Subscribe by RSS
The “Business” of Cybersecurity!
By Nitin Pradhan, CIO, Department of Transportation
October marks our 8th Annual Cybersecurity Awareness Month at Department of Transportation (DOT). The theme of our overall awareness campaign is “Cybersecurity is Our Responsibility”. Each consecutive week will focus on a specific theme including remote access, mobile devices, data protection, PIV card provisioning and education and training for IT security professionals.
Intellectual Property (IP) theft, cyber crime, and protection of our critical infrastructure’s related digital components are among the most important security concerns our nation faces in the 21st century. Because of the connected nature of our information systems, any individual’s risk posture can impact everyone in the network. When networks are compromised and intellectual property is stolen, the fortunes of organizations are negatively impacted. Large scale IP theft can even affect the competitive advantage of nations and the overall country’s economy.
No one would want to live in a bad neighborhood without a good lock on their door to protect their personal safety and valuables. Yet individuals and companies do not always take the necessary steps to protect their network in the online neighborhood. Investment in cyber security is common sense—it ensures protection of our investments and assets and affords us the future opportunity for continued revenue generation using them!
The consequences of cyber attacks are significantly more complex than those of physical attacks. Data theft doesn’t always present the obvious indicators that a physical theft might. If someone breaks into your home, you almost always know that a burglary has occurred. Based on evidence at the scene, the police may be able to track and catch the burglar. If you do manage to catch a physical thief, you can press charges with the reasonable expectation that the justice system can take a criminal off the streets. It’s not so easy with cyber thieves!
With a cyber attack, victims are frequently unaware that they’ve been hacked. Identifying the computer that launched an attack is only the tip of the iceberg. Cyber criminals commonly hijack other networks, often in different countries, to launch attacks. The only thing that links the criminal to the attack is an easily changed IP address. If you do manage to identify a cyber criminal, you may discover they are in a country far from US jurisdiction—and are immune from prosecution. These challenges take on a new sense of urgency when one considers the importance of computer networks in modern government projects. Then there’s another issue—each breach can become an organizational embarrassment, an event that degrades the credibility and legitimacy of its business strategy and can impact its valuation. In short, conducting online business and hosting valuable information requires the right protection.
At DOT, we view new initiatives like Intelligent Transportation Systems, Next Generation air traffic control, and new 911 services as opportunities to improve American transportation and emergency services. However, these networked opportunities also present new targets for cyber criminals. As we move towards more innovative technology solutions, we must ensure these solutions are secure from outside influence.
The Office of the Chief Information Officer (OCIO) is constantly focused on providing security for our networks and ensuring the safety of our data. To accomplish this goal we have moved away from a segmented, reactionary view of cyber security towards an automated, proactive, preventive, agile and holistic security strategy. This strategy focuses on Identity, Credential and Access Management (ICAM), and utilization of Personal Identity Verification (PIV) cards for all employees. We are also working to provide constant, near-real-time continuous monitoring of security capabilities. Additionally, we are implementing Trusted Internet Connections (TIC) v. 2.0, which is focused on radically reducing the number of external connections to federal networks. If we imagine the internet as a series of pipes, TIC will take all the pipes coming into DOT and feed them into one large, easily secured and heavily patrolled pipeline.
Today’s cybersecurity demands innovation, agility and the ability to tackle complex problems with holistic solutions. We are committed to providing a safe and secure network environment that furthers the goals of DOT as a whole working with our stakeholders. If you have any thoughts or ideas on other ways we can improve this system, please share them at Ideascale.
