Condon: Agencies lack understanding of security directive

VIRGINIA BEACH, Va.—Presidential Decision Directive 63 is playing up the
importance of computer security, systems officials said this month at the Interagency
Resources Management and Chief Information Officers Council Conference.


But systems managers must do more to increase awareness and offer training in computer
security, said Mary Ellen Condon, the Justice Department’s director of information
management and security staff, and a member of the CIO Council’s Security Committee.


“Employees say they need more guidance on PDD 63,” Condon said. “We have
to figure out how to reach out to them.”


Issued in May, the directive requires federal agencies to develop security plans for
protecting the nation’s critical infrastructures. Agencies must submit their plans by
Nov. 17.


Employees who attended a security session at the conference questioned whether the
presidential directive affects only those agencies running highly sensitive systems.


Condon was precise in her answer: “No. PDD 63 is across all government.”


In his directive, the president ordered all agencies to appoint chief information
assurance officers. The CIAOs must ensure that the government’s systems are not
vulnerable to physical attack or cyberattack.


The directive also established the position of a national security coordinator. The
national coordinator will run the Critical Infrastructure Assurance Office at the Commerce
Department and oversee development of a national infrastructure security plan. The office
also will help coordinate legislative issues and a national education and awareness
program, Condon said.


Meanwhile, the National Infrastructure Protection Center at the FBI will receive
support from the Secret Service, intelligence agencies, the private sector and the
departments of Energy and Transportation, Condon said.


Employees can learn more about the directive on a CIAO Web site at http://www.ciao.gov.
The site provides information and helpful tips, Condon said.


The General Services Administration also will hold a PDD 63 information session on Oct.
13 in the GSA auditorium, she said.


Computer security continues to be a troublesome issue for agencies, Condon said. She
noted that the Federal Computer Incident Response Capability handled 400 computer threats
between October and April.


FedCIRC attributes the rising number of reports it receives to agencies linking more
systems and to more agencies using intrusion detection tools to identify system breaches,
Condon said.


Additionally, more agencies recognize the value of sharing incident information, she
said.    

inside gcn

  • data science (chombosan/Shutterstock.com)

    4 steps to excellence in data analysis

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above