The U.S. Office of Management and Budget (OMB) launched its 30-day “Cybersecurity Sprint” in June, and the results of its push were published this past week.
As part of the sprint, a White House blog states, OMB “directed agencies to further protect Federal information, improve the resilience of our networks, and report on their successes and challenges.”
Agencies were instructed to immediately patch critical vulnerabilities, review and tightly limit privileged users with access to authorized systems, and accelerate the use of “strong authentication.”
With respect to strong authentication, Tony Scott, U.S. chief information officer, wrote that many agencies opted to use a hardware-based Personal Identity Verification (PIV) card or another method.
Federal civilian agencies increased this authentication usage for both privileged and unprivileged users from 42 percent to 72 percent since their last quarterly report, and these same agencies increased privileged users' authentication from 33 percent to nearly 75 percent.
Thirteen agencies, the blog post states, implemented the same strong authentication for nearly 95 percent of privileged users. These agencies include the Departments of Transportation, Veterans Affairs and the Interior.
In addition to its authentication solutions, government agencies are scanning systems on a continual basis for vulnerabilities and training employees on identifying phishing emails.
“Although the Sprint may have come to a conclusion, it is only one leg of a marathon to build upon progress made, identify challenges, and continuously strengthen our defenses,” the post states.
The post also mentions a pending “Cybersecurity Sprint Strategy and Implementation Plan” that will be released in the “coming months,” and consists of a review of the government's cybersecurity policies, procedures and practices by more than 100 privately and publicly employed professionals.
While going on to call for the passage of cybersecurity legislation and an expanded budget, Scott writes that this push won't solve all the government's security woes.
“Cyber threats cannot be eliminated entirely, but they can be managed much more effectively,” Scott wrote. “And we can do this best by aligning and focusing our efforts, by properly funding necessary cyber investments, by building strong partnerships across government and industry, and by drawing on the best ideas and talent from across the country to tackle this quintessential problem of the 21st century.”