder to obtain a fraudulent driver's license. The federal government will eventually require that Americans use the new licenses to gain entry to federal buildings, nuclear power plants and commercial airlines.

The resolution "urges the Tennessee congressional delegation to support measures to repeal the Real ID Act, and states that 'there be no implementation of the Real ID Act until full funding is provided by the federal government,'" according to the ACLU press release.

If you're familiar with the BattleBots program on cable television, then you may be a good candidate for what the Homeland Security Department and the National Institute of Standards and Technology are looking.

From June 18-22, NIST engineers plan to hold the fourth Response Robot Evaluation Exercise to test robots that can be used to support first responders' search and rescue efforts.

NIST, which will conduct the evaluations, will test robots that can operate in two types of disasters. The first is a structural collapse of a municipal building, in which a robot must be able to traverse rubble and small openings to find victims and help engineers determine if the building is safe to enter.

The other scenario involves a wreck of a passenger train that also is carrying unknown hazardous materials. The robot must be able to cross railroad tracks, maneuver through wreckage and debris to map the scene, locate victims, find, identify and bring back samples of hazardous materials.

The evaluations will be conducted at "Disaster City" at Texas A&M University in College Station, Texas.

Hat tip: Technology News Daily

General Services Administration chief Lurita Doan yesterday met with Rep. Tom Davis, R-Va., the ranking member of the House Oversight and Government Reform Committee, and other members of Congress, his staff confirmed today. Doan is scheduled to testify before the oversight panel Wednesday morning.

Davis, who has publicly defended the embattled GSA administrator, met with Doan before her first appearance in March.

President Bush was advised in a letter from the Office of Special Counsel Friday to discipline Doan to the "fullest extent" for her alleged violations of the law that limits political activity in the federal government.

Andrew Ciafardini, the Office of Management and Budget's Government to Citizen e-government portfolio manager, is moving to another office in the White House after less than a year on the job, sources tell Government Executive. Ciafardini will serve in the White House's office of intergovernmental affairs, which serves as the president's liaison to state, local and tribal governments.

In his brief stint at OMB, Ciafardini led a project to collect data on the e-government projects to establish benchmarks to create performance targets for the initiatives.

When asked about Ciafardini's move, spokeswomen for OMB and the White House said that they do not have an announcement to make at this time.