Cybersecurity

Heartbleed tested agency readiness

Heartbleed Logo

Agencies that were most active in achieving government-wide cybersecurity goals had an easier time mitigating the threat posed by the Heartbleed vulnerability, said Ari Schwartz, director for privacy, civil liberties and cybersecurity policy at the White House.

Systems that had implemented basic hygiene in keeping with the Cross-Agency Priority Goal faced less risk from the Heartbleed vulnerability in the open source security software OpenSSL than those who were lagging behind, Schwartz said at a May 28 cybersecurity event held by AFCEA's Washington, D.C., chapter.

The government response to Heartbleed was instructive, Schwartz said. "We did a lot of things right. We have a lot of things to learn. That's going to be a theme for the administration going forward -- how we deal with incident response," he said.

Part of the problem with response is the lack of authority on the part of the Department of Homeland Security to scan agency systems for evidence of vulnerabilities, according to recent Congressional testimony from DHS officials.

In a May 27 letter to top administration cybersecurity policy advisor Michael Daniel, Sen. Kirsten Gillibrand (D-N.Y.) argued the need for a more unified response to cyber threats.  

"A significant aspect of any federal strategy should ... include policies that ensure that different agencies within the government are not hindered in their ability [to] share information and respond appropriately when there is a known and ongoing threat to the federal cyber infrastructure," she wrote. Gillibrand wants the administration to create "clear legal authority and processes to facilitate a seamless response to cybersecurity threats to federal agencies."

Schwartz said the government needs to lead by example on cyber, by protecting federal networks. He cited the nascent DHS continuous diagnostics and mitigation program and ongoing efforts to improve identity management for users of agency systems as examples. But federal systems are still subject to threats, with phishing techniques that embed malware in computers the leading avenue of attack.

"There has been a lot of growth and effort in this space, but clearly we still have more work to do," he said.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy, health IT and the Department of Veterans Affairs. Prior to joining FCW, Mr. Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian started his career as an arts reporter and critic, and has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, Architect magazine, and other publications. He was an editorial assistant and staff writer at the now-defunct New York Press and arts editor at the About.com online network in the 1990s, and was a weekly contributor of music and film reviews to the Washington Times from 2007 to 2014.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group