April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Federal | Agencies | Legislative
CLEARWATER, FL May 2, 2017 (ISC)²® ("ISC-squared") today announced former assistant secretary for intergovernmental affairs for the Department of Homeland Security, published author, Harvard lecturer and CNN analyst Juliette Kayyem as one of the keynote speakers for its seventh annual Security Congress, taking place September 25-27 at the JW Marriott in Austin, TX.
"From advising former President Obama on any number of critical cyber issues to being an expert security analyst for CNN, Juliette is keenly aware of national security challenges and associated policy considerations," says (ISC)² CEO David Shearer. "Her impressive resume also includes being the recipient of the Distinguished Public Service Award, the Coast Guard's highest civilian honor. We look forward to having her as one of our distinguished keynote speakers at our first standalone event."
Juliette Kayyem has spent over 15 years managing complex policy initiatives and organizing government responses to major crises in both state and federal government. She is the founder of Kayyem Solutions, LLC, providing strategic advice in technology, risk management, mega-event planning and more. Currently, Kayyem serves as the Belfer Lecturer in International Security at Harvard's Kennedy School of Government and is Faculty Director of the Homeland Security Project. She is an on-air security analyst for CNN and hosts a regular podcast entitled "The SCIF" for WGBH, Boston's local NPR station. Previously, Kayyem was President Obama's Assistant Secretary for Intergovernmental Affairs at the Department of Homeland Security. Her book, "Security Mom: An Unclassified Guide to Protecting Our Homeland and Your Home," was published by Simon & Schuster in 2016.
About (ISC)2 Security Congress
(ISC)² Security Congress will bring together over 1,500 professionals from around the world for four days of education and networking. (ISC)² members are eligible for special discounted pricing. Early registration rates are available until July 31. More details are available at congress.isc2.org.
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 120,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and EducationTM. For more information on (ISC)², visit www.isc2.org, follow us on Twitter or connect with us on Facebook.
BRIGHTON, MI May 1, 2017 The Interstate Traveler Company set a cornerstone for the future green economy in 2002 when they published their plans for an elevated magnetic levitation rail system that runs on solar and hydrogen power. The Hydrogen Super Highway (HSH) a first of its kind maglev rail system that is self-sustaining using solar powered hydrogen electrolysis, designed for automated mass production with a unique 3D suspension system that supports vehicles for public transit, for individual automobiles and standard ISO freight containers with an embedded hydrogen distribution pipeline system. The transports can be private, public and commercial transports such as medical triage units responding to emergencies, restaurants, plush lounges and starlight cruisers for cross country tours. The HSH will be installed by rail mounted cranes using large round steel stanchion tubes drilled into the ground as a foundation so it can be built just about anywhere without having to tear up the ground for an access road. The company states that this method will insure the HSH will have a near zero impact on the environment.
Designed originally as an upgrade to the U.S. Interstate Highway System increasing the capacity and safety of the highway tenfold while providing the hydrogen infrastructure required for the growing energy economy. The system is designed to provide direct pipeline access to hydrogen and other fuels to all the existing fueling stations along the highway. The HSH may completely avoid costly delays and challenges of eminent domain for new rights of way. Company officials also state that the HSH system can be built without any disruption to local businesses and because it is elevated it will be the safest and most versatile form of high speed transportation yet.
By 2004 the company received wide ranging support and international acknowledgement. While working to bring the HSH proposal to decision makers the ‘Interstate Traveler Project’ was honored with Unanimous Resolutions from the House and Senate of the State of Michigan in 2003, several forward looking Skilled Trade Unions proffered letters of support and sponsored radio interviews on WJR AM 760 News Talk Radio in Detroit. The HSH technology has also been recognized by a number of national and international journals and associations, highlighted by Discovery Channel in 2007 and the Founder of the company was the keynote speaker at the 2010 National Engineers Week at Western Michigan University. Company officials also showed us records of a large number of US DOD related energy conferences where they have hosted exhibits and provided panelists and speakers on the issues of bulk hydrogen infrastructure and energy security. The company is a registered federal contractor.
“We found out early that this would be a long process to get up and running” said Justin Sutton, the founder of the company, “but we made the commitment to put in the time to quietly build our global network, to see this through, and now we have a huge network and dozens of proposals for projects all over the world, large and small.” According to Sutton, the company has reached out to decision makers around the world in government, banking, NGOs, international trade missions and conferences to host diplomats, trade association leaders and private businesses without ceasing since 2002. He went on to explain that the company has a large number of partners and many are actively engaged in teams working on projects around the world getting ready to handle growth after the first system is built.
Jim M. Jung of Lawrenceburg, Indiana is the Volunteer CEO of the company for several years and started with the company about ten years ago as the Director of Marketing, “We have an amazing team of people from all walks of life and from all over the world.” Jung continued that the company’s international board of directors, which is published on the company website, collectively manages dozens of proposals. “Yes, we have some investors, but our entire management team is an all-volunteer organization.” Jung continued to explain that the company has an available franchise model that provides the rights to build, own and operate installations of the HSH in foreign countries, as well as provide a means to independently fund and manage construction of the HSH rail on existing railroad rights of way to accommodate the handling of shipping containers. “Port Authorities are a big deal for us and we can help,” Jung said. “We realize the growth problems many ports face and the need to establish new large logistics centers where Ports can securely and quickly transport containers with digital ‘just in time’ and location accuracy.” Referencing case studies Jung pointed out that large new logistics hubs are being built and many of the largest ports are landlocked and are exploring new ways to expand. “The problem is that existing roads in the area are often substandard and are quickly ruined by the increased truck traffic. By putting containers on the HSH rail system they are secure from potential at-grade collisions, defacement or getting broken into. Also our system is railbound so it cannot be derailed by accident or even by most earthquakes and our system is safe and secure from floods that would leave roads and traditional rail unpassable.” Jung continued to explain how most vital 'Sea' Ports are at or near sea level or are on rivers that are prone to floods. “We think investment in an elevated system is the best method going forward.” Jung concluded by saying “We now have key government and community leaders in Dearborn County Indiana in full support of our proposal and we have identified the location of our first quarter mile test system. We are excited to finally have a place to build and we will release more information on that soon, but I can say that we have engaged the support of America’s most respected Hydrogen scientist, retired NASA Hydrogen program director Dr. Addison Bain. We are honored to have his full support.”
During the interview with the Founder and the CEO we learned about several international trade missions and one Partner who is currently working for the company in Vietnam: US Army Col (Ret.) Andre Sauvageot. Sauvageot is the company Director for Vietnam, South East Asia and the District of Columbia and he joined the company in 2009 during the early negotiations to build the H2RSH system in Indonesia and proceeded to establish connections for the company with the government of Vietnam and other member States of the Association of South East Asian Nations (ASEAN) He also maintains active company engagement with the American Chamber of Commerce in Hanoi and the Vietnam Clean Energy Association.
Company officials declined any further details on their work overseas, yet they did state their current interest in joining the World Expo in Kazakhstan which is happening this summer. They talked about producing Hydrogen for the famous Baikonur Cosmodrome that provides active support for the International Space Station with plans for expanding commercial space development.
For the Interstate Traveler Company, the future of railbound transportation must be safe, secure and sustainable. The HSH is designed with a unique magnetic levitation suspension system that enables 3D position control at any speed with near zero vibration. They claim that their 3D position control system provides lateral g-force reduction technology by enabling the transport to shift its orientation in real-time and in 3D just enough so that the transports will experience almost zero shaking or shifting, suggesting that a person riding it will feel more safe and comfortable than travel by any other rail system.
As a public transportation system, the company says the HSH will enable vehicles of nearly any size, shape and purpose and will enable public, private and commercial ownership, effectively creating new lanes of commerce on the existing public access interstate highway systems, and on other applicable right of ways, that are faster, safer and much better for the environment.
Company officials also stated that with the recent growing interest in Hydrogen Infrastructure, the founder has created a profile on a leading crowd funding website and is exploring the potential of opening the door to a larger group of participants.
