I think that the president is looking to use cyber security as a “legacy” play for his last year in office. It is the one thing that most Americans, regardless of their party affiliation, will agree on and get behind. Cyber awareness is a good thing, but what does that look like coming from Washington? The only way to know this is to be informed.
If you haven’t seen the Cyberspace Policy Review Final, you may want to look it over. It has both negative and positive aspects for businesses. I am just beginning to digest it so I cannot say I understand it totally… yet.
You may also want to check out the article by Greg Otto that came out on Friday (10/30) on FedScoop.com – Link To Article. The reporter pointed out that agencies have just two weeks to determine which data and systems on their networks should be considered a high-value asset and report back to OMB (Office of Management and Budget) by Nov. 13, 2015. This article also points out that over the course of the next year OMB will hold agencies to a number of deadlines:
- The implementation of the second phase of DHS’s Continuous Diagnostics and Monitoring Program
- The increased use of PIV cards for both privileged and nonprivileged users
- Guides to help agencies recover from major cyber incidents
- An acceleration of hiring specifically to boost the federal government’s cyber workforce
- New procurement capabilities that will allow the government to quickly purchase new and emerging cybersecurity technology.
How serious are they? According to The President’s Budget Fiscal Year 2016 – Middle Class Econonics: Cybersecurity (8/7/2015) “The President’s FY 2016 Budget requests $14 billion across the Federal Government to support the Administration’s cybersecurity strategy.”
CSIP Implementation – Key Milestones (from Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government)
The following paragraphs are from the Cyberspace Policy Review Final from the Sharing responsibility for cybersercurity section, page 17, and are worth noting.
- The Federal government cannot succeed in the many facets of securing cyberspace if it works in isolation. The public and private sectors’ interests are intertwined with a shared responsibility for ensuring a secure, reliable infrastructure upon which businesses and government services depend.
- The private sector, however, designs, builds, owns, and operates most of the network infrastructures that support government and private users alike. Industry and governments share the responsibility for the security and reliability of the infrastructure and the transactions that take place on it and should work closely together to address these interdependencies.
- Industry leaders can demand higher assurance from vendors and service providers while taking responsibility to create more secure software and equipment. Businesses need effective means to share detection methods, information about breaches and attack methods, remediation techniques, and forensic capabilities with each other and the Federal government.
- Government can assist by considering incentive-based legislative or regulatory tools to enhance the value proposition and fostering an environment that facilitates and encourages partnership and information sharing.
Other documents of reference:
“The President’s Budget Fiscal Year 2016 – Middle Class Economics: Cybersecurity” https://www.whitehouse.gov/sites/default/files/omb/budget/fy2016/assets/fact_sheets/cybersecurity-updated.pdf
“Modernizing Federal Cybersecurity” https://www.whitehouse.gov/blog/2015/10/30/modernizing-federal-cybersecurity
(image from Modernizing Federal Cybersecurity by Tony Scott)