Cybersecurity Efforts For 2015

The White House has issued a fact sheet that details its efforts to ensure that cyber defense strategies are meeting the critical cybersecurity challenges currently facing the USA. This is in response to the increased sophistication and severity of cyber attacks both internationally and within the US, and involves long-term risk management that the Obama administration states it is building on.

According to the fact sheet dated July 9, 2015, efforts include establishment of a dedicated E-Gov Cyber team that has been tasked to work with key Federal cybersecurity stakeholders. Set up in June, E-Gov Cyber has been leading incident response for the US Government in an attempt to quickly mitigate any newly identified vulnerabilities. It is also responsible for accelerated assessment of Federal agency programs and defenses that relate to cybersecurity, and has established a critical program for vulnerability that deals with the various US government “public-facing websites.”

The Cybersecurity Fact Sheet

Titled Administration Cybersecurity Efforts 2015 the new US fact sheet asserts that President Barack Obama has consistently identified cybersecurity as a primary challenge faced by the American nation. Since his inauguration, it states, his government has implemented many policies to:

• Enhance the response capabilities of the US Government
• Improve its cyber defense abilities
• Upgrade its incident management tools
• Private Sector Efforts

The document incorporates a run-down of government-supported private sector efforts to try and improve cybersecurity, including a White House Summit held in February this year, which has lead, amongst other things, to Department of Homeland Security (DHS) efforts to share critical information about cybersecurity and encourage collaboration. The DHS reports that as of July 2015, there are 125 private sector agreements in place and another 156 currently being negotiated.

It also states that the Department of Defense (DoD) is set to open new offices in Silicon Valley where it will focus on cybersecurity as well as innovation and technology to help improve national security. Further, the Department of Commerce has launched initiatives that are aimed at strengthening cybersecurity in both the software and hardware that is used in computers and on the Internet.

Also, the Federal Trade Commission has launched a new website identitytheft.gov that has been designed as a one-stop resource that will enable them to streamline reporting and remediation with credit bureaus.

Federal Cybersecurity Efforts

According to the fact sheet, Federal efforts to improve cybersecurity have been “accelerated” in an endeavor to cope with increasing threats. In June there was a 30-day Cybersecurity Sprint that included:

• Patching of critical Vulnerabilities
• Tightening of access for so-called “privileged” users
• Leveraging of tools used to block high-risk indicators
• Increase of the use of multi-factor authentication

During the Sprint, DHS reportedly scanned more than 40,000 systems for critical vulnerability, and their efforts have continued subsequently. As they identify vulnerabilities, federal agencies are stepping in to patch them.

There is also increased government-wide cyber emphasis that is being overseen by the Federal Chief Information Officer. This includes E-Gov Cyber (see above), a new Federal Cybersecurity Civilian Strategy, and new capabilities designed to provide various Federal agencies with the ability to combat cyber threats. Phase two of the Continuous Diagnostics and Mitigation (CDM) Program (that is currently pending approval by Congress) will improve security of those using government computers; and the new EINSTEIN 3A system, designed to prevent intrusion, will detect and block threats before they impact Federal agencies.

Additional efforts include safeguards for unclassified information that doesn’t normally carry the same stringent protection required by classified data. Last month (June 2015) the National Institute of Standards and Technology (NIST) published a special publication that provides recommended requirements that will protect the confidentiality of information of this kind.

New Policies and Capabilities

The White House fact sheet also details a number of “new” policies and capabilities that have been introduced to help identify malicious cyber attacks, and both counter them and defend against them. These were, though, all established prior to April this year.

International Efforts

Lastly, the fact sheet details how the US government is “engaged internationally” with other countries including Brazil, Gulf countries, India, and the United Kingdom.

It states that G7 countries have agreed to launch a new cooperative effort that will improve cybersecurity within the international energy sector. Also, the UN Group of Governmental Experts will be drafting “norms of state behavior in cyberspace during peacetime.”

The US Department of Defense has pledged to increase its participation in “cyber exercises” and do whatever it can to help NATO and its “Allies” prepare to meet new cybersecurity challenges.

Three new Cyber Assistant Legal Attache (ALAT) positions have been established in Canberra (Australia), Ottawa (Canada), and London (UK), and four additional positions are planned for 2016.
Ultimately, as the fact sheet states, every country can combat malicious cyber activity effectively and efficiently, simply by preventing and mitigating incidents that fall within their jurisdiction.

By Penny Swift