DHS Updating Reporting Metrics For Cyber-Incidents
Agency Hopes To Release Updates By Year's EndAdd bookmark
Effective network defense is something that crosses borders, industries, sectors and business size. Today’s Chief Information Security Officers (CISO) and their information security teams many times face an uphill battle: with numerous threat vectors, resource constraints and increased hacker sophistication.
These principles are not only applicable to banking, financial services and insurance (BFSI) institutions on Wall Street, either. The public sector is also susceptible to attack – especially at the hands of hacktivists, nation state actors or organized crime groups. Reconnaissance on an agency network could yield all sorts of protected information.
As such, public sector agencies must adhere to equally stringent cyber security standards. Governed by frameworks, agencies report anomalous activity – as dictated by the Federal Information Security Management Act (FISMA) of 2002.
Yet, as we’ve already mentioned, the attack surface is ever-changing, and hacker sophistication keeps public CISOs on their toes around the clock.
The federal government’s top IT executives are now acting on this challenge, attempting to make reporting metrics more akin to today’s threats.
According to Nextgov.com, FISMA guidelines are being updated to reflect the current administration’s focus and priorities. Information security teams in the sector must document and categorize cyber-incidents affecting their network. Their governing framework: the National Institute for Standards and Technology (NIST).
Due to the rapid rate of change in cyber security, reporting has shifted over the years (also due in part to legislation). Nextgov reports that Federal Chief Information Officer (CIO), Suzette Kent, indicated that the Trump administration is now opting to update the FISMA metrics to correspond with the President’s Management Agenda.
Kent has been speaking regularly about the subject. She reportedly addressed a federal audience by asking who still used a cell phone from 2008. When no hands went up, Kent said, “Our technology is advancing much more quickly than that. We shouldn’t have policies that are that old.”
The administration will reportedly review policy documents this fall to update them by year’s end.
Federal agencies are also utilizing a dashboard for threat intelligence, thus promoting information-sharing across networks. A program called CDM DEFEND also aims to implement continuous monitoring.
Kent said 20 of 23 federal CFO Act agencies “are actually sharing cyber security data between their agency-level and DHS dashboard.”
A separate Nextgov story from mid-June indicated that the dashboard was receiving data from 20 out of 23 major civilian agencies at the time. Kevin Cox, of Homeland Security’s Continuous Diagnostics and Mitigation Program, reportedly said the remaining agencies would be plugged in by the end of July.
Nevertheless, the dashboard has grown quite rapidly, as it went from nascent stage in late-2017 (two agencies reporting) to nearly all by mid-2018. The DHS’ initial goal was to have all agencies connected by February.
As pointed out in Cyber Security Hub reporting from December 2017, the dashboard pulls in information from sensors planted across government computer networks. The gathered data is then read by DHS cyber officials. In real time, sensitive government networks are monitored and the DHS is able to pinpoint which software is running on various devices and endpoints.
Prior to the emergence of this diagnostic resource, the DHS could only issue blanket alerts upon learning about damaging vulnerabilities. Or, they would be forced to contact each individual agency. Officials would have to gauge which enterprise was then vulnerable.
The expeditious growth of the agency dashboard is a morale-raiser for the private sector, too, as, much like the public space, more collaboration and information-sharing efforts have been spearheaded to streamline security and reduce the vast attack surface.
Be Sure To Check Out: Incident Response Plans Heighten All Facets Of Cyber Defense