White House looks to put more muscle behind cyber plan
- By Mark Rockwell
- Jun 15, 2016
The White House is looking to ensure its IT management and cybersecurity efforts continue into the next administration by fleshing out its Cybersecurity National Action Plan, as well as developing more detailed agency guidance on cyber and IT workforce issues.
"We've got a hell of a challenge with the presidential transition," Trevor Rudolph, the federal CIO office's chief for cyber and national security, said in a June 15 presentation to the Information and Security Privacy Advisory Board. ISPAB is a federal advisory group serving the National Institute for Standards and Technology.
That challenge, he said, is to make sure the advances in agency cyber hygiene and authentication practices -- many of which were precipitated by the cyber sprint mandated by federal CIO Tony Scott last summer --continue into the next presidential administration.
"We're headed in the right direction," Rudolph said, pointing to substantial PIV card and dual-factor authentication implementation and declining instances of unpatched vulnerabilities in the wake of the sprint. After the Cyber Sprint, PIV implementation is at 80 percent at federal agencies, he said. Challenges of legacy IT, fragmented IT governance and workforce issues remain.
CNAP, a $19 billion plan that includes a $3.1 billion revolving fund to cover IT modernization projects, faces a strategic challenge.
"Now it's really only a fact sheet on the White House website," Rudolph said in his presentation. "That's not a good position to be in. There's no Executive Order or OMB order" undergirding it, he said.
To address the workforce issue, Rudolph said OMB and the Office of Personnel Management will release a joint memo "in the coming days" on cyber workforce strategy that will identify needs, training, recruitment and other issues. When asked after his presentation, Rudolph declined to provide a more specific timeline or other details on the coming memo.
The White House will also look to beef up CNAP in the coming months, including ways to codify the effort so it continues after the change in administration.
The panel, which is made up of commercial, federal and academic experts, asked if a more formal version of CNAP was needed.
"It's very likely that we'll see something else to give CNAP some meat to get it through the transition" to a new administration, Rudolph said.
Rudolph added that administration tech officials are also talking to advisers in presidential campaigns about cybersecurity and federal IT.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.