FedCIRC maps cyber battle plan

Featured eBooks
CDM
Read Now

Future-Ready Workforce

Read Now

Health Tech

Read Now
Insights & Reports
From Ambition to Action: Modernizing Federal Healthcare IT
Presented By Google Public Sector
Download Now
Smarter Contracting for Federal Agencies and Government Contractors
Presented By Carahsoft
Download Now
By Diane Frank,
FCW

By Diane Frank,
FCW

|

The Federal Computer Incident Response Capability is planning programs for the coming year to help agencies face cyberattacks

FedCIRC home page

Related Links

"One if by phone, two if by fax"

The Federal Computer Incident Response Capability is planning programs for

the coming year to help agencies face the growing number of cyberattacks

and to coordinate warnings and responses across government.

The initiatives will be funded with the $8 million FedCIRC is due to

receive when the final appropriations bills are signed. FedCIRC is based

at the General Services Administration.

The changes will strengthen FedCIRC's abilities and will also include

new offerings that are intended to enhance the entire government's security

posture, said FedCIRC director Dave Jarrell, speaking at the Information

Technology Security Innovations conference in College Park, Md. Tuesday.

"There are no silver bullets, but what our initiatives do is shorten

the time it takes to respond," he said.

FedCIRC already has developed a solicitation to bring in a new private-sector

partner to focus on the day-to-day responses and advisories that the organization

provides to agencies. The Carnegie Mellon University Computer Emergency

Response Team (CERT), which currently serves in that capacity, will change

its efforts to analysis of incidents and attacks.

Another priority is the automated patch distribution system. FedCIRC

has been working on ideas for the system while waiting for funding to put

a contract and the system in place, Jarrell said.

FedCIRC will be building on the CIO Council's memo this month asking

agencies to develop formal methods to coordinate with FedCIRC, including

the development of a secure network that will enable federal security managers

to discuss incidents without worrying that information will leak out to

the public or the attackers, Jarrell said.

The organization also is moving forward with plans for a high-volume

phone and fax system that will help notify agencies when e-mail systems

are down and an AM radio advisory station that will notify federal employees

of potential cyber dangers during off-hours.

FedCIRC also is developing a new managed security services multiple-award

contract. The contract will enable agencies to find vendors that can provide

monitoring and alert skills that many agencies lack. It will also include

a way for agencies to feed information to FedCIRC via vendors, giving the

organization a complete snapshot of security problems across government.

"Agencies are going to have complete control over the depth and type

of monitoring and what information goes to FedCIRC," Jarrell said.

NEXT STORY: Tool personalizes security warnings