Skip to content

Cyber Warriors: A Frank Discussion at FedSMC – Part I

April 12, 2011

Yesterday, I hosted a panel at the FedSMC conference in Cambridge, MD, titled “Security Without Borders: Finding the Enemy Within”.  During this fantastic 90-minute panel, I was privileged to be joined by three federal information security and technology experts:

  • Theresa Payton, former White House CIO, and current CEO of security service provider Fortalice Solutions
  • Dr. Ron Ross, Senior Computer Scientist and Information Security Research, NIST
  • Vernon Bettencourt, former CIO of the United States Army G-6

The conversation was intensely focused on the threats that hang over the heads of federal agencies – both intentional and accidental – and what agencies can do about it.  Over the next few days, I’ll be posting some key excerpts from this truly “under-the-hood” view of federal information security.

The Business Case for New Technologies

While much of the panel was focused on identifying and mitigating risks associated with new technologies – cloud computing, mobile devices, social media, and others – one of my first questions to the team was, “Do these technologies really have a place in the federal government in the first place?”

The answer was clear: a resounding yes.  In particular, the need for both social media and mobile technologies received a strong endorsement across the entire panel.  From battlefield commanders who need lightweight, mobile (and secure!) intelligence devices, to deployed armed forces who rely heavily on social media to communicate with their families from abroad, it’s clear that new technologies are needed, despite the risks they may introduce (more on that in a following post…)

Cloud computing was also identified as a critical component for federal agencies, providing scalable computing and storage while also reducing costs.  Interestingly, however, the cloud was perhaps the area of greatest security concern for our team; the consensus around cloud services – especially those from external providers – is that there is a long way to go before federal agencies will be able to trust anything more than unclassified data and non-mission-critical services.  There’s a strong belief from our panelists that internal adoption — private clouds – will be the first significant foray by federal agencies into cloud services.  Commercial adoption will occur, but only after authorization of commercial cloud services providers through initiatives such as FedRAMP.

Next Up: How real – or imagined – are the risks associated with these new technologies?

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: