Daily Archives: August 1, 2016

White House Releases Color-Coded Scale for Cybersecurity Threats

cyber-threat-scale2On Tuesday (July 26, 2016) the Obama administration released a framework for handling cyberattacks. The Presidential Policy Directive (PPD) on United States Cyber Incident Coordination is a new plan anticipated to create a precise standard of when and how government agencies handle incidents. At the start of his administration, President Obama made it clear that cyberattacks pose a grave threat to the economic and national security of the United States. Previous to the PPD, the Cybersecurity National Action plan was a policy based on three strategic pillars:

  • Raising the level of cybersecurity in both the short and long-term in our public, private and consumer sectors
  • Taking steps to prevent, disrupt and interfere with cyberattacks aimed at the United States
  • Responding effectively to and recovering from cyberattacks

Presidential Policy Directive on US Cyber Incident Coordination

While the Obama Administration has made progress on the three pillars, the country has been faced with managing increasingly significant cyber incidents. Since 2006, cyberattacks against the US Government are up 1,300 percent. Breaches such as the attack by Russian hackers on the Office of Personnel Management where a reported 5.6 million Americans’ personally identifiable information were stolen. In late June, the Democratic National Convention (DNC) was hacked and included files from the 2012 Benghazi attack, the U.S. military intervention in Libya, and the Clinton email server controversy. Most recently, the Federal Department Insurance Corporation (FDIC) cover-up of their data breaches in 2010, 2011, and 2013 was exposed.


According to their website, the PPD is intended to build on the lessons learned from these hacks and institutionalize our cyber incident coordination efforts in numerous aspects, including:

  • Establishing clear principles that will govern the Federal government’s activities on cyber incident response
  • Differentiating between significant cyber incidents and steady-state incidents and applying the PPD’s guidance primarily to significant incidents
  • Categorizing the government’s activities into specific lines of effort and designating a lead agency for each line of effort in the event of a significant cyber incident
  • Creating mechanisms to coordinate the Federal government’s response to significant cyber incidents, including a Cyber Unified Coordination Group similar in concept to what is used for incidents with physical effects, and enhanced coordination procedures within individual agencies
  • Applying these policies and procedures to incidents where a Federal department or agency is the victim
  • Ensuring that our cyber response activities are consistent and integrated with broader national preparedness and incident response policies so that our response to a cyber incident can seamlessly integrate with actions taken to address physical consequences caused by malicious cyber activity.

Included in the PPD, is the “Cyber Incident Severity Schema” which will unify how the federal government will respond to cyberattacks against both the government and private American companies.


The schema, shown above, ranges from white to black, with green, yellow, orange, and red falling in between. While the scale is somewhat vague and has a lot of unanswered questions, it’s intended to ensure that the agencies involved in cybersecurity respond to threats with the same level of urgency and investment. Anything above the dotted line, separating orange and yellow, indicates a significant cyber incident that will trigger a coordinated response from government agencies.

Cybersecurity continues to be a growing concern for the US Government, and high-profile hacks have led to serious consequences for the parties involved. While it’s too early to gauge the success of the PPD, we have to hope that it will be a huge step in securing the personally identifiable information of our citizens and our most valuable data from the persistent threat of data breaches.

Bluehost.com Web Hosting $3.95



3 Challenges Overworked IT Teams Face Every Day

Over_WorkedIT teams have a lot of responsibility today— especially considering that every modern organization is so dependent on technology. For example, Gartner recommends a ratio of 250 devices to every one IT staffer, but most IT teams are working with a ratio of 2,700 to one. And that doesn’t begin to include responsibilities such as network hardware, storage, applications, or information databases. There is a way to offer relief to overworked IT teams, though. First we identify, then eradicate the issues that keep your IT team too busy to contribute to your overall strategy.

Here are 3 challenges that contribute to the overload most IT teams face and how you can prevent them:

1: The Problem: Inadequate Systems

Break-fix IT departments will never have the time they need to strategize or contribute to organizational goals. This model is really draining on IT staff. It’s impossible to create and implement a working IT strategy when your team is constantly walking in the door to broken equipment. Fixing hardware will always be the priority; but, as long as it keeps breaking, your team will never have the time it takes to become a strategic contributor to your organization.

The Fix: It’s Time to Invest in Equipment That Works

Hardware and IT equipment are real investments. A trusted technology advisor can help you build a solution based on the actual business outcomes you are trying to achieve while complementing the equipment you already have in place. While it may seem like a good idea to cut costs on the solution and equipment, it’s really not (trust us on this one). With the right hardware and properly functioning solution, your team will have the time they need to contribute to the needs of your organization.

2: The Problem: Service Escalations

An overworked and understaffed IT support center often means a lot of escalations. The constant state of feeling overwhelmed means they’re much more likely to escalate an issue at the slightest hint that it will take more than a Band-Aid. And escalations that don’t have an efficiency plan to back them up just compound the IT team’s workload. In short, they occur because of the problem and worsen the problem, making them a painful catch-22 for your team.

The Fix: Have an Escalation Plan

You have to start with a very clear definition of a trouble ticket that requires an escalation. In addition, it’s really important to have a clear escalation plan that correlates to a customer service model and is governed by your organization’s business objectives. Less experienced staff and techs should strive to handle as many tickets as possible without involving the more experienced team members. This will free them up to contribute to strategy and business decisions.

Bluehost.com Web Hosting $3.95

3: The Problem: Lack of Business Principals

Technology teams (even those in the K-12 space) are contributing to huge businesses that spend millions of dollars each year. No other faction of that “business” would run without a plan. No other department would be satisfied with employees who show up to work every day prepared to wait around for things to break. Those departments have strategies in place that align with the business outcomes the organization is looking to achieve. Why should IT be any different?
The Fix: Start Contributing to Strategy

It’s time to get out of the basement and into the boardroom. If you have key players get in on the ground floor and align all projects with the objectives of the organization, you will eliminate a lot of the work mentioned above. Your equipment and services will not only align with the overall business objectives of your organization, but you’ll have a holistic solution and quality hardware, which means it won’t break all of the time. That means fewer trouble tickets leading to fewer escalations. The best news is that you just have to start with one project. Get in on the strategy once and see how it makes your life (and the lives of your IT team) so much easier.