Industry group advocates linking cloud, cybersecurity planning
- By Rutrell Yasin
- Jan 22, 2014
An IT industry group led by former Office of Management and Budget e-government administrator Karen Evans says it’s time for the federal government to interconnect the three major IT initiatives it has been driving along largely separate tracks for the last decade: cloud, cybersecurity and mobile computing.
The group, SafeGov.org, called for a new approach for integrating the rollout of these technologies to help government agencies get the benefits of cloud services while meeting cybersecurity requirements at the same time.
“Government officials have taken judicious steps to protect federal networks from nefarious cyberattacks and promote the dissemination of best practices for cybersecurity,” the group said in its report, Staying Safer in Cyberspace: Cloud Security on the Horizon. “But the implementation of these initiatives has been fragmented and lacked coordination across agencies.”
Instead, the group advocates shifting from a compliance-based cybersecurity model “to one that is risk-based and focusing on how to most effectively secure their implementation of cloud services.”
In shifting to this approach, SafeGov.org called for the administration to take four steps to integrate federal programs related to cloud and cybersecurity, including:
- Within the next year, adopt and issue an integrated network architecture to address the Obama administration’s priorities and help agencies implement federal cybersecurity requirements, including those covering open government and data center consolidation.
- Federal Risk and Authorization Management Program should require that all cloud service providers that want to do business with the federal government to use penetration testing capabilities in order to surveil, analyze and respond to threats in real time. This pen testing could be similar to the Payment Card Industry’s Data Security Standard, which is a well-established set of industry benchmarks for online payment services.
- OMB and the Department of Homeland Security Department should work together to develop and issue metrics that inspectors general can use to assess the effectiveness of cybersecurity measures in the reporting process that complies with Federal Information Security Management Act.
- OMB and the National Security Staff should ensure that cybersecurity planning and architecture are aligned whenever possible. OMB and NSS should also hold departments and agencies accountable by assessing their progress toward fulfilling agreed-upon cybersecurity requirements.
In addition to Evans, who is currently national director for the U.S. Cyber Challenge, the report was written by Julie Anderson, a managing director at the consulting firm Civitas Group, and Brian Shevenaugh, an associate with Civitas Group.
Rutrell Yasin is is a freelance technology writer for GCN.