http://www.computerworld.com/storyba/0,4125,NAV47_STO69936,00.html By DAN VERTON April 08, 2002 Sept. 11 has taught federal IT leaders lessons on the value of security, continuity planning Information technology managers at U.S. federal government agencies are applying the lessons learned from the Sept. 11 attacks to improve planning for continuity of operations during possible major IT disasters in the future. Speaking here last week at the annual meeting of the Tiverton, R.I.-based National High Performance Computing and Communications Council, a group of five federal CIOs and senior IT executives said IT security and its role in continuity of operations has taken on heightened importance since Sept. 11. There's an increased emphasis at federal agencies to make operational continuity plans "living documents," said Sandra Bates, commissioner of the Federal Technology Service. The U.S. Department of Labor, which manages employment and unemployment benefits for millions of Americans, lost two offices and its inspector general in the attacks on the World Trade Center and was forced to put its disaster recovery plan into action without ever having rehearsed it, said Laura Callahan, the agency's CIO. One of the most important lessons to come out of that experience, she said, is the need to plot a well-conceived communications strategy in advance. "We couldn't talk to each other," said Callahan, because of cell phone overload problems and a four-hour "dark" period during which the agency shut down its networks to assess the damage. Since the terrorist attacks, the agency has also moved to deputize its workers and create what Callahan calls a "neighborhood watch" program, through which they can report anything that doesn't seem right to them. The Department of the Interior is also working on developing reporting procedures for managing any future disasters and is focusing on integrating security and business continuity operations into its capital planning process, Callahan said. "We don't do capital planning with an understanding of the risk," said Daryl White, CIO at the Interior Department. "We do it after the fact. We have to get away from that mentality." To break away from that approach, network architecture specialists at the agency are now being brought into the thick of the security planning process at the agency, said White. In the Works Lee Holcomb, CIO at NASA, said agencies and private companies "need to architect networks to isolate mission-critical systems." One such plan that is currently being studied at NASA is the use of security "honeypots," or decoy systems, to divert attackers away from sensitive operational systems, said Holcomb. Sallie McDonald, assistant commissioner for the Office of Information Assurance and Critical Infrastructure Protection at the General Services Administration, said there are also several security programs in the works that are designed to improve everything from patch management to secure collaboration and vulnerability analysis. "We're trying to develop a culture of security in federal civilian agencies," McDonald said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Apr 10 2002 - 04:41:37 PDT