WASHINGTON – Global reports about cyber security threats to America's infrastructure are accurate and the number, types and sophistication of the attacks are predicted to increase, the House Subcommittee on Government Management, Organization and Procurement was told today by the head of cyber security for EDS, an HP company.
Samuel Chun, director of EDS' U.S. Public Sector cyber security practice, testified that to combat those threats, Congress and the executive branch should revise the Federal Information Security Management Act of 2002 (FISMA).
“While the positive contributions of FISMA are apparent, there is a general consensus that FISMA does, in fact, need reform,” Chun told the subcommittee.
Chun said complying with current federal reporting requirements has become burdensome with “too much emphasis on the generation of paper reports.”
In addition, Chun said the grading of some agencies has become misleading.
“Some of the most well-defended agencies consistently receive poor report cards,” Chun said, adding that a single grade assigned to a large agency only generalizes the agency's security picture and may not provide proper warning of vulnerabilities.
The EDS expert said that while the National Institute of Standards and Technology (NIST) has now established many of the standards for government and industry, the standards may need updating much more quickly.
“It is unlikely that these standards will keep pace with the rapidly emerging threats,” Chun told the subcommittee.
“Our vision for information security for our customers is simple,” Chun said. “Security should be so tightly integrated from the core that agencies have the confidence to be agile at the edge. To put it simply, security should be an embedded part of operations that permeates across the enterprise.”
Chun called for a number of steps to upgrade the nation's infrastructure, including:
- Consolidation and standardization of infrastructure;
- Consistent application of information security strategies across the federal government; and
- Enhanced training, vetting and certification of security practitioners on industry best practices.
EDS is one of the world's largest providers of technology services and solutions to federal, state and local governments, and manages some of the largest and most complex systems and networks in the world, including the Navy Marine Corps Intranet (NMCI), the largest purpose-built network in the world.
About EDS
EDS, an HP company, is a leading global technology services provider, delivering business solutions to its clients. EDS founded the information technology outsourcing industry nearly 50 years ago. Today, EDS delivers a broad portfolio of information technology, applications and business process outsourcing services to clients in the manufacturing, financial services, healthcare, communications, energy, transportation, and consumer and retail industries, and to governments around the world.
About HP
HP, the world’s largest technology company, simplifies the technology experience for consumers and businesses with a portfolio that spans printing, personal computing, software, services and IT infrastructure. More information about HP (NYSE: HPQ) is available at http://www.hp.com/.
Note: HP news releases are archived on this Web site for historical purposes. Information in the stories is accurate at the time of release. However, service offerings and availability, relationships, and other specified information may change over time. Information as stated in the release may or may not be in effect after the 11 Jun 2009 on the release. For assistance, contact us.