From: Howard A. Schmidt/The White House Blog
As I was flying back from a cybersecurity conference in San Francisco several weeks ago, I reflected on the wide range of technology and talent we have working to build up our cyber security – and the challenge of knowing which will be most effective when dealing with advanced adversaries, especially in a limited budget environment. Federal Departments and Agencies need to focus their cybersecurity activity on a few of the most effective controls. This is why my office, in coordination with many other Federal cybersecurity experts from DHS, DOD, NIST, and OMB, has identified three priority areas for improvement within Federal cybersecurity:
- Trusted Internet Connections (TIC)– Consolidate external telecommunication connections and ensure a set of baseline security capabilities for situational awareness and enhanced monitoring.
- Continuous Monitoring of Federal Information Systems –Transforms the otherwise static security control assessment and authorization process into a dynamic risk mitigation program that provides essential, near real-time security status and remediation, increasing visibility into system operations and helping security personnel make risk-management decisions based on increased situational awareness.
- Strong Authentication– Passwords alone provide little security. Federal smartcard credentials such as PIV (Personnel Identity Verification) and CAC (Common Access Cards) cards provide multi-factor authentication and digital signature and encryption capabilities, authorizing users to access Federal information systems with a higher level of assurance.
The purpose in selecting three priority areas for improvement is to focus Federal Department and Agency cybersecurity efforts on implementing the most cost effective and efficient cybersecurity controls for Federal information system security. Federal Departments and Agencies must defend their information systems in a resource-constrained environment, balancing system security and survivability while meeting numerous operational requirements requires robust risk management.
To support implementation of these priorities, I am leading a Cross-Agency Priority (CAP) Cybersecurity goal, one of a limited number of Cross-Agency Priority (CAP) Goals for both crosscutting policy and government-wide management areas, as required under the Government Performance and Results Modernization Act of 2010.
The administration priorities are integrated with other Federal cybersecurity activities, including the recently released FY11 FISMA report and FY12 FISMA metrics.
My goal is that by the end of 2014, Federal departments and agencies will achieve 95 percent utilization of critical administration cybersecurity capabilities on Federal information systems, including Trusted Internet Connections (TIC), Continuous Monitoring, and Strong Authentication.
Many Departments and Agencies have been working on these areas for several years, and there has been much progress. By focusing on these priorities we plan to push adoption past the tipping point of adoption for all Federal systems.
Leave a Reply