[ISN] Cybersecurity agency to improve patching

From: InfoSec News (isnat_private)
Date: Mon Aug 25 2003 - 00:41:06 PDT

  • Next message: InfoSec News: "[ISN] CERT staffer arrested on sex charges"

    Forwarded from: William Knowles <wkat_private>
    
    http://www.fcw.com/fcw/articles/2003/0818/web-circ-08-22-03.asp
    
    By Diane Frank 
    Aug. 22, 2003 
    
    National Cyber Security Division officials want to improve the 
    governmentwide computer patching service so more agencies use it, a 
    senior official said this week.
    
    More than 40 agencies have signed up so far for the Patch 
    Authentication and Dissemination Capability, which tracks 
    vulnerabilities and patches and sends out any tested patches to 
    agencies based on their subscription profile.
    
    However, not all of the agencies that signed up are actually using the 
    service, and officials in the Federal Computer Incident Response 
    Center are now looking at how to modify the contract, said Sallie 
    McDonald, a senior official with the Cyber Security division.
    
    "We need to improve the overall program so it better meets the 
    customer needs," McDonald said.
    
    The primary change will be to address the shortage of licenses for the 
    dissemination solution. FedCIRC underestimated the number of licenses 
    that would be required, meaning that many agencies are only piloting 
    the solution within small segments of their networks. Officials hope 
    to reconfigure the contract so it has more performance metrics that 
    will ensure service for the agencies is the bottom line instead of the 
    number of licenses, McDonald said.
    
    Federal officials have known for some time how important patches are 
    to a good security process, but the networks impacted by the Blaster 
    worm and its variant over the last two weeks emphasized that point for 
    many.
    
    While FedCIRC has moved over to the Homeland Security Department, the 
    center is still working with the contracting office at the General 
    Services Administration because the officials at that agency are more 
    familiar with the details of the contract and the security needs, 
    McDonald said.
    
     
    
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Aug 25 2003 - 03:56:44 PDT