Cyber threats are increasing — by 650 percent in the last five years — but agencies are still plagued by cyber vulnerabilities, the Government Accountability Office concluded in a recent report.
The problem is not for lack of cyber laws, said Patricia Titus,Vice President of CISO at Unisys, in an interview with In Depth with Francis Rose. Titus was the first Chief Information Security Officer at the Transportation Security Administration, and she worked in IT at the State and Defense departments.
Congress passed the Federal Information Security Management Act (FISMA) ten years ago. Senators have also introduced the Cybersecurity and Internet Freedom Act of 2011 to modernize FISMA. And just last week, the White House set new cybersecurity safeguards, such as creating an information-sharing committee and appointing a senior official at each agency to oversee classified information.
Additional guidelines might help strengthen agencies’ cyber weaknesses, but it could also “just add another layer of complexity,” Titus said. She said the problem is agencies need to implement those laws and that is where the real “breakdown” in cybersecurity comes.
Agencies like GAO allow for some oversight. But more oversight than that is unlikely to come in this budget environment, she said.
Titus said she agreed with the GAO report recommendation for private-public partnerships. What agencies need now is a “clearinghouse” or “honest broker” where companies can report cyber breaches.
Currently, “we don’t seem to have a good way of getting information shared back and forth between the private sector and the public sector that allows the private sector some protection,” she said.
This story is part of Federal News Radio’s daily Cybersecurity Update. For more cybersecurity news, click here.