Government

TSA CISO: Government faces ‘diametrically opposed’ pressures on cyber

Officials with responsibility for cybersecurity at government agencies feel they are being pulled in opposite directions by competing priorities.

By Shaun Waterman

February 8, 2017

Officials with responsibility for cybersecurity at government agencies are being pulled in opposite directions by competing priorities, a senior Transportation Security Administration official said Wednesday.

“There’s two diametrically opposed opposed ideas every day when I go to work,” Paul Morris, the agency’s chief information security officer, said at the Verizon Future of Government Summit produced by FedScoop.

“One is: We’re going agile, we’re using DevOps … we’ve gotta go faster and we need to deliver more,” he said. Government agencies have traditionally struggled to keep up with the speed of technology in the private sector and some have seen the answer in DevOps — the trendy management philosophy which merges IT development and IT operations — and agile program implementation.

“At the same time,” continued Morris, “every other week, we get some kind of declaration from either the White House, OMB or DHS saying ‘There’s more compliance [requirements], I want you to be more worried about security, I want you to clamp down on more and more data.'”

“Those two things don’t work well together,” he told a breakout session on mobile and mobile security for government, adding, “It’s a challenge and there’s very little policy support.”

He described the challenge of mobility: “If we start to put sensitive data out there [on mobile devices], even on a government-furnished phone, how do you protect it? … As we move to push out new [mobile] applications … how can we keep up with the compliance requirements?”

He said a particular concern was the visibility of sensitive data on mobile devices. “Can the [Security Operations Center] see it?”

“I need more than just [Mobile Device Management, or] MDM [software],” Morris said, “I need to be certain that I am who I am before I can access the phone.”

But at the same time, he said, the agency was keen to harness the productivity gains that could come from implementing mobile technology.

“I want more people to have data where they need it, out on the floor, not having to go to a computer in a back room,” he said.

TSA CISO: Government faces ‘diametrically opposed’ pressures on cyber

More Like This

House passes bill to limit personal data purchases by law enforcement, intelligence agencies

With a mysterious surveillance target identified, calls for Congress to change course

CISA needs better workforce planning to handle operational technology risks, GAO says

Top Stories

Mandiant: Notorious Russian hacking unit linked to breach of Texas water facility

‘Large volume’ of data stolen from UN agency after ransomware attack

More Scoops

Feds to hackers in Vegas: Help us, you’re our only hope

Software bills of material face long road to adoption

Insiders worry CISA is too distracted from critical cyber mission

Biden’s cyber strategy expected to boost federal role in protecting critical systems from hackers

State to gain more ability to monitor DOD cyber ops under White House agreement

Debate erupts at news the White House may scale back DOD cyber-ops authorities

The long, bumpy road to cyber incident reporting legislation — and the one still ahead

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics