Here is part 4 of our review on the cybersecurity issues the US government faced in 2015.
Other initiatives being taken
Riding the momentum of the 30 day cyber sprint the Chief Information Officer and the Office of Management and Budget have set deadlines for policies to be in place for certain agencies. The initial deadline is set for the end of 2015 year. The polices to be in place by the end of the year are; the Office of Management and Budget will issue a new incident response best practices for all agencies, the Department of Homeland Security contract will equip all agencies with an updated version of their intrusion-detection system EINSTEIN to EINSTEIN 3A, agencies will now be required to report all cyber positions to OPM and a then a group of agency CIOs will create a subcommittee focused on rapid deployment of emerging technology, the director of national intelligence will lead a threat assessment of the assets considered at high risk or targeted by adversaries and the Department of Homeland of Security will continue to diagnose and mitigate the cybersecurity protections for all high-value assets and continue to conduct proactive assessments on a rolling basis as new threats are identified by officials.
The Chief Information Officer and the Office of Management and Budget have also set deadlines for policies to be in place within certain agencies for the upcoming 2016 year. The first thing to be put in place, by the end of January, is the Office of Management and Budget will release a plan for implementing new cybersecurity shared services. By the end of March the OMB will also release new guidance on safeguarding personally identifiable information. The end of April the General Services Administration will have to finalize a contract vehicle for pre-vetted services for incident response services that can quickly be leveraged by agencies in the wake of a breach. Also in April a publication will be released aimed at helping agencies recruit, develop and maintain a pipeline of cybersecurity talent. Then by June 30th the National Institute of Standards and Technology will issue guidance to agencies on recovering from cyber events. The DHS will also expand a suite of tools to help agencies continuously monitor and respond to threats. Agencies must also push for stronger identity management for users looking for access to the federal networks.
The Department of Homeland Security is also addressing a gaping need by hiring one thousand new cybersecurity personnel by June of 2016. The Office of Personnel Management approved the hiring of specific job duties that include; cyber risk and analysis, cyber incident response analyzing malware and other vulnerabilities, detecting and assessing cyber vulnerabilities and intelligence analysis and among other areas. The Department of Homeland Security was granted the permission to speed up the hiring of professionals, set the rates of pay along with any additional compensation, benefits, incentives and allowances to help with attracting top level talent. Not only is the DHS ramping up their hiring but the government as a whole is looking to bring in a lot of new top talent. The CIO came out during his keynote speech at the FedScoop conference and said it is estimated the government will look to hire ten thousand cyber professionals in 2016.
Our Thoughts on Part 4
Putting legislation in place in event of a cyberattack is only half the battle the government faces these other initiatives being done are the other half. Finding solutions to cover these gaps is key. The announcing of the hiring of some ten thousand cyber professionals next year is a great step in drawing the attention of top talent, letting them know there will be openings in this tough job market is a great tactic in luring in this talent. Also, addressing the need to have people in place to take some of the workload off those who are employed already and are being over worked because there is just not enough bodies to do the work is a good step. By having more qualified people in place will lighten up the work load of everyone and should help in increasing the production as well as the quality of the work being done. By having these deadlines in place is a great step as well as it is forcing the agencies to make sure they have everything in place in a timely fashion. These deadlines are also telling agencies when new resources and information will be available to them. These are all positive steps in strengthening up the cyber security within the government but there is still plenty of work to be done to really secure up on all fronts and really thwart off cyber attackers.