18 Jun Improving Federal Cybersecurity Situational Awareness via Centralization
By Brian Rodger, Director of Cyber Services, Criterion Systems
A new report from the White House Office of Management and Budget assessing federal cybersecurity programs has identified four areas for improvement:
- Finding 1: Limited Situational Awareness
- Finding 2: Lack of Standardized IT Capabilities
- Finding 3: Limited Network Visibility
- Finding 4: Lack of Accountability for Managing Risks
I would like to take a moment to discuss the first finding as it relates to the idea of a national cybersecurity agency that I explored in my recent NextGov article. The report indicates that OMB, DHS, and NSA will disseminate and help implement the Cyber Threat Framework to prioritize efforts and manage cybersecurity risks. I believe situational awareness is a function that could greatly benefit from being managed centrally across the federal government.
Solving the limited situational awareness problem offers a perfect opportunity for testing the idea of centralization. Rather than trying to push this framework out to 96 different agencies, the government could create a Federal Cyber Threat Fusion Center focused across the entire Federal Government landscape. Centralizing this critical piece of cybersecurity makes sense for three key reasons:
- Implementation: Establishing a central threat fusion center in lieu of trying to roll out and standardize a program across the multitude of federal agencies is much more efficient.
- Staffing/hiring: Cyber threat analysts are in high demand and government agencies are frequently fighting for the same talent. With a centralized cyber fusion center, each agency would only need to staff a limited number of cyber threat analysts to act as liaisons to the fusion center instead of having to staff up an entire component focused on threat.
- Commonality of the threat picture: By providing one centralized point of information, potential benefits could include:
- Trend tracking across different agencies to discover commonalities and specific targeting
- An opportunity to standardize on a common taxonomy and nomenclature when categorizing threats across the entire landscape
- The ability to develop a common overarching strategy against threats instead of dealing with each threat as a one-off
While the other three findings of the report are equally important, the limited situational awareness from a threat perspective is an opportunity for the federal government to adopt an approach that will truly improve the government’s overall cyber posture.