The Cybersecurity and Infrastructure Security Agency is augmenting its shared cybersecurity service model with a new team of advisors who are deploying to individual agencies to dive into how they can improve their specific network defenses.
The advisors are organized under the Federal Enterprise Improvement Team or FEIT, pronounced, “fight,” according to Eric Goldstein, executive assistant director for cybersecurity at CISA.
The team represents a new evolution for CISA, which has long provided shared cyber services like the EINSTEIN intrusion detection system and the Continuous Diagnostics and Maintenance (CDM) program.
“But we really did very little bespoke hand holding of agencies to really figure out what’s their security program like today? What’s their environment like? What’s their infrastructure like? And then how can we help them progress on a journey to get in the place that they need to be,” Goldstein said during a Monday event hosted by the Information and Technology Industry Council.
FEIT was funded through a portion of the $650 million CISA received under the American Rescue Plan Act of 2021.
“With these new FEIT teams, we now are hiring personnel who can actually work with individual agencies based upon their unique maturity and characteristics to identify gaps, develop improvement plans and really be with them on their entire journey to improvement,” Goldstein said.
The establishment of the agency advisors comes as lawmakers increasingly look to put CISA at the center of federal civilian executive branch cybersecurity operations. Both the House and Senate are moving to update to the Federal Information Security Modernization Act of 2014 with legislation that would, among other things, codify CISA’s central role in federal cyber defense efforts.
The FEIT teams will also help CISA better tailor the tools and services it provides to agencies through its Cybersecurity Shared Services Office, Goldstein said. In addition to mainstays like EINSTEIN and CDM, CISA also offers services like a centrally managed Vulnerability Disclosure Policy Platform, security operations services, and a Protective Domain Name System Resolve Service
“The combination of our federal enterprise improvement teams working with agencies to figure out the shared service roadmap where we can always resolve gaps at scale, that’s really our way of managing the significant asymmetry between agencies,” Goldstein said.
CISA seeking recruits
The improvement teams are just one area of growth for CISA.
The Biden administration’s fiscal year 2023 budget includes $11.9 million for the FEIT teams to continue the funding provided by the American Rescue Plan Act.
“Dedicated funding in FY 2023 will help transition from near-term remediation and tactical recovery into sustained, long-term strategic recovery,” CISA’s budget documents state. “FEIT provides dedicated support and resources to federal agencies and reduces federal cybersecurity risk by bridging operational and programmatic support activities, extending support before and after Incident Response (IR), and sustaining improvement initiatives against a set of strategic priorities determined through enhanced analytic capabilities.”
The listing shows CISA is hiring advisors through the relatively new Cyber Talent Management System (CTMS). The system is exempt from many of the government’s traditional hiring, classification and compensation practices, allowing CISA to recruit, hire, pay and promote cyber talent in different ways compared to their colleagues on the General Schedule.
For the currently listed cyber advisor openings, CISA is offering a 10% salary supplement for potential hires in the metro Washington, D.C. area.
“We share the same challenge as every organization in our field, which is the cybersecurity hiring market right now, it’s tight, and finding the leading cybersecurity experts across disciplines that reflect the diversity of our country really is our call to action,” he said.