Home > United Nations Online Network in Public Administration and Finance (UNPAN)
1. Global
2. Africa
3. Arab States
Arab States
4. Asia & Pacific
Asia & Pacific
5. Europe
6. Latin America & Caribbean
Latin America & Caribbean
7. North America
North America
UNPAN North America
Public Administration News  
U.S.: Women of Washington - Cybersecurity in Government
Source: federalnewsradio.com
Source Date: Sunday, November 12, 2017
Focus: Institution and HR Management
Country: United States
Created: Nov 13, 2017

Technology will continue to transform and agencies have to ensure their systems are up-to-date to protect sensitive and personal information from evolving cyber threats. On this episode of Women of Washington, host Gigi Schumm spoke with three female executives on how their agencies are working on ways to defend their systems and how they can work together.

The guests include Marti Eckert, chief information security officer at the Social Security Administration, Betsy Kulick, deputy program manager for the Continuous Diagnostics and Mitigation (CDM) program at the Department of Homeland Security and Marcie Nagel, principal at Booz Allen Hamilton.

Understanding potential threats is the first step in terms of protection.

Government agencies and those associated with them and U.S. citizens have to stay one step ahead of the groups, nation-states, “hacktivists,” and others that are consistently working on new ways to immobilize the federal government or steal private information.

Eckert said the techniques used by these groups are being modified or upgraded just as often as new programs are being developed to combat them.

“Our programs will also [have to] evolve to meet those new threats. But, we see that continued evolution and maturation of that threat environment,” Eckert said.

The Social Security Administration is responsible for the personal information of millions of Americans – and that is not a responsibility Eckert takes lightly.

To combat attackers who wish to steal that information, the agency’s cybersecurity program needs to be comprehensive, integrated and holistically robust. Ekert said one of the main issues the agency faces when it comes to the protection of that sensitive information is the old software of some of the legacy systems.

One solution on the surface is to upgrade to more modern technology, or to build cybersecurity programs to include protection of these existing systems.

The CDM program, a major component of the Department of Homeland Security’s Computer Emergency Readiness Team, was put in place to do just that.

Kulick has been involved in the program from the beginning, and said its main goal is to help agencies meet their obligations in terms of security. The program works both with individual agencies and groups of agencies (called Information Security Continuous Monitoring) to help government employees and contractors understand the same language and the same picture.

“As we know, agencies are very complex. They have different missions and those were some of the things holding them back,” Kulick said. “But on the positive side we’ve gotten tools for the cyber hygiene part of CDM out to all of the … agencies.”

She said almost all of the agencies (about 13) included are up to date – but you can’t protect what you don’t know about.

Alongside open cyber threats, the agencies also have to deal with internal and external shadow IT. In other words, technology developed behind-the-scenes and without leadership approval. Not always a bad thing necessarily, however, it does take a toll on asset management.

Once these threats are weeded out and as technology continues to evolve in both directions, agencies need to find the proper balance between convenience and security for their stakeholders and their information.

Booz Allen’s Nagel said that once the government builds a strong system across the agencies, the threat would become less.

“Once we build common capability across, then we can work toward automation of cyber operations to help with some of the workforce limitations that we have, [such as] automation of instant response, minimizing the time to detect respond and mitigate and then, eventually, we will get to a position where we can achieve that ongoing assessment and authorization where there [are] no more 3-ring binders,” she said.

The next horizon is the continuous monitoring inside civilian agencies.

(By Steff Thomas)
News Home

 Tag This
 Tell A Friend
del.icio.us digg this Slashdot
0 ratings
Views: 116

Comments: 0 Bookmarked: 0 Tagged: 0

0 Comments | Login to add comment

Site map | FAQs | Terms and Privacy | Contact Us
Copyright 2018 by UNPAN - United Nations Public Administration Network