Department of Commerce
The Department of Commerce is the government agency tasked with improving living standards for all Americans by promoting economic development and technological innovation.
The department supports U.S. business and industry through a number of services, including gathering economic and demographic data, issuing patents and trademarks, improving understanding of the environment and oceanic life, and ensuring the effective use of scientific and technical resources. The agency also formulates telecommunications and technology policy, and promotes U.S. exports by assisting and enforcing international trade agreements.
The Secretary of Commerce oversees a $6.5 billion budget and approximately 38,000 employees.
Overview of the Department
For almost 100 years, the Department of Commerce has partnered with U.S. businesses to maintain a prosperous, productive America that is committed to free trade, competitiveness, and environmental stewardship. The Department has a record of innovation in manufacturing, transportation, communication, and measurement that has helped to sustain U.S. leadership of the international marketplace. By assisting the private sector, the Department’s vision is that the United States continues to play a lead role in the world economy.
DoC owns NIST (National Institute of Standards and Technology) – which develops standards and guidelines + minimum requirements for information security for all federal agencies.
- Computer security division mission statement: Conduct research, development and outreach necessary to provide standards and guidelines, mechanisms, tools, metrics and practices to protect our nation’s information and information systems.
- Cryptographic Technology Group
- Systems and Emerging Technologies Security Research Group
- Security Management and Assurance Group
NIST recently rolled out SP 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations. This guidance is aimed at helping federal agencies implement continuous monitoring of IT systems under new FISMA continuous monitoring guidelines. NIST posts guidance for FISMA implementation to: http://csrc.nist.gov/groups/SMA/fisma/index.html
Department of Commerce Strategic Goals
- Maximize U.S. competitiveness and enable economic growth for American industries, workers, and consumers
- Promote U.S. innovation and industrial competitiveness
- Promote environmental stewardship
Items of Interest
- Commerce deployed DNSSEC to guard against DNS threats
- Initiated a review to help identify cybersecurity challenges in the commercial sector
The Department of Commerce also is taking the lead in developing the standards for a smart grid for the use of technology in the transmission of electricity to avoid blackouts and manage our electrical load. It all comes down to the security of the system, and making sure that it cannot be hacked and manipulated improperly. However, the Federal Energy Regulatory Commission is of the opinion that a smart grid is ill-advised, because it will increase the attack surface of the infrastructure.
The Commerce Department will publish a Notice of Inquiry (NOI), developed by its Internet Policy Task Force, which will seek public comment on the extent to which evolving policies from governments around the world may be restricting information on the Internet and inhibiting innovation and economic growth for U.S. companies. The NOI will seek input from all stakeholders to better understand the types of emerging government policies that restrict online information, how they are adopted, and what impact they have on innovation, job creation, economic development, global trade and investment.
Commerce CIOs Priorities: Cybersecurity and Efficiencies
The DoC’s IT spending is highly decentralized and federated across the 12 component bureaus, with the top 3 spending bureaus are NOAA, the Census Bureau and the USPTO. Of note is that the CIO’s office has direct control over just 1% of the $2.4B requested IT budget.
DoC working on new IT security risk management framework, while incorporating more realtime situational awareness and automated, continuous monitoring. To increase the visibility of cybersecurity, Commerce has added it to the “Balanced Scorecard” performance management process. Future initiatives include deploying continuous monitoring across the entire department.
DoC releases Cybersecurity, Innovation and Internet Economy Green Paper
This paper is the result of the “Internet Policy Taskforce,” a department-wide group created in April 2010, with the goal of addressing issues surrounding cybersecurity. The paper suggests that the government should support a “Code of Conduct” to deal with cybersecurity vulnerabilities. This public-private collaboration will also drive a set of universally adopted standards.
Key suggestions include:
- Creation of Cyber insurance
- Addition of cyber protection to current digital literacy
- Establishment of National Initiative for Cybersecurity Education to coordinate and fund research
- Expand international collaboration
Green paper can be found here.
