White House Details Its Cybersecurity Efforts For 2015

Cybersecurity Efforts For 2015

The White House has issued a fact sheet that details its efforts to ensure that cyber defense strategies are meeting the critical cybersecurity challenges currently facing the USA. This is in response to the increased sophistication and severity of cyber attacks both internationally and within the US, and involves long-term risk management that the Obama administration states it is building on.

According to the fact sheet dated July 9, 2015, efforts include establishment of a dedicated E-Gov Cyber team that has been tasked to work with key Federal cybersecurity stakeholders. Set up in June, E-Gov Cyber has been leading incident response for the US Government in an attempt to quickly mitigate any newly identified vulnerabilities. It is also responsible for accelerated assessment of Federal agency programs and defenses that relate to cybersecurity, and has established a critical program for vulnerability that deals with the various US government “public-facing websites.”

The Cybersecurity Fact Sheet

cyber

Titled Administration Cybersecurity Efforts 2015 the new US fact sheet asserts that President Barack Obama has consistently identified cybersecurity as a primary challenge faced by the American nation. Since his inauguration, it states, his government has implemented many policies to:

  • Enhance the response capabilities of the US Government
  • Improve its cyber defense abilities
  • Upgrade its incident management tools
  • Private Sector Efforts

The document incorporates a run-down of government-supported private sector efforts to try and improve cybersecurity, including a White House Summit held in February this year, which has lead, amongst other things, to Department of Homeland Security (DHS) efforts to share critical information about cybersecurity and encourage collaboration. The DHS reports that as of July 2015, there are 125 private sector agreements in place and another 156 currently being negotiated.

It also states that the Department of Defense (DoD) is set to open new offices in Silicon Valley where it will focus on cybersecurity as well as innovation and technology to help improve national security. Further, the Department of Commerce has launched initiatives that are aimed at strengthening cybersecurity in both the software and hardware that is used in computers and on the Internet.

Also, the Federal Trade Commission has launched a new website identitytheft.gov that has been designed as a one-stop resource that will enable them to streamline reporting and remediation with credit bureaus.

Federal Cybersecurity Efforts

According to the fact sheet, Federal efforts to improve cybersecurity have been “accelerated” in an endeavor to cope with increasing threats. In June there was a 30-day Cybersecurity Sprint that included:

  • Patching of critical Vulnerabilities
  • Tightening of access for so-called “privileged” users
  • Leveraging of tools used to block high-risk indicators
  • Increase of the use of multi-factor authentication

During the Sprint, DHS reportedly scanned more than 40,000 systems for critical vulnerability, and their efforts have continued subsequently. As they identify vulnerabilities, federal agencies are stepping in to patch them.

There is also increased government-wide cyber emphasis that is being overseen by the Federal Chief Information Officer. This includes E-Gov Cyber (see above), a new Federal Cybersecurity Civilian Strategy, and new capabilities designed to provide various Federal agencies with the ability to combat cyber threats. Phase two of the Continuous Diagnostics and Mitigation (CDM) Program (that is currently pending approval by Congress) will improve security of those using government computers; and the new EINSTEIN 3A system, designed to prevent intrusion, will detect and block threats before they impact Federal agencies.

Additional efforts include safeguards for unclassified information that doesn’t normally carry the same stringent protection required by classified data. Last month (June 2015) the National Institute of Standards and Technology (NIST) published a special publication that provides recommended requirements that will protect the confidentiality of information of this kind.

New Policies and Capabilities

The White House fact sheet also details a number of “new” policies and capabilities that have been introduced to help identify malicious cyber attacks, and both counter them and defend against them. These were, though, all established prior to April this year.

International Efforts

Lastly, the fact sheet details how the US government is “engaged internationally” with other countries including Brazil, Gulf countries, India, and the United Kingdom.

It states that G7 countries have agreed to launch a new cooperative effort that will improve cybersecurity within the international energy sector. Also, the UN Group of Governmental Experts will be drafting “norms of state behavior in cyberspace during peacetime.”

The US Department of Defense has pledged to increase its participation in “cyber exercises” and do whatever it can to help NATO and its “Allies” prepare to meet new cybersecurity challenges.

Three new Cyber Assistant Legal Attache (ALAT) positions have been established in Canberra (Australia), Ottawa (Canada), and London (UK), and four additional positions are planned for 2016.
Ultimately, as the fact sheet states, every country can combat malicious cyber activity effectively and efficiently, simply by preventing and mitigating incidents that fall within their jurisdiction.

By Penny Swift

David Loo
The Long-term Costs of Data Debt It’s no secret that many of today’s enterprises are experiencing an extreme state of data overload. With the rapid adoption of new technologies to accommodate pandemic-induced shifts like remote ...
Cloud Image Migration
Effective Cloud Migration Monitoring The global pandemic witnessed the digital transformation of businesses in the cloud.  Today, even as the world resumes to normal, the end-to-end innovation in business strategies has kept the momentum going ...
Louis
Manufacturers’ Top Demands For Quality Software Competing on product quality has never been more urgent as rising raw material and component costs continue to squeeze manufacturers’ margins. At the same time, unpredictable supply chains make ...
Alex Dean
Enabling Privacy and Personalization Most businesses today rely on data collected online to better understand their customers and deliver more personalized products, services and experiences. These insights can be transformative for an organization, especially when ...
Louis
Why Services CPQ Is Too Slow Today When PS organizations compete in sales cycles, the first competitor to have a complete quote with accurate pricing, schedules, and an engagement plan will often win. However, getting ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.