CIOs tell agencies to prepare for post-2000 security push







As agencies attempt to work through a myriad of rules for critical infrastructure
protection, the new leadership of the Chief Information Officers Council has published
guidance to all the guidance.


At least four significant provisions from various government sources for critical
infrastructure protection already exist, said Thomas R. Burke, assistant commissioner for
the General Services Administration Federal Technology Service’s Office of
Information Security.


“There is enough guidance,” he said. What agencies need is help prioritizing
all the advice so the provisions can be implemented, he said.


After year 2000, security is the next big challenge for information technology
executives, said Energy Department CIO John Gilligan, co-chairman of the CIO
Council’s Security Committee.


“Information security will move CIOs to the post of generals in a guerrilla
campaign,” he said.


But unlike the year 2000 problem, the IT security issue is not fixed in time and is
growing quickly.


Furthermore, there are limited resources for IT security, he said.


The guidance from the CIO Council’s Security Committee, expected to be available
later this year, will not be another plan that agencies need to complete, Burke said.


“This will highlight what is the most critical thing that must be done,” he
said.


The National Institute of Standards and Technology in December published a guide for
developing security plans.


The document, NIST Special Publication 800-18, Guide for Developing Security Plans for
Information Technology Systems, is available online at
csrc.nist.gov/nistpubs/Planguide.PDF.


Burke spoke during a presentation by the CIO Council Security Committee at the FOSE
trade show in Washington this month. The Council Security Committee’s presentation
was the first public appearance by the Security Committee’s new co-chairmen, Gilligan
and State Department CIO Fernando Burbano.


Gilligan and Burbano are taking over for former Justice Department deputy CIO Mark A.
Boster, who left government this year for the private sector.


The CIO Council’s Security Committee will be working with GSA to improve budgeting
of critical infrastructure protection, Burke said. Officials are planning a budget
session with officials from the Office of Management and Budget to help IT security
officials make effective budget requests, he said.


The panel is also completing draft recommendations of security skills for system
administrators, said Mary Ellen Condon, director of the Justice Department’s
information management and security staff, and a member of the CIO Council’s Security
Committee.


Systems administrators provide frontline defenses, Condon said, but they usually do not
get the proper training.       


inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group