White House tech officials are looking to put more weight behind CNAP for the next administration.
The White House is looking to ensure its IT management and cybersecurity efforts continue into the next administration by fleshing out its Cybersecurity National Action Plan, as well as developing more detailed agency guidance on cyber and IT workforce issues.
"We've got a hell of a challenge with the presidential transition," Trevor Rudolph, the federal CIO office's chief for cyber and national security, said in a June 15 presentation to the Information and Security Privacy Advisory Board. ISPAB is a federal advisory group serving the National Institute for Standards and Technology.
That challenge, he said, is to make sure the advances in agency cyber hygiene and authentication practices -- many of which were precipitated by the cyber sprint mandated by federal CIO Tony Scott last summer --continue into the next presidential administration.
"We're headed in the right direction," Rudolph said, pointing to substantial PIV card and dual-factor authentication implementation and declining instances of unpatched vulnerabilities in the wake of the sprint. After the Cyber Sprint, PIV implementation is at 80 percent at federal agencies, he said. Challenges of legacy IT, fragmented IT governance and workforce issues remain.
CNAP, a $19 billion plan that includes a $3.1 billion revolving fund to cover IT modernization projects, faces a strategic challenge.
"Now it's really only a fact sheet on the White House website," Rudolph said in his presentation. "That's not a good position to be in. There's no Executive Order or OMB order" undergirding it, he said.
To address the workforce issue, Rudolph said OMB and the Office of Personnel Management will release a joint memo "in the coming days" on cyber workforce strategy that will identify needs, training, recruitment and other issues. When asked after his presentation, Rudolph declined to provide a more specific timeline or other details on the coming memo.
The White House will also look to beef up CNAP in the coming months, including ways to codify the effort so it continues after the change in administration.
The panel, which is made up of commercial, federal and academic experts, asked if a more formal version of CNAP was needed.
"It's very likely that we'll see something else to give CNAP some meat to get it through the transition" to a new administration, Rudolph said.
Rudolph added that administration tech officials are also talking to advisers in presidential campaigns about cybersecurity and federal IT.