Security chiefs get council
- By Diane Frank
- Dec 07, 2003
SANTA CLARA, Calif. — Information security is a such a big issue at federal agencies that senior officials are now creating a Chief Security Officers Council to work alongside other governmentwide councils.
There is already a CIO Council, a Chief Financial Officers Council and a Chief Human Capital Officers Council, but security is so complicated that Amit Yoran, director of the Homeland Security Department's National Cyber Security Division, decided to initiate a council focused on that issue.
Chief information officers "have a lot on their plate," Yoran said at the National Cyber Security Summit here, "and under [the Federal Information Security Management Act], every agency must have a security official...and this allows them to collaborate and discuss issues."
In the meantime, agencies need to go beyond simply continuing the work they have done under FISMA and push for significant improvements, Yoran said. "To date, the government's track record in securing its own systems is unacceptable," he said.
Finding more ways to share best practices and ideas is always beneficial for agencies, said Ed Roback, chief of the Computer Security Division at the National Institute of Standards and Technology.
Indeed, agency CIOs are often aware of the chief security officers' concerns but don't have the time or resources to tackle them, said Sallie McDonald, director of strategic partnership in DHS' Information Analysis and Infrastructure Protection Directorate.
The new council will work closely with the CIO Council but will have a separate forum in which chief security officers can get together and discuss problems, tactics and best practices, which should make the task of improving security a little bit easier, Yoran said.
According to one DHS official, Yoran and others are discussing possibilities with Karen Evans, administrator of e-government, information and technology policy at the Office of Management and Budget, which oversees the CIO Council. Evans could not be reached for comment.