From: FederalNewsRadio.com 1500AM
By Jason Miller
Federal cybersecurity workers have gotten the message: A static defense of their computer networks and systems is no longer acceptable or useful.
But chief information security officers and other their staffs continue to struggle to move to a more dynamic approach, commonly known as continuous diagnostics and monitoring.
The Homeland Security Department awarded a blanket purchase agreement to 17 vendors in August worth about $6 billion to help agencies move in that direction.
But DHS is trying not to repeat failures of previous cyber contracts where agencies didn’t understand what they were buying or just didn’t take advantage of the products and services.
Instead, the agency is teaming with the SANS Institute to provide a one-day free training course detailing what CISOs and their staffs need to do to make continuous monitoring a reality inside their agencies.
“What’s key is, how do we overcome the barriers that have kept government agencies from doing a better job of securing their systems? And getting to continuous monitoring has been one of those problem areas. The more data you collect because you are monitoring more continuously, the more you have to do something with that data,” said John Pescatore, the director of emerging security trends for SANS. “You need technologies and processes to make that data work, and government agencies have found that can be expensive, manpower intensive. So the purpose of the workshops is to essentially highlight decision frameworks and processes government agencies can put into action to take advantage of the funding from this program that offers them both products and services completely funded by Congressional funding.”
Funding available; policy coming
Congress provided more than $180 million in the fiscal 2013 continuing resolution to help agencies implement continuous monitoring.
Pescatore said the BPA will help reduce procurement costs, but agencies need implementation help.
“The workshops are there to help them put together the right plans, the right processes and the right timelines to be able to deploy these products, integrate them, use their automation capabilities to take the some of the workload off the government’s security operations people and hear about the future of reporting and certification and accreditation of government systems and how that changes if you sign on to the continuous monitoring efforts,” he said.
Read Complete Article/Listen to Story
Leave a Reply