DoC services moving to Cloud
Here are the DoC services migrating to cloud based infrastructure and support
- Capital Planning Software
- Website Hosting
- Collaboration Services and Information Portal
- Document Management
Top Ten changes occurring in FIPS 201-2 (from 201-1) are listed below:
- Asymmetric Card Authentication Key is mandatory
- Introduction of enrollment record or chain of trust as maintained by the issuer.
- Iris recognition as an additional biometric modality is introduced.
- Standards based technology advancement is really about Optional On Card Biometric Comparison (OCC) coincidentally called match on card
- ISO 24727 as a means of providing interoperability for smart card identification, authentication and digital signatures.
- Optional feature for card authentication to address issues related to the Rehabilitation Act and Section 508 and access to electronic and information technology procured by Federal agencies.
- Maximum length of printed name was extended and provides flexibility with dealing with printed names.
- Replace indicator for National Agency Check with Investigations (NAC-I) with a background investigation indicator.
- Allow post issuance updates to PIV card.
- Put employment eligibility verification background documents-I9-into the FIPS 201 specification.
US DoC rolls out National Strategy for Trusted Identities in Cyberspace
A one ID, one sign-in proposal to put keys on devices that would enable the user to access all their websites after merely registering them. This brings up a large number of issues, most importantly privacy and other issues of government tracking. In addition, secure keys on multiple platforms offer great technological and social conditions.
Center for Regulatory Effectiveness Advises Continuous Monitoring for NIST
Issued a draft of recommendations for NIST – emphasizing the adoption of real-time continuous monitoring. This draft is designed to help instruct FISMA 2.0. Additionally, the CRE mentioned that if pending legislation is adopted, some private sector firms that deal with infrastructure will also fall under FISMA standards.
2012 budget request looks for $1B to be allocated to NIST
This is almost a 9% budget increase. This doubles funding for NIST laboratories. Initiative funding requests include:
- Ensuring a Secure and Robust Cyber Infrastructure
- Interoperability Standards for Emerging Technologies
NIST is clearly going to be a player in the future of government tech and it is essential that NIST is kept in mind and paid attention. Working with NIST can be a part of strategy to shape Federal government adoption and standards.
Digital Management to build Enterprise Document Management System for DoC Office of General Council.
The OGC provides direction to more than 400 attorneys, located in ten regional offices and provides legal and policy direction to support — among others — the Patent and Trademark Office, the Economic Development Administration, the National Oceanic and Atmospheric Administration and the National Telecommunications and Information Administration.
Under the contract, Digital Management will develop, implement, and support an integrated, scalable document management system that interfaces with existing Department and other U.S. Government information technology systems. Based on Microsoft SharePoint 2010 and a suite of advanced integrated technologies for workflow, database processing and document storage, the system will enable the OGC to extend and reinforce its culture of excellence, service, and creative collaboration across its broadly distributed operations.
The mission of the Commerce Department is one that gives its leadership broad ability to speak to cyber security issues for the nation. But historically this authority to address key cyber issues has not been used. We expect DHS and DoD to be the big voices in shaping federal cyber policy, with DoJ also playing a key role.
Additionally, since the department runs the Census, this agency’s budget and IT needs will be decreasing rather dramatically, up to 35% over the next year.
- Congress Proposes FISMA Overhaul (informationweek.com)
- Commerce Case Study: Cyberstupid (heritage.org)
- Cybersecurity Week at the House, Further Drone Hacking Claims by Iran, and More (fedcyber.com)
- White House Cybersecurity Coordinator Retiring, HTC Phones Blocked at Customs, and More (fedcyber.com)
- NIST Cybersecurity Center Tackles Public And Private Threats (fedcyber.com)
- Senators Propose New Cybersecurity Bill, Update to FISMA (pcmag.com)
- NIST and Cloud Computing (clean-clouds.com)