nextgov

The government should sponsor a national body to license cyber professionals and authorize cyber certifications, and then spin it off into an independent consortium, a military faculty member at the Pentagon's National Defense University said.

A body akin to an American Medical Association is needed to authorize individuals to practice as cyber professionals and to revoke that license when necessary, said Lt Col Sean CG Kern, an NDU information security professor. In order for that body to possess authority, it would have to be federally funded, at least initially. This model also would include sub-associations for specialty areas, such as digital forensics, that would pick which certifications currently offered by various firms should be required.

The Homeland Security Department and National Institute of Standards and Technology have carved out 31 cyber specialties. It might not be hard to imagine an American Cybersecurity Association, but upending the cyber certification industry would ruffle some feathers. International Information Systems Security Certification Consortium -- or (ISC)2 -- officials argued that overhauling the certification system would undo hard-won progress in educating the cyber workforce and exacerbate cyber staff shortages.

"Our organization has worked closely with government and anytime that they believe they need a more technical, specific credential, we sit down and build it," (ISC)2 Executive Director Hord Tipton said at the time.

Since 1982, 37,000 people, including 7,000 Americans, survived potentially disastrous incidents because of the COSPAS-SARSAT rescue network. That record earned the satellite system an induction into the Space Technology Hall of Fame.

The honor recognizes technologies originally developed for space applications that ultimately improve live on Earth, and few technologies rival COSPAS-SARSAT in life-preserving metrics.

In 2013 alone, COSPAS-SARSAT’s network of satellites that detect and locate distress signals from emergency beacons led to the rescue of 253 people from potentially deadly situations. The network involves numerous satellites, including the National Oceanic and Atmospheric Administration’s geostationary and polar-orbiting satellites. Altogether the program comprises 43 countries and organizations.

Analytics is often touted as a new weapon in the technology arsenal of bleeding-edge organizations willing to spend lots of money to combat problems. In reality, that’s not the case at all.

Certainly, there are complex big data analytics tools that will analyze massive data sets to look for the proverbial needle in a haystack, but analytics 101 also includes smarter ways to look at existing data sets.

In this arena, government is making serious strides, according to Kathryn Stack, advisor for evidence-based innovation at the Office of Management and Budget. Interestingly, the first step has nothing to do with technology and everything to do with people. Get “the right people in the room,” Stack said, and make sure they value learning.

Finally, Stack said it’s common for agencies to tackle analytics problems by acquisition. That’s a backwards approach in which the only guarantee is that your agency is going to spend money. Instead, Stack recommended agencies “think about contractors less,” and focus first on reaching out to academic researchers, nonprofits and foundations. Don’t sleep on government peers from other agencies, either.

A fundamental overhaul of how federal agencies build and buy information technology systems passed the House for the second time in 2014.

The chamber in February approved the Federal Information Technology Acquisition Reform Act, or FITARA, which among other reforms would limit each federal agency -- including the Defense Department -- to one person with the title chief information officer and give that person authority over the agency’s IT spending.

This time around, the legislation was tacked on as an amendment to the 2015 National Defense Authorization Act, which the House approved by a vote of 326-98.

A similar measure made it into the Defense bill in November 2013 but was stripped out at the last minute in the following month, when lawmakers also cut more controversial amendments -- including one addressing sexual assault in the military -- to ensure the bill would pass both the House and the Senate.

The House approved legislation that breaks out $13.4 million for Air Force cyberattack operations and $5.6 million for efforts to defend the service's networks. But those numbers likely underrepresent cyber offense and especially cyber defense spending, some military budget analysts say.

The problem with cyber funding -- governmentwide -- is that it's hard to define what cyber is, they note. "What they are splitting out here is really just a portion of what they are doing for cyber offense and defense," said Todd Harrison, director of defense budget studies at the Center for Strategic and Budgetary Assessments. "I think it's the part that's more focused on specific adversaries around the world."

