Cybersecurity

Federal CISO needs real power, says advisory group

Shutterstock image: cybersecurity radar.

A federal advisory committee led by senior executives in the technology and telecom industries warns that the planned integration of a federal chief information security officer has the potential to be "disruptive," and suggests a path to success.

In a March 10 letter to President Obama, the National Security Telecommunications Advisory Committee of the Department of Homeland Security seeks to ensure the federal CISO has the authority to set policy and to drive collaboration among security officials across agencies.

Industry experience suggests that "CISOs operate most successfully when they are empowered to work with stakeholders to develop incentives and establish penalties to foster implementation of policies and practices," according to the NSTAC letter. To that end, the group advises creating an "action-oriented cybersecurity council or leadership team that is convened by the CISO." That group could be a federal community of practice along the lines of the CIO Council.

In an attached policy memo, NSTAC advises a kind of inventory of government-wide IT and data assets. The CISO must have visibility into the highest-value assets in each agency or "enterprise vertical" in the parlance of the memo. The CISO should also look to prevent cyber breaches and other security incidents through the mandatory deployment of an "integrated intelligent platform" that leverages analytics to detect potential attacks, and operates on a segmented, zero-trust basis to limit risk surface of a high-value asset.

NSTAC also wants to name and shame laggards, through regular review of departments of agencies. Additionally, the group recommends that government find ways to incentivize agencies to use shared services and common platforms for cybersecurity, and to encourage the use of private sector manage security solutions, "to reduce the necessity for departments/agencies to construct their own capabilities." 

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.