Intel agencies going to 'war' over IT security
- By Jason Miller
- Oct 05, 2006
The CIO's office in the Office of the National Director for Intelligence starting Tuesday is going into the war room.
Groups of government, industry and academic IT security experts have been developing proposals since May
on ways to improve intel agencies' cybersecurity.
Dale Meyerrose, ODNI's CIO, today said over the next month the teams will 'fight it out' to see whose proposals are best. Then, he will issue new guidance by the end of December to be implemented quickly in seven areas, including certification and accreditation, software reuse, security policy and security standards. Meyerrose added he plans to make as many of these policies public as possible.
'The end goal is to come up with the best way to do these things,' Meyerrose said today at an event in Washington sponsored by the Professional Services Council, an industry trade association in Arlington, Va. 'We need to make these policies the new normal.'
Meyerrose put together the two teams ' green and gold ' to improve the policies because the previous security policy took about seven years to come together, and he is unable to wait that long again.
'We haven't updated our security policy since 2001,' he said. 'It took three years to write and four years to get approved. We will do this in 11 months.'
There are several problems with the current policy, he said. It is structured to be risk averse, instead of mitigating risks. It doesn't lay out security standards, but security absolutes; and he wants to move the policy into the Internet Protocol world.
'For 30 years in the military, I fought with the Intel community on certifications and accreditation and the counsel I received when I got this job was to fix this,' he said. 'So now I am.'
In addition to security policy, Meyerrose said ODNI has made strides in sharing information.
He said his office was given the challenge of leading the federal effort to prepare for the Avian Flu. His office helped set up three portals ' for top-secret, secret and unclassified data. The secret and top-secret portals were set up in two weeks, but the unclassified portal took six months.
'The users could see the unclassified portal, but not the information in [the] portal because there were so many rules surrounding who could access the data,' Meyerrose said. 'Once we changed the business processes to determine how the information should be labeled, the number of active users on the site increased to 38,000 from 3,000.'
Meyerrose added that his office has developed taxonomy for information sharing and is working on role-based identity standards for data access.