Cybersecurity agency to improve patching

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.fcw.com/fcw/articles/2003/0818/web-circ-08-22-03.asp

By Diane Frank 
Aug. 22, 2003 

National Cyber Security Division officials want to improve the 
governmentwide computer patching service so more agencies use it, a 
senior official said this week.

More than 40 agencies have signed up so far for the Patch 
Authentication and Dissemination Capability, which tracks 
vulnerabilities and patches and sends out any tested patches to 
agencies based on their subscription profile.

However, not all of the agencies that signed up are actually using the 
service, and officials in the Federal Computer Incident Response 
Center are now looking at how to modify the contract, said Sallie 
McDonald, a senior official with the Cyber Security division.

"We need to improve the overall program so it better meets the 
customer needs," McDonald said.

The primary change will be to address the shortage of licenses for the 
dissemination solution. FedCIRC underestimated the number of licenses 
that would be required, meaning that many agencies are only piloting 
the solution within small segments of their networks. Officials hope 
to reconfigure the contract so it has more performance metrics that 
will ensure service for the agencies is the bottom line instead of the 
number of licenses, McDonald said.

Federal officials have known for some time how important patches are 
to a good security process, but the networks impacted by the Blaster 
worm and its variant over the last two weeks emphasized that point for 
many.

While FedCIRC has moved over to the Homeland Security Department, the 
center is still working with the contracting office at the General 
Services Administration because the officials at that agency are more 
familiar with the details of the contract and the security needs, 
McDonald said.

 

*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.