Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Search Tags: Cyber
Self-proclaimed "technogeeks" at the Defense Advanced Research Projects Agency, after determining the nature of the cybersecurity threat, have created programs to tackle them and, most importantly they say, surprise would-be cyber crooks. Officials at DARPA say the agency's sole mission since its inception in 1958 has been to prevent technological surprises. Two of the agency's recent cybersecurity programs, called CRASH and PROCEED, were created for that purpose. CRASH - the Clean-slate Design of Resilient, Adaptive, Secure Hosts program - seeks to build new computer systems that resist cyberattacks. After successful attacks they learn from the attack, adapt and repair themselves. The program evolved from a workshop DARPA held earlier this year that pulled together experts in cybersecurity and operating-system as well as infectious-disease biologists.
December 15th, 2010
October is Cybersecurity month. Jane Norris, host of the new FedCentral program, will be joined by Karen Evans, partner at KE&T Partners, LLC, and former Administrator for E-Government and IT at OMB along with JR Reagan, principal with Deloitte & Touche LLP to discuss Cyber Workforce trends including key findings from the Human Capital Crisis in Cybersecurity study.
Dec. 14th, 10:00 am
Cyber-threats have created unprecedented technical and social challenges that have never before been addressed. In the past, when the enemy attacked you could see it, touch it and know what damage was incurred. A cyber-bullet can attack a country, a financial institution, or a power grid and we may not be able to detect or ever know or understand the full impact of the security breach. What are the issues that the public is facing due to cyber-threats? What progress is being made in regards to cyber-security? Join us for a discussion with experts in the field of CyberSecurity to learn about this tough subject and what we need to do to stay vigilant against cyber threats and attacks.
The senate is considering a bill that would require all private sector companies to report cyber attacks.
A new report found that for 15 minutes in April a Chinese state controlled telecommunications company was able to hijack 15 percent of the world's internet traffic.
November 17th, 2010 at 11:00AM
The Internet is more than just a technology. It is a domain—similar to the domains of land, air, sea and space, but with its own distinct challenges. The cyber domain has national and international dimensions that include industry, trade, intellectual property, security, technology, culture, policy, and diplomacy. It includes all parts of the converged network, from computer networks to satellite communications, and is not bound by international borders. How can the United States shape the global cyber landscape to promote U.S. economic interests, and develop a cyber domain that considers transparency, accessibility, security, and privacy? Cyber 2020: the Future of the Internet, is part of the Booz Allen Hamilton Expert Voices panel series, moderated by Executive Vice President Mike McConnell and featuring top government and commercial experts.
October 27th, 2010
Representative Jim Langevin of Rhode Island and the Honorable Tom Davis discuss the reform of the 2002 Federal Information Security Management Act (FISMA) and the pending Congressional Cybersecurity bills.
To Improve Cybersecurity the Federal Government Must Enhance Its Partnership with the Private Sector
Cybersecurity is a shared responsibility. During National Cybersecurity Awareness Month, the Administration has educated the general public about the evolving risk of cyber threats through its "Stop. Think. Connect." campaign and reminded the American people, government agencies, and industry that everyone has a role to play in guarding against cyber attacks. At the same time, Administration officials have leveraged the momentum of National Cybersecurity Awareness Month to announce changes in government organizational relationships designed to enhance the security of federal information assets and networks in cyberspace, such as the Memorandum of Agreement between the U.S. Department of Defense (DoD) and the U.S. Department of Homeland Security (DHS) formalizing agency roles and responsibilities for coordinating cybersecurity. One area that has received less public attention is the need for government to enhance its partnership with the private sector.
