Spires: Social networks are cybersecurity problem


WILLIAMSBURG, Va. - The Homeland Security Department might house sensitive information in a public cloud within the next three to five years, said Richard Spires, DHS chief information officer, while speaking Oct. 25 at an industry conference.

DHS is already planning to migrate hosting for its public facing websites to the cloud, Spires has said. But, while speaking at the ACT-IAC Executive Leadership Conference, Spires said that private sector cloud offerings will likely offer a cost benefit to the extent that "we'll start to move in other areas" after the next few years.

A DHS move to a public cloud would require security controls the department can accept, he added.

Spires also said that DHS reticence over private sector social network access from within government networks is not because the department thinks sites such as Facebook are frivolous.

"I don't think it's the fact--or at least that's not the way I view it--that we're saying 'no, don't do social media,' because we're worried about the twenty-somethings at our office wasting time. That's not it, at all," he said. Rather, "we're all worried about the security implications about some of these social media sites," Spires said.

As for cybersecurity changes at DHS, Spires said he's hoping to mandate the use of personal identity verification cards required under HSPD-12  for network access.

He also said that certification and accreditation practices need to change, since under the current requirements of the Federal Information System Management Act, "your controls would be great when you're getting graded," but afterward, "you can see the degradation over time."

"We are looking at piloting how can we move rapidly, and not too expensively, into continuous monitoring," Spires added.

For more:
- read all our ELC 2010 coverage

Related Articles:
DHS embraces public cloud for public websites, says Spires
Nobody knows how many data centers DHS has, says IG
DHS active directory doesn't protect, says IG