Cybersecurity

OMB readies next phase of cyber sprint plan

Tony Scott  (Photo: VMware)

Federal CIO Tony Scott said the Cybersecurity Sprint Strategy and Implementation Plan would likely be unveiled next month.

The federal government is putting the finishing touches on its follow-on policy to the “cyber sprint” that came after the massive hack of the Office of Personnel Management, federal CIO Tony Scott told FCW Sept. 11. Agency lawyers are now reviewing the plan, which could feature the furtherance of key cyber programs like Einstein 3A and continuous diagnostics and mitigation.

Scott said he was hoping to have the Cybersecurity Sprint Strategy and Implementation Plan (CSSIP) announced by the end of the month, but it is looking more likely to come shortly thereafter. The deliberation is to ensure that “anything we announce that we’re going to do, that we have the capability and resources in place to go do,” Scott told FCW after his appearance at a cybersecurity conference in Washington, D.C.

The 30-day “cyber sprint” coordinated by Scott’s office at the Office of Management and Budget assessed the security of federal civilian and military IT networks after the OPM breach, which exposed data on 22 million current and former federal employees, contractors and others. The results of the sprint showed that 14 major civilian agencies surpassed Scott’s goal of 75 percent strong authentication, while several agencies hit 100 percent for privileged users alone.

The question then became how to turn any momentum from the sprint into longer-term success. One hundred experts from across the government and industry came together to examine “some of the hard problems” vis-à-vis federal cybersecurity, whether in “policy or process or org structure or resources,” Scott said. The fruits of their labor will be the CSSIP.

The greater use of Einstein 3A, the latest iteration of a $3 billion intrusion-detection program run by the Department of Homeland Security, was one technology solution mulled by the working group, Scott said.

A source close to the new plan told FCW that the plan could mandate that, by September 2016, all agencies use Internet service providers signed onto Einstein 3A, though DHS and OMB spokesmen S.Y. Lee and Jamal Brown declined to comment on that possibility. Implementation of the Einstein program with ISPs has not been all smooth sailing. Negotiations between DHS and AT&T over the program stalled over liability concerns, according to a Politico report.

Lee’s only answer to questions about the potentially enhanced role of Einstein 3A in federal cybersecurity policy was to point to a recent speech from DHS Secretary Jeh Johnson. The secretary said he has “challenged [his federal colleagues] to make aspects of E3A available to all federal civilian departments and agencies by the end of 2015,” according to his prepared remarks. Lee did not answer a question on just what “aspects” of the program Johnson was referencing.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.