But it will take time to achieve these benefits from continuous monitoring, says Carey, the DoD deputy chief information officer who chairs the Federal CIO Council's information security and identity management committee.
The Department of Homeland Security has announced an initiative in which the federal government will allot up to $6 billion over the next five years to fund continuous monitoring initiatives in government agencies and state and local governments [see $6 Billion DHS IT Security Plan Advances and Continuous Monitoring as a Cost Saver].
Chief information security officers have for years implemented security controls developed by the National Institute of Standards and Technology, but on a manual basis. Automating continuous monitoring should bring efficiencies to implementing security controls.
"As we build the tools that automate those controls ... we should see the process and the amount of resources it takes a CISO to accredit a system to go down dramatically, which enables him to reinvest, maybe in manpower or in other aspects of his operation," Carey says in an interview with Information Security Media Group. "Then, as we get smarter at this, I think we're going to see just better information security across the board because we'll be able to put in tools that are managing anomalous behavior."
In the interview, Carey discusses the
- Implementation of Homeland Security Presidential Directive-12, which calls for a required, governmentwide standard for secure and reliable forms of identification for federal employees and contractors;
- Goals of the CIO Council's information security and identity management committee he co-chairs with Justice Department CIO Luke McCormick;
- Growing importance of information security and identity management to federal information security.
Carey is deputy assistant secretary of defense for information management, integration and technology. Previously, he served as director of strategy and policy for the Navy's 10th Fleet/Fleet Cyber Command and CIO for the Department of the Navy, where he championed information security and the use of the Internet.