Cybersecurity

New guidelines for building cyber into critical infrastructure

concept cybersecurity art

Two government agencies and a public/private partnership issued recommendations -- and some new requirements -- for building cybersecurity into the systems, controls and platforms that underpin critical infrastructure.

The National Institute of Standards and Technology, which is also developing an overarching federal cybersecurity framework, convened workshops earlier this year with the nonprofit Cyber Security Research Alliance to create a road map for designing built-in critical infrastructure security. The group -- a mix of representatives from government, industry and academia -- released a comprehensive report Nov. 20 that highlights ways to secure vulnerable public-facing IT systems.

The joint NIST/CSRA report comes on the heels of a Nov. 18 memo from the Office of Management and Budget that provides a framework for federal agencies to use to manage risk and continuously monitor critical IT networks and systems.

"It's important to point out that cyber-physical systems pretty much touch our lives in just about everything we do today," said Lee Holcomb, president of CSRA and director of transformation integration at Lockheed Martin. "They include all modes of transportation, energy, health care, consumer electronics. Pretty much everything we do on a daily basis in some way touches some part of CPS. Protecting those systems is really important, and that was what we took on."

CSRA and the recent report focus on CPS, which includes IT systems that support industrial controls, data communications and public utilities. The report's findings target the establishment and improvement of common taxonomy, architectures, metrics, best practices, standards, interoperability, and other methods to improve systems' resiliency and encourage cybersecurity efforts. It also calls for the establishment of CPS curricula to ensure that the workforce has adequate skills and expertise.

Holcomb added that CSRA members are conducting further research and implementing numerous findings in the report. Meanwhile, OMB has chosen a phased approach and set a 2017 deadline for agencies to deploy information security continuous monitoring (ISCM) tools that provide dynamic and proactive cybersecurity. OMB's memo also specifies the use of strategic sourcing to "minimize the costs associated with implementing requirements of the risk management framework."

The memo includes eight steps for instituting ISCM across the government and assigns specific responsibilities to the Department of Homeland Security and NIST, including the establishment of a federal dashboard for ISCM, coordination with the PortfolioStat and CyberStat programs, and ongoing guidance.

"By strengthening the underlying information technology infrastructure through the application of state-of-the-art architectural and engineering solutions, and leveraging automation to support the implementation of the risk management framework (which includes the ongoing monitoring of security controls), agencies can improve the effectiveness of the safeguards and countermeasures protecting federal information and information systems in order to keep pace with the dynamic threat landscape," OMB Director Sylvia Burwell wrote in the memo.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group