From securing the cloud to unwrapping new architecture compliance requirements, 2011 was a busy year for the tech public sector. In the New Year's spirit of renewal and rededication, here are five resolutions federal agencies should make. 1. Leverage IT to meet budget requirements The government fiscal landscape changed radically in the last year with budget cuts across the majority of federal agencies. The Obama's Administration fiscal 2012 budget proposal calls for a five-year discretionary spending freeze along with $33 billion in additional cuts. Yet, there is a reason why federal IT spending to commercial contractors is expected to grow five percent annually.
Earlier this year, detailed information about the bomb resistance of a new Department of Defense (DoD) building in Virginia was compromised. Reuters broadcast the information worldwide. The news organization did not obtain the document by hacking network systems, but rather accessed the "official use only" document on the Army Corps of Engineers website. This incident is just one example of the thousands of data breaches that occur as a result of internal information leakage rather than an outside attack. In their 2011 Information Security Report, the U.S. Government Accountability Office (GAO) shed light on why internal leaks are so prevalent.
One of the government's premier scientific research institutions is focusing its resources on defending computer systems against cyberattackers. The Sandia National Laboratories has concluded a recent two-day conference on cybersecurity by announcing plans for a new Cyber Engineering Research Institute (CERI) that will have a presence on both Sandia campuses in New Mexico and California. CERI is expected to more closely coordinate with industry and universities in developing new tactics to enhance cybersecurity.
(ISC)², the not-for-profit information security professional body that administers the Certified Information Systems Security Professional certification, announced this week the winners of its eighth annual U.S. Government Information Security Leadership Awards. Among the winners are a cyber dashboard that foiled a number of attacks against U.S. Defense Department email accounts, a cyber training program for U.S. Air Force Space Command, and a Department of Homeland Security effort to develop a central coordination point for strategic security awareness.
Cybercrime legislation should be technology agnostic to ensure technological advances do not make the laws obsolete, says James A. Baker, deputy attorney general for the U.S. Justice Department. Baker testified before the Senate Judiciary Committee during a September 7 hearing on updating the Computer Fraud and Abuse Act to combat emerging cyberthreats.
In the midst of a global cyberspace crisis, the U.S. Defense Department faces many hurdles in its effort to protect and defend government computer networks. According to an unclassified version of a previously issued classified report from the U.S. Government Accountability Office (GAO), several cyberspace capability gaps exist. The U.S. Cyber Command is decentralized and spread across various offices, commands, and military services and agencies, which makes the supporting relationships necessary to achieve command and control of cyberspace operations unclear. In response to a major computer infection, the U.S.
The Air Force and Arlington County, Virginia, are taking preventative measures against hackers such as the ones that recently attacked Sony, costing them over $170 million. It's not just money at risk for government networks, however.
The Air Force has the lead for the Next Generation Airspace and lead for the Department of Defense. Arlington County, which collaborates extensively with the department on many levels, has undertaken continuous monitoring and risk analysis and is currently evaluating its supervisory control and data acquisition (SCADA) systems.
In an era of social media, smart phones and WikiLeaks, information assurance is increasingly critical to the mission of the U.S. Marine Corps. And Brig. Gen. Kevin Nally, USMC, chief information technology officer, has his hands full ensuring that information flows smoothly and securely throughout the service. Among the general's ever-growing list of issues to address, one goal remains supreme: achieving a seamless enterprise capability to enhance decision-making and give Marines an advantage over their enemies.
In less than 30 days, the U.S. Defense Department will dish out 11 prizes for innovative solutions to real-world challenges facing digital forensics examiners. And it's not too late to join the fight against cyber crime. Submissions for the 2010 Defense Department Cyber Crime Center (DC3) Digital Forensics Challenge will be accepted until November 2.
Maintaining stability in one of the most diverse, dynamic regions of the world will take a concerted effort among all particants holding a positive stake in the future. To achieve that goal, nations and organizations must band together to iron out the rough spots even when some players remain reticent about cooperation. In this month's issue of SIGNAL Magazine, Robert K. Ackerman strikes a chord with his interview featuring the commander of Pacific Command (PACOM), Adm. Robert F.
Kratos Defense & Security Solutions Incorporated recently announced that it has received a U.S. Navy services contract to perform information technology, information assurance and cybersecurity services supporting the Pacific Region. The contract is valued at $8 million if all options are exercised. Kratos will provide a variety of technology services including customer/user service support; system operations support; information assurance and cybersecurity support; adoption and deployment of the web-centric development program; secure network administration and secure wireless systems support; and process improvement of knowledge management.
The United Kingdom is giving its defense structure a good hard look, with plans to revamp its architecture, mission and capabilities. Recognizing the need to move away from a mentality built on Cold War threats, U.K. leaders have commissioned several studies to determine the way ahead. In this issue of SIGNAL Magazine, Robert K. Ackerman gleans insight on the goals of the U.K.
SRC Incorporated recently received a contract from the Department of Homeland Security's Immigration and Customs Enforcement (DHS-ICE) agency with a potential value of nearly $42 million to establish and maintain a Security Operations Center to help protect critical information technology infrastructure. This contract will enable ICE to monitor its information technology assets 24 hours a day and evaluate and respond to cyber security threats. SRC will lead a team to provide innovative cybersecurity solutions, process improvement strategies and best-of-breed technologies for ICE.
SRC Incorporated, formerly Syracuse Research Corporation, announced it has been awarded a contract from the Department of Homeland Security's Immigration and Customs Enforcement investigative agency with a potential value of nearly $42 million to establish and maintain a Security Operations Center to help protect critical information technology infrastructure. SRC will lead a team to provide innovative cybersecurity solutions, process improvement strategies and best-of-breed technologies.
No matter how much we think technological solutions will be the panacea for all our information assurance concerns, there's still the human factor to consider, writes Linton Wells II in this month's Incoming column, "Uneasy Sleep in a Golden Age":
ManTech International Corporation announced today that it received a new contract to support the U.S. Department of Agriculture Office of the Chief Information Officer, Agriculture Security Operations Center. ManTech will provide continous incident handling and strategic support to help detect and report malicious cyber activities on the agency's enterprise information infrastructure. The contract is estimated to be worth nearly $11 million.
Part 2 of 2
Defense Department IT budgets are now fully mortgaged to support ongoing operations and maintenance, while most large development funds are still paying for continuation of programs that were started years ago. With regard to the concerns I've raised in my previous post, here are some ideas on what should be done:
First of two parts.
According to Air Force LTG William Lord, 85 percent of cyberoperations are in defense. That being the case, How should the Defense Department protect its network and computer assets? A 2009 RAND Corporation report on cyberdeterrence asserts "...most of the effort to defend systems is inevitably the ambit of everyday system administrators and with the reinforcement of user vigilance." The report also states "...the nuts and bolts of cyberdefense are reasonably well understood."
Apply Now for CyberPatriot III
The Air Force Association (AFA) is now collecting applications for CyberPatriot III-a nationwide competition that aims to educate students in science, technology, engineering and mathematics (STEM) and to foster the next generation of national security professionals in the United States.
The U.S. Defense Department must secure the cyber domain to protect and defend its own information and U.S. citizens, Gen. Keith B. Alexander, USA, commander of U.S. Cyber Command said today during the opening address of LandWarNet 2010. Gen. Alexander also serves as the director of the National Security Agency. "Every link and system has vulnerabilities that we have to defend," he stated. Gen. Alexander organized his speech by comparing warfare in the past with the movie WarGames and cyberwarfare to the movie The Matrix. In the former movie, as in nuclear warfare, there is no good engagement option because of assured mutual destruction.