With a number of high-profilesecurity hacks involving widely used software, government agencies are retraining their focus on their organization's security measures and those of the vendors and service providers that work with them. This shift in focus was actually on the rise before the recent hacks in anticipation of cyberattacks just like the ones we've recently seen.
In January of 2020, the Defense Department implemented the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. Contractors have always been held responsible for implementing and documenting their IT systems' security that touch sensitive government data. Under CMMC, this continues, but adds the need for a third party to assess the contractor's compliance.
With the closing of the decade, we thought it would be interesting to look back at the top technology headlines of 2009 and compare them to where the market is today.
Data on the Rise
Big news was the launch of data.gov in late May of 2009. The site was championed by the country's first Federal CTO, Vivek Kundra, as a way to enable citizens to access federal data. In addition to making the government more transparent, the hope was that private sector could use the massive amount of federal data in research and to create innovative programs and solutions. The site launched with 47 data sets and as of the last reporting (June 2017) it now holds approximately 200,000 datasets, representing about 10 million data resources. Beyond these numbers, data.gov's impact has been significant.
Thousands of programs can point to the site as the basis for their development. More importantly, it launched a new way of thinking in government. Agencies stopped being as territorial about their data and slowly but surely became more open to sharing it with one another and with the public as they saw what innovation can happen with simple access. In 2019, the vision of data.gov expanded with the Open, Public, Electronic and Necessary Government Data Act, requiring that nonsensitive government data be made available in machine-readable, open formats by default. Continue reading →
The Department of Homeland Security's Continuous Diagnostic Mitigation Program (CDM) was developed as a guideline process for agencies to fortify their ongoing cybersecurity plans and tactics. Agencies have worked through the stages of the program, first identifying what and who is on their network and then looking at what is happening on the network - really identifying the who, what, when, and where. Today, the focus is to put all that information to work in developing plans that address the "how" of secure networks including:
Reduce agency threat surface
Increase visibility into the federal cybersecurity posture
Improve federal cybersecurity response capabilities
Streamline Federal Information Security Modernization Act (FISMA) reporting
According to a recent survey, in the seven years since its inception, the CDM program has met its mission of making government IT systems more secure. But this success does not mean the work is done. Legislation has been introduced that will make CDM permanent and expand its reach to meet the ongoing cyber threats that face government agencies. Moving forward, the CDM will help agencies focus on taking what has traditionally been a piecemeal approach to cybersecurity and creating a more integrated approach that ties to the an overall cyber strategy.
In October, ghosts and goblins come to life as decorations on front lawns and as candy-seeking children knocking on our doors. But stepping away from the frivolity of Halloween, October has also become a time for us to reflect on the real threats we face year-round when it comes to our data, identity privacy and online security.
National Cybersecurity Awareness Month (NCSAM), spearheaded by the Department of Homeland Security (DHS), is a "collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online." This year's theme is Own IT. Secure IT. Protect IT. Programs around the country will address topics including citizen privacy, securing consumer devices, and eCommerce security.
More than IT professionals talking to one another, NCSAM aims to reach out to the public to emphasize personal accountability and educate people about the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. The NCSAM website has some handy guides that can be shared to educate people on these actionable steps.
The Continuous Diagnostics and Mitigation (CDM) program, led by the Department of Homeland Security, was designed to fortify the cybersecurity of government networks and systems with capabilities and tools that identify risks on an ongoing basis, prioritize these risks based on potential impacts, and enable personnel to mitigate the most significant problems first. The program was rolled out in phases with phases one and two pretty much complete across government.
Now that agencies know what and who is on their network, they need to move onto phase three - what is happening on the network. This involves installing and managing the network and perimeter security measures. Given that the perimeter now includes mobile devices, securing those devices and the way they access the network is critical to meeting CDM goals. Currently,agencies are mapping out mobile connections at the agency level, and the networks with which agencies are regularly interacting.