Ex-cybersecurity chief calls on feds to step up efforts

While progress is being made in the nation's efforts to ensure the security of its cyber assets, a revolution is needed in the federal government's thinking in order to win the "cat and mouse game" with cyber attackers, a former senior cybersecurity official said Wednesday.

"The government doesn't know what its IT assets are," said Amit Yoran, who resigned as director of the Homeland Security Department's cybersecurity division last month. He added that the government is much like large multinational organizations, where cybersecurity awareness does not cut across all divisions.

A recognized private-sector expert, Yoran said he tried to address the problem during his one-year stint at Homeland Security. By the time he left, he said the department had made progress in mapping which of the 127 federal entities are responsible for what parts of the government's cyber assets. His office found that there are 5,700 different "network blocks" across government.

The division also began asking about agencies' Internet exposure in order to understand the risks. But scanning the 5,700 networks for that exposure is "a Herculean effort" and is ongoing, he said. Yoran spoke at a conference sponsored by the Computer Security Institute.

Generally, Yoran said the government's risk assessments appear to be largely based on consultants' reports rather than on an actual examination of the systems. His vision for the government is to use the government-wide knowledge of risks to take more coordinated, effective security steps.

There are "pockets" of top-flight cybersecurity skill within the government, Yoran said, and they need to be pulled together. Doing so will be fundamental to getting buy-in from the private sector, which owns about 80 percent of the nation's critical infrastructure, he added.

Yoran said the future is bright for cybersecurity, especially for making more secure software. "We are still at the very early stages of cybersecurity," he said. A new way of thinking is ushering in the next generation of technologies, and the government needs to be out front in encouraging that transformation, he said.

"We really need to revolutionize how we think about cybersecurity," Yoran said. "In three years time, there will be no definable perimeters on our systems." The typical systems, such as firewalls and intrusion-detection systems, will not be efficient any longer, he predicted.

"You won't be able to protect or own all of the information you are providing to your customers," Yoran said. "In many cases, you won't even be able to identify where the data resides."

Yoran's departure from the division caused concern among industry and in parts of the government that cyber security is not sufficiently high-profile in the government. He declined to comment on how the position should be structured, except to say that there should be sufficient access to senior-level decision-makers and that the person should have solid political skills.

Yoran also said that while there is great experience at Homeland Security in physical security, "the same is not true for cybersecurity."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • The Big Data Campaign Trail

    With everyone so focused on security following recent breaches at federal, state and local government and education institutions, there has been little emphasis on the need for better operations. This report breaks down some of the biggest operational challenges in IT management and provides insight into how agencies and leaders can successfully solve some of the biggest lingering government IT issues.

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download
  • Ongoing Efforts in Veterans Health Care Modernization

    This report discusses the current state of veterans health care

    Download

When you download a report, your information may be shared with the underwriters of that document.