Government IT Leaders Wrestle With Security Risks
Federal officials say that their cybersecurity operations won't be disrupted by a shutdown if Congress can't reach a budget deal. However, persistent threats associated with big data, open data initiatives remain.
Thu, September 26, 2013
CIO — WASHINGTON -- Should a fractious Congress fail to reach an agreement to keep the government funded and avert a shutdown, departments' and agencies' cybersecurity operations should continue to operate without disruption, federal technology leaders said today.
Charles McClam, deputy CIO at the Department of Agriculture, said that mission-critical applications in his organization are housed in data centers around the country, and the employees responsible for keeping them secure are considered exempted personnel, meaning that they would continue to work even in the event of a government shutdown.
"At this juncture I don't see anything that's going to be problematic [with] enterprise security," McClam said here at a government IT conference.
Naeem Musa, CISO at the Federal Energy Regulatory Commission, said that his agency contracts much of its security and monitoring activities out to vendors in the private sector, which would be unaffected by a shutdown.
Congress has until the end of the month to approve legislation to keep the government running, though its ability to do so in that time frame is in serious doubt. As of this afternoon, the Senate appeared poised to pass a temporary spending bill, stripping out language to defund President Obama's health care reform bill that had been included in a measure passed by the House. But Republican leaders have signaled that they are unlikely to accept any bill the Senate passes without making their own changes, which could run out the clock on the month-end deadline, the Washington Post reported.
Federal Big Data Initiatives Bring Big Security Challenges
But even if federal IT managers don't see a great threat to their systems' security from a potential government shutdown, they still have plenty to keep them up at night. At Thursday's conference, officials described the security challenges that accompany big data initiatives, even as the government is trying to make more of its data sets publicly available rather than keeping them locked inside the federal firewall.
"Securing the data, even if it's public, it's open, you still have to protect the integrity of that data, make sure the data has not been changed and whatever you serve out there is accurate to the public," Musa said.
If anything, the drive toward open data might create additional security challenges as agencies understand that they can no longer simply apply a one-size-fits-all policy that sets closed as the default setting for their data assets. That means that they must adopt more nuanced security policies tailored to the nature of each data set, and yet still have some overarching protections as those assets become linked.