TRENDING:

The Public Eye with Eric Chabrow

Memos Highlight Physical-Virtual Security

Eric Chabrow (GovInfoSecurity) • August 24, 2010    
Memos Highlight Physical-Virtual Security

Cybersecurity doesn't exist in a void; it's an integral part of not only government IT but how the government functions itself.

Two significant memos issued the past few days, one by Defense Secretary Robert Gates and the other from Federal Chief Information Officer Vivek Kundra, wouldn't be labeled cybersecurity, but both have IT security implications. Gates' memo deals with processes needed to be changed following last November's shooting at Fort Hood, Texas, in which authorities accused Army psychiatrist Maj. Nidal Hasan of killing 13 people. Kundra's memo threatens funding cuts to some 30 mission-critical IT projects his office deemed at risk.

Though not explicit, both memos show the synergy between physical and virtual security.

Simply, an investigation Gates ordered suggested that sharing information over DoD computer networks might have alerted authorities of the mental condition and activities of the suspect that may have prevented the attack. The review also revealed that when the attack occurred, Fort Hood implemented what is known as Force Protection Condition Delta, the highest of the four base alerts, this one signifying a terrorist attack was taking place or had just occurred. Other bases in the United States should have been alerted, but were not. Gates' memo says:

"Most installations found out about the event through the news media. Events that are happening within one area of responsibility should inform force protection decisions in another. The requirement for a process/system to share event information in near real-time is key for alerting the force that an attack is underway."

The lack of comprehensive and interagency-coordinated cyberspace counterintelligence activities policies found by investigators had prompted Gates to order that such a policy be implemented as early as this month.

The relationship between physical and virtual security also can be found in the IT projects deemed at risk by Kundra. Take, for example, one of the more costly projects: the Department of Homeland Security's $4.5 billion initiative to build a web-based system to consolidate seven different cargo processing systems into a single portal aimed at identifying items being imported to the United States that could cause physical harm.

Kundra, in his memo, states:

"Federal information technology projects too often cost more than they should, take longer than necessary to deploy and deliver solutions that do not meet our business needs. ... In order to justify future funding for these projects, agencies will need to demonstrate that project risks can be reduced to acceptable levels through actions such as setting proper project scope, defining clear deliverables and mission-oriented outcomes and putting in place a strong governance structure with explicit executive sponsorship. Projects which do not meet these criteria will not be continued."

Management concerns - efficiencies, budgets, contractor oversight - are at the heart of the Office of Management and Budget review of these at-risk projects, but if these IT initiatives cannot be implemented, then another type of risk could surface: that of our physical and virtual security.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.