CIOs Talking Cybersecurity – Plus the 7 Gov Stories

On GovLoop Insights’ DorobekINSIDER:

We don’t have to tell you about the challenges facing public sector IT – Healthcare.gov was just one of the more visible procurement hurdles. The Public Spend Forum has published a study, “Billions in the Balance: Removing Barriers to Competition and Driving Innovation in Public Sector IT Markets,” – and the survey found that 94% of government IT projects fail. We talk through the results with Raj Sharma.

You can find all of our programs online: DorobekINSIDER.com and GovLoop Insights at http://insights.govloop.com.

But up front: CIOs talking cybersecurity — and my take-aways.

What do CIOs see as the cybersecurity challenges these days? Last week, I had the opportunity to bring together CIOs to address those questions for May’s edition of GovLoop’s DorobekINSIDER LIVE and we had a great conversation.

The panel:

• Rob Carey, former Principal Deputy Chief Information Officer Defense Department; he is today he serves as the Vice President and General Manager CSC Global Cybersecurity – Public Sector

• Ira Hobbs, former Treasury Department CIO; the founder of Hobbs and Hobbs Consulting

• Shawn Kingsberry, CIO, Recovery Accountability and Transparency Board

• Dan Mintz, former Transportation Department CIO; now he is President & Principal Consultant, ESEM Consulting; President & Executive Director, Advanced Mobility Academic Research Center

My big take-aways:

• The cybersecurity threat is changing… and quickly: Whether it is the Snowden insider effect… mobile… the interconnected systems… protecting the data… there are significant challenges out there.

• Doing more with less — cybersecurity version: Budgets are tight. That forces government executives to make choices, Hobbs said. Carey: Cybersecurity is simply the cost of doing business. You have to weigh the cost of the loss with the cost of the defenses and do your own return on investment assessment.

• We don’t assess risk very well: It isn’t easy to say that one data set is more — or less — important than another, Mintz noted. “Nobody wants to own the decision,” he said. Hobbs added that beauty is always in the eyes of the beholder — and the same is true with data. There was general agreement that there needs to be a process that allows the organization to assess risk. There needs to be a defined set of criteria that helps to define the importance of data sets. Otherwise it becomes a question of “who shouts loudest,” Mintz said.

• The ‘build a big wall’ approach really doesn’t work today: Shawn Kinsbury, the CIO for the Recovery Board, noted that the firewall approach never really worked, but it really doesn’t work today. He noted that the insider threat and known patches are the big threats out there, but those don’t always get addressed.

• Human capital is a really big problem: The simple fact is that it is hard to find the right people for cybersecurity jobs generally. Layer the government challenges (pay, reputation) and it makes it even more difficult to find the right people. That being said, the government challenges are enormous — and unique — and that also means there are great opportunities out there for people who want to serve, Carey said. The government needs to train them so they stay sharp, but good people are interested in unique challenges.

Find a link to the full discussion here.

And I should note that the cybersecurity challenges are not unique to government. This from The Wall Street Journal today:

CIOs discuss their fears of being ‘Targeted.’ Last year’s breach at Target Corp. has apparently entered the CIO lexicon. Panelists at the MIT Sloan CIO Symposium last week talked about the fear of being “Targeted” and about new steps they’re taking to avoiding becoming this year’s headline news. First up is making employees aware that they are the first and last lines of defense. Humans are typically responsible for data leakage, said Roger Gurnani, CIO of Verizon Communications Inc. “Our job is making sure that everyone understands that security is everyone’s job,” he said.

The SEVEN stories that impact your life

1. Federal News Radio: Senators propose 3.3 percent federal pay hike to start in 2015- “Sens. Ben Cardin (D-Md.) and Brian Schatz (D-Hawaii) introduced legislation Friday calling for a 3.3 percent pay increase for federal employees. If enacted, feds would see the increase from the Federal Adjustment of Income Rates (FAIR) Act go into effect in calendar year 2015. “Hardworking federal employees did not cause our fiscal crises nor did they contribute to the legislative gridlock, but time and again they have been asked to pay the heaviest price toward a resolution. In Maryland and across the nation, these public servants, mostly middle class and struggling to get by like so many other Americans, deserve recognition and thanks for their hard work and dedication,” Cardin said, in a press release.”

