Next Steps In Data Center Security

Government agencies face a growing number of cyber threats. Here’s what federal IT teams can do to protect their systems, networks and data.

Michael Biddick, CEO, Fusion PPT

March 15, 2013

4 Min Read
Dark Reading logo in a gray background | Dark Reading

InformationWeek Government March 18, 2013

InformationWeek Government March 18, 2013

InformationWeek Green

InformationWeek Green


Download the entire March 2013 issue of InformationWeek Government, distributed in an all-digital format (registration required).


Secure The Data Center

Secure The Data Center

When IT security is a focal point of the State of the Union address, as it was in President Obama's February speech, government IT pros had better take notice.

Foreign adversaries are "seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems," the president warned. "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."

Federal government data centers are at the center of this discussion. The systems and databases within those data centers house everything from the personal information of U.S. citizens to law enforcement case records and classified intelligence.

Federal agencies have been shoring up their data center defenses for years, but much more needs to be done. Security experts report not only a growing number of attacks, but also successful breaches. Throwing money at the problem isn't the answer, nor is it an option. The federal IT budget remains flat and sequestration, which went into effect March 1, triggered across-the-board cuts. Federal CIO Steven VanRoekel, in a February interview with InformationWeek Government, warned that sequestration could cause agencies to lose momentum in their efforts to improve cybersecurity. Agency CIOs have to be smart and selective in how they invest their limited resources.

"The problem is much bigger than it was three or four years ago," says Omar Khawaja, head of product marketing for data center operator Verizon Terremark, which provides hosting and cloud services to federal agencies. "You've got more threats, more vulnerabilities and the assets are more critical than ever before."

Shortly after the State of the Union address, Mandiant, a security vendor, released a report that traced a Chinese hacker group, dubbed APT1 and suspected of "economic espionage" against at least 141 companies and government agencies over seven years, to a district in residential Shanghai that's home to a unit of the People's Liberation Army. It was the most detailed in a growing body of evidence that the Chinese military may be involved in probes of U.S. computer systems. The New York Times, Google and Apple all reported security breaches at about the same time.

Federal agencies are targets, too. In February, the Department of Energy revealed that online attackers had penetrated its network and obtained personal information on hundreds of employees and contractors. The department's Joint Cybersecurity Coordination Center and federal law enforcement agencies are investigating the incident. In a memo to employees, DOE recommended that they encrypt all files and emails that contain personal information, including files stored on hard drives or on the shared network.

The Department of Defense, even with its U.S. Cyber Command operations, remains vulnerable as well. The Defense Science Board, a civilian committee that provides scientific and technical advice to the Pentagon, said in a report this month that the DOD isn't prepared to defend against sophisticated international cyber attacks. The report pointed to "inherently insecure architectures," inadequate intelligence and the sheer limits of technology in defending against emerging cyber threats. It encourages the DOD's CIO to work with the military branches to create an enterprise security architecture that includes minimum standards to ensure a "reasonable" level of defensibility and increase the probability that attacks are detected.

Robust data center security starts outside the brick-and-mortar building. Verizon Terremark serves federal customers from a 30-acre complex in northern Virginia that's protected by 12-foot beams, DOD-approved fences, blast-proof walls and motion-sensor cameras. But it's the systems, software and processes inside the data centers used by government agencies -- some owned and operated by contractors, others by the agencies themselves -- that are the urgent focus of federal IT teams.

To read the rest of the article,
download the March 2013 issue of InformationWeek Government.

About the Author

Michael Biddick

CEO, Fusion PPT

As CEO of Fusion PPT, Michael Biddick is responsible for overall quality and innovation. Over the past 15 years, Michael has worked with hundreds of government and international commercial organizations, leveraging his unique blend of deep technology experience coupled with business and information management acumen to help clients reduce costs, increase transparency and speed efficient decision making while maintaining quality. Prior to joining Fusion PPT, Michael spent 10 years with a boutique-consulting firm and Booz Allen Hamilton, developing enterprise management solutions. He previously served on the academic staff of the University of Wisconsin Law School as the Director of Information Technology. Michael earned a Master's of Science from Johns Hopkins University and a dual Bachelor's degree in Political Science and History from the University of Wisconsin-Madison. Michael is also a contributing editor at InformationWeek Magazine and Network Computing Magazine and has published over 50 recent articles on Cloud Computing, Federal CIO Strategy, PMOs and Application Performance Optimization. He holds multiple vendor technical certifications and is a certified ITIL v3 Expert.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights