With last year’s failed cyber security legislation and President Obama’s recent Executive Order still in its early stages, there is a new line of thinking about cyber security that’s gaining momentum in Washington, DC — don’t wait for Congress to tell you how to secure your networks.
In SafeGov’s “Measuring What Matters: Reducing Risk by Rethinking How We Evaluate Cyber Security” report, government agencies are provided with a new framework, enabling them to get a head start on cyber security.
According to a news release, the report is intended to encourage government and industry experts to collaborate and implement a more effective framework and evaluation process to enhance the government’s data protection posture.
“Despite the guidance of experts and millions of taxpayer dollars, federal information systems remain critically vulnerable to breaches and cyberattacks.” It goes on to note that “this [don’t wait] approach will strengthen the security of government information systems and improve the overall management of government resources by focusing scarce resources on the areas that pose the highest risks to agencies’ missions.”
This guideline was based on efforts underway by the National Institute of Standards and Technology (NIST), U.S. Government Services Administration (GSA), Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) and points to current multi-agency efforts, which serve as the foundation for the framework.
Key focus areas include:
- Continuous monitoring programs
- Automated systems for intrusion detection
- Standards development
- Reforms to both Federal Information Security Management Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP) to expand beyond cloud-based products and services.
According to the National Academy of Public Administration, this report is “an important step toward building a more dynamic, risk-based approach that will yield more robust protection from cyber threats across the government.”
While lawmakers have promised to focus on new cyber legislation this year, there are so many other issues on the Congressional and Presidential agendas that it’s hard to know with any certainty if there will be any forward momentum. Meanwhile, the threat landscape keeps growing in scope and complexity. So, in many ways, this “beg for forgiveness” approach to cyber security should be applauded, as it will improve an agency’s basic ability to protect their network in response to threats in real-time.
The reality is that threats are getting more sophisticated and government agencies need to stay one step ahead of the threats. Any network intrusion could potentially compromise national security, cause damage to our country’s infrastructure, and make sensitive citizen data public.
Will your agency implement SafeGov’s recommendations and take a much-needed proactive approach to cyber security?