Cyber chief slams security efforts

White House cybersecurity coordinator Howard Schmidt takes aim at automated detection, education and coordination

Although agencies are improving cybersecurity at the national level, the federal approach to securing U.S. interests online still leaves much to be desired, a high-ranking Obama administration official said.

Howard Schmidt, the White House's cybersecurity coordinator, called for enterprisewide network intrusion detection and math and science training in U.S. schools. He also cited a lack of coordination in the government's cyber research and development.

“As far as enterprisewide intrusion detection goes, it falls under the category of, ‘Why haven’t we done that already?' " Schmidt said at the Interagency Resources Management Conference in Cambridge, Md., April 13. “It’s a big point of discussion.”

The commercial sector is deploying intrusion detection technology on private networks, but the federal government is lagging, dogged by bureaucracy and disputes over privacy and how best to implement such a strategy, he said.

Furthermore, the U.S. education system is failing to prepare future cyber warriors, Schmidt said. “We need to work on math and science training in our schools," he said. "That relates directly to the future of cybersecurity.”

A working group is being established to examine the issue and make recommendations to the White House on how to develop a cyber career path at American schools. Efforts are also under way to promote cyber careers at the college level by offering scholarships and government service programs, Schmidt said. Currently, there are about 100 colleges involved in the effort -- a number Schmidt hopes will soon increase as his office finds ways to expand the program.

Although many, if not most, federal agencies are creating offices to deal with cybersecurity, those efforts are not in sync, Schmidt said. “There’s little coordination in cyber research and development," he added." Who’s doing what? Why are they doing that? How long have they been doing that? What is missing?”

The Homeland Security Department is leading the effort to link cyber efforts across the government through its centers of excellence, Schmidt said.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Fri, Apr 16, 2010

I wonder if the IA compaanies are behind the push in school. They see $$$$$ galore!

Fri, Apr 16, 2010 Anony Mous

Get kids in high schools to set up their own school-specific social network servers, using Drupal or other open source community software, as an extra-curricular activity. Let them define the content and how it works. Let them deal with both the nitty-gritty details of running a system that could be vulnerable to attack, and the content-level disputes over free speech vs. defamy and fraud. High school newspaper 2.0, but so much more. Kids with wildly different interests and skills could work together on it. Make one per class year. Or something.

Thu, Apr 15, 2010 CuriousIT

Is intrusion detection/prevention even possible on such a diverse network as used by the federal government? Multiple operating systems, multiple versions of each operating system, multiple versions of browsers, differing requirements for managing ports due to the use of legacy software that was written when security wasn't even an afterthought. How do you wade through all the false positives? Mr Schmidt is correct that something has to be done but unless there is funding and teeth behind his statements, progress will be slow.

Thu, Apr 15, 2010 Papa_K SoTx

My two cents; I think this best sums up why: "the federal government is lagging, dogged by bureaucracy and disputes over privacy and how best to implement such a strategy". Most non-security types within the government don't have a clue. They think they know because they can spell security but they have no idea what they're doing. So no standard is going to help if they have no clue. We have too many managers who know how to make excuses and the system allows them to continue to be in that position. We award the dumb. I've worked for many like that. You have to give the IT Security individual the authority to establish IT security not the mid level managers. This is where the Government's problem is. And if you educate the new generation you think they are going to want to work for the restrictive Fed Gov and for the small salaries and bureaucracy? Why?

Thu, Apr 15, 2010 Bman

It would be nice to see a unified approach instead of each agency doing what it thinks is acceptable. My agency has reinvented its network security approach 3 separate times in nine years, and is in the process of doing it again now. Intrusion detection is already part of the existing doctrine but seems to be lacking in its effectiveness. Its about time a Cyber chief admits the short comings of the Fed in this area and makes an effort to fix them publicly ensuring that things have been documented.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group