The federal government is making several efforts to overcome challenges...
The federal government is making several efforts to overcome challenges to boosting risk management, workforce development and other aspects of cybersecurity, agency officials told federal workers Friday at the Cyber Security Readiness conference in Washington. The number of organizations housed…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
under the Commerce Department and the lack of centralized resources are some of the challenges to supporting risk management and cybersecurity at the agency, said Simon Szykman, chief information officer for the department. The department plans to move from having a paper documentation-based method for systems certification and accreditation to “moving towards a more operational view,” he said. That involves situational awareness and continuous monitoring of network systems, he said. “We're working to update our entire risk management framework within the department to be a little more progressive in those types of ways.” The government’s effort to sharpen cybersecurity is hindered by “the lack of a common definition of what is included in cybersecurity versus what properly belongs elsewhere, and of a common model or taxonomy within which to frame our responses to problems,” said Jim Richberg, assistant deputy director of national cyber intelligence at the Office of the Director of National Intelligence. “Authentication in cyberspace is another challenge,” he said. There are weak default credentials and “transactions that are inappropriately revealing or even insecure,” he said. The National Strategy for Trusted Identities in Cyberspace is key in addressing this problem, Richberg added. The Government Accountability Office found that from 2006 to 2009, the number of security incidents has increased significantly, said Gregory Wilshusen, GAO information security issues director. One possible factor contributing to the increase could be “an increasing number of attempts to break into systems,” he said. Agencies are “probably getting better at detecting incidents and intrusions into their systems,” and it’s possible that they've improved their reporting mechanisms to the U.S. Computer Emergency Readiness Team (US-CERT), he said. The office plans to issue a report next year on the “agencies of their information security policies and practices” and review how agencies are recruiting and retaining people in the cyber workforce, he said.