2. FCW: HP launches private cloud with high-security federal users in mind- “Hewlett-Packard is making a play for high-security government enterprise customers with its new Helion managed private cloud product that launched May 27. Jeff Bergeron, vice president and chief technology officer for HP’s U.S. public sector, said the offering is “focused on the unique security requirements mandated by public-sector agencies” and represents a starting point in the transformation to a new way of thinking about IT. Helion is the successor to HP’s current virtual private cloud offering.”

3. Nextgov: House votes to halt Obama’s plan to give up internet authority- “The House approved an amendment Thursday that would delay the Obama administration’s plan to give up oversight of certain technical Internet management functions. In a 245-177 vote, the House attached the legislation to the annual defense authorization bill. Seventeen Democrats joined the Republicans in approving the measure. The House then voted to pass the full defense bill, which included a number of other amendments.”

4. Nextgov: Army awards no-bid cyber range deal to Lockheed Martin- “Lockheed Martin has snagged a $14 million deal to help model hacks during cyber operation simulations, according to the Defense Department. During the 5-year contract period, the company will operate and sustain the National Cyber Range. The range is “designed to allow potentially virulent code to be introduced and studied on the range without compromising the range itself,” Defense officials said in a contract notice released late Friday.”

5. Defense News: DoD Distances Itself From US Hacking Indictment of PLA Soldiers- “The Pentagon is distancing itself from the US Justice Department’s charging of five Chinese People’s Liberation Army (PLA) officers with 31 criminal counts of hacking and cyber espionage against six US companies. The indictments, handed down May 19, come as the Defense Department has been working to increase its military-to-military interactions with the Chinese. Despite the charges levied by a grand jury in the Western District of Pennsylvania, senior Pentagon officials said high-level visits, military exchanges and participation in upcoming exercises will go on as planned.”

6. Military Times: Chastened Pentagon promises better ammo count- “Prodded by Congress, the Pentagon has promised a better count of its bullets and missiles, according to congressional staff. The urgency to account for ammunition follows a critical report last month by the Government Accountability Office about the military’s inventory systems. USA Today reported that the Pentagon plans to destroy more than $1 billion worth of munitions, although some bullets and missiles in that stockpile could still be used by troops.”

7. Federal News Radio: Agencies suspending, debarring contractors more than ever- “Agency suspensions and debarments have hit record highs since being pressured by the Interagency Suspension and Debarment Committee three years ago. The Government Accountability Office reported this week that suspension and debarment actions have more than doubled since 2009 governmentwide. Agencies also have made significant reforms to improve their referral, suspension and debarment processes.”

DorobekINSIDER water-cooler fodder… yes, we’re trying to help you make your water-cooler time better too…

• William H. McRaven: Life Lessons From Navy SEAL Training Life Lessons From Navy SEAL Training Adm. William H. McRaven, commander of U.S. Special Operations Command, gave a commencement address last week that graduates, and their parents, won’t soon forget.

• Home-Grown Software Gives Tesla, Facebook a Competitive Edge [The Wall Street Journal]: The pendulum is swinging away from packaged software and rented software as a service. Instead, companies from Tesla Motors Inc. to Facebook Inc. are writing their own software in key areas that give them a competitive advantage. These efforts extend far beyond developing a couple of mobile apps, and include critical back end applications used in manufacturing, content management or customer service. “At Facebook, we want to differentiate the experience our customers have working with us,” Facebook CIO Tim Campos tells CIO Journal. “We can’t be limited by what you can buy.” At Tesla, developing software in-house has the additional virtue of allowing the company to move more quickly than if it relied on a vendor. “Companies that are going to win will discover what customers want and translate that into software that is unique to them,” says Peter Burris, a research analyst at Forrester Research.

Top 10 Apps to Increase Your Productivity [Government Technology] In today’s world, smartphones are a large part of the daily nine-to-five — even if we have to BYOD. And it’s these smartphones and their apps that present new outlets for efficiency.