The cat-and-mouse game of cybersecurity not only continues ceaselessly, it ceaselessly changes. That might mean job security for federal chief information security officers and technology people, but it also means they can never let up. For 2014, the earnest desire of hackers to exfiltrate intellectual property and other data, coupled with the need to protect the burgeoning area of big data present fresh challenges for those concerned with cybersecurity at federal agencies. In this panel discussion looking ahead to 2014, The Air Force CTO, Frank Konieczny, and the Commerce Department CISO, Rod Turk, joined Tibco’s chief technology officer Matt Quinn to discuss strategies to mitigate these constantly morphing threats. Turk said he worries a lot about the increasing sophistication of phishing attacks, and the continuing staff susceptibility to them. And, he said, the amorphous nature of the network perimeter caused by mobility and cloud computing make the standard firewall approach to malware insufficient. For Konieczny, advanced persistent threats post a challenge – malware that’s hard to detect and designed to release its harm at some future date. For both agencies, a thorough strategy includes training of users, using tools to discern patterns in network logs, performing deep packet inspection, and fashioning ways to do continuous monitoring without ending up buried in data. Quinn noted the big data quality to cybersecurity information. It also mirrors another computing trend called the Internet of things, that is, the gathering of granular data from a large number of sensors scattered around the campus, around town or across an ocean. A federal agency may have 10,000 or 100,000 fixed end points like desktop PCs and servers. But it may have a 2x or 3X multiple of that number when you add in mobile devices. Each individual “thing” is giving information about the state of its software, what network packets are coming to and from it, and other parameters. The resulting data can reveal a lot, but it’s a lot to sift through. For the federal government, the coming year will bring a continuance of mobile and cloud adoption, and virtualization of not just servers but also storage and networks. It all means more machines, both physical and virtual, to monitor, more instances of production software, more possibilities for cyber intrusions to spread. Listen to the discussion, and get some ideas for dealing with the big data problem, kill chain methodologies and the lifecycle of malicious intent.
Tom Temin is the host of Federal Drive weekdays from 6-9 a.m. on Federal News Radio 1500AM. Tom Temin has 30 years experience in journalism, mostly in technology markets. He was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines, both of which were regular winners of national reporting awards. Before joining Federal News Radio, Tom wrote (and continues to write) a column on government IT and acquisition topics. He was a regular guest on Federal News Radio before joining the team.
Frank Konieczny is the Chief Technology Officer, Office of Information Dominance and Chief Information Officer, Office of the Secretary of the Air Force, the Pentagon, Washington, D.C. Prior to his current assignment, Mr. Konieczny was employed for 10 years with AT&T Government Solutions professional services business unit where he served as the CIO, CTO and Executive Director for Operations. He has managed more than 20 significant government sector programs involving multiple large and small business subcontractors and academic institutions in areas of Army and Navy manpower, logistics, force structure, undersea warfare, and more.
Rod Turk is the Chief Information Security Officer of the Department of Commerce. Mr. Turk’s current position as the U.S. Commerce Department’s Chief Information Security Officer (CISO) and Office of Cyber Security Director puts him at the forefront of the government’s cybersecurity efforts. Mr. Turk manages and oversees the Department’s compliance with the Federal Information Security Management Act (FISMA) and implementation of IT security best practices. He joined Senior Executive Service with the Transportation Security Administration (TSA) in September 2004. He has held several Senior Executive positions within the Federal government, including serving as the CISO at the U.S. Patent and Trademark Office (USPTO).
Matt Quinn is the CTO of TIBCO. As CTO, Mr. Quinn works with all product groups to create a common, corporate-wide vision for all of TIBCO’s products and technologies; ensures interoperability between TIBCO’s various products families, as well as consistent architectural approaches across all groups; and provides overall leadership and coordination of TIBCO’s product plans and technology direction. Up until his new role as CTO, Mr. Quinn has been responsible for the Composite Application Group (CAG).