How to Protect Privileged Access to Critical Government Systems

By Robert Grapes  |  Posted 2009-06-17 Print this article Print

As reports of major security breaches and thwarted attacks on government agencies continue to pile up, cyber-security has become a top-level priority. Federal agencies must ensure that the right people have the right amount of control over vital information. By establishing and implementing consistent security initiatives, Knowledge Center contributor Robert Grapes explains how federal agencies can employ a proactive approach to help prevent security breaches.

Despite being saddled with significant economic concerns, President Obama-recognizing the significant importance of cyber-security to the nation-ordered a 60-day review of United States information security and the systems that support Critical Infrastructure Protection (CIP)-or in this case, cyber CIP. This call to action recognizes that a failure to implement proper security measures can facilitate internal and external threats to the confidentiality, integrity and availability of the nation's critical infrastructure.

In January 2009, the U.S. Government Accountability Office (GAO) published the GAO-09-271 update to their High-Risk Series report, which outlines federal information and cyber CIP concerns. The report stated that protecting the federal government's information systems and the nation's critical infrastructure is a topline challenge, but this requires resolving deficiencies that have not yet been broadly identified.

The report also stated the importance of fully implementing effective security programs. The following challenges are too important to go unaddressed:

Challenge No. 1: Cyber-security as top-level priority

Earning cross-agency buy-in is critical for managing threats effectively, and for ensuring centralized and controlled access to vital information and systems.

Challenge No. 2: Establishing and implementing consistent security initiatives

Mandating policies can be a complex and daunting task, but with insufficient processes in place to enable full accountability, agencies become susceptible to internal and external threats.

Challenge No. 3: Preventing system disruption

Dynamic and complex technology environments-including virtualized, cloud computing or service-oriented infrastructures-make managing information access extremely difficult, requiring flexible controls and solutions to adapt and prevent interruptions (or worse).

Challenge No. 4: Improving warning capabilities

Access to critical information assets must be monitored and managed intensively in all facets of the organization. Implementing proactive warning systems can circumvent critical incidents, limiting exposure to agency credentials and vital information that can open the agency to extreme governance risks (both inside and outside its walls).

Challenge No. 5: Strengthening incident recovery

While mitigating occurrences is the first line of defense, the ability to recover from incidents quickly without exposing critical information and access needs to be improved upon. When events do arise, privileged information and access are compromised without a disaster recovery plan in place.

Government agencies by their very nature must be unfailingly vigilant in trusting secure information to external and internal resources-if only because the information they control can financially, legally or even physically endanger the public's well-being if it falls into the wrong hands.

Robert Grapes is Chief Technologist at Cloakware. Robert has more than 17 years of professional experience in the technology sector. Prior to joining Cloakware in 2004, Robert worked at Entrust Technologies as a software toolkit product manager, at Cognos in vertical analyst relations, and at Allen-Bradley as a control systems automation developer. Robert's expertise on enterprise security and Governance, Risk Management and Compliance (GRC) has enabled many government and financial service organizations to meet their audit requirements for PCI-DSS, FISMA, FERC and other regulations. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel