Why Cybersecurity Should be Your Top Priority This Federal Year-End
If you’re wondering where to spend your federal fiscal year-end dollars, no doubt cybersecurity is top of mind. With threats increasing and constantly evolving, protecting federal systems, networks, and data has never been more important.
But this year, there’s a new imperative for federal CIOs – the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.
The executive order is extensive and wide ranging and makes it clear that the status quo will not be tolerated: “The executive branch has for too long accepted antiquated and difficult–to-defend IT.”
Specific priorities in the order cover everything from high level requirements to in the weeds tactical actions, such as fixing known weaknesses, patch management, and configuration management.
Priorities are broken down into five pillars:
1. Accountability – i.e. owning acceptable risks.
2. Identity and privilege management – According to the Verizon 2016 Data Breach Investigations Report, privilege abuse was behind 66% of insider misuse incidents. That’s significant.
3. Modernization – Not just getting there but keeping up for the long haul.
4. Vulnerability management – Patching, configuration management
5. Transparency – Sharing knowledge, practices and threat intel, i.e. think of security as a team sport.
The Clock is Ticking
That’s a lot to review, assess, report on and begin the process of planning for. Many of the recommendations have 90 to 120 day reporting and planning deadlines beginning from the May 11th release date with action steps due later this year. The clock is running and agencies need to understand what the implications are for their organizations.
What can your agency do adhere to the EO’s mandates? DLT’s Chief Cybersecurity Technologist, Don Maclean will be leading a panel discussion at this year’s 930Gov event. Join us in DC to hear more on the order, its key themes and analysis from Don who will be accompanied by:
• Ken Durbin, Unified Security Strategist at Symantec,
• Timothy Jones, Manager of Systems Engineering, ForeScout
• Ron Ross, Ph.D., Fellow, National Institute of Standards and Technology