While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Cyberthreats stay on government networks an average of 16 days before being detected, according to a new report from MeriTalk funded by Splunk, but some experts believe an increase in Big Data analytics could reduce that number.
The study, titled “Go Big Security,” interviewed 302 federal, state and local government cybersecurity leaders in March to get a clearer view of the cyber challenges facing the public sector.
“Government organizations have access to a wealth of cyberthreat information,” Kevin Davis, area vice president of Splunk public sector, said in a statement. “The challenge is managing that data and connecting the dots in real time. That's how we get immediate insight into threats. Agencies need to detect threats faster and start to predict when and how they will occur.”
Some key findings from the study are:
The Cloud Security Alliance (CSA), a nonprofit organization that promotes security best practices in cloud computing, will share its research on software defined perimeter (SDP) specifications with the federal government at the organization’s federal summit Tuesday in Washington, D.C.
Jim Reavis, CSA CEO, said SDP is a next-generation architecture, built on the same principles that the government’s three-letter agencies — the FBI, CIA, NSA, etc. — use to protect its classified networks.
The CSA developed a framework for developing them in the cloud in an open-source manner based on collaboration from more than 100 organizations, including Coca-Cola, Verizon and Mazda.
“We see this as an architecture that will be used more in the coming years that will allow for more use of public clouds with high-security needs,” Reavis said. The CSA defines SDP in more detail:
The Office of Personnel Management surveyed nearly 400,000 federal employees across 82 agencies about their job satisfaction and workplace culture. OPM asked feds about their agencies’ telework programs and how often they work remotely. Here’s what they learned:
A 2010 cloud-first policy required federal agencies to default to secure, reliable, cost-effective cloud-based solutions when evaluating options for new IT deployments. Since then, agencies have moved numerous systems to the cloud, including email, help desk functions and web hosting.
As agencies move more sensitive data into the cloud, questions about security, management and disaster recovery capabilities remain. CDW•G can help.
CDW•G’s latest e-book, available for download through the Technology Insights app, offers practical guidance for working through these issues and achieving financial and operational efficiencies in the cloud.
Visit fedtechmag.com/cloudapp to learn more.
Did you know the federal government is developing a national strategy to guide agencies’ Big Data research and development programs, policies and investments over the next five to 10 years?
The Big Data Senior Steering Group at the National Coordination Office for Networking and Information Technology Research and Development (NITRD) is spearheading the effort. The group released a draft of the National Big Data R&D Strategic Plan in October, but more work is ahead.
The steering group and its member agencies envision an ecosystem in which agencies are empowered to make decisions and discoveries based on data sets that are large and diverse and can be accessed in real time, according to the draft plan. Another priority is educating the next generation of scientists and engineers.
Big changes are ahead for the Federal Risk Authorization Management Program, known as FedRAMP. A new two-year roadmap released in December details more than 40 initiatives aimed at accomplishing three overarching goals for the federal cloud security program: increasing stakeholder engagement, including the number of agencies implementing FedRAMP; improving program efficiencies by automating FedRAMP documentation; and adapting FedRAMP to support evolving cloud offerings and security policies, while focusing on risk management rather than compliance.
Called FedRAMP Forward, the new roadmap will also ensure that the cloud security program is implemented more consistently, and it will clear up agency misconceptions that restrict competition among cloud providers vying for federal business. The roadmap groups initiatives in six-, 12-, 18- and 24-month intervals.
Paul Austin, the CTO of EMC’s federal division, recently answered some questions from FedTech managing editor David Stegon about the evolution of hybrid cloud use within the federal government.
FEDTECH: What are the most common government uses for hybrid cloud?
AUSTIN: Government missions are now demanding more from IT — asking for choice in devices; requiring greater and faster access to infrastructure and applications; and driving new demands about application flexibility, such as where to deploy, for how long and with how many resources. To meet these expectations, government IT organizations must deliver IT-as-a-Service (ITaaS) via a well-run hybrid cloud that brings together the trust, control and reliability of private cloud with the simplicity, low cost and flexibility of public cloud, while maintaining interoperability and visibility.
Steven VanRoekel has left his post as chief innovation officer at the U.S. Agency for International Development, FedScoop reported. Last September, VanRoekel announced he would be stepping down as federal CIO to join USAID's efforts to fight Ebola. President Barack Obama announced last month that Tony Scott, VMware's former senior vice president and CIO, would take the reins as federal CIO.
VanRoekel told FedScoop he wanted to spend time with his family and does not have another job lined up. Read more here.
The federal government is serious about catching a Russian cybercriminal believed to be the mastermind behind the Game Over Zeus botnet. The FBI announced Tuesday it would pay out $3 million for information that leads to the arrest of Evgeniy Mikhailovich Bogachev, according to Bloomberg. This is the largest reward the FBI has offered.
"Game Over Zeus has infected more than 1 million computers and cost victims over $100 million," CNN reported.