White House Details Its Cybersecurity Efforts For 2015

Cybersecurity Efforts For 2015

The White House has issued a fact sheet that details its efforts to ensure that cyber defense strategies are meeting the critical cybersecurity challenges currently facing the USA. This is in response to the increased sophistication and severity of cyber attacks both internationally and within the US, and involves long-term risk management that the Obama administration states it is building on.

According to the fact sheet dated July 9, 2015, efforts include establishment of a dedicated E-Gov Cyber team that has been tasked to work with key Federal cybersecurity stakeholders. Set up in June, E-Gov Cyber has been leading incident response for the US Government in an attempt to quickly mitigate any newly identified vulnerabilities. It is also responsible for accelerated assessment of Federal agency programs and defenses that relate to cybersecurity, and has established a critical program for vulnerability that deals with the various US government “public-facing websites.”

The Cybersecurity Fact Sheet

cyber

Titled Administration Cybersecurity Efforts 2015 the new US fact sheet asserts that President Barack Obama has consistently identified cybersecurity as a primary challenge faced by the American nation. Since his inauguration, it states, his government has implemented many policies to:

  • Enhance the response capabilities of the US Government
  • Improve its cyber defense abilities
  • Upgrade its incident management tools
  • Private Sector Efforts

The document incorporates a run-down of government-supported private sector efforts to try and improve cybersecurity, including a White House Summit held in February this year, which has lead, amongst other things, to Department of Homeland Security (DHS) efforts to share critical information about cybersecurity and encourage collaboration. The DHS reports that as of July 2015, there are 125 private sector agreements in place and another 156 currently being negotiated.

It also states that the Department of Defense (DoD) is set to open new offices in Silicon Valley where it will focus on cybersecurity as well as innovation and technology to help improve national security. Further, the Department of Commerce has launched initiatives that are aimed at strengthening cybersecurity in both the software and hardware that is used in computers and on the Internet.

Also, the Federal Trade Commission has launched a new website identitytheft.gov that has been designed as a one-stop resource that will enable them to streamline reporting and remediation with credit bureaus.

Federal Cybersecurity Efforts

According to the fact sheet, Federal efforts to improve cybersecurity have been “accelerated” in an endeavor to cope with increasing threats. In June there was a 30-day Cybersecurity Sprint that included:

  • Patching of critical Vulnerabilities
  • Tightening of access for so-called “privileged” users
  • Leveraging of tools used to block high-risk indicators
  • Increase of the use of multi-factor authentication

During the Sprint, DHS reportedly scanned more than 40,000 systems for critical vulnerability, and their efforts have continued subsequently. As they identify vulnerabilities, federal agencies are stepping in to patch them.

There is also increased government-wide cyber emphasis that is being overseen by the Federal Chief Information Officer. This includes E-Gov Cyber (see above), a new Federal Cybersecurity Civilian Strategy, and new capabilities designed to provide various Federal agencies with the ability to combat cyber threats. Phase two of the Continuous Diagnostics and Mitigation (CDM) Program (that is currently pending approval by Congress) will improve security of those using government computers; and the new EINSTEIN 3A system, designed to prevent intrusion, will detect and block threats before they impact Federal agencies.

Additional efforts include safeguards for unclassified information that doesn’t normally carry the same stringent protection required by classified data. Last month (June 2015) the National Institute of Standards and Technology (NIST) published a special publication that provides recommended requirements that will protect the confidentiality of information of this kind.

New Policies and Capabilities

The White House fact sheet also details a number of “new” policies and capabilities that have been introduced to help identify malicious cyber attacks, and both counter them and defend against them. These were, though, all established prior to April this year.

International Efforts

Lastly, the fact sheet details how the US government is “engaged internationally” with other countries including Brazil, Gulf countries, India, and the United Kingdom.

It states that G7 countries have agreed to launch a new cooperative effort that will improve cybersecurity within the international energy sector. Also, the UN Group of Governmental Experts will be drafting “norms of state behavior in cyberspace during peacetime.”

The US Department of Defense has pledged to increase its participation in “cyber exercises” and do whatever it can to help NATO and its “Allies” prepare to meet new cybersecurity challenges.

Three new Cyber Assistant Legal Attache (ALAT) positions have been established in Canberra (Australia), Ottawa (Canada), and London (UK), and four additional positions are planned for 2016.
Ultimately, as the fact sheet states, every country can combat malicious cyber activity effectively and efficiently, simply by preventing and mitigating incidents that fall within their jurisdiction.

By Penny Swift

Gary Bernstein

5 Notable Proxy Servers Adding That Extra Layer Of Privacy

What’s A Proxy Server? A proxy server is a gateway between the user and the internet. This is an intermediary server that separates end users from the websites they browse. It’s completely legal to use ...
Bill Talbot

How IT Operations Can Survive and Thrive in a Multi-cloud World

IT Operations Can Thrive in a Multi-cloud World IT operations teams are contending with the reality that growing volumes of workloads are running across multiple cloud services. While multi-cloud environments are growing ubiquitous, many IT ...
Isc2

Episode 2: Coronavirus Phishing Emails and Work-from-Home Meetings

Coronavirus Phishing Emails What to watch out for as scammers exploit pandemic panic, and tips on how to attend meetings while working from home. Working from home this week? There are a few challenges and ...
Tej Redkar

How AI Monitoring Can Make Your Business Smarter and Better

Business AI Monitoring When issues arise with digital technology—as they invariably do—companies must have the ability to fix them before they create any business impact. These days, more and more companies are discovering that the ...
Kaylamatthews

What You Need to Know – IoT and Real-Time Operating Systems

Real-Time Operating Systems A real-time operating system, or real-time OS, appears to execute tasks while using a single processing core simultaneously.  However, what's really happening is that the tasks' response time is so fast that ...
Sangeeta Chhabra

What Accountants Should Know About The Cloud

Cloud Accounting Cloud technology has been at the top of the charts of new-age technologies for a long time now. Almost every industry in the world has started realizing its capabilities and integrating cloud strategies ...