The Situation Report: VA’s New Power Brokers, Thor, and Creepy Analytics

By: MeriTalk Staff

Blogs

Jun 23, 2016 | 11:07 am

VA’s New Power Brokers

Department of Veterans Affairs Chief Information Officer LaVerne Council has a new chief of staff. Kai Fawn Miller, the director of IT Strategic Communication for the Office of Information and Technology (OI&T) will assume the role of chief of staff on June 26, according to an email from Council intercepted by The Situation Report.

“As Chief of Staff, Kai will work directly with the leadership team to ensure that our daily activities are balanced with our overall mission,” Council wrote in an email to staff. “She will make recommendations to help ensure consistency across our divisions’ processes and resources, and she will continue to keep leadership informed of the feedback and ideas from all of our employees in order to bring urgent issues, great innovations, and our biggest successes to light.”

In addition to naming a new chief of staff, Council appointed five new authorizing officials for VA IT systems. According to a June 15 memorandum, Council gave the following senior executives “full authority” to authorize IT systems for operation:

Ronald Thompson, Principal Deputy Assistant Secretary for Information and Technology
Susan McHugh-Polley, Deputy Assistant Secretary for Service Delivery and Engineering
Robert Thomas, Deputy Assistant Secretary for Enterprise Program Management
Daniel Galik, Associate Deputy Assistant Secretary for Security Operations
Dominic Cussatt, Executive Director for Enterprise Cybersecurity Strategy

Now the question is: How many VA systems do not have ATOs?

VA Transformation & Strategic Sourcing

Our well-placed moles throughout the VA enterprise have reported that Council is quite pleased with the agency’s progress to date on its so-called transformation efforts. In a June 10 email, Council said OI&T is two quarters ahead of its anticipated plan, meeting four of its seven transformation milestones.

One of those milestones is the formation at a Strategic Sourcing initiative.

“Effective immediately, our IT acquisitions team–led by Luwanda Jones–will transition to be the first fully-staffed function in the strategic sourcing organization,” Council wrote. “As this team continues to oversee the effective execution of our IT acquisitions for the rest of the fiscal year, they will also play a vital and pathfinding role in the formation of the strategic sourcing office. Until our DCIO for strategic sourcing is hired, Luwanda will report directly to me.”

The goal of the new strategic sourcing office is to improve VA OI&T’s speed to market, ensure compliance with the Federal Information Technology Acquisition Reform Act (FITARA), and foster the most responsible allocation of taxpayer resources.

Brian Burns Update

It’s time for your humble correspondent to eat crow. I recently predicted that Brian Burns, the former VA chief information security officer, was lining up to possibly take on the new Federal CISO position. Well, my listening post outside VA headquarters has corroborated signals coming out of the New Executive Office Building that the Federal CISO announcement isn’t likely coming until July.

And an intercepted cable from the Commandant of the U.S. Coast Guard shows that Burns is now the new deputy CIO of the Coast Guard. He’s been in that position since June 12.

Codename: Thor

The Intelligence Advanced Research Projects Agency is seeking technology that will detect when an individual is attempting to spoof a biometric security system. Known as a biometric Presentation Attack, or PA, the process involves using a prosthetic to conceal a biometric signature or present an alternative biometric signature.

Current methods of detecting a biometric spoof attack rely mostly on what is called “liveness detection”—making sure that a fingerprint presented to a fingerprint reader, for example, is from a finger that is attached to a living human being, or that a retina scan detects pupil dilation (another indicator that the body part is attached to a living subject).

IARPA’s new Thor research project will focus primarily on finger, face, and iris biometric scanning. However, the system (or systems, if different hardware is used for each biometric scan) must be able to accurately assess the integrity of the process without a human in the loop. Potential use cases include travel checkpoints, facility access points, identify verification, and cyber authentication.

Return to Creepy Analytics

If you’re old enough to remember Admiral John Poindexter‘s Total Information Awareness program at the Pentagon’s Defense Advanced Research Projects Agency, then you’re old enough to be creeped out by IBM‘s latest patent—Monitoring Individuals Using Distributed Data Sources.

According to the patent document, IBM’s invention “relates generally to the field of security, and more particularly to verifying the location of an individual.” What it actually does, however, is overcome the limitations of existing tracking technologies, such as limited range and requiring the person being tracked to carry a GPS-enabled tracking device.

“An embodiment of the present invention provides multiple sources of information that are used to determine the location of a given individual…[and]…provides authority figures with the option of selecting which types of data sources are used for tracking purposes,” the patent states.

In one scenario detailed in the patent, video cameras that are known to the monitoring program capture images of an individual and feed that image into a facial recognition program. But in cases where the video-capture device is not known to the system, sounds and objects from the surrounding area can be used to determine the location of the person in the video.

“For example, analysis of the video indicates the sound of a train passing by along with lettering that reads ‘XYZ.’ In this example, the user profile includes the names and addresses of the friends of the individual along with a known range of travel of the individual. Tracking program 115 searches the Internet for train tracks, the words ‘XYZ’ and the known range of travel of the individual. Tracking program 115 applies statistical analysis to the results of the search and determines that the individual is most likely at the house of their friend.”

Sure, this sounds great for parents of tweens. But Situation Report is officially creeped out.

Gone Fishing

The Situation Report is off next week. Your humble correspondent will be enjoying surf fishing for record-setting stripers and bluefish, without the tyranny of email access.

Cookie	Duration	Description
AWSALBCORS	7 days	Amazon Web Services set this cookie for load balancing.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
_pxhd	1 year	PerimeterX sets this cookie for server-side bot detection, which helps identify malicious bots on the site.

Cookie	Duration	Description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
__cf_bm	30 minutes	Cloudflare set the cookie to support Cloudflare Bot Management.

Cookie	Duration	Description
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.
_gat	1 minute	Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
UID	1 year 1 month 4 days	Scorecard Research sets this cookie for browser behaviour research.
vuid	1 year 1 month 4 days	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
__gads	1 year 24 days	Google sets this cookie under the DoubleClick domain, tracks the number of times users see an advert, measures the campaign's success, and calculates its revenue. This cookie can only be read from the domain they are currently on and will not track any data while they are browsing other sites.

Cookie	Duration	Description
anj	3 months	AppNexus sets the anj cookie that contains data stating whether a cookie ID is synced with partners.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
GoogleAdServingTest	session	Google sets this cookie to determine what ads have been shown to the website visitor.
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
muc_ads	1 year 1 month 4 days	Twitter sets this cookie to collect user behaviour and interaction data to optimize the website.
personalization_id	1 year 1 month 4 days	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
uuid2	3 months	The uuid2 cookie is set by AppNexus and records information that helps differentiate between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
_mkto_trk	1 year 1 month 4 days	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
__gpi	1 year 24 days	Google Ads Service uses this cookie to collect information about from multiple websites for retargeting ads.

Archives