FedCIRC preps free security tools

FedCIRC

Working with its second year of appropriated funding, the Federal Computer Incident Response Center is preparing a range of free security tools for agencies over the next year, a federal cybersecurity official said Jan. 23.

Within the next two weeks, vendors will finish submitting proposals for an automatic patch dissemination system, which is intended to make it easier for security managers to handle the abundance of security patches available for commercial software, said Sallie McDonald, assistant commissioner for information assurance and critical infrastructure protection at the General Services Administration's Federal Technology Service.

Many industry and government studies show that most security incidents could be avoided if managers apply patches for known vulnerabilities. The patch dissemination system will help managers sift patches that do not apply to their network and let them concentrate on patches they really need, McDonald said.

"We're hoping we can eliminate all the fluff," she said at Potomac Forum Ltd.'s Computer Security and Information Assurance Conference in Washington, D.C. "This will make it more simple for them."

FedCIRC also is about to issue a request for proposals on a collaboration system that will offer federal officials a closed environment to discuss sensitive but unclassified security issues, McDonald said. Officials are already working on the classified Cyber Warning Information Network, but there is a need for collaboration among officials who are not cleared for classified information, she said.

By the end of the year, FedCIRC plans to pilot a new tool being developed by CERT Coordination Center at Carnegie Mellon University that will automatically analyze incident information from agencies' security applications, McDonald said. The CERT Coordination Center is an Internet security research group. The analysis will also be fed to FedCIRC to provide a cross-agency view of security incidents.

FedCIRC officials are talking to agencies now about participating in the pilot for this year and are planning to offer the fully operational tool to all agencies in 2003, McDonald said.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected