Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


EPA Claims Vastly Improved Security



 By: Matt Hines
2006-08-01
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Under a project headed by services giant CSC, the Environmental Protection Agency believes it has greatly improved its IT defenses and become compliant with the Federal Information Security Management Act.

Even with the renewed scrutiny being given to government IT systems in light of the recent laptop theft at the Department of Veterans Affairs, officials working with the Environmental Protection Agency say the organization has significantly improved its security operations.

Guided by a seven-year contract granted to services provider Computer Sciences Corp. in 2002, the EPA maintains that it has applied a systemic approach to maturing its security operations, resulting in the agency being one of only five federal organizations that received a top ranking in a recent security scorecard issued by the House Committee on Government Reform.

At the heart of the EPAs project has been an ongoing effort to come into compliance with the U.S. governments Federal Information Security Management Act, or FISMA, which requires executive agencies within the federal government to secure their IT systems. Passed by Congress in 2002, FISMA specifically demands that government organizations ensure that they have appropriate officials designated to oversee IT security and that those workers periodically review security controls for all information systems while enforcing user and device authentication.

Resource Library:

Under its deal with CSC, the EPA has outsourced its entire IT security operation to the service providers Raleigh, N.C., data center, including oversight of its WAN. The project directly handles security for 25,000 users in ten regions throughout the United States and also includes management by CSC of the EPAs data center, desktop management and call center operations, in addition to the security responsibilities.

CSC officials say the company employed a strategic plan to help the EPA that included the completion of security gap analysis, followed by several major projects. That work included centralization of the agencys security incident response center, creation of a governance board to oversee and drive its technology decisions, and work to increase support for IT worker certification for development of security policy and architecture.

By balancing its need to move quickly to improve security with a more comprehensive overall IT strategy, the EPA has been able to make strides that other, less-organized agencies have not, said John Kashishian, director of CSCs Network Information Assurance Solutions group.

"The EPA has taken a consistent direction on security with a sense of urgency, but they also understand the systematic approach and how to best pace themselves, and budget, so theres never been a crisis throughout the project," Kashishian said. "The main operational change theyve made is installing the security incident response center; that gives them the 24/7-type of protection that an organization of this size needs to respond to incidents and emerging threats."

While the EPA previously had a more de-centralized response system in place, having a single source of communications for security information throughout the agency has made a world of difference, according to CSC officials. When a virus outbreak or equipment theft challenges the organizations security, the EPA can respond much faster with the response center up and running, Kashishian said. Employing the center was also meant to improve the security of the information being handled by the IT group.

In responding to the epidemic of stolen laptops in the federal sector and elsewhere, the executive said that the EPA has progressively improved encryption on all its mobile devices, and that the group is even considering a move to more thin-client systems to take data protection even further.

Getting the right plan in place to deal with laptop thefts makes a world of difference, IT security experts say. Click here to read more.

"Theres an operational balance that needs to be evaluated, they understand that mobility is key, but it all comes down to risk," said CSCs Kashishian. "Were always looking to improve infrastructure and while were not in thin-client environment, the EPA is evaluating the pros and cons of moving toward a model where data is more centralized and people have fewer demands to carry the data in the device."

