Policy

GSA seeks public comments on infrastructure protection

power tower

GSA is seeking advice on protecting the nation's power system and other critical infrastructure from cyberattacks. (Stock image)

The General Services Administration has issued a request for information on the topic of making the federal government's cybersecurity more resilient.

The RFI, issued in partnership with a federal cybersecurity interagency working group, is "a key step to improving acquisition cybersecurity policy, implementation, and consistency to better manage risks and security," according to GSA's announcement.

It specifically pertains to an executive order and a presidential policy directive dealing with cybersecurity to protect the nation's critical infrastructure, such as power, transportation, health care and other sectors that are vital to the country's daily life. President Barack Obama issued the documents in February.

"Collaboration and cooperation allow government to deliver critical services to our federal partners and, most importantly, the American people," GSA Acting Administrator Dan Tangherlini said in the announcement. "The RFI is an important first step to a public/private partnership that will help secure our nation's infrastructure. Developing these cybersecurity procurement recommendations is a priority for GSA and the interagency working group."

The announcement comes on the heels of Capitol Hill testimonies from three top Homeland Security Department officials who on May 16 underscored current threats to critical infrastructure.

Charles Edwards, DHS deputy inspector general, told a House Homeland Security subcommittee that industrial control systems used in much of the nation's critical infrastructure is increasingly under attack. Edwards warned of dire consequences should the attacks continue to escalate, and noted five specific attacks on various parts of the energy sector, including oil and gas companies and power distribution companies.

"A recent survey revealed that a majority of the companies in the energy sector had experienced cyber attacks, and about 55 percent of these attacks targeted [industrial control systems," Edwards said in his testimony. "These attacks involved large-scale denial-of-service and network infiltrations. Successful attacks on ICS can give malicious users direct control of operational systems, creating the potential for large-scale power outages or man-made environmental disasters and cause physical damage, loss of life, and other cascading effects that could disrupt services."

Two other officials highlighted growing efforts to better share information between agencies, something the cybersecurity executive order specifically mentions.

"Successful response to dynamic cyber threats requires leveraging homeland security, law enforcement, and military authorities and capabilities, which respectively provide for domestic preparedness, criminal deterrence and investigation, and national defense," Roberta Stempfley, acting assistant secretary of the office of cybersecurity and communications in DHS' National Protection and Programs Directorate, and Larry Zelvin, director of DHS' National Cybersecurity and Communications Integration Center (NCIC), wrote in a joint testimony.

Stempfley and Zelvin outlined work at the NCIC as it ramps up activities in conjunction with the executive order, and also discussed the changing role of the government writ large in its approach to national cybersecurity.

"As today's physical and cyber infrastructures become increasingly linked, critical infrastructure and emergency response functions grow ever more inseparable from the information technology systems that support them," they noted. "The government's role in this effort is to share information and encourage enhanced security and resilience, while identifying and addressing gaps not filled by the marketplace."

To read the RFI and provide comments, click here to go to the Federal Register.

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Tue, May 21, 2013

When goverment does not go after top MIT or IT people and pay them the money to figure all this out then we will continue to be behind the 8 ball from all the hackers. It is had to beat this people but like every good offense you need good defense. Instead of paying Senators and Congressman who sit on there rumps and collect money why not pass that on to IT who can actually get some work done and help this country. You need great thinkers and doers to get the job done and until you go get it you will not suceed in what you want. What is that great saying we have lost in the mist "Ask not what your country can do for you but ask what you can do for your country". That does not mean line your pockets with gold, yes live a good life and provide for your family, et.. but if your are a servant for your people then serve or get the h... out of the way so some one else can do the job.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above