Directions: "Securing Cyberspace for the 44th Presidency" shows the way forward.
"Securing Cyberspace for the 44th Presidency", a report from the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity (http://www.csis.org), offers insights and policy recommendations to decision makers based on research and the opinions of industry experts.
As well as appealing to the incoming administration to prioritize cybersecurity as a vital national asset, the report recommends forming new agencies and organizational bodies with responsibility for cybersecurity. It also suggests re-enforcing the federal partnership with the private sector; increasing regulations; securing control systems using acquisitions rules to improve security; strengthening identity management; modernizing authorities; revising the Federal Information Security Management Act (FISMA); and building for the future by investing in training and in research and development.
What effect would a renewed federal priority on cybersecurity have on atsec's customers, who are in general international private sector IT companies?
If the recommendations of the report are adopted, then we might expect to see changes in the U.S. federal market such as:
1. An emphasis on standardization.
2. Strengthening of security in four sectors: finance, energy, ICT and government services.
3. Strengthening of implementation of the Common Criteria in the U.S. Re-funding and re-organizing the U.S. Common Criteria scheme operated by NIAP, with an interest in international cooperation and leadership.
4. Growth in the NIST programs, especially in personal identity (currently NPIVP and the GSA programs for FIPS 201 evaluation).
5. Development and implementation of guidelines for the procurement of IT products (with software as the first priority).
6. Instantiation of NIST standards and programs for regulating industrial controls.
7. Increased use of secure Internet protocols; co-operation with other countries and the ITU to develop the adoption of the protocols on a wider international basis.
8. Requirements for the provision of securely-configured products through the acquisition process.
9. Increase in risk management-based mechanisms for information security, rather than checklist-based approaches.
10. Legislative initiaitves to give law enforcement more "teeth" to make IT security happen.
atsec welcomes a renewed emphasis on cybersecurity in the U.S., and will continue investing to meet the needs of our customers as the landscape changes. Our ability to help customers satisfy complex regulatory requirements in a variety of geo-markets is already well-known. We will continue to invest to ensure that we can offer timely solutions to our customers, providing efficient solutions to laboratory and certification requirements by providing a "one-stop shop", enabling re-use of analysis resources wherever possible.
About atsec information security
atsec information security is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden and China.
atsec offers evaluation and testing services leading to formal certification for IT security including evaluation under Common Criteria schemes in the U.S., Germany, and Sweden; cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada; and compliance validation to the Payment Card Industry (PCI) Data Security Standard.
atsec also offers secure code review, ISO/IEC 27001 ISMS consulting, and penetration testing and scanning services.
atsec works with leading global companies such as IBM, Apple, Microsoft, Hewlett-Packard, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf.