Securing Cyberspace for the 44th Presidency – changes in the U.S. federal market
“Securing Cyberspace for the 44th Presidency”, a report from the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity, offers insights and policy recommendations to decision makers based on research and the opinions of industry experts.
As well as appealing to the incoming administration to prioritize cybersecurity as a vital national asset, the report recommends forming new agencies and organizational bodies with responsibility for cybersecurity. It also suggests re-enforcing the federal partnership with the private sector; increasing regulations; securing control systems using acquisitions rules to improve security; strengthening identity management; modernizing authorities; revising the Federal Information Security Management Act (FISMA); and building for the future by investing in training and in research and development.
What effect would a renewed federal priority on cybersecurity have on atsec’s customers, who are in general international private sector IT companies?
If the recommendations of the report are adopted, then we might expect to see changes in the U.S. federal market such as:
1) An emphasis on standardization.
2) Strengthening of security in four sectors: finance, energy, ICT and
government services.
3) Strengthening of implementation of the Common Criteria in the U.S. Re-funding and re-organizing the U.S. Common Criteria scheme operated by NIAP, with an interest in international cooperation and leadership.
4) Growth in the NIST programs, especially in personal identity (currently NPIVP and the GSA programs for FIPS 201 evaluation).
5) Development and implementation of guidelines for the procurement of IT products (with software as the first priority).
6) Instantiation of NIST standards and programs for regulating industrial controls.
7) Increased use of secure Internet protocols; co-operation with other countries and the ITU to develop the adoption of the protocols on a wider international basis.
8) Requirements for the provision of securely-configured products through the acquisition process.
9) Increase in risk management-based mechanisms for information security, rather than checklist-based approaches.
10) Legislative initiaitves to give law enforcement more “teeth” to make IT security happen.
Source: atsec information security.