Improving Federal Cybersecurity Situational Awareness via Centralization

Criterion | Cybersecurity CoE

Improving Federal Cybersecurity Situational Awareness via Centralization


By Brian Rodger, Director of Cyber Services, Criterion Systems

A new report from the White House Office of Management and Budget assessing federal cybersecurity programs has identified four areas for improvement:

  • Finding 1: Limited Situational Awareness
  • Finding 2: Lack of Standardized IT Capabilities
  • Finding 3: Limited Network Visibility
  • Finding 4: Lack of Accountability for Managing Risks

I would like to take a moment to discuss the first finding as it relates to the idea of a national cybersecurity agency that I explored in my recent NextGov article. The report indicates that OMB, DHS, and NSA will disseminate and help implement the Cyber Threat Framework to prioritize efforts and manage cybersecurity risks. I believe situational awareness is a function that could greatly benefit from being managed centrally across the federal government.

Solving the limited situational awareness problem offers a perfect opportunity for testing the idea of centralization. Rather than trying to push this framework out to 96 different agencies, the government could create a Federal Cyber Threat Fusion Center focused across the entire Federal Government landscape. Centralizing this critical piece of cybersecurity makes sense for three key reasons:

  • Implementation: Establishing a central threat fusion center in lieu of trying to roll out and standardize a program across the multitude of federal agencies is much more efficient.
  • Staffing/hiring: Cyber threat analysts are in high demand and government agencies are frequently fighting for the same talent. With a centralized cyber fusion center, each agency would only need to staff a limited number of cyber threat analysts to act as liaisons to the fusion center instead of having to staff up an entire component focused on threat.
  • Commonality of the threat picture: By providing one centralized point of information, potential benefits could include:
    • Trend tracking across different agencies to discover commonalities and specific targeting
    • An opportunity to standardize on a common taxonomy and nomenclature when categorizing threats across the entire landscape
    • The ability to develop a common overarching strategy against threats instead of dealing with each threat as a one-off

While the other three findings of the report are equally important, the limited situational awareness from a threat perspective is an opportunity for the federal government to adopt an approach that will truly improve the government’s overall cyber posture.