As I was flying back from a cybersecurity conference in San Francisco several weeks ago, I reflected on the wide range of technology and talent we have working to build up our cyber security – and the challenge of knowing which will be most effective when dealing with advanced adversaries, especially in a limited budget environment. Federal Departments and Agencies need to focus their cybersecurity activity on a few of the most effective controls. This is why my office, in coordination with many other Federal cybersecurity experts from DHS, DOD, NIST, and OMB, has identified three priority areas for improvement within Federal cybersecurity:
The purpose in selecting three priority areas for improvement is to focus Federal Department and Agency cybersecurity efforts on implementing the most cost effective and efficient cybersecurity controls for Federal information system security. Federal Departments and Agencies must defend their information systems in a resource-constrained environment, balancing system security and survivability while meeting numerous operational requirements requires robust risk management.
To support implementation of these priorities, I am leading a Cross-Agency Priority (CAP) Cybersecurity goal, one of a limited number of Cross-Agency Priority (CAP) Goals for both crosscutting policy and government-wide management areas, as required under the Government Performance and Results Modernization Act of 2010.
The administration priorities are integrated with other Federal cybersecurity activities, including the recently released FY11 FISMA report and FY12 FISMA metrics.
My goal is that by the end of 2014, Federal departments and agencies will achieve 95 percent utilization of critical administration cybersecurity capabilities on Federal information systems, including Trusted Internet Connections (TIC), Continuous Monitoring, and Strong Authentication.
Many Departments and Agencies have been working on these areas for several years, and there has been much progress. By focusing on these priorities we plan to push adoption past the tipping point of adoption for all Federal systems.
Howard A. Schmidt is the Cybersecurity Coordinator and Special Assistant to the President