Cybersecurity

Can federal purchasing power counteract botnets?

Shutterstock image 

The federal government might have to save itself from botnets and other automated cyber threats. And to do so, it's going to need to revamp its procurement guidelines and acquisition rules, according to a new draft report to the president from the Commerce and Homeland Security Departments.

"Botnets represent a system-wide threat that no single stakeholder, not even the federal government, can address alone," National Institute of Standards and Technology Director Walter Copan said in announcing the report. "The report recommends a comprehensive way for the public and private sectors, as well as our international partners, to work together and strengthen our defenses."

The report, which was requested in President Donald Trump's May 2017 cybersecurity executive order, outlined five major goals the federal government needs to achieve to enhance network security from emerging cyber threats that included boosting education and awareness, creating a more agile and secure technology marketplace, promoting innovation in infrastructure and for edge network protections, and building global coalitions across tech communities to include security, operations and infrastructure.

But the departments also called on the federal government to change its acquisition rules and procurement guidelines to encourage manufacturers to create security compliant products.

"The federal government should lead by example and demonstrate practicality of technologies, creating market incentives for early adopters" after creating a series of baseline security profiles for home and industrial internet-dependent or IoT devices, the report stated. "Many IoT product vendors have expressed desire to enhance the security of their products, but are concerned that market incentives are heavily weighted toward cost and time to market," creating a "race to the bottom."

The report, which outlined an action plan for each goal, also stated that "While federal procurement no longer dominates the market, its buying power and influence is still strong, and the U.S. government can lead by example," adding that the Office of Management and Budget, General Services Administration and Department of Defense, "through policy and modifications to the GSA schedule and federal acquisition regulations," could facilitate the needed changes.

The report also recommends a presidential mandate for the enterprise adoption of NIST's cybersecurity framework to help the federal government develop basic mitigation and prevention tactics to protect networks from distributed denial of service attacks.

The onus isn't solely on the federal government to protect federal systems from impending cyber threats, however. The report also has major recommendations for industry.

"The private sector could establish an assessment and labeling mechanism for products that comply with the home profile," the report stated. "The private sector could also work with existing programs or establish new programs to evaluate products that comply with the industrial profile."

The report also emphasized that products must be secured throughout their entire lifecycle and that the tools to protect networks and devices exist but aren't widely used – which partly stems from a dearth of security education and awareness.

The public is invited to comment on the report, with submissions due Feb. 12. The final report is due to the president May 11.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.