by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : June 2013
Management Act. Good cybersecurity hygiene is impor- tant, Ross said. That means covering the basics of knowing your systems, under- standing and managing their configura- tions, and ensuring that the proper de- fenses are in place. "But we need to go beyond that and make a difference in ar- chitecture and engineering," he said. NIST is contributing to this shift with its catalog of FISMA security controls, Special Publication 800-53 Rev. 4, which contains guidelines for agencies to specify trustworthy design and operation of sys- tems being procured. NIST also is work- ing with an interagency working group to develop guidelines for engineering and supply chain security, which are intended to create a foundation for a more secure infrastructure in the future. And the agency is taking the lead in the creation of an Identity Ecosystem Strat- egy for Trusted Identities in Cyberspace, which Jeremy Grant, head of the NSTIC National Program Office, calls a market- place that will offer a variety of interoper- able credentialing solutions. NSTIC is intended to address the fail- ings of current identity management and access control schemes. Although tech- nologies to securely authenticate remote users exist, scaling them across large user bases and multiple applications is cumber- some. As a result, many users and applica- tions default to less-than-secure schemes such as simple user names and passwords, which are vulnerable to a wide variety of attacks. The marketplace already is responding to the problem, and companies including Google, Microsoft, Amazon and Apple have started offering customers multifac- tor authentication, Grant said. "NSTIC will provide a framework to facilitate in- teroperability between these solutions and others, and ensure that they are pri- vacy-enhancing, secure, cost-effective and easy to use." "NIST is leading a public-private part- nership to develop the Identity Ecosystem by funding pilot projects that are enabling consumers and service providers to ob- tain and make use of trusted credentialing solutions," Grant said. "It is supporting creation of the Federal Cloud Credential Exchange to help federal agencies more easily accept trusted, FICAM-approved credentials for access to government ap- plications." The NSTIC program office is work- ing with the Identity Ecosystem Steering Group, a private sector-led organization formed to craft the legal, policy and stan- dards framework to support the Identity Ecosystem. Trustworthy systems and trusted iden- tities will not eliminate threats, and ad- ministrators still will have to defend their systems from attacks. "We are at the criti- cal crossroads in the next phase of the evolution of the Information Age," Covi- ello said. "As we face an evolving and es- calating threat landscape, it is clear that old, reactive, perimeter-based models of security are inadequate." Coviello is a proponent of using big data for this, harnessing data analytics for what he calls intelligence-driven security. "An intelligence-driven security model consists of a thorough understanding of risk, the use of agile controls based on pattern recognition and predictive analyt- ics to replace outdated controls, together with the ability to analyze vast streams of data to produce actionable information," he said. "In an age of open, hyperconnect- ed enterprises this is the only model that will allow us to handle known and even unknown threats, and to help reduce risk to acceptable levels. A model that allows us to detect attacks quickly and respond quickly, a model based on big data." None of these schemes to improve cy- bersecurity require creation of new tech- nologies from scratch. But widely imple- menting and integrating them will be the work of the next five to 10 years. • GCN JUNE 2013 • GCN.COM 23 --- ART COVIELLO, RSA BY GREG CROWE AS DISRUPTION MOUNTS, A FIGHT FOR IT CONTROL Mobile technology has changed a lot in the past 30 years. It may change even more in the next five. In the last 30 years, mobile devices have gone from single-function, two-bound bricks to pocket-sized computers that have the processing power of a mid-1970s main- frame and can do practically anything. In the meantime, government's grasp of the technology has gone from ignorance to tol- erance to embrace. Knowing they can't af- ford to stand apart, agencies are now grap- pling with the problems they'll have to solve in order to absorb the mobile revolution, in- cluding prickly issues like bring-your-own- device (BYOD) and mobile device man- agement (MDM). Over the next five years, there are some clear areas that need to be, and in various ways are being, addressed: