Samuel Chun: Cyber Threats Growing

June 19, 2009

Global reports about cyber security threats to America's infrastructure are accurate and the number, types and sophistication of the attacks are predicted to increase, the House Subcommittee on Government Management, Organization and Procurement was told by the head of cyber security for EDS, an HP company.

Samuel Chun, director of EDS' U.S. Public Sector cyber security practice, testified that to combat those threats, Congress and the executive branch should revise the Federal Information Security Management Act of 2002 (FISMA).

“While the positive contributions of FISMA are apparent, there is a general consensus that FISMA does, in fact, need reform,” Chun told the subcommittee.

Chun said complying with current federal reporting requirements has become burdensome with “too much emphasis on the generation of paper reports.”

In addition, Chun said the grading of some agencies has become misleading.

“Some of the most well-defended agencies consistently receive poor report cards,” Chun said, adding that a single grade assigned to a large agency only generalizes the agency's security picture and may not provide proper warning of vulnerabilities.

The EDS expert said that while the National Institute of Standards and Technology (NIST) has now established many of the standards for government and industry, the standards may need updating much more quickly.

“It is unlikely that these standards will keep pace with the rapidly emerging threats,” Chun told the subcommittee.

“Our vision for information security for our customers is simple,” Chun said. “Security should be so tightly integrated from the core that agencies have the confidence to be agile at the edge. To put it simply, security should be an embedded part of operations that permeates across the enterprise.”

Chun called for a number of steps to upgrade the nation's infrastructure, including: