More agencies prepare cyberprotection plans -- GCN

More agencies prepare cyberprotection plans

By Christopher J. Dorobek
Oct 19, 1998

22 agencies will participate








	To ensure that the nation’s systems are safe from cyberterrorism, the administration will demand detailed security plans from eight more agencies. It expects plans next month from 14 agencies for the infrastructure protection effort. The administration last week unveiled its plan to require additional agency participation. Government officials talked about the project at a computer security seminar sponsored by the General Services Administration and the Chief Information Officer Council’s Security Committee. The additional agencies will get formal notice in a few weeks from Richard Clarke, the national coordinator for security, critical infrastructure and counterterrorism, said Thomas R. Burke, GSA’s chief infrastructure assurance officer. “As the president has directed, the federal government should be the model. Right now we are a model. We’re a model of what not to do,” Clarke said. The additional agencies, known as Tier 2 agencies, join the 14 Tier 1 agencies that the White House already assigned responsibilities. Tier 1 agencies must complete vulnerability surveys by next month; Tier 2 agencies have until February to do their vulnerability surveys, Burke said. Delineating Tier 1 and Tier 2 agencies means that remaining agencies will not be required to detail their security plans under Presidential Decision Directive 63. The directive previously was viewed as a governmentwide mandate. “There was some confusion among agencies about which ones were covered,” said Jeffrey Hunker, director of the administration’s Critical Infrastructure Assurance Office. By identifying the Tier 1 and Tier 2 agencies, CIAO can focus on the most critical agencies, he said. “We are encouraging those agencies [not identified] to take the same actions—to develop their plans,” Hunker said. “We’re not requiring them to do it.” At the seminar last week, Clarke made a dramatic call for agencies to act. “I know none of you need additional work, especially work that might highlight your vulnerabilities,” he said. “But you’re being asked to define the defenses—the defenses against the next war.” CIAO, the organization that is responsible for implementing a plan to protect the nation’s critical infrastructures, has made a dozen agencies responsible for specific areas. The Treasury Department, for example, is working with the banking and finance community to ensure that they have a plan to deal with cyberattacks. Burke said GSA and CIAO are assembling a team of security experts to help agencies formulate security plans. The team will include government security experts on loan from their agencies for at least 120 days, he said. GSA is also in the final stages of developing a basic security plan and vulnerability assessment to help agencies, Burke said. Agencies should use existing documentation for their plans such as internal and General Accounting Office audits, he said. Hunker also suggested that agencies use knowledge gained from their year 2000 work to build security plans. For instance, agencies have inventoried their mission-critical systems, he said.

E-Mail this page

Printable Format

Advanced Search

Stay Connected

Sign up for our newsletter.

Email Address

Country

Terms and Privacy Policy consent

Yes, I agree No, I don't agree

Select primary job function

Select agency/branch/business type

I agree to this site's Privacy Policy.

What can we do about public-sector security breaches?

Windows 7 machines prompt new election security worries

When zero trust really means variable trust

Building a cloud for planetary defense

DISA streamlines cloud authorizations

A 'living lab' for connected vehicles

When ransomware plagues government agencies, hackers are here to help

3 surefire ways to build a better cybersecurity strategy

New from GCN

Upcoming Events