Cybersecurity

Cyber official: IT rulebook revamp overdue, but not agile enough

Shutterstock image: cyber defense.

The federal government is making progress in the never-ending cybersecurity fight, but everything from acquisition to network protection is lagging by decades, said retired Brig. Gen. Gregory Touhill, deputy assistant secretary of cybersecurity and communications at the Department of Homeland Security.

With regard to the Office of Management and Budget's proposed A-130 circular update, "I think that we're making progress, and we've got good velocity and precision," Touhill told FCW. "It was high time we had some improvements and upgrades that reflect today's information technology environment, and I think the new A-130 really helps with that, but I think that as we look into the future, we need to be a little more agile."

Other feds have said the proposed A-130 changes are silent on agile development methodologies and open-source software.

Touhill said he has "not read it all cover to cover," but the new A-130 focus on "outcome-based solutions" was positive.

An A-130 revamp was long overdue, he added.

"It was written 15 years ago," Touhill said. "If you follow Touhill's Theorem, which says that one human year equals 25 computer years, you can do the math on how old that guidance was."

The acquisition process in general "takes too darn long," Touhill told the audience at a Nov. 5 Chertoff Group event.

He and former DHS cybersecurity guru Mark Weatherford said the time had come for shared cybersecurity services and consolidation of security functions in a few agencies.

"We need to pool our resources and reduce our attack surface," Touhill said.

The spread of the latest Einstein capabilities through government and Internet service providers, spurred by agencies' recent cybersecurity sprint, is another good-but-overdue development, Touhill said.

"Einstein 3A is really where we needed to be around 15 years ago," he said, and even so, its use is far from omnipresent at agencies or the ISPs that serve them.

"The bureaucracy is holding us back," Weatherford said, adding that structural issues are slowing Einstein's deployment.

While guidance inches forward and agencies consider consolidation, are they actually making progress on improving IT acquisition?

The size and scale of federal acquisition regulations would indicate the answer is no, Touhill said.

"I double dog dare you to bench press 'em," he added of acquisition regulations.

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.