Cybersecurity

OMB readies next phase of cyber sprint plan

Tony Scott  (Photo: VMware)

Federal CIO Tony Scott said the Cybersecurity Sprint Strategy and Implementation Plan would likely be unveiled next month.

The federal government is putting the finishing touches on its follow-on policy to the “cyber sprint” that came after the massive hack of the Office of Personnel Management, federal CIO Tony Scott told FCW Sept. 11. Agency lawyers are now reviewing the plan, which could feature the furtherance of key cyber programs like Einstein 3A and continuous diagnostics and mitigation.

Scott said he was hoping to have the Cybersecurity Sprint Strategy and Implementation Plan (CSSIP) announced by the end of the month, but it is looking more likely to come shortly thereafter. The deliberation is to ensure that “anything we announce that we’re going to do, that we have the capability and resources in place to go do,” Scott told FCW after his appearance at a cybersecurity conference in Washington, D.C.

The 30-day “cyber sprint” coordinated by Scott’s office at the Office of Management and Budget assessed the security of federal civilian and military IT networks after the OPM breach, which exposed data on 22 million current and former federal employees, contractors and others. The results of the sprint showed that 14 major civilian agencies surpassed Scott’s goal of 75 percent strong authentication, while several agencies hit 100 percent for privileged users alone.

The question then became how to turn any momentum from the sprint into longer-term success. One hundred experts from across the government and industry came together to examine “some of the hard problems” vis-à-vis federal cybersecurity, whether in “policy or process or org structure or resources,” Scott said. The fruits of their labor will be the CSSIP.

The greater use of Einstein 3A, the latest iteration of a $3 billion intrusion-detection program run by the Department of Homeland Security, was one technology solution mulled by the working group, Scott said.

A source close to the new plan told FCW that the plan could mandate that, by September 2016, all agencies use Internet service providers signed onto Einstein 3A, though DHS and OMB spokesmen S.Y. Lee and Jamal Brown declined to comment on that possibility. Implementation of the Einstein program with ISPs has not been all smooth sailing. Negotiations between DHS and AT&T over the program stalled over liability concerns, according to a Politico report.

Lee’s only answer to questions about the potentially enhanced role of Einstein 3A in federal cybersecurity policy was to point to a recent speech from DHS Secretary Jeh Johnson. The secretary said he has “challenged [his federal colleagues] to make aspects of E3A available to all federal civilian departments and agencies by the end of 2015,” according to his prepared remarks. Lee did not answer a question on just what “aspects” of the program Johnson was referencing.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected