US federal government agencies will coordinate their cyber defense strategies, under a new plan announced by the US government’s Cybersecurity and Infrastructure Security Agency (CISA).
Under the scheme, over 100 Federal Civilian Executive Branch agencies – US central Government agencies outside defense – will align their “collective operational defense capabilities” to reduce their cyber-risk.
The plan, known as the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL), covers five areas of cybersecurity.
These include asset management, so organizations understand their cyber environment and “interconnected assets;” vulnerability management; defensible architecture so that infrastructure can withstand incidents; cyber supply chain risk management; and incident detection and response.
Unified Approach
According to CISA, each FCEB agency has its own mission, and is supported by its own network and systems architectures. However, CISA believes that a collective approach to cybersecurity will reduce risks both at individual FCEB organizations and when agencies interact with each other and share data.
“Federal government data and systems interconnect and are always a target for our adversaries. FCEB agencies need to confront this threat in a unified manner and reduce risk proactively,” said CISA’s executive assistant director for cybersecurity, Jeff Greene.
In the FOCAL plan documentation, CISA notes that there is currently no “no cohesive or consistent baseline security posture across all FCEB agencies.” This fails to take into account the current threat environment and the complex digital ecosystem across federal agencies.
The plan adds that federal agencies have improved cybersecurity in recent years, but more now needs to be done to coordinate security measures and incident response, especially on an inter-agency basis.
FOCAL sets out both “broad organizing concepts for federal cybersecurity,” and tactical guidance for steps agencies should take, in the coming year, to improve security. The plan also stresses the need for standardization and consistency across federal cyber defense.
Although CISA has developed the FOCAL plan for the US public sector, the agency suggests it might be useful for other public sector bodies and enterprises looking to coordinate their cybersecurity.