For more information, please contact: [email protected]
U.S. Customs and Border Protection (CBP) recently announced four new proposals from the Anzalduas Bridge Board; Cameron County, Texas; the City of Donna, Texas; and the City of Laredo, Texas have been selected to engage in further planning and development activities as part of the Donations Acceptance Program. The Donations Acceptance Program enables CBP and the U.S. General Services Administration (GSA) to explore, foster, and facilitate partnerships for port of entry infrastructure and technology improvements.
The Anzalduas Bridge Board seeks to construct and donate northbound empty commercial inspection facilities and related infrastructure and technologies at the McAllen Anzalduas Land Port of Entry. Cameron County, Texas seeks to construct and donate two to four northbound non-commercial inspection lanes and related infrastructure and technologies at the Veterans International Bridge Land Port of Entry. The City of Donna, Texas seeks to construct and donate northbound commercial inspection facilities and related infrastructure and technologies at the Donna Rio-Bravo Land Port of Entry. The City of Laredo, Texas seeks to construct and donate FAST lane relocation improvements at the World Trade Bridge Land Port of Entry.
CBP also announced that it will now accept and evaluate Donations Acceptance Program proposals, regardless of dollar value, on a year-round basis. Proposals may be submitted via email to [email protected] By expanding its proposal submission window, the Donations Acceptance Program aims to better accommodate and expedite viable proposals that previously could only be submitted once a year. Prospective partners and interested parties may submit questions regarding the Donations Acceptance Program via email at [email protected]
Pursuant to Section 482 of the Homeland Security Act of 2002, as amended by Section 2 of the Cross-Border Trade Enhancement Act of 2016 (Section 482), CBP and GSA may accept donations of real property, personal property, money, and non-personal services from public and private sector entities. Accepted donations may be used for port of entry construction, alterations, operations, and maintenance activities.
PRINCETON JUNCTION, NJ April 26, 2017 The Securing Federal Identity 2017 event, organized by the Secure Technology Alliance (formerly the Smart Card Alliance), will return to Washington, D.C. for its 15th year this June to bring together government and security executives and industry leaders on the most important developments and innovations in federal identity credentialing and access security.
Securing Federal Identity 2017 will take place on June 6, 2017 at the Hamilton Crowne Plaza Hotel in Washington, D.C. To register and get more details, visit www.securingfederalid.com.
“For the last 15 years, this government-focused event has brought together thought leaders and executives across security, government and technology backgrounds, providing a unique opportunity for cross-industry discussion of the most important topics impacting government identity and authentication,” said Randy Vanderhoof, executive director of the Secure Technology Alliance. “This year, the agenda focuses on emerging mobile identity and authentication technology and evolving NIST1 standards and future efforts to manage identities and control access to protect sensitive information on online government networks across all federal agencies.”
Attendees will get the most up-to-date-information on all of the most important topics impacting government identity in a single day event. Keynotes, roundtables and panels will cover:
- Federal secure identity policy and technology guideline updates from OMB2, GSA3, and NIST including the implementation of SP-800-63-3
- Federal identity programs and standards, including discussions on the future of FICAM4, PIV5, PIV-I6 and the Common Access Card (CAC) and the further use of two-factor authentication in federal agencies
- Mobile identity and authentication approaches to achieve strong authentication of derived credentials and other approaches including using FIDO Alliance mobile device protocols
- The federal deployment of PIV and PIV-I credentials for access security using cloud-based solutions and Opacity for rapid authentication
- A call-to-action discussion with federal government leaders on what industry can do to further accelerate the adoption of interoperable solutions for federal identity management and access security
In addition to the informative conference sessions, an identity management and access control vendor showcase will be held to allow government attendees to visit and learn more about innovative security products and services enabling secure federal identities today and in the future.
The conference is open to all individuals and organizations who wish to learn about the role of secure identity and authentication in government programs. Secure Technology Alliance member organizations and government employees receive complimentary or discounted registration pricing. For sponsorship and exhibition information, visit www.securingfederalid.com or contact Bryan Ichikawa at [email protected]
For continuing updates on Securing Federal Identity 2017, visit www.securingfederalid.com, follow @SecureTechOrg on Twitter and use #FedID2017 to participate in the conversation.
