WILLIAMSBURG, Va. — Agencies report on average about 30 incidents a day in which an employee has lost personally identifiable information. And despite a constant barrage of memos from the Office of Management and Budget in the past 15 months detailing steps agencies should take to secure personal information, the number of data breaches will continue to rise, federal and private-sector experts say.
“Cybercrime is big business,” said Greg Garcia, the Homeland Security Department’s assistant secretary for cybersecurity and communications. “Some estimate that it is a $100 billion industry with botnets, phishing scams, adware and spyware attacks.”
Consequently, DHS and OMB are promoting a series of programs to try to close vulnerabilities and minimize the impact of the attacks.
Karen Evans, OMB’s administrator for e-government and information technology, said the government’s move to a standard desktop configuration for Microsoft Windows and the requirement of vendors’ products to run on the baseline without changing it will make a huge difference.
“We will have one standard configuration for the entire government — one means one,” Evans said at the 17th annual Executive Leadership Conference, sponsored by the Industry Advisory Council. “Every agency needs to have a governance process to test and make changes so applications don’t break.”
Evans said vendors must test their software against the virtual standard desktop the National Institute of Standards and Technology is providing.
“Agencies will not buy your products if it changes the standard desktop configuration settings,” Evans said. “We believe this will increase the security posture of agencies and they will not have to redo it for each application.”
The desktop standard also will help agencies move toward situational awareness where they can do real-time discovery and monitoring.
“That is the next area the Security Line of Business will address,” Evans said.
She said agencies have until February 2008 to install the standard desktop configuration. After that, OMB will take statistical samples of agencies to see which met the mandate. Evans also said they will ask agency inspectors general to evaluate agency progress.
“We will work with the [CIO] Council to put mechanisms in place to look at the statistical sample and see where agencies need help,” she said.
Digg
De.licio.us
Slashdot
Technorati