Among the security projects ongoing within the EPA is an increased emphasis on protecting systems from the so-called insider threat, or the notion of workers with legitimate IT privileges carrying out data theft or manipulation schemes. The agency will look to further improve its standing against such attacks by expanding its authentication systems and putting additional policies in place to govern the use of mobile devices, CSC officials said.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: EPA Claims Vastly Improved Security
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}ks۸qf89Ei;RJX'c)Vi)8H?q?q-dƩ6Fh4~ 'I"gf;̢dw3齿K$mL9P[ Ϡ^=WZj:@a5NzpDd>J`OS;S  5Ǔ6ޙ1=+SmL}F6\3meb ^Qk$Ё_ ܢ%yRpERB@Te$oQX}؁䛿S=2tS6B X^P~FD;5~{N5~yЀ`V黖6? CoAUVekV}lvi!rs!gsͻHݠ匝o8Gd jI:`iT11܋Hч@XSTPԢfFԴ;gj5[gc=ױ}ǣ!&$ftjv?ĭ (QI&7q_)'F^_3'C8:) ۱"˭Uֶe5^~;mgE5GlR"ۄؼ?0}$ꎧc"9ˁ,kFpfto6 dݺ=Try_ j_(+{6{2كq3}7* 罋e0> n04p;\rr}U=铋u3^_adm#1UE R$_::&N{#xZj/Ղz H.C=I-bv=ӧH0CF^8(Ja>gSK߾ڤ>>=O|bPUUz 12ؕ 3Bz3u7'KE{#'+j_w=$#t:+?f'_Z-/7#?o!aj;dP[w8LwZ/)H ?ϗm2 OGgcdx,˭~~F {(-4K9K2}1xc%? ,_ fk7 Jsi)":svfPy۬ Rƒ) 4K3;j\K}0[=RFp &JpJq䰉cYSl \捇oBiOd$e ,}PYtBFͨ8 . If0;A0<^f/_\@ 1 p1S{".S4ipv}ZnV͉*YX]uUjZlY?iKsqjH{vǫ # EHYf7-vI0ꨦV+2,Kba_)b(7Z`Lm,1,Ltͬ Y0`贎;mJ_{ϧ0gPӐ? M/6G˥qj>1 @ Lna 8V83 5Cuәݰ=Uԇ9[ϩ`I l"v|3c)м`y&nAܙ@[S衟#]ѽ:?@=2/?6fxşP}MrA=S9;ʹiǀxԘ0$w2J}'n.G))$C]Pv9B B!\0 HV(V􎄰r)iLO:\t{B#;\~(΍5aGe-n^ $ d3CCdYU Q<"`&ˑea*0pRx5Vn`oJCUݯ!Mzڣ==˚hfZi [N@Z 5$&.*l)hAsq=7߀s XwzͰ"hZ5g{0.ƃ5œL;Nm(tsjڰ`DWjP6~@-QM{lz:eR#O>h5K\u;ıAsރn5 ~"Wvzbr#ʇ&fy>epGҶLoj@>|zS.z8 9r!M5kb$`CfO q^i.;[Lg˺z+fYX]۽/ 7ryO4 m{24@0ٖk_Xt jQVt0:T em:bZGJG!1~h/a2(&aC+EE.Wӟ@-tXjR{5>k断,0!/Ȁ2n7$X3Q[ ҆lxku;.`Cϱ9鹞vo푛0]r G cp:H%2ĂN?ATit ˀQ*5%R>ka@/ı@b=]Všcًͧ°w^^v?~5Gl4\ۄ#V!҇D+ه0`L E5_N6b^)#/{B~*+BQQbϓckLĽf2,rFe9وAF9 CQ>-LM{ jpb Rqq~~i~R`X;(l]x|uVV0\}єa˘34|q֣-*IHRP$h>E5 dj>Ǿ8o+<|CHE~"=il9 3m"X`b D$*U `n*tVѱ(թ%6=,.JI:hdzTy>Q7Ϗ9(gh9d*>'HZ+kP+Rj _=>2z4Ebwc8о#\\V`QaF]4FX\eHЮ$#SqP.'1Pc0ܝ.P8)5fJ tazTͼr8_rAN\Cy.