Howard Schmidt on Federal Cyber Security Priorities

Tuesday, March 27, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

Howard A. Schmidt, Obama's Cybersecurity Coordinator and Special Assistant to the President, posted a blog on the White House website in which he outlines an agency-wide effort to improve the federal government's cyber security posture.

"My goal is that by the end of 2014, Federal departments and agencies will achieve 95 percent utilization of critical administration cybersecurity capabilities on Federal information systems, including Trusted Internet Connections (TIC), Continuous Monitoring, and Strong Authentication," Schmidt stated.

Chief among the concerns Schmidt noted are the strict budgetary constraints which dictate that network security implementations need to be thoroughly scrutinized so that the limited resources available can be geared towards those technologies that are deemed to have the most impact.

"Federal Departments and Agencies must defend their information systems in a resource-constrained environment, balancing system security and survivability while meeting numerous operational requirements requires robust risk management," said Schmidt.

Schmidt, working in conjunction with several federal entities, has identified three key areas for agencies to focus on when considering improvements to their information systems security procurements.

"Federal Departments and Agencies need to focus their cybersecurity activity on a few of the most effective controls. This is why my office, in coordination with many other Federal cybersecurity experts from DHS, DOD, NIST, and OMB, has identified three priority areas for improvement within Federal cybersecurity:"

  • "Trusted Internet Connections (TIC)- Consolidate external telecommunication connections and ensure a set of baseline security capabilities for situational awareness and enhanced monitoring."
  • "Continuous Monitoring of Federal Information Systems -Transforms the otherwise static security control assessment and authorization process into a dynamic risk mitigation program that provides essential, near real-time security status and remediation, increasing visibility into system operations and helping security personnel make risk-management decisions based on increased situational awareness."
  • "Strong Authentication– Passwords alone provide little security. Federal smartcard credentials such as PIV (Personnel Identity Verification) and CAC (Common Access Cards) cards provide multi-factor authentication and digital signature and encryption capabilities, authorizing users to access Federal information systems with a higher level of assurance."

Schmidt also announced the issuance of a multi-agency initiative which takes into consideration compliance requirements as outlined by FISMA and the Government Performance and Results Modernization Act of 2010.

"To support implementation of these priorities, I am leading a Cross-Agency Priority (CAP) Cybersecurity goal, one of a limited number of Cross-Agency Priority (CAP) Goals for both crosscutting policy and government-wide management areas... Many Departments and Agencies have been working on these areas for several years, and there has been much progress. By focusing on these priorities we plan to push adoption past the tipping point of adoption for all Federal systems," Schmidt said.

Source:  http://www.whitehouse.gov/blog/2012/03/23/federal-departments-and-agencies-focus-cybersecurity-activity-three-administration-p

Possibly Related Articles:
12982
Network->General
Authentication Compliance Budgets Government Cyber Security FISMA Headlines Network Security Monitoring Howard Schmidt
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.