Agencies: Get ready to see more of OMB in 2016

The Office of Management and Budget will be flexing more cybersecurity muscle next year.

Trevor Rudolph, chief of OMB's Cyber and National Security Unit, touted governmentwide cybersecurity progress made in the past year and promised more CyberStat reviews, updated policies and high-value asset security in 2016.

"One hundred percent of agencies have identified their high-value assets," Rudolph said at a Dec. 15 conference sponsored by Carahsoft.

Although OMB did not publicize the information at the time, all 24 covered agencies met the first hard deadline of the Cybersecurity Strategy and Implementation Plan to report high-value assets by Nov. 13, Rudolph told FCW.

In the coming year, OMB will be working with agencies to protect those assets. And that work involves more CyberStat meetings -- data-driven, face-to-face rundowns of an agency's cybersecurity challenges.

Rudolph said OMB had planned to hit 12 agencies with CyberStat meetings in fiscal 2015, but his team managed to beat the goal and work with 14 agencies. He added that his team would set the bar higher in 2016 and attempt to meet with even more agencies.

"This is not the bogeyman coming from OMB and scaring agencies," Rudolph said, instead pledging that productive discussions rather than punishments were the goal.

He said integrating the Department of Homeland Security's ever-expanding Continuous Diagnostics and Mitigation program into agencies' operations would be another main focus area next year, though he stressed that his OMB team is not trying to supplant DHS.

Other 2016 priorities include continuing policy revisions ("Some of our policies are a little outdated") and evaluating procurement processes ("We're not very good at procuring even existing technology in many cases"), Rudolph said.

And although it's not all about the Cybersecurity Strategy and Implementation Plan when it comes to 2015 accomplishments, Rudolph stressed that referencing the groundbreaking work of 2015 would be crucial for making progress in 2016.

"Ladies and gentlemen, I expected 100 percent," he said when only a fraction of conference attendees acknowledged that they'd actually read the cybersecurity plan. "It is 21 pages of gold, I do promise you that."