+pDᘜQ[|ίA1peu}0d٤S,H-qRCY= w7ZAU[K[3^V< OQ#lzCx &`QtEa:JiE[ `{AMz*O))"ڟskh豸4] QB|z0b&^W TuPݯҚuZu^,mpH1)dyD4@/=q8bk lbk}rq@l#RqM݌5m"vyڀVIJXhQ;_4M/Ш6> 37}&mno{׼d[̌<9A7V"=_g`%sQl x@̬m#u6霎0 M,'\Qrb/X`#1s*? .=)3P홗]7`MsG_/X#c ׃n#>ۙ+em6~z&zi0bZ`7=3%4OQUrd2~6(~E+->Q#2!` ~o'U@'rR)Y$ {259p\Semi{}֏^-a,0t&]☺砊Iy>_e7UY^y1@q3fnt/;NQAVvv\j\#-JV_|H`UEK7?p-:%Uރ4 `i8~{HC ?JfWOKfչ ]whgg~py# @@W~\9o^}\/~wϺW(!9\dcxx\C;R%9!pUv*<fSڌ6N,#zqKiWf@ tZ+N,8;XMR!}%>CmPõhLخ;+^+[ 5̀oBAjNyP(  cJ=!Vohuzgё{mE& b#ADrIGzRFijV{Dg$G1^ί0[J㷒oWȘI;GD{_q-5'=?U[k':פ{GHY ?9/g`!IB882 7{KP .MuW@7db#J M5"v=O?qu#1a 1|I[ɰu͒:`<5 2)!MOp|Lk'IZV6X(UT%!T4QҌObCYF*C7' һl^lpVPto6_xvImK$cΖˤfė4 Y) |8RB[(GH Tդ Zz]XUH*?vƇ!qbwy~@0GW倜|){~T߯Jl;`=ұ?G$c: I"I^QԼڭUdE)I=ۉ~g#S^q:-< &j%3 =яKi^xΠt4u遧{ {!F.u06.s!TxBo^k_eܰwߵ= =z .+-R!EkEwWU TOWg"E:'%:#ڬ/ۥ{?wVȿ5LĬhgdO1\j[Ѽci2> ACVorl8Grs&cx2HB%6÷Fp7*gcc3/F#%g&ySϱm @|Րp/hZ1i`jcZ'OpjulD[ʷ/'Ɏcr sf2i TWeT7/7__B !C9O4y˭0L L ܻ'Vxe86[bw[01| ttjڰJ;~vK5ӗ1 C>6 5Zؗw:yW > (zO8Mg ;*:Β@ !C=gsX2gb]Y=Ө+Jz=Hu$ekAqN]"Ls̓ :υaO1n9o\LYqxC$9u| 4' mSw(֞ f73܆ERs>b#7_Ý,(A"ʛSxJ6lJvw (-1q]I hc<>:f4d(΀{,SvE%‚1tSث$4&N!?LC̊ՐYa*ȧνwǖzj&s̗yt MG^>8V)(VB»Q V(qb*v F /VV؝,UmRMYJ^I?x F~^\)= UQ86OT+*8AE4Ɛܶ)ڄC^$: K9婘vy*T.NK nF(OA1xF}Y L k㴈l ShMZNLZNW/GthۼA!~#]Z ,)"HF $w+(}ܶI夨x F(@I&BCY?K[X7'a Ϙ`{/ұS_KܒuYp#́;~`T$!"a!" = A_! 6jcJ +mHTP&etwM0:Η:}Lj2`RR4[JEuh0N(!@@'޳Wv8GxV/)6K9K!&ntBWNg7^ 6& M2J]͚axIeR9 0 f? K'v#r-x<.,:]w"]˪Ǜ'acY rZXHm4E-o,bHS :K7tk}H3> jp-U`,j "V?y`V|M)8͈dϙRۋ1`}Q S0R q{Z3H$IN8pI'ۢR 񌗟7M¤&֖c~ǃtdz52IpDPʹgIe9SqKD8r܍o(JJeS>D,iI/Хpz)z#+a2S:QJ!`RSkͳuݠk ^Rɱ r2GJ8kffffo銞KhӶD;f%vI&>]Hm۟yo6{[Ո/5=e1X/,[E-hJ/rH" HD#`ً[Rc~UЕԓ1x܋yxYcؙ3~#G^2Vxa_=gSV>{ICG@l0U7>%4߼RVRJn`5v:&bL˦M"q$lHpڞƋِJK,5ϛKY \WxI 7 EeS$G >CgOA=+'!e_s/_!'Iͥ +]8jTQAuq;@ƔNLC"ӑǠ_oi{l mjoH%/('\ȓHRb/UHm *xΆZ}iN ;]OxKN`Kr, x4||'>t$ۡ Hku>NROKKKKmGoKA?"msE͚NU3SufM*cG܋dޱ-XDZs2 )HD#\p%ٍjQN^K*h? >,}fa"*C3 *ER=pX qră WK%[>uQak2x4Ώ2( xI`"\הO9OH/tDgE`f0{pg~TɧsD'x#F̣!0ߖ{| ذBFl@oFnA\N\Zg'! I@AՠB;!+K !(jЍicd`ݩ.v4E\z0Y7THGtH$D% l\K,`=y&B=+goˆqʏT%^L4 TX+ '䳎35v62u!ILc' {19jA-69rǮBXA tφ}m_q 0jUo.:!