Agencies taking enterprisewide approach to IT security

Agencies are taking more of an enterprise approach to improve their cybersecurity instead of trying to fix problems as they come up on a bureau by bureau basis. Of course, chief information officers say their tactics received a huge lift from the rash of data breaches last year.

“Security is not in isolation of anything else we do,” said Lisa Schlosser, CIO at the department of Housing and Urban Development. “Incidents keep the executive’s attention for a week or so, but the CIO must constantly take on the leadership role and explain why security important to the agency’s entire mission.”

The Defense Department is one successful example of taking an enterprise approach to information technology security, said John Hunter, DOD’s director of operations in the Office of the Assistant Secretary for Defense Defensewide Information Assurance Program.

Hunter said the mandated use of the Common Access Card to log into DOD’s network has made the military’s systems more secure, and another initiative to standardize the use of intrusion detection, intrusion prevention and asset management software from McAfee across all of DOD’s 5 million computers will provide additional benefits.

“Information assurance, situational awareness and command and control are the real focus in DOD to increase our security posture,” Hunter said April 19 during a breakfast on cybersecurity and the Federal Information Security Management Act in Bethesda, Md., sponsored by the Armed Forces Communications and Electronics Association’s Bethesda chapter.

Hunter said a command tasking order from the Joint Task Force Global Network Operations likely will be handed down to all military services and agencies in the next few months that would mandate the use of the McAfee software.

“We are working on the implementation plan to start this summer DOD wide,” he said.

DOD tested the software across all military agencies with 23,000 users from July to November 2006 and beyond a few minor issues, found it make a big difference in securing desktops and the network, Hunter said.

Also, the Department of Veterans Affairs had to address its vulnerabilities agencywide.

Robert Howard, VA’s CIO, said the agency has encrypted almost every laptop and now are moving onto mobile devices.

“Centralizing the control of [information technology] no question helped ensure every laptop will be encrypted,” Howard said. “Without the central authority, encrypting laptops would have taken months, if not years.”

The panelists also said VA’s move to centralized IT authority is the model most would like to reach.

Ed Meagher, Interior Department’s deputy CIO, said the VA model is “the only one that makes sense.” Schlosser added that it is an “amazing thing to centralize IT” control.

“The most important thing we have to do is get people out of the choice to do IT security,” he said. “We need to make it as automated as possible, especially in managing the desktops and servers.”

Meagher said agencies still struggle with controlling their network environment.


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.