Cybersecurity

Cyber official: IT rulebook revamp overdue, but not agile enough

Shutterstock image: cyber defense.

The federal government is making progress in the never-ending cybersecurity fight, but everything from acquisition to network protection is lagging by decades, said retired Brig. Gen. Gregory Touhill, deputy assistant secretary of cybersecurity and communications at the Department of Homeland Security.

With regard to the Office of Management and Budget's proposed A-130 circular update, "I think that we're making progress, and we've got good velocity and precision," Touhill told FCW. "It was high time we had some improvements and upgrades that reflect today's information technology environment, and I think the new A-130 really helps with that, but I think that as we look into the future, we need to be a little more agile."

Other feds have said the proposed A-130 changes are silent on agile development methodologies and open-source software.

Touhill said he has "not read it all cover to cover," but the new A-130 focus on "outcome-based solutions" was positive.

An A-130 revamp was long overdue, he added.

"It was written 15 years ago," Touhill said. "If you follow Touhill's Theorem, which says that one human year equals 25 computer years, you can do the math on how old that guidance was."

The acquisition process in general "takes too darn long," Touhill told the audience at a Nov. 5 Chertoff Group event.

He and former DHS cybersecurity guru Mark Weatherford said the time had come for shared cybersecurity services and consolidation of security functions in a few agencies.

"We need to pool our resources and reduce our attack surface," Touhill said.

The spread of the latest Einstein capabilities through government and Internet service providers, spurred by agencies' recent cybersecurity sprint, is another good-but-overdue development, Touhill said.

"Einstein 3A is really where we needed to be around 15 years ago," he said, and even so, its use is far from omnipresent at agencies or the ISPs that serve them.

"The bureaucracy is holding us back," Weatherford said, adding that structural issues are slowing Einstein's deployment.

While guidance inches forward and agencies consider consolidation, are they actually making progress on improving IT acquisition?

The size and scale of federal acquisition regulations would indicate the answer is no, Touhill said.

"I double dog dare you to bench press 'em," he added of acquisition regulations.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.