SAN JOSE April 27, 2017 Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its 2017 Thales Data Threat Report, Federal Edition, issued in conjunction with analyst firm 451 Research. When it comes to data breaches, 34 percent of federal respondents experienced a data breach in the last year and 65 percent experienced a data breach in the past. Almost all (96 percent) consider themselves "vulnerable," with half (48 percent) stating they are "very" or "extremely" vulnerable. This number is higher than any other U.S. vertical polled for the 2017 report.
IT security staffing and spending playing a role
Sixty-one percent of U.S. federal respondents are increasing security spending this year – up from last year's 58 percent figure. But when compared to other industries this number is markedly lower (81 percent of healthcare respondents, 77 percent of retail respondents and 78 percent of financial services respondents claim to have increased spending). The federal spending figure may explain why 53 percent of federal respondents cite lack of budget and lack of staff (also 53 percent) as the top reasons for data insecurity.
Garrett Bekker, principal analyst for Information Security at 451 Research says:
"The U.S. federal government is racing to boost data security against odds not generally faced in the private sector today. A major challenge in securing the far-flung systems in the U.S. federal government is the plethora of aging legacy systems still in place, with one example being a 53 year-old Strategic Automated Command and Control System at the Department of Defense that coordinates U.S. nuclear forces and uses 8-inch floppy disks. In short, this 'perfect storm' of very old systems, tight budgets and being a prime cyber-crime target has created a stressful environment."
Advanced technologies – and the role of encryption in protecting them
Pressures to use advanced technologies (cloud, Big Data, IoT, and containers) are only making the problem worse. While 92 percent of federal respondents will use sensitive data in an advanced technology environment this year, 71 percent of federal respondents believe this will occur without proper security in place.
On a positive note, encryption is cited as the top data security control (60 percent) for ensuring data privacy and enabling digital transformation through the use of advanced technologies. Additionally, 73 percent of respondents would increase their cloud-service deployments if offered data encryption in the cloud (with federal agencies maintaining control of the keys). Sixty-three percent of respondents also list data encryption as the first choice for enabling further IoT deployments, and 55 percent cite encryption as the top security control for increasing container adoption.
Peter Galvin, VP of strategy, Thales e-Security says:
"U.S. federal agencies are fighting an uphill data-security battle. In addition to the issues cited, the federal sector has one of the most hopeful views of compliance, with 64 percent of respondents viewing it as 'very' or 'extremely' effective in preventing data breaches. As the breach count rises, it's fair to question whether meeting compliance mandates are enough. There is encouraging news, however. Like their private sector peers, public sector IT employees are clearly interested in digital transformation through the use of new technologies. This innovation is admirable, but it must be paired with increased data security."
Federal government agencies looking to existing legacy data sources while also taking advantage of advanced technologies should strongly consider:
deploying security tool sets that offer services-based deployments, platforms and automation;
discovering and classifying the location of sensitive data within cloud, SaaS, big data, IoT and container environments; and
leveraging encryption and Bring Your Own Key (BYOK) technologies for all advanced technologies.
Please download a copy of the new 2017 Thales Federal Report for more detailed security best practices.
Industry insight and views on the latest key-management trends can be found on the Thales e-Security blog at blog.thalesesecurity.com.
About Thales e-Security
Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn't just reduce risk, it's an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and, with the internet of things (IoT), even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property, and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged-user control and high-assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization's digital transformation. Thales e-Security is part of Thales Group.
Thales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 64,000 employees in 56 countries, Thales reported sales of €14.9 billion in 2016. With over 25,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements. Its exceptional international footprint allows it to work closely with its customers all over the world.
Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe's leading players in the security market. The Group's security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.
Thales offers world-class cryptographic capabilities and is a global leader in cybersecurity solutions for defence, government, critical infrastructure providers, telecom companies, industry and the financial services sector. With a value proposition addressing the entire data security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, data protection, digital trust management and design, development, integration, certification and security maintenance of cybersecured systems, to cyberthreat management, intrusion detection and security supervision through cybersecurity Operation Centres in France, the United Kingdom, The Netherlands and Hong Kong.
