Multi-State Information Sharing and Analysis Center's new cybersecurity operation center near Albany, N.Y., should help state and local governments more effectively identify, prevent and mitigate cyber incidents, MS-ISAC founder Will Pelgrin says.
Senators and representative have returned to the Capitol, yet no one predicts that lawmakers will enact significant cybersecurity legislation during the lame-duck session before the 111th Congress fades into history in a few weeks.
"The first question they are going to ask the external provider is: 'What kind of procedures will you follow for physically securing the servers, for assuring the authenticity of the log-in, for security of the data during transit to and from your site?'" IBM's Dave McQueeney says.
"We need to embrace change effectively because it's coming and we need to look at those opportunities that we have in these transformational states and embrace change in a positive manner," Nevada CISO Christopher Ipsen says.
IRS Commissioner Douglas Shulman responds that the IRS has reduced material weaknesses in its security controls over the past year, with the agency taking additional steps to reduce risk further in the coming year.
If lawmakers seek a vote on a cybersecurity bill, the partisan bickering on other issues shouldn't prove to be a roadblock. "Sometimes what you're looking for are legislative victories when can't get the big things," former Rep. Tom Davis says.
Federal regulators have published a final rule carrying out the Genetic Information Nondiscrimination Act, which prohibits the use of genetic information to make decisions about health insurance and employment.
Nevada CISO Chris Ipsen says state governments must become more creative in how they provide IT security, by partnering with local and county governments, communicating more effectively their needs and leveraging best of breed solutions regardless from where they come.
The evolution of IT security requires human ingenuity. Machines are fast but dumb, yet using human brainpower can help reject quickly harmful traffic aimed to damage critical IT systems, says Phyllis Schneck, McAfee CTO/public sector.
"The effort with which an organization can recognize, analyze and respond to an incident will limit the damage and lower the cost of recovery," says Don Weber, former incident response professional at IBM.