Cyber-Warfare: Securing our Nation’s Defense

 

The SANS Institute in 2012 called defense-in-depth unsustainable and provides no assurances than an enemy can be removed from the network permanently once they are inside.

SANS says this concept of defense-in-depth came from the kinetic world where have multiple fire alarms, extinguishers and evacuation plans in case of a fire is a good example.
But in the cyber world this concept didn’t transfer over like many thought it would.

So the big...

READ MORE

 

The SANS Institute in 2012 called defense-in-depth unsustainable and provides no assurances than an enemy can be removed from the network permanently once they are inside.

SANS says this concept of defense-in-depth came from the kinetic world where have multiple fire alarms, extinguishers and evacuation plans in case of a fire is a good example.
But in the cyber world this concept didn’t transfer over like many thought it would.

So the big question is how do we fix that?

Over the last seven years, the Office of Management and Budget has been pushing agencies toward continuous monitoring and risk management.

This is the idea of understanding your networks and data, and then recognizing the risks associated with losing that data or control of those networks, and then making informed decisions on how best to protect your assets.

The recent update to Circular A-130 addresses this idea head on, calling for agencies to implement an agencywide risk management process that frames, assesses, responds to, and monitors information security and privacy risk on an ongoing basis across three tiers—organization, mission and the information system level.

The other key piece to this continuous monitoring and risk based approach is automation.

That is where the Homeland Security Department’s Continuous Diagnostics and Mitigation (CDM) program comes in. Experts say CDM tools will help agencies know where their vulnerabilities are more quickly and automatically address the problem and let the chief information security officer know what’s going on.

Agencies are making progress toward this continuous monitoring and risk based approach, but it’s taking time and hackers are exploiting gaps in the system.

 

Moderator

Jason MillerJason Miller, Federal News Radio

Jason Miller is an executive editor and reporter with Federal News Radio. As executive editor, Jason helps direct the news coverage of the station and works with reporters to ensure a broad range of coverage of federal technology, procurement, finance and human resource news.As a reporter, Jason focuses mainly on technology and procurement issues, including cybersecurity, e-government and acquisition policies and programs.

 

Panelists

Garcia, GregoryGregory Garcia, Chief Information Officer, Army Corps of Engineers

Gregory Garcia was selected for the Senior Executive Service in 2005. He assumed the position of the Chief Information Officer/G-6 at the U.S. Army Corps of Engineers on Feb. 21. In this role, he serves as the principal advisor to the Corps Commanding General on information technology issues. He is responsible for all aspects of information resource management and information technology for the Corps.

 

letteerDr. Ray Letteer, Chief of the Cybersecurity Division C4 Department at Headquarters, U.S. Marine Corps

Dr. Letteer is responsible for and oversees all Cybersecurity tasks, standard, and conditions within the Marine Corps, which includes Computer Network Defense, Defensive Cyber Operations, Public Key Infrastructure, Electronic Key Management Systems, and Certification & Accreditation. He also serves as the appointed Approving Official for the Marine Corps Enterprise Network, which includes all networks and networked systems whether in garrison or tactically deployed. He is also the Functional Area Manager  for Marine Corps EKMS/KMI/PKI issues.

 

morris paulPaul Morris, Deputy CISO/Deputy Director, Information Assurance & Cyber Security Division, TSA

Paul Morris leads the Information Assurance & Cybersecurity Division of approximately 50 federal employees and 120 contractors. He leads a multi-faceted workforce responsible for: Federal Information Security Management Act (FISMA) Compliance and Policy; Cyber Security Awareness and Operational Support; Critical Infrastructure Protection; Secure Infrastructure and Vulnerability Management; Forensic Operations and a 24×7 Cyber Security Operations Center.

 

Matt AldermanMatt Alderman, Vice President of Strategy, Tenable Network Security

As VP of Strategy, Matt is responsible for developing  Tenable’s long-term vision and strategies for partner alliances, new solutions,  and product development to meet the emerging needs of Tenable’s customers  across the globe. An information security and compliance veteran with 20+ years of experience designing and implementing solutions, Matt came to Tenable from RSA, where he led product strategy and messaging for Archer. Before RSA, he was responsible for enhancements to the SaaS platform and Policy Compliance  solution at Qualys, where he also co-authored and published Policy Compliance for Dummies. Matt was the founder and CTO at ControlPath, where he and  co-inventor Sean Molloy were issued United States Patent 7,788,150: Method for assessing risk in a business.