Building this partnership and clarifying these roles and responsibilities is critical. The private sector's resources are inextricably linked to our government's efforts to successfully secure federal information in cyberspace for several key reasons, most notably:
- Much of the nation's cyber infrastructure is owned and operated by the private sector. Because the public, government, educational institutions, and industry rely on cyberspace, an attack against a major player in the Information Technology (IT) infrastructure sector may not be just an attack against a company. Instead, it may result in an attack against the Internet itself and may impact citizens, governments, and companies across the globe. The federal cybersecurity community must clarify the degree to which government and industry should partner to prevent, detect, and defend against these challenges
- Each key sector of the nation's Critical Infrastructure and Key Resources (CIKR) leverages cyberspace to perform mission-critical tasks.Cyberspace minimizes and, in some instances, eliminates jurisdictional, organizational, and technical boundaries of CIKR sectors (e.g., emergency services, defense industrial base, communications, government facilities, etc.). While the increased capability to share information across sectors enables private sector and government CIKR stakeholders to perform more efficiently and effectively, it also creates additional vulnerabilities in cyberspace. In order to truly be prepared to meet the challenges posed by cyber attacks that could threaten the security of multiple CIKR sectors, the federal government must enhance its partnership with private sector CIKR stakeholders
- There is a shortage of cybersecurity talent in government. While the Cyberspace Policy Review included the need to expand and train its workforce as a key priority, and efforts are underway toward that end, the reality is…the government can't do it alone. Cyber attacks are a constantly evolving, significant threat to our national security and the federal government. In the short-term, the federal government has an immediate need for a qualified, seasoned cybersecurity workforce (e.g., Information System Security Officers (ISSO), cyber strategists, security operations specialists, and program managers, etc.) and must fill these gaps by augmenting its existing workforce with the resources available in the private sector. Long-term, the federal government must assess its broader cyber workforce strategy and the role that the private sector plays in meeting mission-critical cyber requirements
Are we witnessing the beginning of a cyber arms race? Seems like it. The Stuxnet computer virus is taking worries about cyber warfare to a new level. It's the first reported case of malicious software designed to sabotage industrial controls. Experts say it is a prototype of a cyber-weapon that will lead to a new global arms race. Computers will be the weapons. The program specifically targets control systems built by Siemens AG, a German equipment maker. Iran, the target of U.N. sanctions over its nuclear program, has been hit hardest of any country.
Prepare for the worst…and hope for the best. This unofficial mantra of the emergency preparedness and response community also applies to cyber preparedness. This week seven federal agencies, 11 states, 12 international partners, and 60 private sector companies are doing just that: preparing for the worst in cyberspace. These organizations are all participants in Cyber Storm III, a global cybersecurity preparedness exercise led by the U.S. Department of Homeland Security. By the end of the week, these organizations will have responded to a fictionalized cyber threat scenario designed to test their individual and collective capabilities to respond to cyber attacks and the National Cyber Incident Response Plan (Interim Version, September 2010). Federal cyber preparedness has never been more important. The threat to federal information assets and networks is diverse, persistent, and growing. In recent testimony before the U.S. House of Representatives, General Keith Alexander, Commander of the U.S. Cyber Command, stated that U.S. Department of Defense networks are "probed roughly 250,000 times an hour" and characterized the "…shift toward operationalizing cyber tools as weapons to damage or destroy" as a "great concern to us at Cyber Command." The National Cyber Incident Response Plan states:
- Preparedness activities, including establishing common situational awareness in a common operational picture, are shared responsibilities across Federal, State, Local, Tribal, and Territorial governments and the private sector.
- Governance: bringing together the mission, policies, architectures, and organizational alignment to establish the who and what for risk management strategies.
- Risk management: establishing risk tolerance thresholds and implementing the technologies and processes that will assess, prioritize, and monitor risk on a continual basis.
- Compliance: ensuring the organization maintains a cyber security posture compliant with federal laws, regulations, guidelines, and standards with the ability to demonstrate sound risk management strategies when scrutinized by internal and external auditors and Inspectors General.
- Operations: designing, implementing, and monitoring security controls at the operational and tactical levels to include the ability to adequately respond to, withstand, and remediate cyber attacks.
By evaluating federal cybersecurity programs through this framework, agencies can better understand their capabilities and live up to their shared responsibility for cyber preparedness.