Cybersecurity

Federal CISO needs real power, says advisory group

Shutterstock image: cybersecurity radar.

A federal advisory committee led by senior executives in the technology and telecom industries warns that the planned integration of a federal chief information security officer has the potential to be "disruptive," and suggests a path to success.

In a March 10 letter to President Obama, the National Security Telecommunications Advisory Committee of the Department of Homeland Security seeks to ensure the federal CISO has the authority to set policy and to drive collaboration among security officials across agencies.

Industry experience suggests that "CISOs operate most successfully when they are empowered to work with stakeholders to develop incentives and establish penalties to foster implementation of policies and practices," according to the NSTAC letter. To that end, the group advises creating an "action-oriented cybersecurity council or leadership team that is convened by the CISO." That group could be a federal community of practice along the lines of the CIO Council.

In an attached policy memo, NSTAC advises a kind of inventory of government-wide IT and data assets. The CISO must have visibility into the highest-value assets in each agency or "enterprise vertical" in the parlance of the memo. The CISO should also look to prevent cyber breaches and other security incidents through the mandatory deployment of an "integrated intelligent platform" that leverages analytics to detect potential attacks, and operates on a segmented, zero-trust basis to limit risk surface of a high-value asset.

NSTAC also wants to name and shame laggards, through regular review of departments of agencies. Additionally, the group recommends that government find ways to incentivize agencies to use shared services and common platforms for cybersecurity, and to encourage the use of private sector manage security solutions, "to reduce the necessity for departments/agencies to construct their own capabilities." 

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.