Time for a new look at security

Federal security certification and accreditation policies don’t reflect modern networked environments and impede new mandates to share intelligence information, according to intelligence community experts who say they plan to streamline their security procedures.

Beginning this summer, the Office of the Director of National Intelligence (ODNI) will collaborate with other federal, business and academic partners to re-engineer certification and accreditation, said Dale Meyerrose, associate director of national intelligence and chief information officer at ODNI. Many aspects of security certification and accreditation, particularly when applied to intelligence systems, date from a pre-network, pre-Internet era, Meyerrose said.

He added that the federal government also needs a strategy for sharing intelligence information. Agencies should think big, start small and grow their information-sharing capabilities quickly, he said. And they should create an information-sharing cycle that every organization follows.

The processes that federal agencies use to meet mandatory security requirements need updating because they simply take too long to complete, said Daniel Kent, director of systems engineering for Cisco Systems’ federal sales organization.

Kent and Meyerrose spoke March 28 in Washington, D.C., as members of a panel organized by the Flyzik Group, Federal News Radio and Trezza Media Group.

The FBI and other organizations struggle with certification and accreditation procedures, said Zalmai Azmi, the FBI’s CIO. The bureau will work with the Justice Department and ODNI to streamline those procedures and develop uniform standards for all departments, Azmi said. Guidance from ODNI will be crucial, he added.

The federal government also needs to make greater progress on sharing intelligence information, the panel members said. Business leaders are frustrated that discussions about sharing information have produced few implementations since the 2001 terrorist attacks, said Greg Baroni, president of Unisys’ Global Public Sector. “I feel like there has been a loss of urgency.”

Azmi said federal classification policies have impeded information sharing. The government should review whether its information is overclassified, he said.

The FBI has reviewed its data and will share some of it with state and local partners through a regional data exchange program that the bureau is developing, he added.

Most security experts agree that information sharing won’t improve unless it becomes a priority. “Determining priorities in this business is something we all have to work at, and I don’t think we’re there yet,” said Carter Morris, director of information sharing and knowledge management at the Homeland Security Department.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group