These 5 Cyber Steps Could Make America Safe Again

CISA releases plan to better secure more than 100 federal agencies

Getty

The U.S. Cyber Defense Agency, or more formally the Cybersecurity and Infrastructure Security Agency, has released a plan to realign cybersecurity operational priorities for more than 100 federal agencies. The plan aims to reduce cybersecurity risk to federal civilian executive agencies, covering everything from supply chain management to incident response. Given that cybercriminals are not averse to targeting such agencies when it comes to ransomware attacks, and state-sponsored threat actors clearly have them in their sights, this is a long-overdue move.

What is the Federal Executive Branch Cybersecurity Alignment Plan?

CISA, which is responsible for the operational management of federal cybersecurity issues, has implemented a plan to align cybersecurity with the needs of the civilian executive branch. Its purpose is to direct and coordinate support for agencies, promote identified priorities and align defense capabilities.

ForbesUS Army Special Forces Hackers Attack Wi-Fi NetworksBy Davey Winder

The FOCAL plan will apply to more than 100 FCEB agencies, including the Defense Nuclear Facilities Safety Board, Department of Energy, Department of Homeland Security, Department of the Treasury, and Election Assistance Commission. A full list of agencies is available on the CISA website.

Given that each FCEB agency has a completely unique mission, with its own autonomous networks and system architectures, this introduces a distinct nature to each agency’s cyber risk tolerance, as well as the strategies they employ to mitigate that risk. As you can imagine, this makes it difficult to ensure that collectively they are properly applying the right components of a mature cybersecurity operational posture.

In announcing the FOCAL plan, CISA wanted to emphasize that a collective approach to cybersecurity can reduce risk across the agency’s portfolio, as well as within each agency individually. Indeed, the foundation of the aircraft’s introduction, beyond helping to keep America safe, is “aligning collective defense capabilities across the federal enterprise,” CISA said.

ForbesRussia, Russia, Russia 2024 — Justice Department cracks down on fake news promoting Trump’s electionBy Davey Winder

Five Steps to Make America (Cyber)Safe Again

While no plan can provide 100 percent security, as such a guarantee is impossible, the plan takes this into account and is instead designed to focus resources on actions that can be taken to improve operational cybersecurity.

With this in mind, the FOCAL plan highlights five priority areas that are aligned with the agency’s own indicators and reporting requirements.

Asset management to provide a comprehensive understanding of each agency’s cyber environment, including both the operational perimeter and interconnected assets.
Vulnerability management to proactively protect enterprise surfaces that may be subject to attacks and help assess their defensive capabilities.
To design a cyber infrastructure that recognizes that security incidents will happen requires a defensive architecture. This is not a “maybe someday” scenario, so resilience is essential.
Cyber supply chain risk management is needed now more than ever; it is not just physical supply chains that pose risk at the nation-state level. Such management must be able to identify and mitigate risks from third parties to federal IR environments in a timely manner.
Incident detection and response must be improved to ensure that the ability of Security Operations Centers to detect, respond to, and mitigate the effects of security incidents is as up-to-date as possible.

ForbesSecret Service places $2.5 million bounty on most wanted hacker’s headBy Davey Winder

“Federal government data and systems are interconnected and always a target for our adversaries,” said Jeff Greene, CISA’s deputy executive director for cybersecurity. “FCEB agencies must address this threat in a unified manner and proactively mitigate risk.” The action items above will guide these agencies toward effective operational cybersecurity processes as well as building resilience, Greene said, concluding, “CISA is modernizing federal agency cybersecurity.”