The Government Accountability Office has identified several vulnerabilities in the Centers for Medicare and Medicaid Services’ technical controls for systems that support the federal health insurance marketplace.

GAO said Wednesday it found insufficient administrator privilege restriction, inconsistent security patch implementation and insecure administrative network configuration for Healthcare.gov supporting systems and the Federal Data Services Hub.

GAO reports that CMS did not develop a schedule for security oversight procedures and follow-up corrective actions.

The government watchdog recommends that CMS establish procedures for the oversight of state-based marketplaces and enforce continuous security monitoring for those marketplaces.

Oversight and continuous monitoring work to ensure the security and privacy of data processed through Healthcare.gov, GAO noted.

Lt. Gen. Robert Ferrell, chief information officer of the U.S. Army, estimates it will take more than one year for the military service to update its legacy computers to Microsoft‘s Windows 10 operating system, Federal News Radio reported Thursday.

Scott Maucione writes that Terry Halvorsen, the Defense Department‘s CIO and a 2016 Wash100 recipient, issued a directive in November instructing all DoD component organizations to complete their Windows 10 transition efforts by January next year.

Ferrell noted his office collaborates with Microsoft engineers to assess the branch’s current information technology platforms and to create a roadmap to implement the new OS, Maucione reports.

The report said he is also working with DoD and the Army’s industry partners to develop a mobility strategy for the military service.

The Department of Homeland Security has proposed to restructure its National Protection and Programs Directorate into a new organization that will focus on addressing threats to U.S. cyber and physical systems, according to a Lawfare blog article published March 21.

Paul Rosenzweig, founder of Red Branch Consulting, reports the department has offered Congress a plan to realign NPPD functions and programs and rebrand the agency as “Cyber and Infrastructure Protection.”

The reorganization effort seeks to distribute NPPD’s acquisition, business, strategic and analytical operations into three subcomponents.

Those subcomponents will be known as the National Cybersecurity and Communications Integration Center, Infrastructure Security and Federal Protective Service.

A federal grand jury has indicted seven Iranian people whom government  investigators believe have orchestrated extensive denial-of-service attacks on U.S. financial services institutions between December 2012 and September 2013.

The Justice Department said Thursday computer hacking charges have been filed against Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar and Nader Saedi.

These individuals worked for Iranian security firms ITSecTeam and Mersad and are accused of working on behalf of Iran’s Islamic Revolutionary Guard Corps to conduct a massive DDoS campaign against U.S.-based banks that lasted for approximately 176 days.

“In unsealing this indictment, the Department of Justice is sending a powerful message: that we will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market,” Attorney General Loretta Lynch told a press conference Thursday.

Prosecutors also charged Firoozi with unauthorized access to the Supervisory Control and Data Acquisition server at the Rye, New York-based Bowman Dam during 2013.

DOJ noted all of the seven cyber attack suspects face up to 10 years in prison and Firoozi could face an additional five-year imprisonment for the dam breach.

The Defense Advanced Research Projects Agency has unveiled a three-year competition that seeks to develop machine-learning platforms designed to allow civilian and military wireless devices to gain access to the electromagnetic spectrum.

DARPA launched the Spectrum Collaboration Challenge at the two-day International Wireless Communications Expo that kicked off Wednesday in Las Vegas, the agency said Wednesday.

SC2 seeks to equip radios with machine-learning and artificial intelligence functions in order for the devices to collaborate with other types of radios in spectrum environments.

“DARPA Challenges have traditionally rewarded teams that dominate their competitors, but when it comes to making the most of the electromagnetic spectrum, the team that shares most intelligently is going to win,” said Paul Tilghman, SC2 program manager at DARPA’s microsystems technology office.

DARPA will start the competition in 2017 and will award a prize of $2 million to the winning team in early 2020.

The agency also plans to build a wireless testbed for the challenge in order to allow researchers to assess spectrum-sharing techniques and algorithms for radio platforms.