By Christine Kern, contributing writer
Latest iteration of executive order emphasizes risk of attacks among federal computer systems.
The White House aims to enhance federal cybersecurity by directing federal agencies to construct a U.S. cybersecurity policy surround those computer systems that are “at greatest risk of attacks,” according to the latest draft of an executive order.
The draft, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, asserts, “The President will hold accountable heads of executive departments and agencies (Agency Heads) for managing the risk to their enterprises. In addition, because risk management decisions made by Agency Heads can affect the risk to the executive branch as a whole, it is also the policy of the United States to manage cyber risk as an executive branch enterprise.”
Effective risk management transcends protecting networks and data currently in place and must entail planning for coordinated and appropriate future maintenance, improvements, and modernization, according to the order. It also states, effective immediately, all Agency Heads must apply The Framework for Improving Critical Infrastructure Cybersecurity developed by the National Institute of Standards and Technology (NIST) in order to manage their agency’s cyber risk. Agencies have 90 days to submit to OMB and DHS a risk management report outlining steps to follow the NIST Framework and highlighting the risk acceptance choices they have made.
The latest draft of the order also focuses on interagency coordination and places priority on modernization of all legacy systems in order to improve cybersecurity across civilian agencies. This version also requires a plan to transition all Federal agencies to shared services for email, cloud computing, and cybersecurity, and requires senior officials to engage in a feasibility study for the transition of agencies to consolidated network architectures, as MeriTalk reports.
“The executive branch has for too long accepted antiquated and difficult to defend IT and information systems,” the order states. “Effective immediately, it is the policy of the United States to build a more modern, more secure, and more resilient Executive Branch IT architecture.”
The Modernizing Government Technology (MGT) Act passed the House recently but was delayed in the Senate. Reps. Will Hurd (R-TX) and Gerry Connolly (D-VA) will introduce a new version of the bill, which would provide a revolving capital fund for modernizing Federal IT systems.