With headlines like these, just in the past couple of days, it is little wonder why the Obama Administration is taking the threat of cyber attack so seriously. Without question, the threat is real, and our response must match it in intensity, security, and creativity.
Last May, the President set the tone for our actions when he said the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America's economic prosperity in the 21st century will depend on cybersecurity.”
In the days since then, federal CIOs have worked closely with the President's Cybersecurity Coordinator, Howard Schmidt, and other technology officials in the government to create a stronger, more flexible, more reliable system of protections. We have made significant strides, but there is still much work ahead.
Today, we are taking the next step with the release of new FISMA (Federal Information Security Management Act) guidance. We are shifting the focus from old-styled, paper-based reports to real-time electronic data that feed directly and immediately into security monitoring and alert systems. This change means that agencies will be able to identify vulnerabilities faster and actively protect against attacks.
The new approach is the result of many months of work by an interagency task force that reached out not only to agency officials but also to the private sector. The group identified best practices and innovative approaches that will make our cybersecurity efforts more effective and efficient.
In the past, federal agencies spent enormous time and money creating the old paper-based reports. The State Department alone, in the past six years, spent $133 million amassing 95,000 pages of security documentation for about 150 major IT systems. This works out to roughly $1,400 per page in reports that were often outdated days within being published.
As we move away from the old-style reports and into a more real-time system of security data feeds, we are implementing solutions that actually help to protect the country rather than simply generate paperwork.
In order for the government to focus on the necessary automation and continuous monitoring of the security status of all systems, the Department of Homeland Security (DHS) will provide operational support to all federal agencies. DHS will monitor and report agency progress to ensure the effective implementation of this guidance.
A secure, trusted computing environment in the federal government is the responsibility of everyone involved. It requires employees, contractors, and the American people working together to create a culture of vigilance and security so we can efficiently leverage the power of technology while respecting the privacy and civil liberties of the American people. This won’t be easy, nor will it take place overnight. But the actions we are implementing today will move us to a stronger federal cyber defense and a more secure country overall.
Vivek Kunda is U.S. Chief Information Officer