Where to go

Federal, state and local technology

officials have a number of evolving

and existing training resources to help with cybersecurity plans. Here are some that they consider to have the most


— The Homeland Security Department (www.dhs.gov) has consolidated a number of formerly independent cybersecurity agencies under its umbrella.

— The Information Analysis and Infrastructure Protection Directorate (IAIP) now incorporates the former National Infrastructure Protection Center and the Critical Infrastructure Assurance Office (www.ciao.gov). CIAO-related projects include help for federal entities in analyzing the strength of their critical infrastructures, including information technology systems, and information on how to protect systems from cyberattacks.

— Also within the IAIP is the National Cyber Security Division (www.dhs.gov/dhspublic), which will identify and offer ways to mitigate IT vulnerabilities. NCSD will send out warnings about impending threats to computer networks and offer technical assistance to keep systems up and running if an assault occurs. In September, DHS officials appointed Amit Yoran, formerly a Symantec Corp. vice president, as the division's director.

— Federal Computer Incident Response Center (www.fedcirc.gov), also within IAIP, reports IT security incidents. An associated resource, the Patch Authentication and Dissemination Capability, lets security officials download authenticated software patches to plug security holes in applications, operating systems and network components.

— InfraGard (www.infragard.net), a combined effort led by the FBI and other public and private agencies, offers federal, state and local law enforcement officials training in computer intrusion vulnerabilities and network security analysis. The group also collects and investigates cyberassaults and distributes e-mail alerts of cyberattacks.

— The National Cyber Security Alliance, a collaboration between DHS and industry, operates Stay Safe Online (www.staysafeonline.info), a Web site with basic security education that is becoming a model for state projects to raise security awareness among employees.

— The National Institute of Standards and Technology's Computer Security Division (www.csrc.nist.gov) is a wide-ranging source for workshops related to developing computer security standards and guidelines, as well as best practices summaries, a database of known vulnerabilities in commercial hardware and software, and their patches.

NIST also is responsible for developing and posting for public review standards relating to the Federal Information Security Management Act, a set of

guidelines for securing federal IT systems. According to Edward Roback, the division's chief, the organization also staffs a SWAT team that can help agencies review their security programs and advise them on how best to invest IT security funds. The latter services are fee-based,

depending on the scope of the individual assessment.

— Also within NIST is the Federal Computer Security Program Managers' Forum, a group of approximately 500 federal IT officials that meets six times a year to discuss security issues. E-mail communications throughout the year enable federal officials to share security problems and discuss solutions. Although the forum is closed to those outside the federal government, it supports the Federal Agency Security Practices Web site (www.csrc.nist.gov/fasp), a clearinghouse for security policies and procedures tested and in use by federal agencies that may be models for state and local efforts.

— The IT Information Sharing and Analysis Center (www.it-isac.org) is a 2-year-old effort by about 25 IT companies to share information about security threats, responses and best practices with state and local IT authorities. It partners with the National Association of State Chief Information Officers (www.nascio.org) to disseminate information to state CIOs.

— The Software Engineering Institute (www.sei.cmu.edu) is based at Carnegie Mellon University and sponsored by the Defense Department. Among its course offerings are classes for IT managers and their technical staff in creating security response teams to react to and prevent attacks. The university is also part of a newly announced initiative with DHS called the U.S. Computer Emergency Response Team (www.us-cert.gov), which is chartered to develop detection tools and dispense security information via the Internet. US-CERT plans to create a cybersecurity tracking center to aid in responding to attacks.

About the Author

Alan Joch is a freelance writer based in New Hampshire.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.


  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group