Over the last six months the U.S. Government implemented a wide range of policies; both domestic and international, to improve the nation’s cybersecurity/cyber defenses, enhance our response capabilities, and upgrade our incident management tools.
[Related: Vice President Biden Announces $25 Million Grant to HBCUs for Cybersecurity Education]
Here are only a few of the major achievements the administration has implemented as detailed in a White House press release:
Supported private sector efforts to improve cybersecurity.
The Administration hosted the White House Summit on Cybersecurity and Consumer Protection at Stanford University on February 13, which brought together leaders from businesses throughout the economy, consumer and privacy groups, educators, students, law enforcement, and other government agencies. At the Summit, over two dozen companies made commitments. They have all started to act upon their commitments to share best practices, adhere to stronger security standards, use the Cybersecurity Framework of Standards and Best Practices to manage their cyber risk, share cyber-threat information, and adopt more secure payment technologies.
Proposed new cybersecurity legislation.
In January, the President sent Congress a new cybersecurity legislative proposal that included information sharing and data breach notification provisions. In April, the House of Representatives passed two bi-partisan bills similar to the President’s information sharing proposal.
Enhanced public/private collaboration.
The administration promotes a National Institute of Standards and Technology (NIST)-developed Cybersecurity Framework as a key method for managing cyber risk, and Federal departments have expanded collaborative engagements with the private sector to build mutual understanding and improve cybersecurity.
Established partnerships to secure technology.
The Department of Commerce has launched two initiatives to strengthen cybersecurity in the hardware and software used in computers and on the Internet. The National Telecommunications and Information Administration (NTIA) is expanding their domestic multi-stakeholder model to promote Stakeholder Engagement on Cybersecurity in the Digital Ecosystem. Also, NIST has created the National Cybersecurity Center of Excellence to partner with the private sector, academia, and other government agencies in order to find solutions to security
problems inherent in technology. The center will produce generally available standards-based reference designs, templates, and example “builds,†in order to reduce costs and complexities and enable companies in all sectors to use more secure technology.Continue reading on the next page…
Protected consumers.
Since 2011, the Administration has worked to make online transactions more secure for business and consumers alike. In implementing the National Strategy for Trusted Identities in Cyberspace (NSTIC), the Department of Commerce has worked with thousands of stakeholders to jump-start an identity ecosystem, providing consumers with more secure, convenient, and privacy-enhancing experiences on the Internet.
Enhanced Federal cybersecurity
Accelerated efforts to increase security on federal networks — last month, the Federal Chief Information Officer launched a 30-day Cybersecurity Sprint to accelerate progress made on enhancing the Federal Government’s cybersecurity. The Sprint’s preliminary reporting shows great progress in Federal agency efforts to further protect information and assets, and improve the resilience of federal networks, including: patching critical vulnerabilities, leveraging tools to block high-risk indicators, tightening access for privileged users, and increasing the use of multi-factor authentication.
Increased Cyber Emphasis Government-wide under the Federal Chief Information Officer
The Federal CIO has established a dedicated cyber team, E-Gov Cyber, to enhance oversight of agency and government-wide cybersecurity programs; and work with key federal cybersecurity stakeholders
to ensure federal cybersecurity receive the heightened level of attention, oversight, and management deserving of a national security priority. As of June 2015, E-Gov Cyber has led government-wide incident response actions to rapidly mitigate new vulnerabilities, such as Heartbleed; accelerated assessments of agency’s cybersecurity program and defenses, by over 200 percent from the previous year; and established a new, on-going critical vulnerability scanning program for public facing web sites across the government.Adopted more secure technologies
Later this summer, the Administration will release new strategies and policies to help agencies secure their networks. These policies will include a Federal Cybersecurity Civilian Strategy and guidance to improve cybersecurity protections in Federal acquisitions. From the development of additional shared services to the faster acquisition of the most current cybersecurity technologies, this guidance will further empower federal agencies to modernize their IT systems and utilize the latest cybersecurity tools.
Deployed new capabilities
In order to provide federal agencies with better capabilities to monitor their systems and combat cyber-threats, DHS is accelerating the deployment of two initiatives. For example, DHS is accelerating deployment of the EINSTEIN 3A intrusion prevention system across the Federal Civilian Government. EINSTEIN 3A detects and blocks cybersecurity threats before they can impact Federal agencies. The system now covers 15 federal civilian executive branch departments and agencies, a 20 percent increase over the past 9 months. DHS will award a contract to provide EINSTEIN 3A for all federal civilian agencies by the end of 2015.