by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : March 15, 2015
Cybersecurity continues to be at the forefront of national focus, thanks to Congress’ passing and the presi- dent’s signing of three cybersecurity- related bills last December. Those statutes are now being implemented to continue the prog- ress agencies have made in protect- ing government networks and work- ing with state and local agencies, critical infrastructure operators, and other private-sector partners to achieve similar progress. First, the Federal Information Security Modernization Act of 2014 moves government forward in adapting to the ever-changing landscape of the cyber world. Its importance is evidenced by the increasingly complex vulnerabilities, threats and actions against federal networks. The act enables federal agencies to be more effective in develop- ing and implementing protective strategies against network intrud- ers. It continues and updates the risk management framework that has been a core tenet of the Federal Information Security Management Act and encourages agencies to use automated security tools to continu- ously diagnose and mitigate security vulnerabilities. It also codifies the Department of Homeland Security’s role in overseeing the implementa- tion of policy and guidelines for federal civilian agencies. Concurrently, the National Cybersecurity Protection Act codifies the activities of DHS’ National Cybersecurity and Com- munications Integration Center and strengthens DHS’ ability to coordi- nate incident response and provide technical assistance to agencies. It authorizes DHS’ existing cen- ter to act as a critical interface for sharing cybersecurity information among federal civilian agencies and key stakeholders. The law also includes provisions for: • Promoting situational awareness to enable real-time, integrated and operational actions across the fed- eral government. • Sharing cybersecurity threat, vul- nerability, impact and incident infor- mation and analysis by and among federal, state and local government agencies, and private-sector entities. • Conducting analysis of cybersecu- rity risks and incidents. • Providing recommendations on security and resilience measures to federal and non-federal entities. Finally, the DHS Cybersecu- rity Workforce Recruitment and Retention Act authorizes actions to enhance the government’s pool of talented cybersecurity profession- als. It provides additional authori- ties to the DHS secretary to assist in the recruitment, training, educa- tion, development and retention of a highly qualified federal cybersecu- rity workforce. The act also requires the secre- tary to evaluate efforts to improve the department’s cybersecurity workforce and submit an annual report to the appropriate commit- tees of Congress detailing DHS’ progress. DHS’ Continuous Diagnostics and Mitigation program is a prime example of the government’s efforts to operationalize cybersecurity pro- tection in a way that reinforces the provisions of these three important statutes. Implementation of this and similar programs — as reinforced by the new laws — will continue to strengthen the way federal agencies protect their networks, systems and data from ever-evolving threats in cyberspace. The government’s efforts to build a more effective cybersecurity pos- ture are evident in the implementa- tion of these three bills. By openly collaborating across agencies, coordinating incident response and increasing the pool of cybersecu- rity professionals, the government will grow its capacity to operate in cyberspace at a rapid rate. Cohesive implementation of these bills will enable agencies to mitigate cybersecurity risks and proactively plan for vulnerabilities by providing increasingly responsive tactics for addressing cyberthreats. n Legislation and the future of federal cybersecurity New laws promise to strengthen agencies’ efforts to block network intruders, share information and build a top-notch cybersecurity workforce Three cybersecurity statutes will continue the progress agencies have made in protecting government networks. Commentary | JOHN LAINHART AND DAN CHENOK JOHN LAINHART leads IBM’s Public Sector Cybersecurity and Privacy Services, and DAN CHENOK is executive director of the IBM Center for the Business of Government. March 15, 2015 FCW.COM 13 0315fcw_013.indd 13 2/23/15 3:31 PM
March 30, 2015