Feds move on cybersecurity, with privacy in mind

The House Committee on Homeland Security held a hearing on Thursday to discuss aspects of the U.S. government's Cyber Initiative, a classified program ordered by President Bush in an effort to boost the security of federal networks and systems. Among the government officials who testified at the hearing was Karen Evans, who serves as the de facto federal CIO in her capacity as administrator of e-government and IT at the White House Office of Management and Budget. In an interview with Computerworld Friday, Evans discussed the hearing and parts of the Cyber Initiative, including the involvement of the National Security Agency (NSA) and a plan to broaden the use of the government's Einstein network monitoring system and upgrade it by adding real-time threat-detection capabilities. Excerpts follow:

What should people take away from the House hearing? The big takeaway is that the federal government is moving forward in an accelerated way with the Cyber Initiative to ensure that we're properly protecting, and managing the risks associated with, the information we collect. And that we're working to ensure that there is privacy, and we're doing it in a very transparent way. This is really bringing together all the existing efforts [that were already underway] and driving that with very specific deadlines, which I welcome.

When you look at all the initiatives we're doing -- like the implementation of IPv6, HSPD-12 (a smart ID card program), Trusted Internet Connections, the activities we're doing under the policy memo from the president's identity theft task force, and the FDCC (Federal Desktop Core Configuration) -- that's a defense-in-depth vision.

In addition to those efforts, is there anything new that's required under the president's directive? The piece that's different is Einstein. Up to this time, Einstein was an optional program for federal agencies. With this initiative, it is no longer an option. Einstein is [a mandatory] part of the solution that sits at an external network connection.

There's another part that will change as well: the [U.S. Computer Emergency Readiness Team] will have more operational capabilities here, so to speak. If any agency isn't doing its part in maintaining everything that it needs to maintain at an external connection, US-CERT will have the ability to block that connection and reroute traffic through another gateway. That isn't [meant] to impact the agency's mission -- the missions of the agencies are first and foremost, and that will continue to go on. But if something isn't working right, US-CERT will have the ability to stop it.

It could be patching: Maybe one of the gateways doesn't have all of the patches installed [that it should]. So why would we want that vulnerability to stay up there? We wouldn't. This is all basic networking types of things. There's nothing ominous about it.

What's the goal of expanding the use and capabilities of the Einstein system? It will give us better situational awareness. Einstein will look at IP addresses, headers -- that kind of information. We're not going to be reading e-mail or anything of that kind. It works in the same way that any intrusion detection system does.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.