FCWInsider

Blog archive

More encrypted data storage ahead for feds?

Castle Muiderslot, Holland

Castle Muiderslot in Muiden, Holland, and its moat. (Stock image)

It takes more than a moat to protect a castle, especially if it's made of data.

That's according to Mark Day, acting deputy assistant commissioner of Integrated Technology Services at GSA, who voiced a few interesting sound bites at an Aug. 22 IT procurement forum.

Day, fielding a question about cyber-security at the Lowering the Cost of Government with IT Summit in Washington, D.C., said current cyber efforts are not enough to protect sensitive data across the government.  He suggested all such data be encrypted unless it is in use.

Day referenced Army Pvt. Manning, recently sentenced to 35 years in prison for leaking classified documents to Wikileaks, and Edward Snowden, the National Security Agency contractor who divulged classified surveillance secrets to the Guardian and Washington Post newspapers. Both, he noted, were insiders – people against whom the large "moat" of on-premise cyber-security does little to defend.

"Insider threats have always been and will always be one of our primary issues – can you spell Snowden or Manning?" Day said. "If the moat didn't work, let's look at new models beyond the moat and a stack of paper."

Day questioned why data was ever unencrypted "except when it is used on screen," suggesting it be encrypted at all other times, including when it is essentially "at rest." He hinted there would be problems in such a scenario, though he did not divulge what they would be.

Ultimately, Day said existing cyber-security measures may help keep out the bad guys, but only if those bad guys aren't your guys.

"We're doing a lot of work to build moats," Day said.

And the moats aren't working.

Posted by Frank Konkel on Aug 23, 2013 at 11:36 AM


Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group