Incident Response in Government

Without a serious effort at automation, the many segments of the cybersecurity response and kill-chain threaten to overwhelm security operations and information...

That’s the gist of a panel discussion convened by Federal News Radio to explore the most contemporary thinking in incident and response planning. Panelists were:

  • Wally Coggins, director of the IC Security Coordination Center in the Office of the Director of National Intelligence
  • Paul Morris, chief information security officer and executive director of the Information Assurance and Cybersecurity Division at the Transportation Security Administration
  • Richard Driggers, deputy chief of operations at the National Cybersecurity and Communications Integration Center, at the Department of Homeland Security
  • Ian Doyle, executive security advisor at IBM Federal
  • Jeff Wichman, Practice Director for Enterprise Incident Management at Optiv

Automation should extend backwards in the chain, to the gathering and interagency sharing of information on emerging vulnerabilities, the status of patches and updates to critical software, and detection of attack attempts. But, as Morris cautioned, agencies should approach patch automation carefully because simply installing a patch of on application in a system can cause failures of interoperability with other applications or data feeds.

Downstream, it’s wise to explore how automation of discrete functions that might be separated geographically can combine in a superset of processes known as orchestration. For example, a cyber countermeasure in an agency’s own data center might require a corresponding measure in a cloud instance of the same application.

Driggers noted that even in an orchestrated environment, agencies will still need human intervention. Thus the output of an orchestrated set of processes might include alert for when it’s time to launch a forensics investigation into what invoked the self-driving process.



Tom Temin, Federal News Radio

Tom Temin has been the host of the Federal Drive since 2006. Tom has been reporting on and providing insight to technology markets for more than 30 years.  Prior to joining Federal News Radio, Tom was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines. Tom also contributes a regular column on government information technology.



Wally Coggins, Director, IC Security Coordination Center, ODNI

Mr. Coggins serves as the Director, Intelligence Community Security Coordination Center (ICSCC), within the Office of the Director of National Intelligence (ODNI), IC Chief Information Officer. The IC SCC provides for the integrated defense of the IC’s information environment and serves as the Federal Cybersecurity Center responsible for coordinating the IC’s defensive response to major cyber incidents, threats, and vulnerabilities.

Prior to his current assignment, Mr. Coggins served as the ODNI’s Deputy Chief Management
Officer, leading and managing internal ODNI administration, finances, and policy, and as the
ODNI Executive Secretary responsible for coordination of official correspondence and other
communications on behalf of the DNI. Mr. Coggins also served as a Director responsible for
acquisitions, integration, and evaluations along with other assignments within the ODNI
Acquisition, Technology, and Facilities component.

Prior to joining ODNI, Mr. Coggins served as program manager and contracting officer at the
Naval Air Systems Command for the development and acquisition of major weapons systems
including the F-35 Joint Strike Fighter, F/A-18 tactical aircraft, electronic warfare, mission
planning, and missile programs.


Paul Morris, CISO & Executive Director, Information Assurance and Cybersecurity Division OIT, TSA

Paul Morris is a member of the Senior Executive Service responsible for the Vision, Strategy and Execution of Cyber Defensive Operations, Governance, Compliance and Risk Management to defend the data and information systems for 60,000+ TSA employees/contractors.


Rick Driggers, Deputy Chief of Operations, National Cybersecurity and Communications Integration Center, DHS

Rick Driggers is the Principal Deputy Director for Operations for the National Cybersecurity and Communications Integration Center (NCCIC), Department of Homeland Security (DHS). He joined DHS in 2003, serving in a variety of roles. Of note, he was the Chief Technology Officer for the National Protection and Programs (NPPD). Additionally, he supported the President’s National Security Council as the Director for Data and Systems Integration Policy and was the lead developing the Climate Resilience Toolkit for the Executive Office of the President. Before being appointed to the Senior Executive Service, Rick held multiple senior management positions within NPPD and the Office of Intelligence and Analysis.

A former United States Air Force Combat Controller, Rick deployed as a member of many U.S military and international Special Operations Forces operational and tactical teams conducting high risk mission in austere environments. He holds a B.S. in Applied Science and Technology and is a graduate of the Harvard Kennedy School of Government Senior Executive Fellows Program.


Ian Doyle, Executive Security Advisor, IBM Federal

Ian is currently IBM’s Executive Security Advisor for U.S. Federal.  In his current role, Ian is responsible for representing the comprehensive IBM Security portfolio while interacting with U.S. Federal executives regarding their IT security, risk and compliance issues, and designing security solutions based on their requirements.

Ian joined IBM Security four years ago after 13 years working for or supporting the federal government where the majority of his time concentrated within the Department of Defense.  Ian’s career evolved around his ability to influence people, processes, and technology by analyzing critical issues; driving and delivering strategic and transformative business solutions scoped to fit the most stringent requirements; developing long-term process improvements leveraging technology; and leading and fostering organizational growth.

Ian’s last role completed four years working for Army Cyber Command and NETCOM as the Enterprise Management Division Deputy.  He was asked to utilize strategic leadership, thorough analysis, and a comprehensive understanding of governance to achieve insightful results on behalf of the Command’s mission to operate, maintain, and defend the Army’s enterprise network.

His career also found him supporting Joint Task Force-Global Network Operations, U.S. Strategic Command, Defense Information Systems Agency, and Department of State along the way.  Ian holds an MBA from the University of Mary Washington and a BA in Economics and Business from Virginia Military Institute.  He’s also a certified ITIL v3 expert with a current TS/SCI with CI poly.


Jeff Wichman, Practice Director, Enterprise Incident Management, Optiv

Jeff Wichman is the Practice Director for Optiv’s Enterprise Incident Management practice. Jeff’s role is to provide strategic, financial direction and leadership to the Enterprise Incident Management practice. He also has technical expertise in digital forensics and incident response programs and processes, and provides coaching the Optiv Enterprise Incident Management team.

Mr. Wichman has over 15 years of experience in information security. His experience ranges from small businesses to Fortune 500 corporations in a multitude of industries. He is a subject matter expert (SME) in the design, implementation, and testing of incident management programs. He is experienced with incident response related to single crypto-malware incidents up to major corporate compromises involving thousands of systems. Prior to joining Optiv, Mr. Wichman was a senior security engineer for financial services organizations and was responsible for securing corporate networks, responding to security incidents and forensic investigations.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    U.S. Army photo by Staff Sgt. Tykeera MurrayNational Guard, southern borderSoldiers in the Army National Guard conduct a security search

    Guard’s support of DHS adds no military value

    Read more