FedCIRC maps cyber battle plan

FedCIRC home page

The Federal Computer Incident Response Capability is planning programs for

the coming year to help agencies face the growing number of cyberattacks

and to coordinate warnings and responses across government.

The initiatives will be funded with the $8 million FedCIRC is due to

receive when the final appropriations bills are signed. FedCIRC is based

at the General Services Administration.

The changes will strengthen FedCIRC's abilities and will also include

new offerings that are intended to enhance the entire government's security

posture, said FedCIRC director Dave Jarrell, speaking at the Information

Technology Security Innovations conference in College Park, Md. Tuesday.

"There are no silver bullets, but what our initiatives do is shorten

the time it takes to respond," he said.

FedCIRC already has developed a solicitation to bring in a new private-sector

partner to focus on the day-to-day responses and advisories that the organization

provides to agencies. The Carnegie Mellon University Computer Emergency

Response Team (CERT), which currently serves in that capacity, will change

its efforts to analysis of incidents and attacks.

Another priority is the automated patch distribution system. FedCIRC

has been working on ideas for the system while waiting for funding to put

a contract and the system in place, Jarrell said.

FedCIRC will be building on the CIO Council's memo this month asking

agencies to develop formal methods to coordinate with FedCIRC, including

the development of a secure network that will enable federal security managers

to discuss incidents without worrying that information will leak out to

the public or the attackers, Jarrell said.

The organization also is moving forward with plans for a high-volume

phone and fax system that will help notify agencies when e-mail systems

are down and an AM radio advisory station that will notify federal employees

of potential cyber dangers during off-hours.

FedCIRC also is developing a new managed security services multiple-award

contract. The contract will enable agencies to find vendors that can provide

monitoring and alert skills that many agencies lack. It will also include

a way for agencies to feed information to FedCIRC via vendors, giving the

organization a complete snapshot of security problems across government.

"Agencies are going to have complete control over the depth and type

of monitoring and what information goes to FedCIRC," Jarrell said.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.