Federal Cybersecurity: “How do we get out in front of tomorrow’s challenges?”
Upcoming SlideShare
Loading in...5
×
 

Federal Cybersecurity: “How do we get out in front of tomorrow’s challenges?”

on

  • 1,494 views

 

Statistics

Views

Total Views
1,494
Views on SlideShare
1,174
Embed Views
320

Actions

Likes
0
Downloads
9
Comments
0

2 Embeds 320

http://fedscoop.com 319
http://dev.fedscoop.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Federal Cybersecurity: “How do we get out in front of tomorrow’s challenges?” Federal Cybersecurity: “How do we get out in front of tomorrow’s challenges?” Presentation Transcript

  • Daniel Galik CISO, HHS3rd AnnualCloud Shoot–Out& CyberSecurity Summit
  • Security and Privacy for the Digital Government of the FutureDan Galik, HHS CISO FedScoop – May 2, 2012
  • The realities of data protection efforts in today’s world: Page 3
  • Better Security for the Digital Government of the FutureIn March of 2012, the President’s Cybersecurity Coordinator identified three key areas for agencies to focus on when considering improvements to their information systems security procurements:"Federal Departments and Agencies need to focus their cybersecurity activity on a few of the most effective controls. This is why my office, in coordination with many other Federal cybersecurity experts from DHS, DOD, NIST, and OMB, has identified three priority areas for improvement within Federal cybersecurity”“The purpose in selecting three priority areas for improvement is to focus Federal Department and Agency cybersecurity efforts on implementing the most cost effective and efficient cybersecurity controls for Federal information system security. Federal Departments and Agencies must defend their information systems in a resource- constrained environment, balancing system security and survivability while meeting numerous operational requirements. This requires robust risk management.” Page 4
  • Better Security for the Digital Government of the Future Three near term priority areas for improvement within Federal cybersecurity:"Trusted Internet Connections (TIC)- Consolidate external telecommunication connections and ensure a set of baseline security capabilities for situational awareness and enhanced monitoring.""Continuous Monitoring of Federal Information Systems -Transforms the otherwise static security control assessment and authorization process into a dynamic risk mitigation program that provides essential, near real-time security status and remediation, increasing visibility into system operations and helping security personnel make risk-management decisions based on increased situational awareness.""Strong Authentication– Passwords alone provide little security. Federal smartcard credentials such as PIV (Personnel Identity Verification) and CAC (Common Access Cards) cards provide multi-factor authentication and digital signature and encryption capabilities, authorizing users to access Federal information systems with a higher level of assurance." Page 5
  • Better Security for the Digital Government of the FutureAs Federal Departments and Agencies March Out in Implementing the Near Term Priorities, Here Are A Few Challenges to Consider for the Future:How does the security community do a better job of keeping up with the rapid pace of change in technology?What are the future “game changing” security strategies that may need to ultimately replace some of the current processes and practices that are part of today’s risk management approaches?Do we need a completely new way of thinking in the security community and a fundamental shift in proactively defining the next generation of security strategies and models?As we continue to struggle in dealing with hacktivists and the more advanced persistent threats to our systems and data, how does the nation get out front and better prevent the string of successful attacks and compromises? Page 6
  • Better Security for the Digital Government of the FutureAs Federal Departments and Agencies March Out in Implementing the Near Term Priorities, Here Are A Few Challenges to Consider:How do we better adapt our current government workplace and office practices and processes to more quickly adapt to the demands of the new generation of very innovative and mobile digital workers?How do we also get the next generation of digital workers and digital citizens to place a greater emphasis on secure computing, and gain a better appreciation of the advanced threats that we are facing today?How do we adjust behaviors in the virtual cyber world, to make them better align with how we behave in the physical, human world? Page 7
  • Better Security for the Digital Government of the FutureThe Federal Government must be ready to securely deliver and receive digital information and services anytime, anywhere and on any device. – Social media; mobile devices; the consumerization of IT; cloud computing; virtualization; collaboration tools; etc. . .Security, privacy, and data protection must be effectively applied throughout the entire technology life cycle. An “Information-Centric” approach helps ensure that wherever the data goes, it must always stay protected.Moving applications, systems, and data to secured cloud environmentsFedRAMP will result in efficiencies and consistency in risk managementSummary of just a few of the points discussed in “Building a Future-Ready Digital Government” (DRAFT) Page 8
  • Better Security for the Digital Government of the FutureA few forward thinking ideas for consideration. . . . .Apply increased security protections to our most critical data and systems; (this is especially true in the immediate future) – Architect and engineer networks to protect high value assets; (network segmentation)Proactively pursue the development of new security models as we continue the move to software based, virtualized “invisible” networks that have “no wires”Press ahead aggressively in the implementation of the “National Strategy for Trusted Identities in Cyberspace”Consider ways to use security solutions that are focused on data and content centric security with digital rights managementLook at embedding more critical security functions in hardware or chip technologyIncrease use of full featured security tools that quickly leverage threat intelligence to enhance advanced detection and monitoring of insider activity Page 9
  • Better Security for the Digital Government of the Future Questions? Contact info: Dan Galik, HHS CISO 202-205-5906 Daniel.Galik@hhs.gov Page 10
  • The Next Generation of CISOs are Already in Training Page 11
  • The Next Generation of CISOs are Already in Training Page 12
  • The Next Generation of CISOs are Already in Training Page 13