In an exclusive interview with Federal News Radio, White House Cyber Czar Howard Schmidt said a majority of the senior leaders in government understand the importance of securing agency, contractor and critical infrastructure systems. He said among his office’s biggest accomplishments is moving the day-to-day cyber authority of federal civilian networks to DHS. Michael Daniel will replace Schmidt, whose last day is in early June.
Despite a 2006 mandate to secure mobile devices and implement two-factor authentication, only just over half of federal agencies have managed to do so. OMB submits its annual FISMA report to Congress detailing the steps the government has taken to improve cybersecurity, including spending $12 billion on cybersecurity last year.
OMB mandated departments implement continuous monitoring of their cyber networks by 2012. Part of meeting that goal is understanding what hardware and software currently reside on the computing backbone.
Federal News Radio has obtained exclusive details on the IT budget guidance OMB sent to agencies for the fiscal 2012 budget request. The administration is asking agencies to begin using monitoring their networks continuously by the end of next year. OMB also sets deadlines for cyberscope, IPv6 and funding of e-government projects.
OMB created CyberScope to streamline the reporting process, enhance analysis, and importantly, reduce the $2.3 billion Feds spend annually on compliance. So why is no one using it? We ask McAfee’s Ed White.
DHS is leading the effort to rework cybersecurity metrics around patch, configuration, vulnerability and inventory management. Justice plans to host an industry day in June to tell vendors how cyberscope works. NIST will issue new cyber publications and GSA plans on new RFP for situational awareness and incident response tools.
New White House guidance calls for agencies to submit data feeds to OMB’s Cyberscope tool. Federal CIO Vivek Kundra hopes the information will give agencies a better idea of vulnerabilities and threats to computer networks. Agencies may have to shift money away from traditional reports to upgrade systems to meet new FISMA requirements.