GSA, DOE Officials on Federal Efforts to Reduce Cyber Risks

The General Services Administration and the Department of Energy are launching initiatives to address cybersecurity risks, Federal News Network reported Friday.

Larry Hale, director of information technology security subcategory at GSA’s Federal Acquisition Service, said the agency is taking steps to ensure the security of products agencies procure from acquisition schedules.

“When a manufacturer doesn’t sell directly to the government, they usually have licensed resellers and I would encourage federal agencies to use those licensed resellers to reduce their risk of getting counterfeit or grey market goods,” Hale said. “We actively pursue reports of counterfeit technologies in the products that people buy from GSA. When we find out that vendors are selling counterfeit goods, we take action against them. We take them off the schedule. We shut them down. We involve law enforcement when appropriate.”

He noted that GSA collaborates with the Department of Defense and National Institute of Standards and Technology on supply chain risk management programs.

Emery Csulak, chief information security officer at DOE, said the department is adopting quantified risk management to reduce cyber risks.

“How can we evaluate whether or not a $1 million investment will give me a $1 million in reduced risk to do a modernization project or will it give me a $30,000 reduction in risk? You have to be able to have those conversations,” Csulak said at the 930Gov conference. “At Energy, we are looking at how historically we’ve spent a lot of time teaching the CFO or COO about how we talk about IT security, but we’ve barely scratched the surface of teaching security people about how to talk dollars, cents, probabilities and the exposure of that. We are embracing quantified risk management.”

You may also be interested in...


DOD Opens Cloud Database on Radiation-Hardened Microelectronics; Rich Ryan Quoted

Rich Ryan, director for international programs, nuclear forensics, resiliency and survivability in the office of the deputy assistant secretary of defense for nuclear matters, said the U.S. military has opened a cloud-based library to support the protection of microelectronics used in nuclear systems. The Department of Defense handles strategic deterrence through its nuclear triad and space systems, whose electronic components can be vulnerable to ionized radiation, electromagnetic pulse and other threatening types of stimulus.