On May 5, 2010, HR 4900 the Federal Information Security Amendment Act received approval from the House Oversight and Government Reform Subcommittee on Government Management, Organization and Procurement. The act amends the Federal Information Security Management Act (FISMA) passed in 2002 and is a welcome and long overdue upgrade. The act winding its way through congress is an affirmation of what those of us in private industry have known for a long time. Cybersecrurity posture is simply too dynamic to only be measured once a year.
To quote the bill itself, “…Each agency shall develop, document, and implement an agency wide information program…that includes… continuous automated monitoring of information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency to assure conformance with regulations…”
Continuous monitoring as outlined in the act represents a huge change from the annualized checklist-style audits prescribed by the Office of Management and Budget (OMB). Agencies will need to put in place solutions that can provide situational awareness for all IT infrastructure and applications with the goal being to operationallize FISMA requirements as metrics while providing visibility to a proposed new Federal Cybersecurity Practice Board within the National Office of Cyberspace.
Splunk, with real-time monitoring, statistical analysis commands, massive scalability, and the ability to accept, index, and search any time-stamped ASCII text, is ideally suited for Federal agencies that are looking ahead to these changes. It’s even possible for an agency to create internal and externally facing real-time dashboards that can be monitored by OMB, the new National Office of Cyberspace, or other third-party. As an optimist, I see a day when a new Office of Cyberspace can create a mash-up of all the agencies real-time dashboards that monitor security trends against particular metrics and can proactively alert all agencies to a possible malware outbreak at any one of them.
There are a lot of steps in getting this important act passed but getting the act referred out of committee is a very good sign. As Diane Watson, of California recently testified, “Congress and other government agencies are now under a cyber attack an average of 1.8 billion times a month.” Knowing where you are at all times (continuous monitoring) is pretty important on a journey to improved protection of cyber assets.