USAID plans to a rebound from dramatic drop in cybersecurity scores

Editor’s Note:  The Office of Management and Budget’s Fiscal Year 2011  Report to Congress on the Implementation of FISMA is attached below.

From: FederalNewsRadio.com  1500AM

By Jason Miller

For years, the U.S. Agency for International Development stood out among agencies  when it came to cybersecurity and meeting the requirements under the Federal  Information Security Management Act (FISMA).

But last year, USAID went from an “A” grade to a “F.”

The Office of Management and Budget’s report to Congress on how agencies are implementing  FISMA requirements found USAID dropped 36.6 points to a score of 53.8.  In 2010,  the agency earned a 90.8 score.

Jerry Horton, USAID’s chief information officer, said the reason for the dramatic  drop is because the agency didn’t have a continuous monitoring program in place.

USAID was one of five agencies not to submit cyber data feeds to the Homeland  Security Department’s cyberscope program. The OMB  reportstated USAID didn’t implement a configuration management capability at  all, but had a fully capable vulnerability management functionality, and an 80  percent capability for asset management.

Horton said the agency also got marked down because they weren’t using their  secure identity card, under Homeland Security Presidential Directive-12, for  logical access.

“We have plans in place to handle both so we will get our score back up this  year,” Horton said. “It’s not really budget issue. It’s really a change in the way  the score is tracked from OMB’s perspective.”

Network upgrades key to cyber

Horton said USAID has an opportunity to improve its security as it upgrades its  network. He said the goal is to build security into all of the agency’s  applications.

The biggest challenge for the department with implementing continuous monitoring  was the process.

“We were a little behind in getting it running and I think that’s what caused the  FISMA score last year,” he said. “It’s not really a difficult proposition. Most of  what we do on a security basis isn’t that difficult. It’s just a matter of getting  it done.”

Horton said his office has been upgrading USAID’s network around the world for several  years.

He said USAID has been moving more toward the cloud and mobility.

“We are basically making our applications, our services available from any  network, at anytime from anywhere in the world,” he said. “The cloud is a huge  piece of this as is virtualization. We revolve it around mobility. The ability for  a person to have a tablet, a smartphone, a laptop and even a desktop in a foreign  location to be able to access our network infrastructure remotely, safely and  securely.”

He said the end goal is to make it easier for employees no matter where they are  to access data and systems.

Lightweight apps to overcome latency

Part of USAID’s upgrade plan is to consolidate networks with the State Department  at posts around the world. Horton said his agency is eliminating three separate  networks at three posts around the world.

“We are trying to head to the fact it runs on any network. A network  infrastructure is becoming a commodity with the Internet so available and so easy  to access, whether we use the Internet  for our access or the State Department or  anyone else, it doesn’t really matter,” he said.

Horton said because employees often are in countries without consistent  electricity or Internet service, USAID is trying to solve some of the long- standing challenges from working in those countries.

He said the agency is consolidating its data centers to be closer to the point of  presence for all network infrastructure coming into the U.S. Horton said that will  eliminate many of the latency and speed issues.

“As we move our applications to be more Internet available, they can hit them from  any access point, any wireless network, anything so it gives us an opportunity to  tune our applications to work in a lot of places where latency is an issue or  where just time is an issue,” Horton said. “For example, some of our applications  running in the cloud are actually faster to run over a local Internet connection  or over a satellite link than it is to run over AIDNet or over the State  Department’s network or over anyone else’s network because they are tuned more  toward that capability.”

He said a large number of employees, about one-third, have access to online email  through a tablet or smartphone in places such as Sudan or Afghanistan. He said the  agency expects to save about $4 million a year through online email.

But Horton said vendors need to do more to move older software to the mobile and  cloud environment.

fy11_fisma

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *