*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Atlanta, GA | Posted: February 10, 2016
Summary Sentence:
Associate Director Michael Farrell provides a public statement on behalf of the Institute for Information Security & Privacy.
Full Summary:
President Barack Obama’s budget proposal for fiscal 2017 includes a 35 percent increase for cybersecurity, creating a new "Cybersecurity National Action Plan." Georgia Tech's Michael Farrell, associate director of attribution for the Institute for Information Security & Privacy, explains what that should mean and provide.
IISP - required security posterPresident Barack Obama’s budget proposal for fiscal 2017, unveiled yesterday, brings a welcome 35 percent increase for cybersecurity. As part of the plan, the creation of a federal Chief Information Security Officer (CISO) also was announced to parallel what most major organizations already do to coordinate information security and risk. Yet the devil will be in the details for this new spending and new position.
Will the United States' CISO have any real authority? Will the new hardware and software bought with these funds be as insecurely configured or poorly implemented as the current systems? Two weeks ago Rob Joyce, chief of the NSA's Tailored Access Operations (TAO), publicly reminded defenders that attackers know what actually is on a target network, whereas agency leaders often only think they know their own information environment. What should be and what is are often different, and this delta is usually the most fertile area of the attack surface.
This additional funding should be applied in two ways, first addressing the present and second looking to the future:
1) Compel federal government agencies to prove they are doing the basics:
None of this is new, but actually doing it consistently would be novel for much of the U.S. government. The new CISO and cognizant officials can’t keep admiring the problem, but actually must measure progress and hold poor performance accountable.
2) Fund research and development for cybersecurity across disciplinary lines – computer science, engineering, policy, etc:
Reward those working on hard problems and seek revolutionary gains. Don’t be afraid to fail. Create the next!
Michael Farrell is chief scientist for the Cyber Technology & Information Security Lab (CTISL) and associate director of attribution for the Institute for Information Security & Privacy (IISP) at Georgia Tech.
