INDEPENDENT NEWS

Cyber Security: The Status of Information Security

By: US State Department
Published: Thu 26 Jun 2003 11:03 AM
Cyber Security: The Status of Information Security and the Effects of the Federal Information System Management Act at Federal Agencies
Bruce Morrison, Acting Chief Information Officer Testimony Before Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census Washington, DC June 24, 2003
As Delivered
Good Morning Mr. Chairman and Members of the Committee. I am honored to be here and appreciate the opportunity to discuss information security at the Department of State. With your permission, I will submit my written testimony for the record.
While we are not yet where we would like to be in cyber security, I would like to take this opportunity to report on the initial stages of improving our program.
I would like to state that we at the State Department have the highest level of support from Secretary Powell and Under Secretary for Management Green. Secretary Powell considers Information Technology [IT] and Security to be a strategic component in implementing U.S. foreign policy.
Let me summarize of IT Security at State
We have long established a strong perimeter defense with technical, physical, and personnel controls, anti-virus, firewalls, intrusion detection, and incident reporting.
However, we realize that a sound cyber security program is built upon a defense-in-depth strategy that includes management controls as well as technical and operational measures. What we have lacked in the past is a comprehensive management structure and a serious Systems Authorization program.
A New Day
It is a new day at State, with the convergence of several events bringing a fresh approach and commitment to cyber security. First, GISRA [Government Information Security Reform Act] and then FISMA [Federal Information System Management Act] focused top management attention on cyber security. Second, we have new cyber security leadership at State I stepped into the position of acting CIO [Chief Information Officer] six months ago. Additionally, there is a new Assistant Secretary for Diplomatic Security with whom we collaborate closely. Finally, OMB [Office of Management and Budget] very helpfully mandated that we authorize all systems by 4th Quarter FY 2004.
Our new organization is giving birth to a new cyber security culture, and is producing results. We have a new Office of Information Assurance headed by a senior officer reporting directly to me. This office handles IT security policy, program management, performance measures, risk management, and reporting.
There is increased Department-wide cyber security focus as all offices are now involved to some degree in cyber security through the Plans of Actions & Milestones (POA) process and awareness programs. As I mentioned, there is excellent rapport and collaboration between the CIO and the Bureau of Diplomatic Security on all aspects of cyber security. A similarly cooperative partnership exists with the Chief Financial Officer on Critical Infrastructure protection and the information technology budget.
We have a senior-level, multi-disciplinary Cyber Security Advisory Group. There is a close working relationship with the Office of the Inspector General [IG]. In bi-weekly meetings with the IG, we discuss a variety of cyber security issues with FISMA requirements and systems authorization taking center stage.
Security and Capital Planning and Investment Control (CPIC)
State has recently established an E-Gov Program Board chaired by Under Secretary for Management Green to manage all IT funds.
Information Assurance experts now review every IT system budget request to assure that appropriate security considerations are budgeted and executed.
Cyber security is represented at all levels of the budget process. We have initiated ongoing training for Systems Owners on completing the security part of budget submissions.
Systems Authorization
We have developed a new process for IT, which is a hybrid of NIACAP [National Information Assurance Certification and Accreditation Process] and NIST [National Institute of Standards and Technology] guidance and categorizes systems by type and security classification level. The plan was developed and submitted to OMB in March and budgeted in mid-April. We are on track with 10% of our systems done and with goals of 33% by August 2003 and 100% by August 2004.
Institutionalizing Cyber Security
We are taking specific steps to institutionalize cyber security management and practices. New systems are addressing security from the outset and will undergo C [Certification and Accreditation] so that they are authorized before being put into operation. In our future budgets, requests will include security costs. Regular awareness sessions for all users, establishing a cyber security corps and mandatory training for the security practitioner will assist in institutionalizing cyber security throughout the Department.
In summary, FY 2003 Progress
We are still in the early stages of creating a comprehensive cyber security program but we have made great strides over the past few months. This progress contributed to our PMA [President s Management Agenda] score of green for E-Gov progress.
[End]

Next in Business, Science, and Tech

Gaffer Tape And Glue Delivering New Zealand’s Mission Critical Services
By: John Mazenier
Every debt, eventually, has to be repaid. Right now, the day of reckoning is fast approaching for one of the most crippling, but least discussed, debts burdening government across New Zealand – technical debt. Technical debt is the cost of generations ...
Ivan Skinner Award Winner Inspired By Real-life Earthquake Experience
By: Earthquake Commission
Ben Exton is the first engineer outside of academia to receive the Ivan Skinner Award, which is funded by EQC Toka Tū Ake.
Consultation Opens On A Digital Currency For New Zealand
By: Reserve Bank
The Reserve Bank of New Zealand – Te Pūtea Matua is continuing its exploration of a central bank digital currency. “We are calling this ’digital cash’. It would be a new type of money in addition to the banknotes and coins we have today, ...
Ship Anchors May Cause Extensive And Long-lasting Damage To The Seafloor, According To New NIWA Research
By: NIWA
NIWA anchored their research vessel in Wellington Harbour and observed in real-time how its anchor changed the surrounding environment.
A Step Forward For Simpler Trade Between New Zealand And Singapore
By: New Zealand Customs Service
The New Zealand Customs Service has signed an arrangement with Singapore that will help to make trade simpler for exporters. A cooperation arrangement with Singapore Customs and Singapore’s Infocomm Media Development Authority (IMDA) was signed ...
68% Say Make Banks Offer Fraud Protection
By: Horizon Research Limited
Results are from a Horizon Research omnibus survey conducted between 22 to 26 March 2024.The survey was conducted as part of Horizon's public-interest research programme.
View as: DESKTOP | MOBILE
Scoop Contact About Services Newsagent Login
Connect Submit News Social Media Scoop Network
Ethical Paywall Accredited Orgs. Licensing Terms of Use
© Scoop Media