Hubbard Radio Washington DC, LLC. All rights reserved. This website is not intended for users located within the European Economic Area.
Hubbard Radio Washington DC, LLC. All rights reserved. This website is not intended for users located within the European Economic Area.
Compiled by Federal News Radio Staff
Although the federal government has made progress on cybersecurity in recent years, several items remain on the agenda for agencies to secure their networks.
With the help of cybersecurity experts both in and out of government, Federal News Radio has compiled a list of the major items still on the government’s cyber to-do list. (The items are in no particular order.)
Legislation —...
Compiled by Federal News Radio Staff
Although the federal government has made progress on cybersecurity in recent years, several items remain on the agenda for agencies to secure their networks.
With the help of cybersecurity experts both in and out of government, Federal News Radio has compiled a list of the major items still on the government’s cyber to-do list. (The items are in no particular order.)
— The Senate failed to update any cyber laws over the last three years, whether they were controversial, such as how to address critical infrastructure systems, or widely accepted, such as the update to the Federal Information Security Management Act (FISMA). The House passed four seperate cyber bills, but all failed to gain significant traction in the Senate.
—
— The Office of Management and Budget found in the fiscal 2011 FISMA report to Congress that while 90 percent of all federal employees have HSPD-12 compliant smartcards, only four agencies — the departments of Defense, Education and Agriculture and the General Services Administration — required at least 44 percent of all users to log onto the network using the cards. Of the other 18 agencies, only four showed any progress — the departments of Homeland Security, State and Commerce and NASA — in using the cards. Agencies need to implement smart card readers and get away from usernames and passwords for logging onto networks and computers.
— By some estimates, 1 in 10 technology systems or products have counterfeit parts in them. And there is no way to estimate how many IT systems have malicious malware or back doors. DoD and the White House are working on supply chain policies, but the government continues to buy based on price in order to meet cost and schedule requirements, which often drives them to acquisitions from untrusted and unauthorized sources from online brokers or gray market providers.
—
— The Obama administration pushed agencies into the cloud, but without a clear approach to defend the systems in the cloud. OMB launched the Federal Risk and Authorization Management Program (FedRAMP) to bring standardization to the way cloud services are accredited and authorized. GSA, DoD and DHS must bring FedRAMP to full operational capability.
—
— A White House task force is developing a new policy to combat the potential of employees or contractors doing harm to federal networks. The draft policy is going through the interagency review process.
— The National Strategy for Trusted Identities in Cyberspace has been hailed by cyber experts as a much needed and potential game-changer. The program just awarded five pilots, $10 million total, to test concepts for using third-party credentials to log onto government and private sector services.
—
Like this story? Be sure to check out our list of Top Cybersecurity Accomplishments, 2006-2012, as well as the following stories from Federal News Radio’s special report, Cybersecurity Rising.
Preventing cyber Pearl Harbor tops DoD’s priorities
Cyber progress fueled by agency brass recognition
Column: Cyber dominance meaningless without skilled workforce (Rep. Jim Langevin, D-R.I.)
Column: Cyber inaction may be our Achilles’ heel (Rep. Mac Thornberry, R-Texas)