 "At White House, a cyber marathon to stop intrusions")
The federal government could find more cyber intrusions as it takes a close look at its sprawling and sometimes creaky systems in the wake of massive hacks, the nation's chief information officer told Reuters.
"I think it's a realistic chance, and I think this is true no matter where you go. It's not unique to the federal government," said Tony Scott, who spent 35 years in the private sector running systems at companies such as Microsoft Corp, Walt Disney Co and General Motors Co. Scott was named as the federal CIO in February and knew from the start that stepping up cyber defences would be a focus.
But the hacks at the federal hiring office that scooped up the sensitive data of 22 million Americans have given his mission new momentum, Scott said in an interview in his office, where golden Mickey Mouse ears from his time at Disney and other corporate memorabilia line his shelves. The hacks have created a political firestorm and led on Friday to the resignation of the chief of the Office of Personnel Management as Americans questioned the security of government-housed data.
Those 30 days are now up, and by July 20, Scott plans to publicly share the results showing which agencies achieved the goal. "Some will get there, and some won't," he said, noting that some details will be withheld in order not to give hackers a roadmap to ongoing vulnerabilities in the government's databases. In September, his office will deliver broader recommendations from the review on policy, procurement and technology, some that can be knocked off quickly, and some that could need Congressional approval.
The government may need to invest in tools that go beyond trying to prevent hacks and more quickly detect and contain threats, and repair damage, he said.
"I think it's a realistic chance, and I think this is true no matter where you go. It's not unique to the federal government," said Tony Scott, who spent 35 years in the private sector running systems at companies such as Microsoft Corp, Walt Disney Co and General Motors Co. Scott was named as the federal CIO in February and knew from the start that stepping up cyber defences would be a focus.
But the hacks at the federal hiring office that scooped up the sensitive data of 22 million Americans have given his mission new momentum, Scott said in an interview in his office, where golden Mickey Mouse ears from his time at Disney and other corporate memorabilia line his shelves. The hacks have created a political firestorm and led on Friday to the resignation of the chief of the Office of Personnel Management as Americans questioned the security of government-housed data.
More From This Section
The hacks at the Office of Personnel Management lit a fire under that process, he said. A month ago, after an initial intrusion was first confirmed, Scott ordered agencies to take a series of steps in a 30-day "cyber sprint" on critical security measures. He told them to cut the number of "privileged users" that have extra administrative access to systems, require "two-factor authentication" to add an extra layer of security for passwords of those privileged users, and patch critical vulnerabilities in network operating systems. "We said, 'Run hard for the next 30 days and get big progress on these things. No excuses, just get it done,'" Scott said.
Those 30 days are now up, and by July 20, Scott plans to publicly share the results showing which agencies achieved the goal. "Some will get there, and some won't," he said, noting that some details will be withheld in order not to give hackers a roadmap to ongoing vulnerabilities in the government's databases. In September, his office will deliver broader recommendations from the review on policy, procurement and technology, some that can be knocked off quickly, and some that could need Congressional approval.
The government may need to invest in tools that go beyond trying to prevent hacks and more quickly detect and contain threats, and repair damage, he said.