Cybersecurity workforce more than 'essential'

Tuesday - 4/12/2011, 10:30am EDT

Hord Tipton, executive director, ISC Squared

Click below to hear the interview

Download mp3

By Suzanne Kubota
Senior Internet Editor
FederalNewsRadio.com

In planning for a potential shutdown, cybersecurity staff at the Homeland Security department had been informed that they would not be furloughed. But a government shutdown could cause cyber vulnerabilities, even with essential personnel in place.

We may have avoided a shutdown, Hord Tipton, executive director at ISC squared and former CIO at the Interior Dept, tells Federal News Radio's Amy Morris agencies could be addressing those vulnerabilities now.

Many of the actions are the same things that you should be doing normally, said Tipton. "Having a good established, clearly established chain of command is essential and for that you have to preserve the freedom to assess your entire security workforce whether they're on the job or not. You just never know who may be needed." Tipton noted most agencies seemed to be pretty well prepared for that at this point.

Agencies should also have an updated asset portfolio. "You have to know where your things are and how it may have changed, and they do change quite frequently."

Tipton concluded it's necessary to have a "good knowledge of all the things on your network and then the privileges for each of those systems, particularly the critical systems."

Tipton conceded things have changed since he was CIO at the Department of Interior and faced a shutdown. "It was a whole different world, Amy. Computers were around of course but they were in different places. They weren't nearly as prevalent as they are now. The access to systems was much more limited. You didn't have all these mobile devices floating around that could access some of these systems from far away places."

As for the future, Tipton urged completing the task of continuous monitoring. "To the extent that you can supplement good people with good systems and get information quickly, your alerts on these critical systems particularly, there's no reason that they shouldn't be able to reach you or anyone else remotely so that you can deal with it."

For more shutdown and other disaster recovery tips for cybersecurity, listen to the entire interview at the top of this page.

This story is part of Federal News Radio's daily Cybersecurity Update brought to you by Tripwire. For more cybersecurity news, click here.