OMB issues detailed cyber-security plan and guidance for agencies

Cyber-security sprint yields concrete plans
Cyber-security sprint yields concrete plans

Following a blog post about the government's cyber-security sprint results, two memorandums were issued this past week, both of which aim to bolster federal agencies' cyber-security.

The Office of Management and Budget (OMB), and in particular Federal CIO Tony Scott, issued a fiscal year guidance on information security, as well as its “Cyber-security Strategy and Implementation Plan” (CSIP).

While the former primarily “establishes new guidance to address discrete challenges identified over the last fiscal year,” the latter comes as a direct result of the federal government's 30-day sprint.

CSIP lists five objectives, which it said were identified during the sprint. Included on the list are prioritising identification and protection of high value information and assets, the efficient and effective acquisition and deployment of existing and emerging technology, and timely detection of and rapid response to cyber incidents. Each of the five objectives came with a thorough analysis of the problem at hand along with the actions agencies must take to address it.

Detailed timelines were provided for all tasks.

For instance, with regard to the timely detection of and rapid response to cyber incidents, DHS is “piloting behavioral-based analytics to extend beyond the current approach of using known signatures and begin identifying threat activity that takes advantage of zero-day cyber intrusion methods,” the plan stated. The results from this study and next steps must be issued by 31 March 2016.

Furthermore, to facilitate fast recovery from incidents, the plan instructed NIST to provide agencies guidance by 30 June 2016, on how to recover from a cyber event, such as a data breach or malware campaign.

“Implementing the CSIP will not prevent every cyber incident,” the plan states. “In fact, it is likely that agencies will discover additional and previously unknown malicious activity as they improve prevention and detection capabilities. Accordingly, the CSIP incorporates procedures to prepare agencies to respond to and recover from incidents, secure Federal information and assets, and ultimately strengthen their overall security posture.”