PCAST tells government to beef up on cybersecurity


Written by

2013_11_photo2 Slide from the PCAST cyber-report presented Nov. 21. (Photo: Camille Tuutti/FedScoop)

Government cybersecurity cannot be achieved by a collection of static precautions, and instead must continuously evolve its reactions and responses to threats, said a report on strengthening the nation’s cybersecurity issued by the President’s Council of Advisors on Sciences and Technology.

The report found the federal government rarely follows accepted best practices and suggested a slew of recommendations to bolster U.S. cybersecurity.

“PCAST recommends that the federal government lead by example and improve its own processes to combat cyber-threats,” the report said.

Cyber-crime, according to PCAST, can cause up to $1 trillion annually in global economic damage and can potentially degrade U.S. military capabilities.

To create a more dynamic cybersecurity structure, PCAST suggests sharing cyber-threat data more extensively among private-sector entities.

The study also recommends using Internet service providers to establish policies that describe the desired behavior for best practices. The Internet service providers might also establish standards for alerting users when their devices have been compromised.

A large number of the recommendations dealt with establishing best practices within the federal government. These include phasing out the use of insecure operating systems such as Windows XP and replacing them when current versions of Windows, Linux or Mac OS. PCAST encourages the universal adoption of the Trusted Platform Module, a microchip responsible for encryption technology.

The report said list-based mandates for cybersecurity encourage a “check-the-box mentality and provide incentives for minimal compliance.”

To battle this problem, PCAST suggested adopting more practices from the private sector, as well as realizing a one-size-fits all approach to cybersecurity will not work for federal agencies.

“PCAST believes that…the preferred way to proceed is for the regulator to require not a specific list of cybersecurity measures, but an auditable process by which cybersecurity best practices are adopted and continually approved,” the study said.

-In this Story-

Cybersecurity, PCAST, Tech
TwitterFacebookLinkedInRedditGoogle Gmail