By Steve Bittenbender
Editor, Government Security News
On the same day a federal judge in California put a temporary halt on President Trump’s plan to withhold federal funds from sanctuary cities, a panel of immigration experts took aim at another aspect of Trump’s immigration and border control plan.
The American Immigration Council held a teleconference Tuesday afternoon to discuss the Trump Administration’s plans to bolster the ranks of both Immigrations and Customs Enforcement and Border Patrol. The call came on the heels of a paper released by the Council from a University of Texas-El Paso professor who questioned the need for those additional agents.
The most noted aspects of Trump’s immigration plan have been the proposed border wall between the United States and Mexico, the focus on limiting immigration from predominately Muslim nations and the emphasis on deporting undocumented aliens. However, the panel said Trump’s plan for more agents deserves greater scrutiny, especially since the number of undocumented aliens have dropped.
A Pew Research Center report – also released on Tuesday – indicated there were about 11.3 million such individuals living in the United States last year. That’s nearly a million fewer than were here 10 years ago.
In his paper and in the teleconference, Josiah McC. Heyman also expressed concerns about the risk of corruption within CBP and ICE as it expands its ranks. According to a New York Times report, CBP officers and Customs agents have taken more than $11 million in bribes from drug cartels and other criminals.
“These two branches of the Department of Homeland Security (DHS) are poorly prepared to recruit, train, and supervise new personnel,” said Heyman, a professor of anthropology at UTEP and the director of the Center for Interamerican and Border Studies. “While the Border Patrol experienced some improvements in the aftermath of its last expansion, most recommendations for reform remain unimplemented.”
In a memo to DHS officials two months ago, Homeland Security Secretary John Kelly said CBP did not have enough officers “to effectively detect, track, and apprehend all aliens illegally entering the United States.” While he called for the hiring to begin immediately, Kelly called on CBP to maintain consistency in training and standards when bringing the new agents on board.
In fiscal year 2016, CBP had 19,828 agents and ICE had more than 20,000 employees. Trump’s order calls for an additional 5,000 CBP agents and 10,000 more ICE staffers.
Joshua Breisblatt, an analyst for the AIC, noted CBP, before Trump’s order, already authorized to have more than 21,300 agents on staff. He added that Congress is currently considering Trump’s request for $300 million in funding to hire CBP and ICE agents this fiscal year, with more money requested for 2018.
“These requests have come despite lower apprehension numbers at the border over the past few months,” Breisblatt said.
Heyman said the additional staffing would increase the DHS budget by more than $3.14 billion the administration gets its 15,000 new agents. In his report, he believes that money could be better spent elsewhere within DHS.
For example, he noted that U.S. immigration courts are currently understaffed. There are 300 judges now, about 75 short of what’s currently budgeted. These judges oversee more than a half-million cases and the average time for a case to be resolved is more than 670 days. In order to alleviate the backlog within six years, Heyman said the government would need more than 500 judges.
Heyman also noted that CBP’s Office of Field Operations is not slated to receive any additional agents, even though the office is responsible for inspecting trade and travel at ports of entry. He noted an internal DHS study showing that one additional OFO agent would boost by the national economy by millions because the agent would help reduce the amount of time needed to inspect cargo containers.
While additional OFO agents also run the same risk of corruption as their colleagues along the border, “attention to ports of entry represents an important policy alternative to repeating the misplaced pattern of Border Patrol and border wall expansion,” Heyman said.
WASHINGTON April 24, 2017 Janice Kephart, former 9/11 Commission border counsel and partner with Identity Strategy Partners, LLP (IdSP), today issues the following statement:
"With or without President Trump's March 6, 2017 Executive Order: Protecting the Nation from Foreign Terrorist Entry, refugee vetting can be instilled with greater confidence, enabling the reactivation of legitimate refugee resettlement. (Right now, all refugee applications are suspended by until at least July 2017). Improvements in current refugee vetting will require a language change to current law, identity enrollment taking place earlier in the process, and the implementation of a long-ignored 9/11 Commission recommendation. But improvement is doable, and now.
