Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
Shows & Panels
Two events in 2006 changed the way federal agencies and contractors viewed and understood cybersecurity. Those two now-seminal events brought cybersecurity out from underneath the IT blanket and into the mainstream. In our special report, Cybersecurity Rising, Federal News Radio looks back at how those events influenced significant change in securing federal systems and how senior leaders talk about and grasp the importance of cybersecurity.
Cybersecurity To Do List
Thursday - 10/25/2012, 2:33am EDT
Although the federal government has made progress on cybersecurity in recent years, several items remain on the agenda for agencies to secure their networks.
With the help of cybersecurity experts both in and out of government, Federal News Radio has compiled a list of the major items still on the government's cyber to-do list. (The items are in no particular order.)
Legislation— The Senate failed to update any cyber laws over the last three years, whether they were controversial, such as how to address critical infrastructure systems, or widely accepted, such as the update to the Federal Information Security Management Act (FISMA). The House passed four seperate cyber bills, but all failed to gain significant traction in the Senate.
Implement HSPD-12 for logical access— The Office of Management and Budget found in the fiscal 2011 FISMA report to Congress that while 90 percent of all federal employees have HSPD-12 compliant smartcards, only four agencies — the departments of Defense, Education and Agriculture and the General Services Administration — required at least 44 percent of all users to log onto the network using the cards. Of the other 18 agencies, only four showed any progress — the departments of Homeland Security, State and Commerce and NASA — in using the cards. Agencies need to implement smart card readers and get away from usernames and passwords for logging onto networks and computers.
Supply chain risk management— By some estimates, 1 in 10 technology systems or products have counterfeit parts in them. And there is no way to estimate how many IT systems have malicious malware or back doors. DoD and the White House are working on supply chain policies, but the government continues to buy based on price in order to meet cost and schedule requirements, which often drives them to acquisitions from untrusted and unauthorized sources from online brokers or gray market providers.
Cloud Computing— The Obama administration pushed agencies into the cloud, but without a clear approach to defend the systems in the cloud. OMB launched the Federal Risk and Authorization Management Program (FedRAMP) to bring standardization to the way cloud services are accredited and authorized. GSA, DoD and DHS must bring FedRAMP to full operational capability.
Rules of Engagement—
(Photo: Jeremy Burns/Air Force)
Insider Threat Policy— A White House task force is developing a new policy to combat the potential of employees or contractors doing harm to federal networks. The draft policy is going through the interagency review process.
NSTIC Roll Out— The National Strategy for Trusted Identities in Cyberspace has been hailed by cyber experts as a much needed and potential game-changer. The program just awarded five pilots, $10 million total, to test concepts for using third-party credentials to log onto government and private sector services.
Critical Infrastructure Systems—
Column: Cyber dominance meaningless without skilled workforce (Rep. Jim Langevin, D-R.I.)
Column: Cyber inaction may be our Achilles' heel (Rep. Mac Thornberry, R-Texas)