Increased security seems to be on the mind of everyone this year. The President made promises to increase Cybersecurity in his State of the Union Address. President Obama’s budget calls for the strengthening of government cybersecurity while reducing overall information technology spending by more than a half-billion dollars. The document provides a roadmap to the administration’s thinking on the direction it wants to take on cybersecurity. The White House Proposal supports a number of research and development projects the administration envisions to promote a secure and reliable cyberspace.
- The National Science Foundation would receive $110 million for basic research initiatives aimed to secure the nation’s critical information infrastructure, the mostly privately owned networks that control the flow of money, energy, food and other vital things that make society function.
- The National Institute of Standards and Technology, under the budget, would get $86 million above current levels to fund research for a number of projects, including ones focused on cybersecurity.
- The budget proposes spending $769 million to support the operations of the Department of Homeland Security’s National Cybersecurity Division, which safeguards federal computer systems and sustains efforts under the Comprehensive National Cybersecurity Initiative to protect American information networks from the threat of cyberattacks and disruptions. Some $202 million of the DHS IT security budget would go to improve government-wide continuous monitoring of vulnerabilities in government IT systems.
Several key Senators have banned together to propose new legislation to codify some of the authority the Obama administration has granted the Department of Homeland Security over federal civilian agency IT security. The legislation would create the National Center for Cybersecurity and Communications within DHS to coordinate federal efforts to battle cybersecurity threats facing the government and the nation’s critical information infrastructure, the mostly privately owned networks that control the flow of money, energy, food, and transportation.
- The bill would amend the Federal Information Security Management Act to require the government to develop a comprehensive acquisition risk management strategy, moving away from a culture of compliance to one of security by giving DHS the authority to streamline agency reporting requirements and reduce paperwork through continuous monitoring and risk assessment.
- Penetration testing through so-called red-team exercises would be emphasized under the bill’s provisions as well as operational testing of systems to ensure agencies are aware of network vulnerabilities.
- DHS would assess the risk and vulnerabilities of critical infrastructure systems that threaten the nation’s well-being to determine which networks should be required to meet a set of risk-based security standards.
The National Institute of Standards and Technology (NIST) is unveiling new security guidelines at the RSA conference in San Francisco later this month. In an interview with Information Security Media Group, Ron Ross, Senior Fellow at NIST, states that NIST will use the assemblage of information security experts to release one of NIST’s most important pieces of guidance: Special Publication 800-53 Rev. 4, Recommended Security and Privacy Controls for Federal Information Systems and Organizations. “The update is very important because we’ve gone through the entire catalogue (of controls) and we looked at all of the gap areas where we didn’t think we were getting sufficient coverage,” says Ross. New to the revised guidance are controls on advanced persistent threat, cloud and mobile computing, and insider threat and privacy.
With all this focus on security, Security Professionals are in high demand. (ISC)2 recently issued the results of the 2012 Career Impact Survey. According to the study, which polled more than 2,250 security professionals globally, nearly 70 percent of respondents say they got a salary increase in 2011, while 55 percent expect to receive an increase in 2012. Security Professionals are also getting hard to find. With near full employment, the average hiring time for highly-trained and qualified security professionals has increased the hiring process to three to six months or more. Looks like it might be a significant area of growth for jobs for the foreseeable future.