Government's security advantage

Although there may be gaps in some federal agencies' information security strategies, agencies do have a framework that gives them some advantages over the private sector, according to a leading Homeland Security Department (DHS) official.

Government and industry face some of the same challenges in the battle to protect against cyberthreats and -attacks, said Sallie McDonald, who oversees the Federal Computer Incident Response Center at DHS.

But federal agencies have the Office of Management and Budget to provide oversight, ensuring that they comply with security legislation such as the Government Information Security Reform Act (GISRA) of 2000 and its successor, the Federal Information Security Management Act (FISMA) of 2002, she noted. McDonald was speaking March 27 at a forum conducted by The Information Technology Association of America (ITAA) on the government/industry partnership in securing cyberspace.

"We're both in the same situation," she said, but "we are being [forced] to look at what we are doing in cybersecurity and improve our posture." Securing businesses and agencies "is not a technology problem; it's a problem of people and processes," she added.

Industry could benefit from having a framework like the federal government, which sets guidelines agencies must comply with, said Dan Burton, vice president of government relations for security vendor Entrust Inc. He said talks are under way in the private sector about establishing security guidelines and an organization that oversees compliance.

While the federal government has made some headway in giving high priority to cybersecurity, it is not time to rest on "our laurels," said Rep. Sherwood Boehlert (R-N.Y.), chairman of House Science Committee. He also spoke at the ITAA forum.

"We're still not devoting anything like a sufficient amount of money to cybersecurity," Boehlert said. "And, as has been the case for years, it's hard to tell from the budget exactly what federal money is going into cybersecurity, especially into" research and development (R&D).

He pointed out that the National Science Foundation has received funding for cybersecurity, but so far doesn't appear to be implementing the Cybersecurity Research and Development Act. There must be oversight of the National Institute of Standards and Technology's security budget as well as DHS's cybersecurity efforts, he added.

Boehlert said "DHS does not seem to be organized or funded in a way that focuses sufficiently" on cybersecurity vulnerability. He acknowledged, however, that the department is still getting organized.

Moreover, he said, "The Defense Advanced Research Projects Agency (DARPA) is actually reducing its funding." He noted that in its public programs, DARPA this year will spend less than half on defensive cybersecurity R&D than it spent just two years ago. "The agency is planning to eliminate its funding for this area of research entirely," he said.

Boehlert said he was "laying out a call to arms," noting that government had the best chance ever to finally devote the resources and attention to improve cybersecurity significantly.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.