COMMENTARY

3 federal IT security predictions for 2011

How use of consumer tech will reshape federal security

Patricia Titus is vice president and global chief information security officer at Unisys.

In 2010, unprecedented numbers of workers invested their own resources to buy and learn to use a broad range of consumer technologies. Inevitably, those devices found their way into enterprises as employees began using them to get things done in the workplace.

As the nation’s largest employer, the federal government stood little chance of escaping that trend. It must now work to successfully navigate a swiftly changing landscape by supporting employees’ desire for convenience and efficiency while guarding against the security challenges that arise as thousands of new devices and applications are introduced into the enterprise. The recent increase in telework, which will expand even further with the passage of the Telework Enhancement Act, is also driving that need.

Therefore, we can expect to see three important federal IT security trends emerge in 2011.

1. Increased focus on security policies for consumer devices. A recent Unisys-sponsored study revealed that employers, including the federal government, often do not have an accurate understanding of which technologies their employees are using in the workplace. As a result, new vulnerabilities are cropping up at the perimeters of agency networks.

In the coming year, we can expect to see the federal government reassess and extend its security policies beyond the network. We’re already seeing an increase in virtualization, and it will be expanded to the devices teleworkers use to ensure that government data falls within defined security policies. Other policy changes will likely focus on authenticating the identities of device users and encrypting enterprise data as it traverses the network.

2. Use of biometric technology to secure mobile devices. Already a leader in the use of biometric technology, the federal government will begin using it to help secure mobile devices.

Recent Unisys Security Index research shows that although many consumers are taking steps to protect themselves against cyber crime and identity theft, only slightly more than one-third of Internet users in the United States regularly use and change passwords on their mobile devices.

In addition to the use of biometric tools, such as face or voice verification, to supplement user IDs and passwords, we can expect to see an increase in the use of token-based encryption to authenticate mobile device transactions, similar to how financial institutions allow online banking applications to run on handheld devices. The Federal Emergency Management Agency was the first agency to deploy such a capability — for online claims processing after catastrophic events — and more agencies will move toward delivering citizen services via those types of secure transactions in 2011.

3. Business continuity planning as a defense against cyberattacks. The growing use of consumer technologies to conduct business can drive new options for business continuity in the event of a cyberattack.

With more devices dependent on the Internet, we can expect to see increased interest in business continuity planning in 2011. That focus might include greater federal investment in alternative communications paths, such as automatic rerouting of voice over IP to satellite phones or the use of personal cell phones for critical communications in the event of an Internet outage.

Agility and innovation will be watchwords in 2011 and beyond as the government seeks to ensure the security of its networks and data while supporting employees’ desire to use powerful consumer tools — such as instant messaging, smart phones and tablet PCs — to stay informed and productive in their personal and professional lives.

About the Author

Patricia Titus is vice president and global chief information security officer at Unisys.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Mon, Jan 31, 2011 DC

There's a reason Patty's not at TSA any longer. She's thinking short when she should be thinking long. Consumer devices in the Fed workplace? Please. I can thing of 100 more important issues facing us in 11 than this.

Fri, Jan 28, 2011 WOR

I would have to disagree. "as the government seeks to ensure the security of its networks and data while supporting employees’ desire to use powerful consumer tools — such as instant messaging, smart phones and tablet PCs" Well, this will happen very slowly. The risk involved in a breach/hack (bad PR, Administration and congressional scrutiny) is too high for HQ vs. the reward (workers get gadgets they swear will make them more productive somehow). Already, federal agencies have a hard time protecting a few chosen standard operating systems. Are they going to open the door to many others, which often have short upgrade cycles, while IT departments suffer cuts? Are they going to allow devices which don't have verified encryption modules, or with unverified biometrics? Few if any smartphones or tablets have FIPS verification required for federal use. And yes, an encrypted vm/vpn can run on some, but then the user is just using the base hardware without the user interface which is so important to the consumer experience. I think data like "only slightly more than one-third of Internet users in the United States regularly use and change passwords on their mobile devices" puts up big red flags for agencies, and when the goal is zero security incidents, they just look too risky.

Thu, Jan 27, 2011

I just puked in my mouth reading this, here is my three: 1. Automation of compliance requirements- To reduce the total cost of ownership for compliance and re-invest that savings into more critical areas 2. Focus on Cyber Domain awareness- We dont know what we know 3. Tactical Risk Management- Risk management based on the operating environment and the threats to that environment and not a canned risk management process

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group