Discussion on Information Assurance topics, sharing approaches, best practices, new ideas, and events.
The state of Information Assurance at the US State Department
July 11, 2009 at 11:13 am #75515
From Fedscoop blog
Cybersecurity in the Spotlight
Deputy Director, Office of Information Assurance
Bureau of Information Resource Management, Department of State
The Obama Administration is quite forward-thinking in its use of technology. From the creation of new positions within the Executive Branch (including the CIO, CTO, and cybersecurity czar) to the use of social media for public communication, IT security has become a paramount initiative. On Wednesday, June 24, I sat down with Federal News Radio host, Tom Temin, to discuss the challenges facing the Department of State during this progressive time in the Federal Government.
Using technology to facilitate citizen–government dialogue, simplify government services, increase government transparency with public information, and public diplomacy are top priorities for the Administration’s new Federal CIO Vivek Kundra, but secure IT systems are key to these initiatives. Challenges in information security are numerous, but they all share one common feature: security starts with the user. When users are educated about best practices and develop situational awareness, they increase the security of their system and agency networks. The Bureau of Information Resource Management (IRM) works diligently to protect Department information through training, communications and tools.
In the Department of State, it is the program offices in Washington that develop tools and policies to enhance cybersecurity, but integration and maintenance of our global networks depend on the IT professionals in our 265 embassies and consulates around the world that implement these measures. There are some locations where infrastructure challenges make it extremely difficult to maintain secure networks and the IT professional staffs work tirelessly to keep the Department’s systems assured. The teamwork throughout the Department has created a symbiotic relationship for the ever-improving cybersecurity environment.
Working closely with our Deputy CIO/CISO, John Streufert, and Information Assurance’s Chief Computer Scientist, Dr. George Moore, has been critical to the security of Department networks. Engineered by a team under the guidance of Dr. Moore, a Site Risk Scoring program was implemented as a tool to provide a dashboard and detailed reporting of the vulnerabilities that exist on every computer and user account. Centralized vulnerability and compliance scans gather this data from a variety of tools hosted in Washington and the results are distributed to the embassy or consulate for remediation. My Global Oversight staff provides the customer service interface to successfully implement the Site Risk Scoring program and a Tiger Team has been developed to help system administrators around the world increase their site scores, thus lowering the risk to the Department’s data.
Problems with the network are not only technical; there is a physical security aspect that must not be overlooked. IRM and the Bureau of Diplomatic Security coordinate closely to integrate the necessary physical security and cybersecurity. Physical inspections are performed by Diplomatic Security officers and the application of technical controls is handled by Information Management Specialists.
While the challenges facing information assurance at State are considerable, with dedicated staff and coordinated efforts, we aim to secure our networks to support the vision of our new Administration. Emphasizing user responsibility will be a key message in the age of Government through technology and the public will benefit with improved access to government dialogue, services, information, and announcements.
To learn more about these initiatives, listen to the entire interview located at the following link:http://www.federalnewsradio.com/index.php?sid=1703823&nid=56
You must be logged in to reply to this topic.