As time runs out for Congress to pass cyber legislation before next year, White House officials are looking for ways around Capitol Hill’s inability to enact policies to secure government networks and critical infrastructure.
The executive branch is accelerating efforts to implement cybersecurity within federal agencies and in the sectors responsible for critical infrastructure, including the financial and energy industries. The White House’s top cybersecurity official said it’s not more power the Obama administration is after — it’s getting the many organizations involved to head in the same direction.
“A lot of it’s about the soft power and the way you work within the bureaucracy and the different agencies to get them to align policy,” Michael Daniel, White House cybersecurity coordinator, said Oct. 9 at an event held by the Center for National Policy and Christian Science Monitor in Washington. “I think you can be very effective in that space as long as you understand how that space operates.”
Daniel cited Office of Management and Budget’s updates to the Federal Information Security Management Act, which he said continue to tie together government mandates with the cybersecurity framework released earlier this year by the National Institute of Standards and Technology. He also noted ongoing
outreach to agencies in a bid to synchronize federal cybersecurity efforts, and said the framework — which continues to undergo development — will soon include additional guidance specifically for use by federal agencies.
“I think agency CIOs are getting tired of me coming to talk to them about using the framework inside their agencies, but that’s the direction we’re moving in,” Daniel said. “We’re bringing those principles into how we manage the federal government’s own cybersecurity and in fact we’re developing an overlay for the federal government that’s related to the framework.”
Daniel and other cybersecurity experts also agree that the White House’s Oct. 3 memo directing the Homeland Security Department to scan federal networks for cyber threats is another step in the right direction. The new policy also codifies DHS responsibilities for its federal continuous diagnostics and mitigation (CDM) program, the fiscal year 2015 metrics under FISMA and the cybersecurity cross-agency priority goals for the next year.