_X/Gon#Lf@Cx5Sh~Ldf2]^IIɽ/ `|F0= c l k(Y=~\&UQ׿f#{tѥ% RkyKN tc [cě#UA2AK5n$*R!ѤFrGZj>A1Rhs05̈Gbv mz^C춴J[7^6.W@O[jkwghDP"ͪND`hi}ȓP}-* ;,Ote]V)p cw?tkiL٦ƗRµIʥ rQ D#'&E"#Mkj~bT*C7Cy^ )ߓ8cGVjjJ foLV >鱫@=jJ%gpnz`ɧ`z"QGlۏ\VKZ%5Ys~$K5ǽ̾9LjAY鳏bi+1 M&?=) >f? Y|}L͖C0ۏUztc5}gK襍ҵτ8$pF|oe%Foq{u >dIȧә'%-:u^aci᚛ \N j'ϳW ByF}gzo?qbS~jbG +KNf0Y+L66mYQ 6Bz (ӘALO@99l6=a?1Dsnj>#F̯R߃q}#|##oDiw\X>+( NVČV\>dFiFwG#SOW2h?`C@#  ƈ RU&wܠ~z*ڟOaeh^fn+j05 U@8AnK瘒m-@+> o^'}& )<]С {Ꞣߒ_q48ڀkcE~E:xdC~N`ojE#d2zވ:# XZ `Oi$~b Ú"vFf.BT0 -8!`me 윑M﷯zaȐX;3&[t`#oPmNGc؇a!0xd+2tfA]3:?rarnh󟢁o8gkH0 r) ǫ^aP0FDu"t03x*%2j&cP <"mG=Wnrn-i`IkB\A~csOCHG_%R D-t]\P"@H>S|??'~?KHbu~gVK) &X`95A"\2,~ ܕŭS~l85L]kR.ɖàzPY|oby` ?vc.usx\jJDj$!Ѕ8i,)@"!9͉k@$cuúޝ/#~|aP8\  +zjJP&uO"weX &z(D—͊5{8~BOr%-rEeV0`A='92bg44\K L]#&O=lF(DosLѼe5_g3w dd  M%u$e!(ofYNo\8G\(^YWa uqQR zvAX^fR51 ௗdnldڹ< aq)z^U^xڞjpۭ]n@KG{1*,xW&^>&c˼_V,$=)>w槤Ixϕո]@&JRo-cENZ9.~QxdB$8V0fY !kx FUys"\5½p'eybAR̤-}@#]~L(G.v8jlFvn_qL0G5iqq[~|^Y݉;yx߅ oBg>j{$oqAz󡧙h7_j nAmzOWg4`.g6{hϦ"di󠮰iPͩȪ)N(P7Ejn2h s~B]QKt=~38]o4pGsn ~+1-H$ΆR% ;qG;B$ô{D(&0#*+P#}a`Ja\L3DAzg l]{J̾jCO3CX)ḇ}̺l[ %.H GO,i`Erd9GU ZQ8݈83w{Zf$KmHnL zp)Z.lYmgrnCk5Wvu;Lc'/T3l}oufL~naΩ'%x^#H=GN"MaџF4D7?Oa\WvBaIgLiح~]c 6{Nzs̄8B8Lxmϒʗ[l,)1{;KH6ZԿsg:-C{)L9 H\}T.q 5" "kHH "s{B|%j9S%n29}Ǧ a4o9ao5RFXta v.E݉cEvt.IOܨILPxUE0P$=Cb Kǣ,H :BVZ`MfY{qLR=I*4UMf΢ِ䢖bNm& ”smqm {=SY,> V_dvO~%BpC`#,^ |t,C䷧cSւ_/gзcǁ/;MzKV9j((& ]aFʪv\JT~7(V\w|7(6Jk ϻoF5N(tI cR &11|j;;1mTeΝƔaYѶz SO^7'[nG\k<1v4aeh@ nخ;Oq^'͠,4+:hoKo^x.{H|nHHUƧf2{{:з 57d([|Ӽ9ނ4(NAERb0%yMvSFc ?dtE#bSp!@>PE֧2R8WD Q)۱YBAł?Vg;kMNapQ"#Q!*^x9NAxeѕhOɬQ;Z?Y m-1+8~m=bu-Urcd+{f:ePbEX&Mf_X (K# LwIN8utvKѪ v7"!a^n1n%/ـ&@s=V*.v利6r.*l XCڢZMQa[8~nb=Oyh=e-{@70* <Ǹ9-@>{z?yzG[0tczw^= lI12#, $8jVI;;a0&iE-㨤t`C v_Ή~ph[?҈>A wVǰYF!Ƨ7'TS*4.>ϝ/xDh^wL_txW$L+DdzUN Z ^chX$֬"K깘#'yQ s3=v=ǘ mr?q,r?],MclRc9bfrW`2MZ.<'ȳ(`,Lv"V7rsh;h[3T*Ba$:R3 kEj z.t1\04NyqBaʩȩ(v}_\%hw2b5Š biS<5.rW?bMd|^k'o?XI/4;gxH%Xix0~']f(FRqO\||8(>ub345?~~hIaE yiNђuWvH]6[ŇdEgO 6A|>Ðy6xL kuED;idMn+:cQEae=/jō.yg;a+bBmP? ۔p&s.# MW\e\)ҦG(c>tgLt )2)v}ml-c6C-;sl+