10 September 2015

State Department Wants To Compile Cybersecurity Playbook


The State Department, fresh off the heels of a highly publicized cyberintrusion, is picking industry’s brain for tactics to block and perhaps strike back at hackers, according to new contracting documents. 

Aliya Sternstein reports on cybersecurity and homeland security systems. She’s covered technology for more than a decade at such publications as National Journal's Technology Daily, Federal Computer Week and Forbes. Before joining Government Executive, Sternstein covered agriculture and derivatives ... Full Bio

State wants to produce a new set of how-to ”playbooks” around cybersecurity ”to clearly guide both offensive cyber operations and responses to cyberattacks,” department officials said Wednesday. 

“Offensive cyber operations” is military jargon for hacking into or disrupting an adversary’s system, making it an odd turn of phrase to describe civilian data security practices.

This is especially curious, given the planned “playbooks,” or how-to guides, will eventually be available to the public, according to State.

The strategies that will be hammered out include, but are not limited to:

Wednesday’s announcement states there will be a paid 1-year contract for a set of detailed playbooks “suitable to provide clear direction and guidance for actionable information security operation activities.”

But right now, the department is only seeking information from companies for planning purposes.

Specifically, State has called on AT&T, CenturyLink, Planet Technology, Booz Allen-Hamilton, Deloitte and other “cybersecurity experts” to offer “top-notch world-class” knowledge, according to the contracting documents.

Proposals are due Sept. 8. 

Each playbook will list cybersecurity standards, methodologies, procedures and processes.

The playbooks will not be “tailored specifically to the information technology architecture” of the State Department, according to the solicitation, “but rather will be written in a manner that reflects current industry best practices and thinking while still providing the granularity necessary to configure and implement specific hardware and software solution sets.”

The playbook preparations come less than a year after the government discovered well-resourced hackers reportedly backed by Moscow waging months-long attacks against the White House and State.

The Obama administration has a history of releasing playbooks to inculcate basic procedures across the government. 

A year ago came the Digital Services Playbook, providing best practices from the public and private sectors to help government build better apps and other online tools for citizens. Then, in February, the White House released a U.S.Public Participation Playbook meant to help people gain a stronger voice in policy decisions.

No comments: