White House probes centralized cyber capabilities
- By Mark Rockwell
- Oct 27, 2016
The White House is working on a plan to create a centralized cybersecurity model for agencies that could guide federal cybersecurity efforts for the next four to eight years.
Trevor Rudolph, chief of Office of Management and Budget's Cyber and National Security Unit, said the White House is developing a shared capabilities model that agencies might use to leverage common capabilities such as the Department of Homeland Security's Einstein and Continuous Diagnostics and Mitigation (CDM) services.
In remarks at the Information Security and Privacy Advisory Board on Oct. 27 about transition plans for the Cybersecurity National Action Plan, Rudolph said his office has been involved in "an ongoing discussion with DHS and [the General Services Administration]" about the idea.
The plan, Rudolph said, would serve the next administration's IT governance of IT and cybersecurity. Coordination is also taking place with the National Institute of Standards and Technology. A fact sheet on the project is due out soon, Rudolph said.
"We're working rapidly to put together options" and guidance on how to govern such a model, as well as working on a potential legislative framework to support a wider shared capabilities model that could be used by the next administration, he said.
The wider plan, Rudolph added, could be used in the "next four to eight years."
"It's an outgrowth of CNAP," he said, referring to the Obama administration's $19 billion Cybersercurity National Action Plan that was included in the FY2017 budget submission. "The idea is not original. It goes back to [former federal CIO] Vivek Kundra," who floated an idea of an "independent agency to provide IT capabilities," he said in remarks to reporters after his ISPAB presentation.
In a federated environment, Rudolph said, "centralized IT solutions can solve a lot of legacy IT problems."
"DHS has done a phenomenal job" in getting agencies to sign on to CDM and Einstein, he added. "They have to go around and to get permission slips from agencies to provide free tools and services."
Rudolph said the White House is still working out the details of how the model could work. "I'd shy away from calling it shared services," he said in response to a question from FCW.
At a previous ISPAB meeting in June, Rudolph said shared services were one of a few critical cybersecurity efforts the White House is banking on, along with a planned IT modernization fund and DHS-based cyber defense teams.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.