Time to Get Serious About Federal Government Cybersecurity

Posted on by

From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:

It is generally accepted that, as the National Institute for Standards and Technology points out, cybersecurity threats exploit the increased complexity and connectivity of our critical infrastructure systems and can potentially place the nation's security, economy, and public safety and health at risk. Like financial and reputational risk, cybersecurity risk affects the bottom line of both companies and nation-states. It can drive up costs and impact revenue. It can harm the ability to innovate and to gain and maintain customers, as well as make it difficult to meet the needs of citizens.

To address these risks, President Obama issued Executive Order 13636, "Improving Critical Infrastructure Cybersecurity," on Feb. 12, 2013. According to the Department of Homeland Security, this executive order directed the executive branch to do five things: develop a technology-neutral voluntary cybersecurity framework; promote and incentivize the adoption of cybersecurity practices; increase the volume, timeliness, and quality of cyber threat information sharing; incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure; and explore the use of existing regulation to promote cybersecurity.

Almost exactly one year later, a cyber intrusion began at the United States Office of Personal Management. This intrusion went undetected for 13 months. As the Wall Street Journal, U.S. News & World Report and other media reports noted, this intrusion was described by Federal officials as among the largest breaches of government data in the history of the United States. Information targeted in the breach included personally identifiable information, such as Social Security numbers, as well as names, dates, places of birth, and addresses. The hack even involved the theft of detailed security clearance-related background information, including more than 5.6 million sets of fingerprints.

Clearly, EO 13636 was insufficient to prevent a major cybersecurity event.

Less than a month ago, President Trump signed a new executive order, "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure," designed to protect American innovation and values. This new executive order, which reflects considerable analysis, opens with four findings: that the executive branch has for too long accepted antiquated and difficult-to-defend IT; that effective risk management involves more than just protecting IT and data currently in place; that known but unmitigated vulnerabilities are among the highest cybersecurity risks faced by executive departments and agencies; and that effective risk management requires agency heads to lead integrated teams of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy, and human resources.

The executive order goes on to explicitly hold agency heads accountable to the president for implementing risk management measures commensurate with the risk and magnitude of the harm that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of IT and data. It also mandates the use of the rigorous and recently revised Framework for Improving Critical Infrastructure Cybersecurity developed by the National Institute of Standards and Technology that EO 13636 deemed voluntary.

Will this new executive order make a difference? The answer may rest in the implementation and enforcement of the order. With parallel progress in both pattern recognition algorithms and microelectronic technology, machine learning and artificial intelligence can likely already bridge the gap between the enormous volume of government intelligence data and people capable of analyzing it, as Jason Matheny, Director of the Intelligence Advance Research Project Agency, has forecast. IBM's Watson, for example, can understand all forms of data, interact naturally with people, and learn and reason at scale. Accordingly, the compromise of even sensitive but unclassified information when analyzed by sophisticated means could enable perpetrators to "connect the dots" and jeopardize national security.

In this environment, will "mistakes" or negligence leading to compromised information be tolerated or will they be dealt with severely? Will agency heads be held accountable or will they get a pass? Will "antiquated and difficult-to-defend IT" be tolerated or will rigorous processes and modern applications, like layered security, limitations within network security, encryption of data at rest and in motion, and policy engines used in conjunction with access restriction and auditing software be mandated, implemented, and audited?

The answers will be revealed over the next weeks and months.

The challenge is clear--a well-thought-out and rigorous policy for Federal government cybersecurity is in place, now it must be implemented and enforced. Time is not on our side; the next hack or the next serious incident due to the negligence of a government employee or contractor could happen tomorrow or the next day. It is time to get serious about Federal government cybersecurity.

View original post on MeriTalk

Update Your Event Through Sponsorship

Posted on by

Virtual Reality, Streaming Video, Mobile Apps, Fitness/Health sessions - these are all hot trends at events and can make one event stand out among the rest. But how do you integrate them into an event that is working on a tight budget and even tighter resources. The answer? Sponsorship.

We've written about the changing expectations of sponsors. No longer is a logo on a sign enough incentive for companies to support your show. They want interaction with attendees, they want a deeper connection. Creating a whole new sponsor program to accommodate this need can feel like another item on the to-do list, but if you combine these opportunities with your desire to update your event you end up killing two birds with one stone.[Tweet "Combine the updates to your event with updates to your sponsor opportunities. #GovEventsBlog"] Continue reading

Here’s How the Trump Budget Treats Cyber

Posted on by

From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:

President Donald Trump's 2018 budget proposal boosts cyber defense funding at the Homeland Security Department and commits new money to help law enforcement fight cyber criminals and ferret out the communications of terrorists and criminals using cop-proof encryption.

The budget also touts that, for the first time, it aligns federal IT spending with a cybersecurity framework developed by the National institute of Standards and Technology. That was the main requirement of an executive order Trump released earlier this month, which mandated federal agencies adhere to the framework and stated agency leaders would be held personally responsible for lapses in cyber protections.

Continue reading

The Data Center Takes Center Stage

Posted on by

The Data Center is at the heart of our information-centric world and as such is key to government IT modernization efforts. Recognizing this, the Federal government introduced the Data Center Optimization Initiative (DCOI) in 2016 that requires agencies to meet specific consolidation, energy efficiency, and cost reduction goals by 2019. This initiative is an extension of and supercedes the Federal Data Center Consolidation Initiative (FDCCI), which focused primarily on reducing the data center real estate footprint. The investigation into data center utilization resulted in the closure of 1,900 data centers and nearly $1 billion in savings. DCOI operates on a similar premise of looking at underperforming data center assets, but extends the examination to energy efficiency and cost impacts. [Tweet "Meeting your #DCOI consolidation, energy efficiency, and cost reduction goals? #GovEventsBlog"]

To stay on track for the 2019 deadline, agencies will have to show they meet the following metrics by September 2018: Continue reading

Innovation at Work in Government

Posted on by

Reading through the Federal IT media and even mainstream media we are seeing two words in close proximity fairly frequently - government and innovation. These two words once thought to be polar opposites are now enjoying a new relationship. On the whole, government agencies are being encouraged to step away from the, "this is how we've always done it" mentality and looking for ways to deliver government to the people in a more modern and efficient way. Much of this encouragement is in the form of mandates as well as out of necessity with aging legacy infrastructures.

So how is this innovation happening? First, there are organizations designed to help agencies make the shift from traditional government thinking to a more forward-leaning, private sector model of technology development and change management.[Tweet "How is innovation happening in #Government? #GovEventsBlog #Innovation"] Continue reading