Cybersecurity

Cyber official: IT rulebook revamp overdue, but not agile enough

Shutterstock image: cyber defense.

The federal government is making progress in the never-ending cybersecurity fight, but everything from acquisition to network protection is lagging by decades, said retired Brig. Gen. Gregory Touhill, deputy assistant secretary of cybersecurity and communications at the Department of Homeland Security.

With regard to the Office of Management and Budget's proposed A-130 circular update, "I think that we're making progress, and we've got good velocity and precision," Touhill told FCW. "It was high time we had some improvements and upgrades that reflect today's information technology environment, and I think the new A-130 really helps with that, but I think that as we look into the future, we need to be a little more agile."

Other feds have said the proposed A-130 changes are silent on agile development methodologies and open-source software.

Touhill said he has "not read it all cover to cover," but the new A-130 focus on "outcome-based solutions" was positive.

An A-130 revamp was long overdue, he added.

"It was written 15 years ago," Touhill said. "If you follow Touhill's Theorem, which says that one human year equals 25 computer years, you can do the math on how old that guidance was."

The acquisition process in general "takes too darn long," Touhill told the audience at a Nov. 5 Chertoff Group event.

He and former DHS cybersecurity guru Mark Weatherford said the time had come for shared cybersecurity services and consolidation of security functions in a few agencies.

"We need to pool our resources and reduce our attack surface," Touhill said.

The spread of the latest Einstein capabilities through government and Internet service providers, spurred by agencies' recent cybersecurity sprint, is another good-but-overdue development, Touhill said.

"Einstein 3A is really where we needed to be around 15 years ago," he said, and even so, its use is far from omnipresent at agencies or the ISPs that serve them.

"The bureaucracy is holding us back," Weatherford said, adding that structural issues are slowing Einstein's deployment.

While guidance inches forward and agencies consider consolidation, are they actually making progress on improving IT acquisition?

The size and scale of federal acquisition regulations would indicate the answer is no, Touhill said.

"I double dog dare you to bench press 'em," he added of acquisition regulations.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.