March 19, 2010 • Volume 8 • Number 2 • View As A Webpage
Cybersecurity: Securing Government Assets
 Read the Spring 2010 On The FrontLines issue on Cybersecurity using Turn Page technology. Read and download yours now.
 Fresh from the 2010 AFCEA Homeland Security Conference, this issue of On The FrontLines -- Cybersecurity: Securing Government Assets -- lets you read, watch and hear firsthand what government and industry leaders are doing about present and future cybersecurity threats.
Just like a hardcopy publication, this issue presents articles and viewpoints on the progress and best practices surrounding government cybersecurity initiatives and challenges.
But unlike a hard copy publication, through Turn Page technology, you'll can link directly to government and industry websites, download white papers and special reports.
Further you'll be able to watch and listen to government leaders talk about how they are meeting the government's and the nation's cyber challenges. View videos from:
• Richard Spires, CIO, DHS
• Dave Wennergren, CIO, OSD
• Steve Chabinsky, CIO, FBI
• Priscilla Guthrie, CIO, ODNI
• Greg Shaffer, Asst. Secretary for Cybersecurity, DHS
• Van Hitch, CIO, DOJ
•Charlie Armstrong, CIO, CBP
• Luke McCormack, CIO, ICE
AFCEA Homeland Security 2010
Cybersecurity was top of mind for the 1,000 attendees. Watch videos of cyber leaders and read a roundup of what cyber leaders are saying.
Welcome to Team Cyber!
The bottom line: Everyone needs to be a cybersecurity leader—starting with their computers.
Getting Proactive—Viewpoint: Jim Flyzik
The former Treasury and Secret Service CIO tells some of the lessons he’s learned in 17 years of teaching cybersecurity at the University of Maryland.
Steel Door On A Styrofoam House?
The more security is proactively “baked in’, the more “secure information sharing” will occur.
What’s Your Role? What’s Your Responsibility?
Currently, a person’s security role and responsibility may not match exactly. What exactly is that responsibility and what training they need is the theme of FISSEA 2010.
Wanted: Trained Cyber Defenders
DHS is hiring 1,000 new cyber defenders. When they need training, they can get it from The Defense Cyber Investigations Training Academy.
Enabling Cyber Defenders
Government relies on a wide variety of approaches and tools to keep the bad bits out and let the good bits in. Here are three examples.
Cyber Implementers
As threats rise, so do the efforts of industry to provide the cyber solutions government—and the rest of us—need.
Make It Easier, Bake It In—Viewpoint: Jeff Erlichman
Industry needs to make it easier for end users to practice cyber hygiene.
"On The Frontlines" publications are dedicated to advancing innovation and showcasing the positive progress and best practices of federal agencies, programs and people along with their strategic partners to support the goals of their mission programs and the men and women who work on the frontlines.
Enjoy the Digital Experience! Click Here!
Read more about these and other topics, plus watch videos of government and industry cyber leaders in this issue of "On The FrontLines" on Cybersecurity.
|
On The FrontLines @ AFCEA 2010 Homeland Security Conference |
The Golden Age of Espionage
 DHS Secretary Napolitano announced the Cyber Challenge just days after the AFCEA Homeland Security Conference in Washington, DC, which attracted 1,000 professionals who are really, really, really on the frontlines of homeland security.
AFCEA sessions covered topics such as Immigration Reform, Border Security, Information and Intelligence Sharing and DHS 2010 procurement programs including the upcoming EAGLE 2 contract bid and award (with hopefully no protests).
But there was no denying that cybersecurity and its inclusion as one of DHS’s five major priorities was top of mind for this audience.
Attendees heard from Bruce McConnell, Counselor, DHS Deputy Under Secretary, NPPD. After talking about the DHS Quadrennial Review, he spilled the beans about the Cyber Challenge awareness competition before its announcement.
Then he turned the podium over to Steve Chabinsky, the FBI’s Deputy Assistant Director, Cyber Division, who called this “The Golden Age of Espionage”.
Chabinsky says cybersecurity has the potential to be overwhelming, so there is the need to assess and prioritize threats not only from outside, but from within.
“We sometimes over emphasize the threat of outside intrusions,” said Chabinsky. “We need to educate because attackers are specifically designing things that take advantage of predictable failings of employees.”
On the policy side, DOJ CIO Van Hitch spoke about the new Federal CIO Council Information Security and Identity Management Committee (ISIMC).
Hitch said the ISIMC will be the principal interagency forum to collaborate on identifying high priority security and identity management initiatives. Once identified, Hitch said the ISIMC will develop recommendations for policies, procedures, and standards to address those initiatives that enhance the security posture and protection.
What it will do is bring in key players (e.g. CISOs, certified IT Security personnel ) to form subcommittees, working groups, and/or task forces to perform the nitty-gritty work necessary to execute the Comprehensive National Cybersecurity Initiative (CNCI) said Hitch.
Cyber Challenges According To AT&T, Qwest and Verizon
Somewhere in the process of routing and switching information over the Internet your data probably travels on the network of a major carrier (e.g. AT&T, Qwest or Verizon).
What these carriers are dealing with is an Internet where there is no global governance and a public that is demanding more services. Just wait until a 4G network with a 100 megabyte download to your smart phone becomes the norm.
So, needless to say, cybersecurity has become a way of life for large carriers. And this is what they had to say about cybersecurity during a session at the 2010 AFCEA Homeland Security Conference.
John Nagengast from AT&T said his company has 1,000 people dedicated to cybersecurity; some watching what’s happening while others look for deviations or changes at the port and protocol levels.
What is frustrating to these carriers is that while each carrier is doing a good job, they don’t have the ability to put large picture together said Nagengast.
“We have informal structures, but not real time sharing of raw data to coordinate a real time response. We can’t pick up the phone and call someone to coordinate; it’s just way too slow when attacks are measured in milliseconds.”
Verizon’s Marcus Sachs pointed out once again that most problems are not technology, but people problems. “Most intrusions are preventable; we can stop them; we can show them analytically that we can do it, but people don’t know how to stop it or what to do.”
Sachs says if the carriers could work together it would be better, but the law makes it tough because of privacy concerns. “We need to relook at the law and do some fine tuning and we need strong public/private partnerships to go forward.”
Government: The Gold Standard
Sachs called on the government to set itself up as the “gold standard”. He chided Congress for writing laws about security, but their own networks fail security tests. He called on legislators to set the gold standard at work and at home; and to use the acquisition process to further drive security standards.
He also called on them not to pass laws yet that could have unintended consequences. “Information sharing is the key; we run cyber from the conduit side, but we can’t share information legally about threats,” said Sachs. “We need to find a balance to make this work. Our adversaries have no laws; they share information; however we (as providers) can’t talk among ourselves because of laws. There needs to be some balance.”
Qwest’s Shawn Carroll added that the recent GAO report said agencies still had not done enough about cybersecurity. He talked about the need for “defense in depth” and to define a road map and way to mitigate “zero-day” events. He also said agencies don’t really have a clear understanding of how long it would take to recover from a cyber attack.
All the panelists urged government agencies to use the Networx contract to implement the TIC Initiative. The MTIPS TIC initiative is just about to take off and agencies will find this easier than building their own TIC. RESEARCH-WHITE PAPERS & SPECIAL REPORTS
|
