Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Search Tags: cyber security
Thursday, March 24th, 2010 at 11:00am
Identity and Cyber Security will play a critical role in building and managing a Smart Energy Grid. More secure and reliable access based on known and verifiable Identity will provide greater efficiency, ease of use, and security. With this decentralization, more complex systems of access management will be needed to permit authorized people the ability manage their areas of responsibility, to provide the frameworks necessary to create trust, to verify information, and to allow greater consumer participation in electrical services.
Tags: technology , Booz Allen Distinguished Speaker Series , identity , Smart Energy Grid , National Institute of Standards and Technology , National Energy Technology Laboratory , Tennessee Valley Authority , Software Engineering Institute , George Arnold , Steve Bossart , James Sample , Bill Wilson
In addressing the importance of cyber security as a government priority in testimony before a Senate Homeland Security and Governmental Affairs subcommittee last fall, Vivek Kundra, the Federal Chief Information Officer, said:
"Our Nation's security and economic prosperity depend on the stability and integrity of our Federal communications and information infrastructure." Federal News Radio has reportedthat the federal government will spend $8.3 billion on computer security this year - marking a 60% increase in four years. As Federal information security decision-makers allocate dollars and resources to protect our infrastructure, it is important to prioritize the key challenges they face. These include:
- 1. Increased use of mobile devices.Mobile devices are becoming smaller and faster every day. Agencies face even more challenges as mobile applications have now become widely used and they are even looking to build their own mobile applications to increase their productivity in the field.
- 2. Continued movement of data into the cloud. Cloud computing has become a pervasive buzzword but in the end, risk stems from a matter of oversight and control. Agencies must rely on strong governance and compliance oversight of their service providers since they do not own or control the systems where their data resides.
- 3. Changing regulatory environment. NIST has undergone sweeping changes across their Special Publications by introducing a new Risk Management Framework and introducing new nomenclature such as "Security Authorization." OMB continues to press their performance metrics as a part of the FISMA reporting process and could see some changes in the next 9 months.
- 4. Application security. Attackers have now moved their focus from the network and infrastructure level to the application layer. We're seeing more attacks proliferated through applications such as Adobe and web browsers but some high profile data breaches stemmed from custom web applications through SQL injection attacks.
- 5. Developing/maturing offensive capabilities. "Understanding the offensive to build the defensive" has become the mantra for today's cyber security efforts. The ability to understand the mindset of an attacker and their methods becomes critical in building defenses that focus on these attack vectors.
Reigning in the changes can pose a difficult problem for several agencies but it ultimately comes down to understanding the threats to your particular agency and narrowing your defenses on those areas. Focus and prioritization become key in the constant battle.
While 2010 turns the page to a new decade, many threats from the past 10 years persist. In the cyber security world, nations such as China continue building cyber capabilities from an offensive and defensive perspective, resulting in what has become a new arms race.
In response to these threats, the Federal government hopes to shore up its defensive capabilities by mandating new FISMA performance metrics that incorporate "real-time" countermeasuresówith real-time being the keyword. Real-time denotes the ability to identify, act, and respond to minimize the impact of attacks. This leads to our movement of increasing situational awareness and our ability to detect threats as they occur instead of reacting after the damage has been done. While real-time measures provide many benefits, they also carry a hefty price tag for agencies looking to implement these capabilities. Real-time capabilities can only be implemented through automated technologies and solutions. These technologies carry significant costs further straining the department or agency's already thin cyber security resources.
Government agencies currently possess varying levels of maturity to implement and maintain these capabilities and, in some cases, do not possess these capabilities at all. Although they are absolutely necessary in any "defense-in-depth" strategy, the key question becomes "How much?" and "How fast?" can we implement them. With shrinking budgets and tougher times, it becomes a difficult exercise in prioritizing investments, especially when FISMA may formally capture progress and impact an agency's grades and ultimately, their budget.
It would be impossible to implement these capabilities within a 6-12 month period, at least not effectively. Organizations need to take a risk-based approach to prioritizing initiatives and developing a strategy that allows agencies to prioritize their investments to obtain the greatest return and most importantly the biggest risk reduction to support their missions.
Listen 10/16 - Host Debra Roth is joined by FBI Special Agent Cynthia Deitle to discuss the Bureau's Civil Rights Division.
With federal dollars just now becoming available and new federal appropriations legislation, federal agencies will be even more time-pressed to spend their budget dollars before the end of the fiscal year. On a bipartisan basis, Congress increased cyber security spending to ensure the rebuilding of aging network infrastructure to better prepare for possible disasters and future cyber threats that now occur on a daily basis.
In a recent cyber security survey of government IT executives, intrusion detection and prevention were one of the top priorities mentioned by 42% of the respondents in that survey. Investments in intrusion detection to protect the network and prevent intrusions were indicated to be extremely important. Securing your network in these two areas to protect against cyber attacks will have an indelible impact on improving security.
Cyber security has received a thorough debate within the Obama administration. Now it looks like the Homeland Security Department will retain at least some role in setting standards and policy - even as a new White House office is established for cyber security. It's taken a month for the administration to get its final report out after the 60-day review. Why? Because lots of agencies and panels were fighting for a piece of the action. But Congress has yet to weigh in. I'm Tom Temin.
The National Security Agency is the big question mark for the Obama administration's new cyber security strategy. Specifically, what should NSA's role be? The spy agency, by all accounts, has the best technology and know-how for monitoring cyber space. But critics fear its ability to conduct domestic surveillance. Even as the administration releases its new strategy, expect this debate to continue. I'm Tom Temin.