Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Cybersecurity To Do List
Thursday - 10/25/2012, 2:33am EDT
Although the federal government has made progress on cybersecurity in recent years, several items remain on the agenda for agencies to secure their networks.
With the help of cybersecurity experts both in and out of government, Federal News Radio has compiled a list of the major items still on the government's cyber to-do list. (The items are in no particular order.)
Legislation— The Senate failed to update any cyber laws over the last three years, whether they were controversial, such as how to address critical infrastructure systems, or widely accepted, such as the update to the Federal Information Security Management Act (FISMA). The House passed four seperate cyber bills, but all failed to gain significant traction in the Senate.
Implement HSPD-12 for logical access— The Office of Management and Budget found in the fiscal 2011 FISMA report to Congress that while 90 percent of all federal employees have HSPD-12 compliant smartcards, only four agencies — the departments of Defense, Education and Agriculture and the General Services Administration — required at least 44 percent of all users to log onto the network using the cards. Of the other 18 agencies, only four showed any progress — the departments of Homeland Security, State and Commerce and NASA — in using the cards. Agencies need to implement smart card readers and get away from usernames and passwords for logging onto networks and computers.
Supply chain risk management— By some estimates, 1 in 10 technology systems or products have counterfeit parts in them. And there is no way to estimate how many IT systems have malicious malware or back doors. DoD and the White House are working on supply chain policies, but the government continues to buy based on price in order to meet cost and schedule requirements, which often drives them to acquisitions from untrusted and unauthorized sources from online brokers or gray market providers.
Cloud Computing— The Obama administration pushed agencies into the cloud, but without a clear approach to defend the systems in the cloud. OMB launched the Federal Risk and Authorization Management Program (FedRAMP) to bring standardization to the way cloud services are accredited and authorized. GSA, DoD and DHS must bring FedRAMP to full operational capability.
Rules of Engagement—
(Photo: Jeremy Burns/Air Force)
Insider Threat Policy— A White House task force is developing a new policy to combat the potential of employees or contractors doing harm to federal networks. The draft policy is going through the interagency review process.
NSTIC Roll Out— The National Strategy for Trusted Identities in Cyberspace has been hailed by cyber experts as a much needed and potential game-changer. The program just awarded five pilots, $10 million total, to test concepts for using third-party credentials to log onto government and private sector services.
Critical Infrastructure Systems—
Column: Cyber dominance meaningless without skilled workforce (Rep. Jim Langevin, D-R.I.)
Column: Cyber inaction may be our Achilles' heel (Rep. Mac Thornberry, R-Texas)