Cybersecurity agency to improve patching

FedCIRC

National Cyber Security Division officials want to improve the governmentwide computer patching service so more agencies use it, a senior official said this week.

More than 40 agencies have signed up so far for the Patch Authentication and Dissemination Capability, which tracks vulnerabilities and patches and sends out any tested patches to agencies based on their subscription profile.

However, not all of the agencies that signed up are actually using the service, and officials in the Federal Computer Incident Response Center are now looking at how to modify the contract, said Sallie McDonald, a senior official with the Cyber Security division.

"We need to improve the overall program so it better meets the customer needs," McDonald said.

The primary change will be to address the shortage of licenses for the dissemination solution. FedCIRC underestimated the number of licenses that would be required, meaning that many agencies are only piloting the solution within small segments of their networks. Officials hope to reconfigure the contract so it has more performance metrics that will ensure service for the agencies is the bottom line instead of the number of licenses, McDonald said.

Federal officials have known for some time how important patches are to a good security process, but the networks impacted by the Blaster worm and its variant over the last two weeks emphasized that point for many.

While FedCIRC has moved over to the Homeland Security Department, the center is still working with the contracting office at the General Services Administration because the officials at that agency are more familiar with the details of the contract and the security needs, McDonald said.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.