It's no secret the U.S. faces some big challenges with the size and capacity of its cybersecurity workforce. But putting a finer point on those challenges isn't as easy. An all-week event at Virginia Tech tried to answer those questions. At the 2014 U.S Cyber Challenge Summer Cyber Camp, attendees got intensive training on discrete cyber skills but also an overview of the overall workforce shortage, and where their specialized skills might be able to help. Mari Galloway, director of finance for the Women's Society of Cyber Jutsu, was one of the 45 participants in this week's event. She tells In Depth with Francis Rose about a few of her main takeaways.
As government agencies migrate to cloud computing and other new technologies, the information technology workforce requirements are changing.
The Defense Department's testing its own version of cybersecurity standards for cloud systems. The Defense Information Systems Agency is working with all the military branches to find a cybersecurity program that protects the cloud with Level-3 security requirements. DISA's enterprise cloud broker is conducting the software tests. DoD's chief of the risk management oversight division in the chief information officer's office,Kevin Delaney, isn't sure when the tests will be over. He says the development needs to run incrementally so each level of security controls are working right. The tests are coinciding with the deadline for agency cloud systems to earn security certification through the Federal Risk and Authorization Management Program. Right now FedRAMP offers cloud certification for low to moderate security levels.
DISA is working with the services to identify a mission-critical application in the cloud to ensure the additional requirements for Level-3 security are appropriate and achievable. Meanwhile, the FedRAMP program office is beginning to consider what the program will look like in two to three to five years.
Chandra McMahon, Lockheed Martin's vice president for commercial markets, discusses NSA's accreditation system that tests cybersecurity companies against 21 separate focus areas.
Michael Daniel, the Obama administration's cybersecurity coordinator, says he wants to dismantle the most common method of cyber protection: passwords. Even as cyber threats continue to grow more sophisticated and destructive, passwords are weakening and proving easier to crack than ever. The solution lies in the National Strategy for Trusted Identities in Cyberspace (NSTIC), which calls for a broad "identity ecosystem" to replace simple passwords.
Cybersecurity projects and programs are getting some hefty backing from the Senate.
The Federal Communications Commission is challenging telecoms to work more closely with it to improve the nation's cybersecurity. FCC Chairman Tom Wheeler says he is not planning more regulations, rather he is asking the companies to share responsibility. Federal News Radio's Executive Editor Jason Miller joined Tom Temin and Emily Kopp on the Federal Drive to discuss the FCC's plans. Read Jason's related article.
Chairman Tom Wheeler said he wants to build on the initial success of the critical infrastructure cybersecurity framework released by the White House in February. He said it's not a matter of new regulations, but creating a joint approach to improving the network security across the entire communications sector. Rep. Mike Rogers (R-Mich.) renews hope for Congress to pass information sharing legislation this year.
The Pentagon says the Chinese military threat is growing because China steals intellectual property from the United States in giant quantities. DoD's new congressional report on China details violations of U.S. copyright and export laws by Chinese intelligence programs stealing national security technology. Gordon Chang, a contributor to Forbes.com, writes their New Asia column.
The National Institute of Standards and Technology gives agencies guidance for continuing the transition to a real-time, dynamic cybersecurity.
A new survey by TechAmerica and Grant Thornton found many agency chief information officers continue to spend too much on legacy systems and don't have money to develop or modernize new software or applications. But tools such as PortfolioStat are making a difference in helping senior IT managers understand and have a say in where money is spent in their agency.
The Department of Defense recognizes that it and American companies are prime targets for hackers, whether they be a nation-state or individuals. So it's put in place an operating strategy. That strategy is comprised of 5 elements: 1) a defensible architecture; 2) global situational awareness and a common operating picture; 3) a concept for operating in cyberspace; 4) trained and ready cyber forces; and 5) capacity to take action when authorized.
USCYBERCOM, according to testimony before Congress, is working on several elements to defend against cyber attacks. Those elements include tactics, techniques, and procedures, as well as policies and organizations. Officials say that also means turning plans into doctrine and training - and building a system that our Combatant Commanders can think, plan, and integrate cyber capabilities as they would capabilities in the air, land and sea domains. Cyber is different from all of them because it's mostly invisible.
A computer hacker facing up to 20 years in prison is free after helping the federal government stop hundreds of cyberattacks. He taught agencies how to protect millions of dollars and cripple the hacker group Anonymous. Retired Air Force Maj. Gen. Dale Meyerrose was chief information officer for three Air Force commands and three joint combatant commands. He was also the first CIO of the Office of the Director of National Intelligence and is now president of the Meyerrose Group. He joined In Depth with Francis Rose to explain what kind of precedence this sets for future cybersecurity policies.