DOT to expand IT security services

The Transportation Department has established the CyberSecurity Management Center to perform information security services for its 13 operating agencies and expects to extend those services to federal agencies outside of DOT by the end of the year, said Christopher Garcia, program director of the center in the Federal Aviation Administration. Seven agencies of varying sizes are considering using DOT’s services, he said at an industry event sponsored by the American Council for Technology and Industry Advisory Council on May 14. He did not want to name the agencies to avoid potential vulnerability problems.The center grew out of the FAA’s Cyber Security Incident Response Center. The FAA agreed last October to assume all of Transportation’s information technology security after it had provided security for DOT agencies in after-work hours and on weekends for four years, said Michael Brown, director of the FAA’s Office Information Systems Security. The FAA gradually took on more of the department’s security activities. Northrop Grumman joined as integrator as the agency incorporated more commercial security products. The center detects and responds to information security incidents, conducts analyses of sensor data and trends and provides corrective action capability. It publishes alerts, weekly newsletter, white papers and research, he said. “We have a verifiable, auditable and repeatable process,” Brown said, having migrated Transportation’s 13 agencies to the CyberSecurity Management Center. Transportation plans to compete to be a shared service provider under the Information Systems Security Line of Business when the Office of Management and Budget releases a request expected later this year, Brown said “We are using the same model for how we became a shared service provider under the Financial Management Line of Business,” Garcia said. The department is one of four public shared services provider for financial management. Early in its life, the center performed a lot of log analysis, but found it couldn’t respond in a timely manner with deeper analysis as the volume of data grew, Brown said. So the center uses a security information management system from ArcSight to reduce the amount of data that analysts have to sift through. Eventually, he will enhance the system with a collaboration module so others, such as engineers, can to look at incidents and explain them.