Steve Grewal, the Education Department's chief information security officer, joined Federal News Radio on March 6, 2014, for an online chat.
Grewal answered questions about his agency's new security operations center (SOC), the cyber workforce, and challenges with security at the agency. View an archived version of the chat.
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Ask the CIO
DHS sees a wave of information sharing as the key to raising all cyber boats
Wednesday - 2/5/2014, 1:45pm EST
The goal is to strengthen both private and public sector computer networks by bringing everyone up to at least the same basic level of security.
Phyllis Schneck, the deputy undersecretary for cybersecurity in the National Protection and Programs Directorate at DHS, said when everyone exercises better cybersecurity, there is more data to pull from so the understanding of the threats and vulnerabilities increases.
"There also are more cyber indicators and at a high level, if you imagine when Internet traffic moves, it has a destination, origination and some information to help it travel. We are suggesting some protocols that DHS has already built and some sectors have started to adopt that will send information about the security of the traffic that it's carrying so when it arrives your computer will know whether to use it," Schneck said. "This is what can help our National Cybersecurity Communications and Integration Center mitigate [these threats] through that common operating picture of cyber [by] receiving a lot of these indicators at the speed that machine traffic travels. It can actually help identify where botnets are by certain patterns. This is the science the private sector already uses, and combined with government data, this is the science that can take response from hours to minutes."
Over the last five years, DHS has been building toward this ultimate goal of public-private information sharing of cyber data. A recent DHS inspector general report found the agency has made progress in several areas, but does need to come up with a standard set of incident reporting categories.
It took over the Defense Industrial Base pilot from the Defense Department in 2012. It's now called the Enhanced Cybersecurity Services (ECS) program. DHS also will launch later this month a voluntary cybersecurity program as required by President Barack Obama's cybersecurity Executive Order from February 2013.
The department also launched the Einstein 3 program and is just getting started with the implementation of continuous diagnostics and mitigation (CDM) tools to better secure government networks.
All of this data will help inform in near real-time the cyber threats and risks agencies and companies face every day.
Schneck said the more people participating in the online ecosystem, the more data is generated and the better analysts can understand what's happening.
She said the ECS program, which shares classified cyber threat data with qualified companies, is growing.
"We are over the hump of the building part and we are looking at the equations of how do you create the atmosphere where you can handle that kind of information appropriately according to law?" she said. "Looking toward the future, I can't emphasize enough how much value there is in the unclassified data that is in the private sector that is yet untapped. That's part of the reason why the information sharing is so important and the trust is so important. When you combine that with our ability to also use classified counter-measures, that's a very powerful weapon that we have against those who want to do us harm. It's also a great way to make everyone more secure so your best minds can be used to hunt for the very, very harmful attacks that we don't yet have technology to fight."
As for the future of ECS, Schneck said the collaboration with private sector providers and the NCCIC will lead to a better, self-healing systems.
"Just like your body fights a cold, your body doesn't have a meeting to fight a cold. It sees something bad and attacks it. What we want to do electronically is what your body does biologically, create that ecosystem, that immune system, but take it one step further," she said. "We cannot only fight the attack, but warn everyone else about it in milliseconds. When you ask the vision, hours to milliseconds to self-mitigation, making it so it's more clear to see the very harmful attacks that admittedly no one can yet fight."
She said the NCCIC will continue to grow to support more partners in the critical infrastructure as well as improve its analytics capabilities in order to warn of threats at machine speeds.
"What we have to do is tie it together. What we know. What the private sector knows to create that common operating picture," Schneck said. "To understand what is the exact metric by which we measure success. What is the metrics that determine the value of the classified counter measure and the cost of delivering and caring for that classified information, which is rather high. What are the metrics around the value of that versus open source information and how do we balance the use of those."