Avatar feed
Responses: 2
MCPO Roger Collins
3
3
0
Agree with the review, but does it take an Executive Action to tell his cabinet to do so?
(3)
Comment
(0)
Maj Kevin "Mac" McLaughlin
Maj Kevin "Mac" McLaughlin
>1 y
Seems to me this is a "huddle up" to set the executive agencies (DoD, DOS, NSA, DHS, etc) straight on the expectations of them with regards to IT compliance. This is something Clinton failed to do and/or her people failed to inform her properly on when she was Sec of State.

While much of the order readdresses what is already required of the IT infrastructure, it also gave all the agencies a timeline to verify to the President they are in compliance. This in turn ensures all agency heads are aware of their responsibilities (something Clinton "claimed" she was not) with regards to safeguarding the IT infrastructure. Should another CIO not brief their leadership properly or an agency lead accept risk which could be mitigated (and it wasn't reported as required by the EO), I am hoping the hammer will for once come down.

We need to start holding those who are responsible for accepting and mitigating risk accountable when they fail to comply. If agency leads would take this role more seriously and ensure all IT security needs are prioritized, it will go a long way into improving our cyber security posture.
(1)
Reply
(0)
Avatar small
CPT Adam P.
0
0
0
Edited >1 y ago
It sounds great, but will the funding be there? Where I work, we use everything from DOS 3.0 up to Server 2012. We have not updated our older machines like DOS, Win98, Win2k because the systems run very important and very expensive software. The vendors for some of our equipment no longer exist. At my facility alone it would cost hundreds of millions of dollars to replace about 40% of our systems. If it's not funded then it's just more hot air!
(0)
Comment
(0)
CPT Adam P.
CPT Adam P.
>1 y
Maj Kevin "Mac" McLaughlin - For DoD, that works well. For other government agencies, not so much. We have gotten more money in the last few years, but it is nowhere near the money we need. We get the same type of speech every year. After the leadership sees the sticker price, the next comment is we will use it until it breaks. As a matter of fact, we have spares in case they break. Just last month, I bought a new PC Module from national instruments that cost $6k. This was one PC Module that goes into a chassis that has 5 different cards. Each card costs around 2K. I purchased the PC Module with Windows 7, but we had to return it because the software was not compatible with Windows 7. Now we have to upgrade the software and that will cause the facility to be shut down for two months while we test it. That's just one example at one facility for one system. I have an inventory of hundreds of systems. My point, I wish it was as easy for other agencies as it is for DoD.
(0)
Reply
(0)
Maj Kevin "Mac" McLaughlin
Maj Kevin "Mac" McLaughlin
>1 y
It's not easy for DoD necessarily and the process is generally the same. Believe me when I say there are tons of legacy systems in the AF. I realize the other agencies do not get nearly the same amount of money, which is why I've always believed cyber needs to come from a different source and process. That would also come with a requirement for DoD / NSA / DHS to lead the efforts in protecting all the others. Question... Is your system assessed as MAC I, II, or III?
(0)
Reply
(0)
CPT Adam P.
CPT Adam P.
>1 y
Maj Kevin "Mac" McLaughlin - We don't categorize our systems using Mission Assurance Categories. We use NIST 800-53 and based on that we are Moderate. DHS has come down with the CDM program and based on their plan, they have no clue how to handle OT (operational technology). That is our main problem IT and OT are two different things but everyone tries to treat OT like IT without understanding the challenges of securing OT.
(0)
Reply
(0)
Maj Kevin "Mac" McLaughlin
Maj Kevin "Mac" McLaughlin
>1 y
I hear you and I've been studying up more on OT recently as they relate to ICS systems. These are expected to by one of our mission sets eventually.
(0)
Reply
(0)
Avatar small

Join nearly 2 million former and current members of the US military, just like you.

close