Modernization of U.S. Federal Cybersecurity Improving, but More Work Is Still Needed

Tony Scott, the Federal Chief Information Officer, recently outlined in a blog post some of the improvements the U.S. government has made with regards to modernizing cybersecurity policies, systems, and infrastructure in an effort to better defend against the ever-increasing cyber attacks that threaten our national security every day.

These primary efforts began back in 2009 with the implementation of the Cyberspace Policy Review.  This was followed by a push to increase the sharing of cybersecurity-related information among various agencies and industries along with an increase in the cybersecurity budgets of several Federal departments to assist with improving and upgrading cyber defense systems.

Though improvements were being made, weaknesses still existed as discovered through the huge cyber attack on the Office of Personnel Management’s (OPM) network system that occurred earlier this year.  This attack prompted the White House Office of Management and Budget (OMB) to quickly initiate a 30-day Cybersecurity Sprint that would instruct Federal agencies “to immediately take a number of steps to further protect Federal information and assets and improve the resilience of Federal networks.”  These steps helped Federal Agencies improve their use of “strong authentication for all users” by 30%, but it became apparent that more work still remained.

To address these issues, Tony Scott’s team recently released the Cybersecurity Strategy Implementation Plan (CSIP) along with the Fiscal Year 2015-2016 Guidance on Federal Information Security and Privacy Management Requirements.  The CSIP will focus more on improving defenses, timely detection and response to attacks, and recruitment and retention of a highly-qualified cyber workforce.  On the other hand, the Fiscal Year 2015-2016 Guidance on Federal Information Security and Privacy Management Requirements will focus primarily on improving cyber policy.  These two plans, along with other efforts, will hopefully complement each other in order to bring the United States’ cybersecurity to a level that we all can feel confident about.

Article formerly posted at