Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
Two events in 2006 changed the way federal agencies and contractors viewed and understood cybersecurity. Those two now-seminal events brought cybersecurity out from underneath the IT blanket and into the mainstream. In our special report, Cybersecurity Rising, Federal News Radio looks back at how those events influenced significant change in securing federal systems and how senior leaders talk about and grasp the importance of cybersecurity.
Cybersecurity To Do List
Thursday - 10/25/2012, 2:33am EDT
Although the federal government has made progress on cybersecurity in recent years, several items remain on the agenda for agencies to secure their networks.
With the help of cybersecurity experts both in and out of government, Federal News Radio has compiled a list of the major items still on the government's cyber to-do list. (The items are in no particular order.)
Legislation— The Senate failed to update any cyber laws over the last three years, whether they were controversial, such as how to address critical infrastructure systems, or widely accepted, such as the update to the Federal Information Security Management Act (FISMA). The House passed four seperate cyber bills, but all failed to gain significant traction in the Senate.
Implement HSPD-12 for logical access— The Office of Management and Budget found in the fiscal 2011 FISMA report to Congress that while 90 percent of all federal employees have HSPD-12 compliant smartcards, only four agencies — the departments of Defense, Education and Agriculture and the General Services Administration — required at least 44 percent of all users to log onto the network using the cards. Of the other 18 agencies, only four showed any progress — the departments of Homeland Security, State and Commerce and NASA — in using the cards. Agencies need to implement smart card readers and get away from usernames and passwords for logging onto networks and computers.
Supply chain risk management— By some estimates, 1 in 10 technology systems or products have counterfeit parts in them. And there is no way to estimate how many IT systems have malicious malware or back doors. DoD and the White House are working on supply chain policies, but the government continues to buy based on price in order to meet cost and schedule requirements, which often drives them to acquisitions from untrusted and unauthorized sources from online brokers or gray market providers.
Cloud Computing— The Obama administration pushed agencies into the cloud, but without a clear approach to defend the systems in the cloud. OMB launched the Federal Risk and Authorization Management Program (FedRAMP) to bring standardization to the way cloud services are accredited and authorized. GSA, DoD and DHS must bring FedRAMP to full operational capability.
Rules of Engagement—
(Photo: Jeremy Burns/Air Force)
Insider Threat Policy— A White House task force is developing a new policy to combat the potential of employees or contractors doing harm to federal networks. The draft policy is going through the interagency review process.
NSTIC Roll Out— The National Strategy for Trusted Identities in Cyberspace has been hailed by cyber experts as a much needed and potential game-changer. The program just awarded five pilots, $10 million total, to test concepts for using third-party credentials to log onto government and private sector services.
Critical Infrastructure Systems—
Column: Cyber dominance meaningless without skilled workforce (Rep. Jim Langevin, D-R.I.)
Column: Cyber inaction may be our Achilles' heel (Rep. Mac Thornberry, R-Texas)