TSA CISO: Government faces ‘diametrically opposed’ pressures on cyber
Officials with responsibility for cybersecurity at government agencies are being pulled in opposite directions by competing priorities, a senior Transportation Security Administration official said Wednesday.
“There’s two diametrically opposed opposed ideas every day when I go to work,” Paul Morris, the agency’s chief information security officer, said at the Verizon Future of Government Summit produced by FedScoop.
“One is: We’re going agile, we’re using DevOps … we’ve gotta go faster and we need to deliver more,” he said. Government agencies have traditionally struggled to keep up with the speed of technology in the private sector and some have seen the answer in DevOps — the trendy management philosophy which merges IT development and IT operations — and agile program implementation.
“At the same time,” continued Morris, “every other week, we get some kind of declaration from either the White House, OMB or DHS saying ‘There’s more compliance [requirements], I want you to be more worried about security, I want you to clamp down on more and more data.'”
“Those two things don’t work well together,” he told a breakout session on mobile and mobile security for government, adding, “It’s a challenge and there’s very little policy support.”
He described the challenge of mobility: “If we start to put sensitive data out there [on mobile devices], even on a government-furnished phone, how do you protect it? … As we move to push out new [mobile] applications … how can we keep up with the compliance requirements?”
He said a particular concern was the visibility of sensitive data on mobile devices. “Can the [Security Operations Center] see it?”
“I need more than just [Mobile Device Management, or] MDM [software],” Morris said, “I need to be certain that I am who I am before I can access the phone.”
But at the same time, he said, the agency was keen to harness the productivity gains that could come from implementing mobile technology.
“I want more people to have data where they need it, out on the floor, not having to go to a computer in a back room,” he said.