Cybersecurity

Federal CISO needs real power, says advisory group

Shutterstock image: cybersecurity radar.

A federal advisory committee led by senior executives in the technology and telecom industries warns that the planned integration of a federal chief information security officer has the potential to be "disruptive," and suggests a path to success.

In a March 10 letter to President Obama, the National Security Telecommunications Advisory Committee of the Department of Homeland Security seeks to ensure the federal CISO has the authority to set policy and to drive collaboration among security officials across agencies.

Industry experience suggests that "CISOs operate most successfully when they are empowered to work with stakeholders to develop incentives and establish penalties to foster implementation of policies and practices," according to the NSTAC letter. To that end, the group advises creating an "action-oriented cybersecurity council or leadership team that is convened by the CISO." That group could be a federal community of practice along the lines of the CIO Council.

In an attached policy memo, NSTAC advises a kind of inventory of government-wide IT and data assets. The CISO must have visibility into the highest-value assets in each agency or "enterprise vertical" in the parlance of the memo. The CISO should also look to prevent cyber breaches and other security incidents through the mandatory deployment of an "integrated intelligent platform" that leverages analytics to detect potential attacks, and operates on a segmented, zero-trust basis to limit risk surface of a high-value asset.

NSTAC also wants to name and shame laggards, through regular review of departments of agencies. Additionally, the group recommends that government find ways to incentivize agencies to use shared services and common platforms for cybersecurity, and to encourage the use of private sector manage security solutions, "to reduce the necessity for departments/agencies to construct their own capabilities." 

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.