Both members of the security industry and White House cybersecurity advisors Howard Schmidt and Richard Clark have voiced their concerns that these efforts will leave ordinary U.S. businesses and consumers vulnerable to security breaches and hacks.

Chris Larsen, Malware Lab Architect at Blue Coat Systems, had some additional insights to share:

There are a number of controversial companies who are supporting the U.S. government in this way.  While hackers have always looked for vulnerabilities they can exploit, a lot more of them are now looking to sell these, simply because the market is established now.

Unlike nuclear weapons, which, once built, have a pretty long shelf life, a particular exploit may have a shelf life in days. So it’s not like they can really be stockpiled for future use.  The implication being that someone is likely using them just as these malware solutions are purchased.  In addition, the nasty side-effect of the rush to find new vulnerabilities — with more being found —  inevitably is that some of those will make their way into criminal hands.

And, like all arms races, there’s a certain level of herd mentality at work, which keeps the momentum going.  As demand increases, so does the price, which further incentivizes hackers to look for more vulnerabilities.

This new effort by the U.S. government is a sign that our nation is taking more of an offensive approach to cyber warfare.  And, just as our enemies have silently been infiltrating our nation’s networks, it seems that the U.S. is about to strike back.

The rapid adoption of mobile technology and its success at increasing productivity and agency responsiveness means that your IT team needs to really understand what it takes to provide security for a network on the go.  Sasi Murthy, Senior Direct of Product Marketing at Blue Coat Systems, has some reassuring news.  While the mobile environment does present many unique challenges, the patterns of malware evolution that Blue Coat is seeing across its user network indicate that we’ve seen many of these attacks before and that mobile malware, in many respects, is a return to the classics.

Take a look at the video below to see what Sasi means by this, and her recommendations for thwarting malware that’s designed to infiltrate your mobile network.

The Army CIO did not ensure that the CMDs were configured to protect stored data according to the Army Inspector General Report titled, “Improvements Needed With Tracking and Configuring Army Commercial Mobile Devices.”

As a result, many of these devices are vulnerable to malicious activities, which could ultimately disrupt Army networks and compromise sensitive DoD material.  As mobile devices are often the first line of defense for accessing the overall network, this oversight is a reminder that our military requires the right security policy solutions at all times.

“The Army did not implement an effective cybersecurity program for commercial mobile devices,” said Alice Carey, assistant DOD inspector general, in the report. “If the devices remain unsecure, malicious activities could disrupt Army networks and compromise sensitive DOD information.”

According to the Blue Coat Systems 2013 Mobile Malware Report, mobile threats are increasing with Malnets being a primary driver for delivering mobile malware that can compromise the Army’s sensitive data.

In addition, the report also highlights how extending an enterprise-class web security solution to include mobile devices is a solid first step.  By closing the mobile security gap and enabling access to the U.S. Army network with appropriate policy controls, the DoD can proactively protect themselves against threats that could arise from this oversight.

By implementing these types of solutions, the U.S. Army can still reap the benefits of keeping the warfighter fully mobile.  With an ever-increasing need for the military to gather and share actionable intelligence in the field, the right security controls and policies can serve as the foundation for using mobile solutions to advance the mission.

John Yun, Director of Product Marketing at Blue Coat Systems, will be speaking with NIST about the unique security risks and mitigation strategies that all government professionals must understand as Bring Your Own Device programs are piloted and more mobile devices are introduced into agency networks.  In addition, Blue Coat Systems has released a mobile malware report that can be downloaded here.

Following is an exclusive podcast with Mr. Yun.

But, as Chris Larsen points out in this video, perhaps the castle analogy is no longer appropriate for the highly sophisticated network environment that federal agencies operate within.  After all, serfs weren’t walking around with iPads and knights of the realm were not telecommuting.

In this video, Chris Larsen discusses strategies for securing today’s network and why there are no silver bullets, no 100% solutions, but plenty of smart strategies for achieving your agency’s security goals.

A set of voluntary standards and best practices to guide industry in reducing cyber risks to the networks that support critical infrastructure, the Cybersecurity Framework will be shaped by direct feedback from industry experts, who will play a critical role in protecting the nation’s key infrastructure from cyber attacks.

In addition, at RSA 2013, top Obama administration officials had a key presence on the speaking agenda and the NSA and DHS were a highly visible presence in the exhibition floor.  No matter whether it was a keynote, a panel, or at the booths, all were focused on one core message:  government needs industry’s support in protecting our critical assets.

“We’re in this together, both government and industry. We need your help,” Andy Ozment, a senior director of cybersecurity at the White House, said during a Thursday panel as covered by The Hill.

While RSA 2013 was going on, another battle was being waged in Washington, DC – the sequester – and just a few days in, we’re already beginning to feel its impact.  While the U.S. Cyber Command members have been spared any salary cuts, it is believed that the sequester will distract personnel from the core mission.

In addition, Pentagon leaders are saying that the impact of sequestration will be immediate and obvious.   And, DHS executives believe that, as IT budgets decline, so too will security budgets for the agency.

We are at a unique crossroads.  The need for cybersecurity solutions has never been greater and the technologies being developed by industry will provide the much needed cyber solutions.   Yet, agency budgets are declining at an alarming rate to where meeting mission goals and requirements will be a huge challenge.

I applaud NIST for seeking input from industry for the development of its Cybersecurity Framework.  Let’s just hope that the current budget climate won’t make it too challenging for all of us to protect nation’s critical assets.  This is more important than any political budget fight that is being waged in Washington, D.C.

Following is our next podcast with Chris, where he discusses his RSA 2013 presentation that focuses on how to use on log tracking to mitigate bad behavior by an organization’s “foolish zebras.”

Q: How did you get started in IT as a career path?

A: As a 21 year old college grad working as a policy analyst for the Department of Education,  I needed to analyze survey data.   After about two days of number crunching using a calculator and long yellow sheets of legal paper, I said, “There has got to be a better way!” So I taught myself SPSS, got an account with the computer center, and began creating programs and reports.  After not too long I discovered that I liked the computer programming more than the policy analysis.  So, I focused my career on being an IT specialist.  I entered Federal Government as a GS-11 age 21 and 40+ years later I am still an IT specialist but now at the highest grade level possible: SES.

Q: What makes you so passionate about your job?

A: I love problem solving and goodness knows there are always plenty of problems to solve in Federal IT!  The truth is that I love working with technology, I dig working with smart people in collaborative teams and I find plenty of government processes just crying out to be automated.  Put those together and it spells: INTERESTING WORK.

Q: What has been you biggest success to-date?

A: My biggest contribution to Federal IT is the high number of smart people who I have mentored, coached and/or supported.  Almost every direct report has been upwardly mobile.

Q: What has been the biggest challenge? 

A: Working in behemoth bureaucracies where administrivia rules. Leading transformational efforts takes patience, perseverance and occasionally it requires the CIO to be a disruptive force.

Q: What advice do you have for other women that are looking to follow a similar career path? 

A: Work hard, play sports, help others, learn something new every day, raise your hand to ask when there is something you do not know, and model the behavior you want others to display.

Kerry shares why she is passionate about technology and security marketing and provides advice for others that are looking to break into the field.