Government Technology
Government Technology: State & Local Government News Articles

Melissa Hathaway Has Big Cyber-Security Agenda (Opinion)

Bookmark and Share
Comment
You May Also Like

Apr 14, 2009, By Mark Weatherford

The recent announcement that Melissa Hathaway, a top cyber-security adviser for the director of National Intelligence, will direct a 60-day review of federal cyber-security is surprising in its audacity. Anyone who even remotely comprehends this Herculean task would, quite understandably, wince at the challenge.

The cyber-security problem however, goes far beyond the federal government. State and local governments struggle mightily to maintain adequate security technologies and staff proficiency. It's time for leadership at all levels of government to understand how dependent the nation and our citizens are on cyber-security. Professor Gene Spafford of Purdue University states it succinctly: "Information security has transformed from simply preventing bad things from happening into a fundamental business component."

Another encouraging sign that the Obama administration is serious about cyber-security is that its agenda contains specific goals, including:

  • strengthening federal leadership on cyber-security;
  • initiating a safe computing research and development effort and hardening the nation's cyber-infrastructure;
  • protecting the IT infrastructure that keeps America's economy safe;
  • preventing corporate cyber-espionage;
  • developing a cyber-crime strategy to minimize the opportunities for criminal profit; and
  • mandating standards for securing personal data and requiring companies to disclose personal information data breaches.

While my optimism is fueled by the belief that bold leadership is truly powerful, it's also dampened by the reality that the cultural inertia within government actively resists change. I've been pondering how visionary leadership could benefit the nation and those of us toiling in public-sector cyber-security, and have identified a few targets that a national cyber-adviser might address.

Broaden and increase effectiveness of federal cyber-security grants. Despite the obvious knowledge that a cyber-attack could profoundly impact many government systems or critical infrastructures, the paucity of federal funding to protect them is appalling. Federal funding is critical to adequately address this national issue.

Identify and unreservedly exploit the diversity of public- and private-sector organizational knowledge regarding the nation's critical infrastructures. A paradox of the nation's critical infrastructure is how dependent public safety is upon something so disproportionately owned and managed by for-profit companies. Even worse is the lack of coordination between government organizations.

Develop consistent national regulatory guidance around security standards. While we have logical borders between governments and private-sector organizations, we also have arbitrary security policies to protect the data that crosses those borders. The cliché that "risk accepted by one is risk shared by all" is irrational at the national level, and self-regulation isn't the answer when economic incentives are out of balance. A report by the Center for Strategic and International Studies, Securing Cyberspace for the 44th Presidency, said it best, "We believe that cyber-space cannot be secured without regulation."

Expand the National Centers of Academic Excellence in Information Assurance Education program that currently includes 93 centers at colleges and universities across the nation. While "Centers of Excellence" is arguably the wrong title for this program since the term doesn't logically lend itself to such a large number of organizations, the program goals of decreasing the vulnerabilities in the national information infrastructure are appropriate.

 

Visit Mark Weatherford's blog, Securing GovSpace.

 

The views expressed are solely mine and nothing stated in or implied from the article should or may be attributed to the state of California or any of its agencies or employees.

 

Mark Weatherford is the executive officer and chief information security officer (CISO) of California's Office of Information Security and Privacy Protection. Appointed by Gov. Arnold Schwarzenegger, Weatherford has broad authority over California's cyber-security activities and is responsible for state government information security program policy, standards and procedures. He previously served as Colorado's CISO.


MJ

Latest Government Technology News


Industry Solutions for Government

Read real world deployments of technology in government from our sponsors.

View All Industry Solutions

Related Products and Services

Marketplace


Get Public CIO's Bi-Weekly Newsletter
This section
brought to you by:

CA RC Q1 2010 Resource Center

Take our Identity
Lifecycle Management (ILM) Survey

Can your organization keep pace with its growing demands while enforcing security controls?

Take Survey Now!

Mainframe

White Paper: The Mainframe Opportunity IT Strategies For Achieving Breakthrough Value

Forrester conducted interviews with CIOs/CTOs of mainframe users in the US and Europe to better understand their strategies in the use of the mainframe.

Strategy Paper: CA's Mainframe 2.0 Strategy Roadmap

Fully capitalize on the potential value offered by the mainframe as the availability of mainframe professionals becomes increasingly constrained.

MF 2.0 Product Brochure

Mainframe 2.0 is CA’s new and far-reaching initiative that is changing the way the mainframe is managed forever.


Cybersecurity

IDC White Paper - Identity Lifecycle Management: Bringing Together Security, Identity and Compliance

Read this to learn about the technology and best practices needed to manage your identities throughout their lifecycle.

I Am Who I Say I Am

This paper discusses the drivers, responses and challenges associated with information security in Government.

Simplify and Secure: Managing User Identities Throughout their Lifecycles

Find solutions that simplify, automate and secure the activities for creating and modifying user identities and roles throughout the organization.

Virtualization / Cloud Computing

White Paper: Integrated Infrastructure and Performance Management for Virtualized Environments

Government agencies use virtualized environments to decrease costs, consolidate data centers and reduce environmental impacts.

CA Virtualization Management

CA Virtualization Management solutions provide integrated end-to-end management, automation and security which drive better outcomes.

Working Together to Maximize Business Value of Your IT Investments

VMware and CA have responded to your requirements by forging a solid partnership focused on your enterprise's needs.

Project and Portfolio Management

A Life Cycle Approach to Grants Management

Using project management at every stage of grant administration can maximize funds now and for the future.

A Platform for the New Transparency: Meeting the Challenge of ARRA Grants Management in State and Local Government

The sheer size of ARRA and new grant opportunities has had a tremendous impact on the workload of grants management staff. But the size of the program is only part of the story.

Success Stories: IT Governance: Making the Difference in Cities, Counties and States

Decision-makers need to align IT projects with organizational goals.  See how three agencies achieved this.

Yes! I would like more information about CA's solutions for Government.

Government Jobs

Browse hundreds of public sector career opportunities in GovTech's new jobs section. Popular job searches: government IT, public safety, GIS, transportation, CIO, security, health