OMB issues detailed cybersecurity plan and guidance for agencies
Following a blog post of the government’s cybersecurity sprint results, two memorandums were issued this past week, both which aim to bolster federal agencies’ cybersecurity.
Following a blog post about the government's cybersecurity sprint results, two memorandums were issued this past week, both of which aim to bolster federal agencies' cybersecurity.
The Office of Management and Budget (OMB), and in particular Federal CIO Tony Scott, issued a fiscal year guidance on information security, as well as its “Cybersecurity Strategy and Implementation Plan” (CSIP).
While the former primarily “establishes new guidance to address discrete challenges identified over the last fiscal year,” the latter comes as a direct result of the federal government's 30-day sprint.
CSIP lists five objectives, which it said were identified during the sprint. Included on the list are prioritizing identification and protection of high value information and assets; the efficient and effective acquisition and deployment of existing and emerging technology; and timely detection of and rapid response to cyber incidents. Each of the five objectives came with a thorough analysis of the problem at hand along with the actions agencies must take to address it.
Detailed timelines were provided for all tasks.
For instance, with regard to the timely detection of and rapid response to cyber incidents, DHS is “piloting behavioral-based analytics to extend beyond the current approach of using known signatures and begin identifying threat activity that takes advantage of zero-day cyber intrusion methods,” the plan stated. The results from this study and next steps must be issued by March 31, 2016.
Furthermore, to facilitate fast recovery from incidents, the plan instructed NIST to provide agencies guidance by June 30, 2016, on how to recover from a cyber event, such as a data breach or malware campaign.
“Implementing the CSIP will not prevent every cyber incident,” the plan states. “In fact, it is likely that agencies will discover additional and previously unknown malicious activity as they improve prevention and detection capabilities. Accordingly, the CSIP incorporates procedures to prepare agencies to respond to and recover from incidents, secure Federal information and assets, and ultimately strengthen their overall security posture.”