CyberEye

Blog archive
Egg cracking as it is squeezed in a vise

Will agencies get squeezed on cybersecurity technology?

It is no surprise that the government faces serious challenges in protecting its information systems, both because agencies are high-profile, high-value targets and because agencies lack the speed and flexibility to effectively counter rapidly evolving threats.

“We have once again designated federal information security and cyber infrastructure protection as governmentwide high-risk areas,” Greg Wilshusen, director of information security issues for the Government Accountability Office, told a Senate panel at a recent hearing.

There are some promising developments in government cybersecurity. The Homeland Security Department, which has the nominal lead in protecting civilian agency systems, is taking the initiative to help develop tools and programs that could do a better job of monitoring, evaluating and mitigating risks. But those programs are being threatened by the unwillingness or inability of Congress to effectively fund government operations.

“Sequestration reductions will require us to scale back the development of critical capabilities for the defense of federal cyber networks,” DHS Secretary Janet Napolitano told legislators during the hearing.

Napolitano offered no specifics, but with across-the-board cuts mandated under sequestration it is inevitable that worthwhile programs will be hit just as hard as unnecessary ones.

Tools being developed or advanced by DHS include the Cyberscope automated FISMA reporting systems, which leverages commercial products that use the Security Content Automation Protocol from the National Institute of Science and Technology.

There also is the National Cybersecurity Protection System that includes the Einstein intrusion prevention system. The department’s Science and Technology Directorate cooperates in the development of secure Internet protocols, and Napolitano said that DHS was a leader in the development of the Domain Name System Security Extensions (DNSSEC).

The National Protection and Programs Directorate is developing a commercial Continuous Monitoring-as-a-Service capability to deploy sensors and feed cyber risk data to an automated, continuously-updated dashboard to help agencies see and respond to day-to-day threats.

It is not government’s job to create the technology needed to secure the nation’s cyber infrastructures, and government is unlikely to ever be as nimble and efficient as the private sector in developing security products. But government certainly has a role to play in fostering development of critical tools, especially those such as Cyberscope and SCAP that address government needs.

DHS programs and their results are open to criticism, but it is taking responsibility to help provide agencies with the tools they need to do their jobs. It would be a shame to arbitrarily slash efforts that could produce real benefits.

Posted by William Jackson on Mar 08, 2013 at 9:39 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.