The White House is close to requiring agencies to do continuous security monitoring. I always thought I'd see the day, but now that's its finally arrived it seems surreal. The White House made the <a href="http://www.nextgov.com/nextgov/ng_20100421_5175.php">announcement</a> on Wednesday, a proud day for <a href="http://cybersecurityreport.nextgov.com/2010/04/state_dept_success_revealed.php">John Streufert and company</a>, the State Department's Chief Information Security Officer (CISO) who successfully implemented the first federal government continuous monitoring model.
The White House is close to requiring agencies to do continuous security monitoring. I always thought I'd see the day, but now that's its finally arrived it seems surreal. The White House made the announcement on Wednesday, a proud day for John Streufert and company, the State Department's Chief Information Security Officer (CISO) who successfully implemented the first federal government continuous monitoring model.
Billions of dollars have been wasted over the years by paper-based compliance reports. But for the first time, agencies will be required to digitally monitor security, and to feed reports in real time to a central website under new federal information security rules.
I hate to focus on the negative when such a significant change has finally come to fruition, but I can't help but wonder; what took so long?
Cybersecurity experts have been whispering in the back hallways for years that change was needed. And for years they were ignored. Money continued to be wasted. The security of sensitive U.S. government data was continually compromised. And yet, without Streufert, who knows if today's directives would have become a reality?
But there are other heroes at play. I suspect it was the bold leadership of President Obama's cybersecurity team--Howard Schmidt, Vivek Kundra and Jeffrey Zients--that finally got the trigger pulled. Good management, bad management, they all start from the top. So, let's give credit where credit is due - at the top. I'm sure there will be some kinks along the way, but this is the first step to the U.S. finally getting serious about cybersecurity policy. And most importantly, federal agencies no longer have an excuse not to be monitoring.
It will be interesting to see in the not-so-distant future the agencies that rise to the top to implement these changes quickly, efficiently and effectively. You can be sure I'll be keeping my eyes on that.
NEXT STORY: Recommended reading