So why does the refugee population present a threat to national security? The reason is twofold: (1) intelligence for years has revealed a terrorist travel tactic of infiltrating refugee populations for eventual resettlement into Europe or the United States, and (2) by legal definition refugees are displaced persons with unknown identity. Even for those with an ID, establishing its authenticity or trusting its origin is difficult since by policy, no information is shared with the home country, so there is no country of origin against which to run checks as in a regular visa referral. Since the refugee demographic tends to be anonymous, it is more difficult to ensure a person is who they say they are, and then affiliate that identity with intelligence and other potentially significant financial or other data. In short, limited identity and intelligence information diminish confidence in recommendations about which refugees to accept for U.S. resettlement.
The program responsible for vetting refugees seeking U.S. resettlement is the United States Refugee Admissions Program (USRAP). It is run jointly by the State Department, who receives referrals from the United Nations and conducts initial processing including a biographic name check, and the U.S. Citizenship and Immigration Service (USCIS), who conducts more in-depth interviews and collects biometrics from applicants. The program has been fine-tuned over many years. Yet the program requires vital improvements, and the recommendations below should be considered minimum baseline requirements.
Congress must change law to enable U.S. access to refugee biometric data collected by the United Nations. Since 2013, the United Nations has a sophisticated biometric identity management system that collects 10 fingerprints, two irises, and face of every refugee, sometimes two to four years before a U.S. referral for initial biographic screening. Right now, due to an archaic law that prevents sharing of biometric information collected by a non-U.S. citizen, the U.S. has no access to this key identity information. The law needs to change to permit that biometric data be available for vetting against federal databases from designated international partners such as the United Nations.
Refugees must be biometrically enrolled the first time they enter the U.S. system. State does not collect any biometrics from refugees, and thus only has the word of the refugee as to who they are, making the required biographic checks a potential goose chase. While USCIS does collect rolled prints and a face photo at the time of the interview, current vetting against some U.S. biometric holdings do not return results for up to 24 hours, after the interview is already over. If State collected the biometrics as part of their pre-screening interviews conducted by their Resettlement Service staff, USCIS interviews would be better informed, and so would the final assessment.
Implement the 9/11 Commission recommendation for a person-centric immigration system. State and USCIS use different case filing assignments for refugees. Policy does not require that State initiate a file number that USCIS recognizes or uses in the processing of the ultimate immigration benefit the refugee seeks. Thus, each applicant has two different file numbers, creating disconnect and potential for confusion and duplication. Yet the problem could be eliminated entirely if case numbers were eradicated and the 9/11 Commission recommendation for a biometric-based identity number for the entire immigration system were put in its place. When biometrics become the baseline for any immigration encounter, identity is protected and the automatic creation of a timeline of immigration encounters reduces fraud and increases efficiencies for legal immigration. Implementation of this long ignored 9/11 Commission recommendation could drastically improve the U.S. immigration system, and with it, refugee vetting as it stands today."
ARLINGTON, VA April 25, 2017 Accenture Federal Services (AFS) has been awarded a contract by the Transportation Security Administration (TSA) to modernize, enhance and maintain over 70 TSA enterprise applications using Agile and DevOps software development practices.
The contract, which has a one-year base and three one-year options, is worth a total of $64 million. It calls for AFS to provide a range of IT services led by Agile development teams in the TSA’s existing technology environment while supporting the transformation of its core IT applications. AFS is a pioneer in applying Agile methodology and tools to enterprise programs to help federal clients modernize and transform their technology.
“This contract demonstrates the strong partnership between AFS and the TSA,” said Kate Abrey, who leads AFS’ work with the TSA. “We provide Agile support services across the U.S. government for numerous other agencies with wide-ranging missions. We’re pleased to be able to use this approach to help the TSA modernize its technology infrastructure, create value faster and respond more readily to change.”
The TSA, a Department of Homeland Security agency, also recently awarded AFS a $290 million, five-year contract to support its Office of Human Capital (OHC) in the hiring and recruiting of 8,000 to 10,000 employees a year. AFS also provides services under the TSA’s Technology Infrastructure Modernization program.
Accenture Federal Services is a wholly owned subsidiary of Accenture LLP, a U.S. company, with offices in Arlington, Va. Accenture’s federal business has served every cabinet-level department and 30 of the largest federal organizations. Accenture Federal Services transforms bold ideas into breakthrough outcomes for clients at defense, intelligence, public safety, civilian and military health organizations.
Accenture (NYSE:ACN) is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions – underpinned by the world’s largest delivery network – Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 401,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
ALEXANDRIA, VA April 19, 2017 (ISC)2® today announced a set of recommendations for the Trump Administration to consider as it approaches its 100th day in office. The recommendations were delivered to White House Chief of Staff and others on President Trump's team in order to urge prioritization of workforce development within the pending cybersecurity executive order and beyond.
During a December 2016 gathering sponsored by the (ISC)2 U.S. Government Advisory Council (USGAC), participants, including former Federal Chief Information Security Officer (CISO) Gregory Touhill and federal agency CISOs and executives, discussed transition planning from the cybersecurity workforce perspective. The following is an abridged list of areas that (ISC)2 has since identified as critical for the new administration to address. An expanded list can be viewed in today's (ISC)2 blog post.
-- Time Is of The Essence. The widespread and damaging effects of cyber threats are revealed on a daily basis. At the same time, the demand for skilled cybersecurity workers is rapidly increasing.
-- Consider the Progress Already Made. Cybersecurity is a bi-partisan issue. Critical work has been done over the last eight years to advance the cybersecurity workforce.
-- Harden the Workforce. Everyone must learn cybersecurity. We have to break the commodity focus of simply buying technology and stopping there, without focusing on training all users.
-- Incentivize Hiring and Retention. In today's world, a sense of mission doesn't always override good pay — incentives work.
-- Prioritize Investment in Acquisition, Legal and Human Resources (HR) Personnel. Acquisition, legal and HR professionals are essential players within the federal cybersecurity ecosystem.
-- Prevent Getting Lost in Translation. The government needs effective communicators who can translate technical risk to business leaders.
-- Civil Service Reform. The civil service system is broken and does not meet the government's needs.
-- Compliance Does Not Equal Security — Embrace Risk Management. In the government's quest for cyber resiliency, a risk management perspective will be essential.
-- A Standard Cyber Workforce Lexicon. Once finalized, the NICE Cybersecurity Workforce Framework should provide an excellent resource for workforce development.
"In a recent congressional hearing, (ISC)2 had the opportunity to present these recommendations in an effort to advocate for our members and the broader cybersecurity profession during the presidential transition and beyond," said Dan Waddell, (ISC)² managing director, North America Region. "Significant progress has been made over the past decade to advance the federal cyber workforce; our recommendations reflect the importance of building future cybersecurity policy — including the pending executive order — on the existing foundation."
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 120,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and EducationTM. For more information on (ISC)², visit www.isc2.org
Formula for data quality
By John DiMaria CSSBB, HISP, MHISP, AMBCI, CERP
Today’s risk landscape
Government security risks can be diverse with the new era of threats, including cybercrime and information security, increasingly posing some of the most significant risks in this new modern reality. However, the more traditional issues of ensuring customer satisfaction and producing quality products and services haven’t gone away. In fact, the more effectively an organization responds to the rising threats of today, the more likely they are to keep stakeholders satisfied by protecting quality services or products as well as a brand’s reputation.
According to the ASQ Global State of Quality 2 Research (www.globalstateofquality.org) study of nearly 1,700 companies in 20 countries, quality process-oriented companies are three times as likely to be identified as successful and half as likely to have customer service/quality disasters.
So it is no surprise then that the world’s most popular quality management standard, ISO 9001, has recently been updated as ISO 9001:2015 and this will be especially beneficial to government entities looking to increase their security.
Today, as management system standards are updated, they are done so against Annex SL, also known as the high level structure, or HLS. This is a framework for a generic management system and the blueprint for all new and revised management system standards going forward. ISO/IEC 27001 was one of the first to lead the way in 2012, and now the world’s most widely adopted standard has followed suit. This is great news for government, particularly on the topic of risk and integration.
Risk-based thinking is a key element brought in by the HLS, so organizations can be better equipped to reduce risk while being well-placed to spot opportunities. This won’t be new to professionals already working with standards such as ISO/IEC 27001 or ISO 22301 however it is quite a shift change for ISO 9001:2015. While the concept of risk has always been implicit, the new standard ensures it is built into the whole management system and more importantly encourages a proactive action that is part of the organization’s strategic planning.
So what is ISO 9001:2015?
ISO 9001 is a global standard that sets out the requirements for a quality management system, or QMS. Certification to new ISO 9001:2015 further helps government organizations to continually monitor and manage quality across their entire organization with this new focus on risk-based thinking.
By adopting ISO 9001:2015 to embed quality management into government, organizations are required to establish a systematic approach to risk, rather than treating it as a single component of a quality management system. The good news is, if you are already working with systems aligned to the HLS you are in a great position to gain efficiencies.
Why? Before HLS, organizations could have multiple, disparate systems in place that involved duplicate time, effort, and resources to continually run these systems. With Annex SL organizations can benefit from aligning separate systems and conduct one business risk assessment that enables concerns on different topics to be managed, or taken advantage of, for maximum business gain.
Not only does the new ISO 9001:2015 help embed risk management into the heart of your organization but the common elements can help you align a QMS with other management systems you have in place. Or even if this is the start, it’s a great best-practice framework to manage your security efforts more effectively and efficiently, and helps you to be best-placed to add in more specific systems in the future.
Adding value with quality management
Data is a critical enterprise asset. By weaving ISO 9001:2015 into your ISO/IEC 27001 system it facilitates enhanced data quality and integrity, which can prove very important in the event you launch, or are a target of, an investigation.
- Accuracy – Valid data are considered accurate: They measure what they are intended to measure
- Reliable – The data are measured and collected consistently; definitions and methodologies are the same over time
- Completeness – Completely inclusive: the Document Management System (DMS) represents the complete data and not a fraction of the information
- Precision – The data have sufficient detail; in this case the “accuracy” of the data refers to the fineness of measurement units
- Timeliness – Data are up-to-date (current), and information is available on time; the DMS produces reports under deadline
- Presentable – The data must be neat and tidy and fit-for-purpose (ready as evidence in court or as record of regulatory compliance)
- Integrity – The data are protected from deliberate bias or manipulation for political or personal reasons
Integrating ISO 9001:2015 with your Information Security Management System ensures you not only receive top management commitment on data integrity and security, but it aligns with the strategic direction of the organization and their overall approach to business risk. This removes a silo mentality, makes it easier to engage stakeholders at all levels of the organization, and allows focus on a common purpose, which can bring only positive results.
Whether or not you’re in a position to integrate multiple systems, HLS provides a great structure to bring different people together and collaborate to strengthen an organization’s resilience and achieve greater results. ISO 9001 hasn’t been adopted by over 1.1 million businesses around the world by accident. It remains the world most popular standard for a reason and the new ISO:9001:2015 update makes it much more attractive to business. So whatever role individuals play, there is potential to embrace this approach to quality management as a core to business improvement. It can only enhance your existing practices and complement your approach to managing cybersecurity and information risks.
Organizations certified with the previous version of ISO 9001 have until September 2018 to transition to the revised ISO 9001:2015 version. For more information on ISO 9001:2015, visit ASQ Quality Management Standards.
About the Author
John DiMaria; CSSBB, HISP, MHISP, AMBCI, CERP is the Global Product Champion for Information Security and Business Continuity for BSI Group. He has 30 years of successful experience in Standards and Management System Development, including Quality Assurance, EMS, Information Systems, ISMS and Business Continuity. John was one of the key innovators of CSA STAR Certification for cloud providers, a contributing author of the American Bar Association’s Cybersecurity Handbook and a working group member and key contributor to the NIST Cybersecurity Framework. More info at www.bsigroup.com