Cybersecurity

DHS issues new directive to protect high-value assets

cybersecurity

The Department of Homeland Security announced May 25 that it has issued a new Binding Operational Directive designed to further protect high-value assets in the federal government from cyber attacks.

Under the new directive, 18-02, federal agencies must submit to DHS an updated and prioritized list of their own high-value assets within 30 days of the order’s issuance, dated May 7. They must also identify a point of contact within the agency responsible for coordinating with DHS.

Additionally, a select number of agencies designated by the Office of Management and Budget must authorize DHS to conduct deeper assessments around risks and vulnerability and remediate any critical weaknesses identified within 30 days of notification.

“With the issuance of BOD 18-02, DHS introduces a more focused, integrated approach to addressing weaknesses across federal agency [high-value assets], facilitates ongoing collaboration across cybersecurity teams to drive timely remediation, and ensures senior executive involvement to manage risk across an agency enterprise,” wrote Jeanette Manfra, Assistant Secretary for Cybersecurity and Communications in a note accompanying the directive’s release.

The new BOD will supersede a similar directive issued in 2016.

“Based on operational insights and lessons learned, DHS is enhancing its approach to conducting these engagements to provide agencies with improved results and findings by expanding system scope, refining assessment methodologies, and using less-constrained penetration testing approaches to resemble tactics, techniques, and procedures used by advanced threat actors attempting to gain unauthorized access,” the directive read.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.