The House’s version of the 2015 National Defense Authorization Act would spend a total of $67 million on Cyber Command offensive and defensive activities. The command oversees all Defense Department cyber operations. "I expect that if you did a true accounting of what DOD is spending on cyber, it would be in the billions" of dollars, Harrison said.

The Homeland Security Department would receive additional hiring and compensation authorities for cybersecurity professionals under new legislation introduced and approved by the Senate Homeland Security and Governmental Affairs Committee.

The bill (S. 2354), sponsored by Sen Tom Carper (D-DL), would enable the DHS Secretary to make direct appointments, set rates of basic pay and provide additional compensation, benefits, incentives and allowances in order to recruit and retain critically needed cybersecurity personnel.

“Unfortunately, the demand for cybersecurity experts in the government greatly outpaces the supply, and many agencies have had difficulty attracting the best and brightest and retaining those already in service,” Carper said in a statement.

The new flexibilities would bring DHS in line with recruitment and retention tools currently offered at the Defense Department and National Security Agency.

While DHS has a broad cybersecurity mission, it does not currently have in law any tools to hire faster, pay higher salaries or offer retention bonuses. The flexibilities offered in the legislation would help the department improve its ability to compete with the private sector and other agencies to hire and retain the most skilled cyber workforce, Carper said.

Perhaps data center consolidation, virtualization, cloud computing, remote access and infrastructure diversification aren’t the sexiest terms in the federal repertoire, but they do hold the keys to as much as $20 billion in annual savings, according to a study by Meritalk.

The study, underwritten by Brocade, is based on survey results from 300 federal network managers who estimate that if the government were to fully leverage all five initiatives, it could save about 24 percent of the government’s $80 billion information technology budget.

The survey’s results sound promising, but there’s a caveat: Two-thirds of the surveyed network managers reported their networks are ill-equipped to meet current mission needs, and much further away from being able to fully embrace newer tech initiatives like cloud computing. If network managers could magically flip a switch and significantly increase network speed by approximately 26 percent, the survey claims the government could cash in $11 billion in savings in one year.

The proportion of women in information technology leadership positions has moved little over the past decade, and that statistic may even be trending downward, a new study suggests.

The new 2014 CIO Survey by Harvey Nash of 3,211 chief information officers worldwide found that just 7 percent of respondents are women, a drop of 2 percent over the 2013 survey. While nearly three-quarters (71 percent) of CIOs recognize this gender imbalance and have implemented diversity programs, the proportion of women in IT over the past decade has remained “stubbornly low,” the report stated.

Women IT leaders are slightly more common in the United States, however, with females representing 11 percent of US respondents, Harvey Nash found. Another bright spot is that when compared to other fields, such as human resources, a greater proportion of women in IT are promoted into senior positions.

Agencies are more concerned about insiders leaking citizens’ and partner organizations’ information than their own general business information, according to a new survey by the Ponemon Institute.

Meanwhile, the commercial sector cares more about inappropriate disclosures of business data than customer data. Ponemon surveyed 693 industry and government information technology personnel who had high-level access to internal networks.

Overall, 59 percent, the majority of whom worked in industry, said their business information is most at risk without the right protections. Only 49 percent said client information is most in jeopardy.

Among participants employed at state, local and federal agencies, 54 percent said customer information is the most vulnerable type of information they need to protect. Roughly 42 percent of those government personnel indicated their own business information is most susceptible to leaks.

Software that monitors utility plants and other operations at several military installations has been found to be affected by the recently discovered superbug Heartbleed, when configured a certain way, according to the Homeland Security Department and the software’s manufacturer.

"The latest release of Schneider Electric Wonderware Intelligence Version 1.5 SP1 is not susceptible to the OpenSSL vulnerability. However, users have been known to reinstall Tableau Server, the vulnerable third-party component that is affected. Therefore, Schneider Electric Wonderware has issued a patch and a security bulletin addressing this vulnerability in all versions," states a bulletin from the DHS Cyber Emergency Response Team.

Exploits made by hackers "that target this vulnerability are known to be publicly available" on the Web, DHS said. Heartbleed is a defect in common Web encryption software that researchers discovered in early April.